** Description changed: + I think this needs an SRU, as such I'm modifying the description based + on the SRU template. I'll update the title and attach debdiffs shortly. + + [Impact] + + The bug causes oscap to fail to run with OVAL files produced by the + Ubuntu Security team. + + This is the upstream issue: + https://github.com/OpenSCAP/openscap/issues/1367 + + The fix is simple and I've tested in under bionic, eoan, and focal. + + The patch corrects an typo or copy/paste error in the original code. + https://github.com/OpenSCAP/openscap/commit/5e5bc61c1fc6a6556665aa5689a62d6bc6487c74 + + [Test Case] + + This can be reproduced on eoan and focal by following the instructions + for using ubuntu security oval data here: https://people.canonical.com + /~ubuntu-security/oval/ + + The bug does not manifest directly in bionic but if you include + libopenscap8 in a snap based on core18, the version of oscap in the snap + will produce the same behavior when you run the snap on eoan or focal + + [Regression Potential] + + The potential for regression seems low in this case. I've built the deb + locally for bionic, eoan, and focal and smoke tested in in VMs using the + ubuntu security OVAL files and the test file from the comment below + https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/comments/2 + + If a regression were to exist, it would likely manifest itself with a + runtime error much like the original problem. + + ############################################ + ORIGINAL BUG REPORT BELOW + ########################################### oscap segfaults while trying to check using ubuntu-security definitions: The command: oscap oval eval --report /tmp/oscap_report.html /var/tmp/com.ubuntu.eoan.cve.oval.xml Segfault: ... Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Probe with PID=26379 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=26379 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Unable to close probe sd [../../../src/OVAL/oval_probe_ext.c:424] Unable to receive a message from probe [../../../src/OVAL/oval_probe_ext.c:579] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Probe with PID=26393 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=26393 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Unable to close probe sd [../../../src/OVAL/oval_probe_ext.c:424] Unable to receive a message from probe [../../../src/OVAL/oval_probe_ext.c:579] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] The OVAL definitions are taken directly from https://people.canonical.com/~ubuntu- security/oval/com.ubuntu.eoan.cve.oval.xml Version: oscap --version OpenSCAP command line tool (oscap) 1.2.16 Copyright 2009--2017 Red Hat Inc., Durham, North Carolina. ==== Supported specifications ==== XCCDF Version: 1.2 OVAL Version: 5.11.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1 CVRF Version: 1.1 ==== Capabilities added by auto-loaded plugins ==== SCE Version: 1.0 (from libopenscap_sce.so.8) ==== Paths ==== Schema files: /usr/share/openscap/schemas Default CPE files: /usr/share/openscap/cpe Probes: /usr/lib/x86_64-linux-gnu/openscap
** Patch added: "bionic debdiff" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/+attachment/5342345/+files/openscap_1.2.15-1ubuntu0.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851682 Title: oscap is broken in ubuntu 19.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
