[Kernel-packages] [Bug 1834439] Re: designated object in OVAL definition may be wrong
** Description changed: recently published OVAL definition (https://people.canonical.com /~ubuntu-security/oval/) may have some breaking change as following: all definition which referenced 'linux' binary package object, has been affected. How to reproduce: for example find definition id: oval:com.ubuntu.xenial:def:201911477000 then in criterions find test_ref="oval:com.ubuntu.xenial:tst:201911477000" then in that test, find object: oval:com.ubuntu.xenial:obj:20124542000, which represent 'linux' package binaries. + + + + + + in this `dpkginfo_object`, used to contain only the name of the binary package, but now it contains a var_ref which points to multiple full name of the most recent binary package for linux kernel image: - - linux-image-4.4.0-151-generic - linux-image-4.4.0-151-generic-lpae - linux-image-4.4.0-151-lowlatency - linux-image-4.4.0-151-powerpc-e500mc - linux-image-4.4.0-151-powerpc-smp - linux-image-4.4.0-151-powerpc64-emb - linux-image-4.4.0-151-powerpc64-smp - linux-image-unsigned-4.4.0-151-generic - linux-image-unsigned-4.4.0-151-lowlatency - + + linux-image-4.4.0-151-generic + linux-image-4.4.0-151-generic-lpae + linux-image-4.4.0-151-lowlatency + linux-image-4.4.0-151-powerpc-e500mc + linux-image-4.4.0-151-powerpc-smp + linux-image-4.4.0-151-powerpc64-emb + linux-image-4.4.0-151-powerpc64-smp + linux-image-unsigned-4.4.0-151-generic + linux-image-unsigned-4.4.0-151-lowlatency + + In previous version, an object of 'Linux' package has no var_ref and + looks like this: - I believe this is an error, an 'linux' binary package should not contain any version information, as can be seen in other packages objects which only contains a name of package. + + linux + + + I believe this is an error, an 'linux' binary package should not contain + any version information, as can be seen in other packages objects which + only contains a name of package. can you please explain the purpose of this section? ** Description changed: recently published OVAL definition (https://people.canonical.com /~ubuntu-security/oval/) may have some breaking change as following: all definition which referenced 'linux' binary package object, has been affected. How to reproduce: for example find definition id: oval:com.ubuntu.xenial:def:201911477000 then in criterions find test_ref="oval:com.ubuntu.xenial:tst:201911477000" then in that test, find object: oval:com.ubuntu.xenial:obj:20124542000, which represent 'linux' package binaries. - - - + # oval:com.ubuntu.xenial:obj:20124542000 + + + + in this `dpkginfo_object`, used to contain only the name of the binary package, but now it contains a var_ref which points to multiple full name of the most recent binary package for linux kernel image: + + # oval:com.ubuntu.xenial:var:20124542000 linux-image-4.4.0-151-generic linux-image-4.4.0-151-generic-lpae linux-image-4.4.0-151-lowlatency linux-image-4.4.0-151-powerpc-e500mc linux-image-4.4.0-151-powerpc-smp linux-image-4.4.0-151-powerpc64-emb linux-image-4.4.0-151-powerpc64-smp linux-image-unsigned-4.4.0-151-generic linux-image-unsigned-4.4.0-151-lowlatency In previous version, an object of 'Linux' package has no var_ref and looks like this: - - linux - + # oval:com.ubuntu.xenial:obj:20137445000 + + linux + I believe this is an error, an 'linux' binary package should not contain any version information, as can be seen in other packages objects which only contains a name of package. can you please explain the purpose of this section? ** Information type changed from Public to Public Security ** Description changed: recently published OVAL definition (https://people.canonical.com /~ubuntu-security/oval/) may have some breaking change as following: all definition which referenced 'linux' binary package object, has been affected. How to reproduce: for example find definition id: oval:com.ubuntu.xenial:def:201911477000 then in criterions find test_ref="oval:com.ubuntu.xenial:tst:201911477000" then in that test, find object: oval:com.ubuntu.xenial:obj:20124542000, which represent 'linux' package binaries. # oval:com.ubuntu.xenial:obj:20124542000 - - in this `dpkginfo_object`, used to contain only the name of the binary packa
[Kernel-packages] [Bug 1834439] Re: designated object in OVAL definition may be wrong
