On 2016-01-12 07:29, Guillaume Castagnino wrote:
Hi,
I have the same issue since last gnutls CVE fix on ubuntu (14.04):
http://launchpadlibrarian.net/233330701/gnutls26_2.12.23-12ubuntu2.3_2.12.23-12ubuntu2.4.diff.gz
The fix remove the fallback using extensions in certificate to
negotiate
cipher. This expose a bug in openvas library.
find attached my fix for openvas8. The problem is that the "SECURE"
priority string does not exists (see
http://www.gnutls.org/manual/html_node/Priority-Strings.html). I don’t
know why gnutls_priority_set_direct does not issues an error, but this
is the cause of the bug.
Bye !
Le mardi 12 janvier 2016 07:18:49 James Lay a écrit :
On Tue, 2016-01-12 at 15:01 +0100, Paula Gonzalez Muñoz wrote:
> What distribution is openvas installed at? How did you install it?
> How did you upgrade?
>
> Sent from my mobile device.
>
>
> El 12 ene. 2016 2:59 p. m., "Reindl Harald" <[email protected]>
>
> escribió:
> Am 12.01.2016 um 14:46 schrieb James Lay:
> Topic says it....after doing an upgrade from
> libgnutls26:amd64 to
> libgnutls-openssl27:amd64 I now get:
>
> Login failed. OMP service is down.
>
> openvasmd.log shows:
>
> lib serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed
> to shake hands
> with peer: A TLS packet with unexpected length was
> received.
> lib serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed
> to shutdown
> server socket
> md main:CRITICAL:2016-01-12 13h36.10 utc:1749:
> serve_client: failed to
> attach client session to socket 9
> lib serv:WARNING:2016-01-12 13h36.10 utc:1749:
> Failed to gnutls_bye:
> GnuTLS internal error.
>
> Besides downgrading, is there something I can look
> at
> to fix this?
> Thank you
>
> http://www.catb.org/esr/faqs/smart-questions.html#beprecise
>
>
> _______________________________________________
> Openvas-discuss mailing list
> [email protected]
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o
> penvas-discuss>
> _______________________________________________
> Openvas-discuss mailing list
> [email protected]
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-d
> iscuss
From here:
https://launchpad.net/~mrazavi/+archive/ubuntu/openvas
Ubuntu 14.04....looks like I'm not the only one as I see others are
having the initial NVT cache rebuild issue. Thank you.
James
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
That's helpful thank you. Sounds like those of us that didn't compile
from source are out of luck for now.
James
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
