This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Ubuntu - Risk Insights

LukeN
Engaged Sweeper II

‎10-03-2024 05:06 PM

Just started looking at Risk Insights to see if it can replace other products, realizing Ubuntu security patches are not discovered correctly.

For example, risk insights is listing this vulnerability as active:
https://ubuntu.com/security/CVE-2023-47038
When running perl -V i see amongst other: "DEBPKG:CVE-2023-47038.patch - [PATCH 1/2] Fix read/write past buffer end: perl-security#140"

Similar results on ALL active vulnerabilities on Ubuntu-systems. Although most isn't shown with running with -V, instead i would do for example this to verify patch status:
zgrep 'upgrade' /var/log/dpkg.log* | grep -i 'perl'

Any ideas how to mitigate this?

Labels:
0 Kudos
1 REPLY 1
DavidPK
Lansweeper Tech Support
Lansweeper Tech Support

‎10-03-2024 06:16 PM

Hi LukeN,

 

We should be able to discover this correctly.

 

Please submit a support ticket so that our development team can investigate further.

How to contact support?

 

Please provide the follow information to expedite the ticket. 

 

  • Cloud Site Name or the Cloud Site ID, which can be found on your site under "Configuration" → "Site Settings"
    Asset Key:
  • The Asset Key is the string on the website URL just after the string asset and delimited by two consecutive slashes also see reference screenshot below.
  • CVE Identifier: Include the CVE identifier if the issue relates to a known vulnerability.
  • Security Patches: Specify any relevant security patches applied.
  • OS Build: Provide the operating system build/version associated with the issue.

2023-07-25 14_17_12-Screenshot 2023-07-18 at 14.32.15.png ‎- Photos

 

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Top