this issue is unrelated to the actual linux operating system but the OVAL definition ubuntu security team has provided. hence the obvious omission of log files. ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1834439 Title: designated object in OVAL definition may be wrong Status in linux package in Ubuntu: Confirmed Bug description: recently published OVAL definition (https://people.canonical.com /~ubuntu-security/oval/) may have some breaking change as following: all definition which referenced 'linux' binary package object, has been affected. How to reproduce: for example find definition id: oval:com.ubuntu.xenial:def:201911477000 then in criterions find test_ref="oval:com.ubuntu.xenial:tst:201911477000" then in that test, find object: oval:com.ubuntu.xenial:obj:20124542000, which represent 'linux' package binaries. in this `dpkginfo_object`, used to contain only the name of the binary package, but now it contains a var_ref which points to multiple full name of the most recent binary package for linux kernel image: linux-image-4.4.0-151-generic linux-image-4.4.0-151-generic-lpae linux-image-4.4.0-151-lowlatency linux-image-4.4.0-151-powerpc-e500mc linux-image-4.4.0-151-powerpc-smp linux-image-4.4.0-151-powerpc64-emb linux-image-4.4.0-151-powerpc64-smp linux-image-unsigned-4.4.0-151-generic linux-image-unsigned-4.4.0-151-lowlatency I believe this is an error, an 'linux' binary package should not contain any version information, as can be seen in other packages objects which only contains a name of package. can you please explain the purpose of this section? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834439/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1834439] Re: designated object in OVAL definition may be wrong
** Changed in: linux (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1834439 Title: designated object in OVAL definition may be wrong Status in linux package in Ubuntu: Incomplete Bug description: recently published OVAL definition (https://people.canonical.com /~ubuntu-security/oval/) may have some breaking change as following: all definition which referenced 'linux' binary package object, has been affected. How to reproduce: for example find definition id: oval:com.ubuntu.xenial:def:201911477000 then in criterions find test_ref="oval:com.ubuntu.xenial:tst:201911477000" then in that test, find object: oval:com.ubuntu.xenial:obj:20124542000, which represent 'linux' package binaries. in this `dpkginfo_object`, used to contain only the name of the binary package, but now it contains a var_ref which points to multiple full name of the most recent binary package for linux kernel image: linux-image-4.4.0-151-generic linux-image-4.4.0-151-generic-lpae linux-image-4.4.0-151-lowlatency linux-image-4.4.0-151-powerpc-e500mc linux-image-4.4.0-151-powerpc-smp linux-image-4.4.0-151-powerpc64-emb linux-image-4.4.0-151-powerpc64-smp linux-image-unsigned-4.4.0-151-generic linux-image-unsigned-4.4.0-151-lowlatency I believe this is an error, an 'linux' binary package should not contain any version information, as can be seen in other packages objects which only contains a name of package. can you please explain the purpose of this section? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834439/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1834439] Re: designated object in OVAL definition may be wrong
I think this is not in any situation needed a kernel trace or machine based info-gathering. can you please forward this to someone who produce the OVAL definition in https://people.canonical.com/~ubuntu- security/oval/? they will understand immediately what I'm talking about. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1834439 Title: designated object in OVAL definition may be wrong Status in linux package in Ubuntu: Incomplete Bug description: recently published OVAL definition (https://people.canonical.com /~ubuntu-security/oval/) may have some breaking change as following: all definition which referenced 'linux' binary package object, has been affected. How to reproduce: for example find definition id: oval:com.ubuntu.xenial:def:201911477000 then in criterions find test_ref="oval:com.ubuntu.xenial:tst:201911477000" then in that test, find object: oval:com.ubuntu.xenial:obj:20124542000, which represent 'linux' package binaries. in this `dpkginfo_object`, used to contain only the name of the binary package, but now it contains a var_ref which points to multiple full name of the most recent binary package for linux kernel image: linux-image-4.4.0-151-generic linux-image-4.4.0-151-generic-lpae linux-image-4.4.0-151-lowlatency linux-image-4.4.0-151-powerpc-e500mc linux-image-4.4.0-151-powerpc-smp linux-image-4.4.0-151-powerpc64-emb linux-image-4.4.0-151-powerpc64-smp linux-image-unsigned-4.4.0-151-generic linux-image-unsigned-4.4.0-151-lowlatency I believe this is an error, an 'linux' binary package should not contain any version information, as can be seen in other packages objects which only contains a name of package. can you please explain the purpose of this section? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834439/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
