OpenVAS finding vulnerabilities that are not vulnerable
Posted: Mon Jan 29, 2018 11:17 pm
I have a lot of systems running kernel 2.6.39-400.297.5.el6uek - upon scanning within openvas, it flags this kernel as having many vulnerabilities.
For example:
Oracle Linux Local Security Checks ELSA-2015-3019
Vulnerability Detection Result
Package kernel-uek version kernel-uek-2.6.39-400.297.5.el6uek is installed which is known to be vulnerable.
Upon trying to remediate this, yum reports back:
[root@xx yum.repos.d]# yum update --advisory ELSA-2015-3019
Loaded plugins: rhnplugin, security
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
ol6_UEK_latest/updateinfo
ol6_latest/updateinfo
Advisory "ELSA-2015-3019" not found applicable for this system
Any thoughts?
Thanks!
For example:
Oracle Linux Local Security Checks ELSA-2015-3019
Vulnerability Detection Result
Package kernel-uek version kernel-uek-2.6.39-400.297.5.el6uek is installed which is known to be vulnerable.
Upon trying to remediate this, yum reports back:
[root@xx yum.repos.d]# yum update --advisory ELSA-2015-3019
Loaded plugins: rhnplugin, security
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
ol6_UEK_latest/updateinfo
ol6_latest/updateinfo
Advisory "ELSA-2015-3019" not found applicable for this system
Any thoughts?
Thanks!