2022-08-08: Greenbone OS 22.04
n
Current Patch Level: 22.04.17 (2024-02-01)
n
Lifecycle Status: Mature
n
22.04.17 (2024-02-01):
n
n- Greenbone OS:
n
n- Major bug fix: an error was fixed where pushing the feed from the master appliance to the sensor appliance in a master-sensor setup resulted in sensor feed synchronization issues (#GOS-1705).
n- Improvement: the package
u00a0gvm-tools and python-gvm included in GOS were updated to version 24.1.0. Note: Due to API changes at least these versions are required to access the GMP API of GOS 22.04.17. (#PR-792).
n- Improvement: the processes of creating and importing a beaming image are now system operations. While a system operation is in progress, no other system operation can be started. This is to ensure the integrity and stability of the system (#GOS-1677).
n- Security fix: the included package libssh was upgraded from version 0.9.7-0+deb11u1 to version 0.9.8-0+deb11u1 (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918).
n- Security fix: the included package curl was upgraded from version 7.74.0-1.3+deb11u10 to version 7.74.0-1.3+deb11u11 (CVE-2023-46218).
n- Security fix: the included package openssh was upgraded from version 1:8.4p1-abomination+3 to version 1:8.4p1-5+deb11u3 (CVE-2021-41617, CVE-2023-28531, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385).
n- Security fix: the Linux kernel was upgraded from version 5.10.197-1 to version 5.10.205-2 for virtual appliances (CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5717, CVE-2023-6121, CVE-2023-6531, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2023-25775, CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46813, CVE-2023-46862, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782).
n- Security fix: the Linux kernel was upgraded from version 5.10.201-greenbone1 to version 5.10.208-greenbone1 for hardware appliances (CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5717, CVE-2023-6121, CVE-2023-6531, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2023-25775, CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46813, CVE-2023-46862,
u00a0CVE-2023-51780, CVE-2023-51781, CVE-2023-51782).
n- Bug fix: an error was fixed where formatting a GOS USB backup stick did not work in several cases (#GOS-1714).
n- Bug fix: an error was fixed where some links in the feed had the wrong permissions which could lead to pushing the feed from a master appliance to a sensor appliance in a master-sensor setup to fail (#GOS-1708).
n
n
n- Vulnerability Management:
n
n- Improvement: an option to filter for the compliance status was added to the Results page and to the Results tab of a report. The filter keyword is compliance_levels and the possible values are y (yes/compliant), n (no/not compliant), i (incomplete) and
u00a0u (undefined) (#GEA-391).
n- Improvement: in addition to the IP address, the host name is now displayed in
u00a0the header of each host section, in the list at the host section beginning, and in the details of the results in the report formats Vulnerability Report PDF and
u00a0Vulnerability Report HTML
u00a0(#GEA-378, #GS-3372)
n- Improvement: due to improvements the GMP API version has been increased to 22.5. When accessing the GMP API of GOS 22.04.17 via clients, up-to-date, compatible versions have to be used, for example gvm-tools 24.1.0 (#GEA-407).
n- Improvement: the performance of loading of a large number of tag resource has been significantly improved (#GEA-380).
n- Improvement: the performance of the Results and Vulnerabilities pages was improved for setups with multiple users and large amounts of results (#GEA-385).
n- Security fix: the strength of the encryption key for credentials stored in the database has been increased from 2048-bit RSA to 3072-bit RSA. Existing credentials are automatically re-encrypted with the new key when upgrading to GOS 22.04.17 or later (#GOS-1678, #GEA-193).
n- Bug fix: an error was fixed where – when deleting a user via the web interface, the command line or the GOS administration menu – no users who inherit the objects of the deleted user could be selected (#GEA-381).
n- Bug fix: an error was fixed where the table on the page
u00a0Vulnerabilities showed the date and time of the newest result instead of the oldest result in the column Oldest Result (#GEA-414).
n- Bug fix: an error was fixed where editing VT families of custom compliance policies was not possible (#GEA-415).
n- Bug fix: an error was fixed where reports in the report formats CPE
u00a0and
u00a0TLS Map where empty when sent via the Test Alert functionality using the method E-mail (#GEA-358).
n- Minor improvement: the included appliance manual was updated to the current version from 2024-01-15 (#PR-793).
n- Minor improvement: the credential type Client Certificate was retired because it was not used for any type of target, alert or scanner anymore. Existing credentials of this type will not be affected or removed. They can still be accessed, but they are of no use anymore, and can be deleted manually (#GEA-333).
n- Minor improvement: the VT families AlmaLinux Local Security Checks and Amazon Linux Local Security Checks are no longer editable when creating or editing a scan configuration (#GEA-387).
n- Minor bug fix: an error was fixed where the tool tips showed and linked false filters when hovering over
u00a0 the columns for N/A and 1 in a “by CVSS” diagram (#GEA-370).
n
n
n
n
22.04.16 (2023-12-04):
n
n
n- Greenbone OS:
n
n- Improvement: support for limiting the number of simultaneous web sessions for web users was added. The configuration can be found in the GOS menu under Setup > Users > Users > User sessions. By default, no limit is applied, which reflects the behavior of GOS 22.04.15 and earlier (#GOS-1621, #GEA-288, #GS-4982).
