Hello,
We have tested NVT, we are not able to reproduce and its working
as expected for us.
Please can you run "pango-view --version" on target machine and get us the
result.
Thanks,
Antu Sanadi
On Sunday 20 September 2015 01:05 PM, Michael Meyer wrote:
*** Walter York wrote:
Possible false positive: The guidance by the OpenVAS test is to
upgrade to Pango version 1.24.0 or later yet I have 1.34 installed
on the target box.
Thanks for reporting.
On my OpenVAS box:OS Distribution:[root@localhost ~]# cat /etc/*eleaseCentOS
Linux release 7.1.1503 (Core) Authenticated? YesSSH Authorization CheckIt was
possible to login using the provided SSH credentials.Hence authenticated checks
are enabled.Greenbone Security AssistantVersion 6.0.5Using with the latest NVT,
SCAP and CERT feeds===================================================On my
Target box:root@bh01 [/]# yum list installed | grep pangopango.x86_64
1.34.1-5.el7 @base
root@bh01 [/]# cat /etc/*eleaseCentOS Linux release 7.1.1503 (Core)NAME="CentOS
Linux"
===================================================OpenVAS Result
Details:OpenVAS is failing this particular test: Vulnerability Detection
MethodDetails: Pango Integer Buffer Overflow Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.900644)Version used: $Revision: 15 $
SolutionUpgrade to pango version 1.24.0 or later
http://ftp.acc.umu.se/pub/GNOME/sources/pango/
Affected Software/OSPango version prior to 1.24.0
@Antu: Please have a look.
Micha
--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss