*** Walter York wrote: > Possible false positive: The guidance by the OpenVAS test is to > upgrade to Pango version 1.24.0 or later yet I have 1.34 installed > on the target box.
Thanks for reporting. > On my OpenVAS box:OS Distribution:[root@localhost ~]# cat /etc/*eleaseCentOS > Linux release 7.1.1503 (Core) Authenticated? YesSSH Authorization CheckIt was > possible to login using the provided SSH credentials.Hence authenticated > checks are enabled.Greenbone Security AssistantVersion 6.0.5Using with the > latest NVT, SCAP and CERT > feeds===================================================On my Target > box:root@bh01 [/]# yum list installed | grep pangopango.x86_64 > 1.34.1-5.el7 @base > root@bh01 [/]# cat /etc/*eleaseCentOS Linux release 7.1.1503 > (Core)NAME="CentOS Linux" > ===================================================OpenVAS Result > Details:OpenVAS is failing this particular test: Vulnerability Detection > MethodDetails: Pango Integer Buffer Overflow Vulnerability (OID: > 1.3.6.1.4.1.25623.1.0.900644)Version used: $Revision: 15 $ > SolutionUpgrade to pango version 1.24.0 or later > http://ftp.acc.umu.se/pub/GNOME/sources/pango/ > Affected Software/OSPango version prior to 1.24.0 @Antu: Please have a look. Micha -- Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