n- Improvement: the package gvm-tools included in GOS was updated to version 23.11.0 (#PR-753).
n- Improvement: the package python-gvm included in GOS was updated to version 23.11.0 (#PR-753).
n- Bug fix: an error was fixed where SNMP passphrases containing the character “!” were not working in GOS (#GOS-1623, #GS-4924).
n- Security fix: SSL 3.0, TLS 1.0 and TLS 1.1 have been disabled for the remote logging feature of GOS. TLS 1.2 or TLS 1.3 must be used now (#GOS-1613, RFC 7568, RFC 8996).
n- Security fix: the included package openssh was upgraded from version 1:8.4p1-abomination+2 to version 1:8.4p1-abomination+3 (CVE-2023-38408).
n- Security fix: the included package
u00a0postgresql-13 was upgraded from version 13.11-0+deb11u1 to version 13.13-0+deb11u1 (CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417).
n- Security fix: for virtual appliances, the included package
u00a0open-vm-tools was upgraded from version 2:11.2.5-2+deb11u2 to version 2:11.2.5-2+deb11u3 (CVE-2023-34058, CVE-2023-34059).
n- Minor improvement: an outdated “gsm” reference in the GOS administration menu has been corrected (#GOS-1650).
n
n
n- Vulnerability Management:
n
n- Major improvement: the delta report functionality was overhauled. Delta reports are no longer dependent on the sorting order of the results, providing a much more intuitive user experience, tool tips have been added to delta reports to show exactly what has changed, e.g., the severity or the quality of detection (QoD), and the performance of generating delta reports was considerably improved (#GEA-271).
n- Improvement: scan configurations, report formats, port lists, and compliance policies can now be marked deprecated on the web interface. If a report is exported in a deprecated report format, the downloaded file may be empty or otherwise not suitable for use (#GEA-6).
n- Improvement: when viewing TLS certificates of a scan report, the certificates’ Subject DN can now be clicked to show more information about the certificate (#GEA-308).
n- Improvement: the new task status
u00a0Processing is now also supported for container tasks. It is displayed there after the report upload is completed, indicating that the appliance is busy processing data in the backend (#GEA-353).
n- Improvement: the performance when editing scan configurations or compliance policies in the web interface was further improved (#GEA-341).
n- Improvement: the performance when paging through list pages with “Created” or “Modified” dates on the web interface, e.g., the “SecInfo > NVTs” page, was improved (#GEA-362).
n- Bug fix: an error was fixed where CVE scans did not detect the expected CVEs due to incorrect case sensitivity for CPEs (#GEA-8, #GS-2451).
n- Bug fix: an error was fixed where it was not possible to link a large number of tags to an object because the corresponding menu became unusable. Note that the menu is still limited to a maximum of 200 tags. If more tags are to be linked to an object, the “Apply to …” functionality on list pages can be used (#GEA-251, #GS-908).
n- Bug fix: incorrectly encoded TLS certificate data in the database, which could cause errors when viewing certificates on the web interface, is now cleaned up when upgrading to GOS 22.04.16 or later. Note that with the current GOS versions, the recurrence of such incorrectly encoded data should no longer occur (#GEA-3, #GOS-1648, #GS-2337).
n- Minor improvement: the included appliance manual was updated to the current version from 2023-11-28 (#PR-780).
n- Minor improvement: the drop-down menu used in various dialogs on the web interface can now also be oriented upwards, if there is not enough free space at the bottom to display the entire content (#GEA-303).
n- Minor improvement: the Start button (
) for scan tasks on the web interface is now inactive if a schedule with an end date is configured for the task. Trying to start such tasks was never supported, and tasks would stop at 0 % progress in this case (#GEA-379, #GS-699).
n- Minor improvement: the informational message “The reports database is currently busy, please try again later” was added for cases where scan reports could not be deleted due to an ongoing database lock (#GEA-327, #GS-2073).
n- Minor improvement: when editing scan configurations or compliance policies, it is no longer possible to edit individual vulnerability tests for various vulnerability test families that should only be selected as a whole (#GEA-331).
n- Minor improvement: the report format ITG was deprecated (#GEA-6, #GS-586, #GS-4121).
n- Minor improvement: the CVSS ranges for dashboard diagrams were improved (#GEA-266).
n- Minor improvement: the error message shown when trying to create an invalid credential was improved to be more specific (#GEA-341).
n- Minor improvement: the error message shown when the gvmd database cannot be migrated was improved to be more specific (#GEA-362).
n- Minor improvement: when using the GMP API, “creation_time” and “modification_time” information is now returned in the user’s local time zone instead of UTC (#GEA-362).
n- Minor bug fix: an error was fixed where duplicate “Timeout” NVT preferences could appear when editing scan configurations or compliance policies (#GEA-362).
n- Minor bug fix: an error was fixed where two German translations – in the “Compose” dialog when creating or editing an alert, and on the “TLS Certificates” list page – were missing (#GEA-332, #GEA-334).
