Hello, I'd like to remind everyone to keep the OpenVAS installation up-to-date for security reason.
For example, GSA 6.0.8 as announced on openvas-announce mailing list and as downloadable here: http://openvas.org/install-source.html is the latest release and fixes known security problems. It even fixes a by-then unknown security problem: Rene Behring detected a file path traversal vulnerability that could turn into a real security problem, depending on how GSA is installed and executed. Latest OpenVAS modules are not effected, but older ones are! For example, the OpenVAS DEMO VM download image is affected by this vulnerability and meanwhile by numerous other known vulnerabilities if not updated according to the important notes listed on the downlod page http://openvas.org/vm.html. I fear that this happens rarely. For this reason Greenbone thinks about replacing this DEMO VM by a "Community Edition" of the GSM ONE appliance from OpenVAS-9 on. About BETA: Only use this in a safe environment where no harm can happen. Releases on http://openvas.org/install-source.html are occasional. They are not security maintained! SVN trunk of course receives any security patch as soon as we get aware of such problems. Best regards -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
