Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

(SOLVED) glsa-check doesn't detect affected glsa's
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Kasumi_Ninja
Veteran
Veteran


Joined: 18 Feb 2006
Posts: 1825
Location: The Netherlands
PostPosted: Tue Jan 01, 2008 7:53 pm    Post subject: (SOLVED) glsa-check doesn't detect affected glsa's Reply with quote
To test glsa-check I have deliberately installed cups-1.3.5 which is affected by the following glsa: http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml
I did an emerge --sync but glsa-check s till fails to detect the problem :? Who has an idea what went wrong?

Code:
# eix net-print/cups
[I] net-print/cups
     Available versions:  1.2.10-r1 1.2.12-r2 1.2.12-r3 1.2.12-r4 (~)1.3.5 {X acl avahi dbus java jpeg kerberos ldap linguas_de linguas_en linguas_es linguas_et linguas_fr linguas_he linguas_it linguas_ja linguas_pl linguas_sv linguas_zh_TW nls pam perl php png ppds python samba slp ssl static tiff zeroconf}
     Installed versions:  1.3.5(23:20:58 12/28/07)(X acl avahi dbus java jpeg kerberos ldap nls pam perl php png python samba slp ssl tiff -linguas_de -linguas_en -linguas_es -linguas_et -linguas_fr -linguas_he -linguas_it -linguas_ja -linguas_pl -linguas_sv -linguas_zh_TW -ppds -static -zeroconf)
     Homepage:            http://www.cups.org/
     Description:         The Common Unix Printing System


Code:
# glsa-check -t all
This system is not affected by any of the listed GLSAs


Code:
GLSA Summary report for host server
(Command was: /usr/bin/glsa-check -m affected)

[A] means this GLSA was already applied,
[U] means the system is not affected and
[N] indicates that the system might be affected
.
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

Last edited by Kasumi_Ninja on Tue Jan 01, 2008 11:33 pm; edited 1 time in total
Back to top
View user's profile Send private message
Suicidal
l33t
l33t


Joined: 30 Jul 2003
Posts: 913
Location: /dev/null
PostPosted: Tue Jan 01, 2008 10:38 pm    Post subject: Reply with quote
Possibly it was previously applied, try removing /var/cache/edb/glsa and run it again.
Back to top
View user's profile Send private message
Kasumi_Ninja
Veteran
Veteran


Joined: 18 Feb 2006
Posts: 1825
Location: The Netherlands
PostPosted: Tue Jan 01, 2008 10:48 pm    Post subject: Reply with quote
Suicidal wrote:
Possibly it was previously applied, try removing /var/cache/edb/glsa and run it again.


Thanks for the help! Strangely enough I don't have /var/cache/edb/glsa

Code:
# rm -v  /var/cache/edb/glsa
rm: cannot remove `/var/cache/edb/glsa': No such file or directory


Code:
# rm -v  /var/cache/edb/
counter              dep/                 mtimedb              vdb_blockers.pickle  vdb_metadata.pickle

_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered
Back to top
View user's profile Send private message
UncleOwen
Veteran
Veteran


Joined: 27 Feb 2003
Posts: 1493
Location: Germany, Hamburg
PostPosted: Tue Jan 01, 2008 10:58 pm    Post subject: Re: glsa-check doesn't detect affected glsa's Reply with quote
Aniruddha wrote:
To test glsa-check I have deliberately installed cups-1.3.5 which is affected by the following glsa: http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml


As stated in the GLSA, cups-1.3.5 is NOT vulnerable.
Back to top
View user's profile Send private message
Suicidal
l33t
l33t


Joined: 30 Jul 2003
Posts: 913
Location: /dev/null
PostPosted: Tue Jan 01, 2008 11:10 pm    Post subject: Reply with quote
Try:
Code:
emerge =net-misc/openssh-4.4_p1-r6
glsa-check --list all | grep "[[ N ]]"
glsa-check --fix all

That one gets picked up.

/var/cache/edb/glsa seems to be created only when you run glsa-check --fix {all,new}
Back to top
View user's profile Send private message
Carlo
Developer
Developer


Joined: 12 Aug 2002
Posts: 3356
PostPosted: Tue Jan 01, 2008 11:11 pm    Post subject: Reply with quote
I wonder why people manages to overlook the less than symbol so often. Apart form being vulnerable or not, I do not know, if glsa-check is written to take testing packages into account. The testing tree is of course not supported security wise - which doesn't mean testing doesn't get fixed, but you better run --deep updates all the time.
_________________
Please make sure that you have searched for an answer to a question after reading all the relevant docs.
Back to top
View user's profile Send private message
Kasumi_Ninja
Veteran
Veteran


Joined: 18 Feb 2006
Posts: 1825
Location: The Netherlands
PostPosted: Tue Jan 01, 2008 11:15 pm    Post subject: Re: glsa-check doesn't detect affected glsa's Reply with quote
UncleOwen wrote:
Aniruddha wrote:
To test glsa-check I have deliberately installed cups-1.3.5 which is affected by the following glsa: http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml


As stated in the GLSA, cups-1.3.5 is NOT vulnerable.

Maybe your right :oops: Strangely enough cups-1.3.5 is masked in portage?! Anyhow I will marked this thread as solved and look for a more suitable glsa. Thanks!
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

Last edited by Kasumi_Ninja on Tue Jan 01, 2008 11:19 pm; edited 1 time in total
Back to top
View user's profile Send private message
Kasumi_Ninja
Veteran
Veteran


Joined: 18 Feb 2006
Posts: 1825
Location: The Netherlands
PostPosted: Tue Jan 01, 2008 11:16 pm    Post subject: Reply with quote
Suicidal wrote:
Try:
Code:
emerge =net-misc/openssh-4.4_p1-r6
glsa-check --list all | grep "[[ N ]]"
glsa-check --fix all

That one gets picked up.

/var/cache/edb/glsa seems to be created only when you run glsa-check --fix {all,new}


Thanks! I will try it asap :)

Carlo wrote:
I wonder why people manages to overlook the less than symbol so often. Apart form being vulnerable or not, I do not know, if glsa-check is written to take testing packages into account. The testing tree is of course not supported security wise - which doesn't mean testing doesn't get fixed, but you better run --deep updates all the time.


Lol, I am glad I am not the only one :oops: :oops: :oops:
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered
Back to top
View user's profile Send private message
Kasumi_Ninja
Veteran
Veteran


Joined: 18 Feb 2006
Posts: 1825
Location: The Netherlands
PostPosted: Tue Jan 01, 2008 11:32 pm    Post subject: Reply with quote
Great! This solved two questions at once :D

Code:
emerge =net-misc/openssh-4.4_p1-r6
glsa-check --mail affected
glsa-check --fix all


And now I am also certain I get my sucrity warnings in a timely manner with the following crontab entry:
Code:
00      6       *       *       *               /usr/bin/glsa-check -m affected

_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2012 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p6 © 2001, 2002 phpBB Group