n
n
n- Vulnerability Scanning:
n
n- Bug fix: an error was fixed where vulnerability scans were interrupted when the target setting “Reverse Lookup Only” was set to “Yes” and a host was excluded from the target (#SC-929, #GS-5146).
n- Bug fix: an error was fixed where the Boreas alive scanner performed alive tests even if the alive test option “Consider Alive” was used (#SC-934).
n
n
n
n
n
22.04.15 (2023-10-17):
n
n
n- Greenbone OS:
n
n- Improvement: the package gvm-tools included in GOS was updated to version 23.9.0 (#PR-740).
n- Bug fix: an error was fixed where monitoring the HDD via SNMPv3 sometimes failed (#GOS-1612, #GS-4243).
n- Bug fix: an error was fixed where enabling the SSH service on a Greenbone Enterprise TRIAL sometimes failed (#GOS-1564).
n- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u5 to version 1.1.1w-0+deb11u1 (CVE-2023-3446, CVE-2023-3817).
n- Security fix: the included package curl was upgraded from version 7.74.0-1.3+deb11u7 to version 7.74.0-1.3+deb11u10 (CVE-2023-38545, CVE-2023-38546, CVE-2023-27533, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538).
n- Security fix: the included package
u00a0libwebp was upgraded from version 0.6.1-2.1+deb11u1 to version 0.6.1-2.1+deb11u2 (CVE-2023-4863, #GS-5145).
n- Security fix: the included package mosquitto was upgraded from version 2.0.11-1 to version 2.0.11-1+deb11u1 (CVE-2021-34434, CVE-2021-41039, CVE-2023-0809, CVE-2023-3592, #GS-5082).
n
n
n- Vulnerability Management:
n
n- Major bug fix: an error was fixed where scan tasks sometimes got stuck at 100 % when a large number of host details needed to be processed (#GEA-273).
n- Improvement: the new task status
u00a0Processing was added. It is displayed after 100 % scan progress, indicating that the appliance is busy processing data in the backend, while any scan activity is completed as expected (#GEA-274).
n- Improvement: for CVEs for which a severity score is not yet available, “N/A” is now displayed instead of the misleading severity “0.0” (#GEA-224, #GS-1160, #GS-4648, #GS-1118, #GS-1144).
n- Improvement: override texts of up to 300 characters are now also included in the report formats GSR PDF, GXR PDF, Vulnerability Report HTML, and Vulnerability Report PDF (#GEA-85).
n- Improvement: the limit for override texts included in the report formats Anonymous XML,
u00a0XML and TXT was increased from 60 to 300 characters (#GEA-86).
n- Improvement: the Assets >
u00a0TLS Certificates list page now lists the TLS certificates by their subject distinguished name (“Subject DN”) instead of their issuer (#GEA-202).
n- Improvement: it is now possible to specify the port used for an SCP alert. A corresponding input box was added to the dialog (#GEA-280, #GS-1555).
n- Improvement: an option to ignore pagination was added to the report content composer for
u00a0alerts (#GEA-124, #GS-3911, #GS-4271).
n- Improvement: when changing the user password for the web interface, an error message is now displayed if the old password is incorrect or missing (#GEA-175).
n- Bug fix: an error was fixed where downloading a report in the report formats Vulnerability Report HTML and Vulnerability Report PDF sometimes resulted in empty files (#GEA-209, #GS-1308).
n- Bug fix: an error was fixed where scheduled tasks sometimes did not run at the correct time when the time zone PST/PDT was used (#GEA-114).
n- Bug fix: an error was fixed where delta reports contained results that could not be accessed (#GEA-247, #GS-958).
n- Bug fix: an error was fixed where e-mail alerts with the condition “Severity Level changed”, “Severity Level increased” or “Severity Level decreased” caused an SQL error in the logs if the task had no previous reports (#GEA-246).
n- Bug fix: an incomplete sub-page that should not have been available but could be accessed by entering a URL directly has been removed (#GEA-177, #GS-4392)
n- Minor improvement: the included appliance manual was updated to the current version from 2023-10-09 (#PR-746).
n- Minor bug fix: an error was fixed where dashboard diagrams showing a resource “by CVSS” (e.g., “Hosts by CVSS”) displayed 10.9 as the highest severity when hovering over the associated column (#GEA-265).
n- Minor bug fix: an error was fixed where the process title of gvmd displayed a duplicated “gvmd: gvmd:” (#GEA-240).
n
n
n- Vulnerability Scanning:
n
n- Minor improvement: the system log message indicating when the Notus scanner is running has been simplified and is now only displayed when the requirements for Notus scanner operation are met (#SC-902).
n
n
n
n
n
22.04.14 (2023-08-31):
n
n
n- Greenbone OS:
n
n- Improvement: the the company name displayed in the GOS administration menu and the SNMP MIBs was updated to show the new company name „Greenbone AG“ (#GOS-1494).
n- Improvement: the RAM limit of the appliance model Greenbone Enterprise 150 was increased from 6 GB to 8 GB (#GOS-1584).
n- Bug fix: on the sensor appliances, Greenbone Enterprise 35 and Greenbone Enterprise 25V, an error was fixed where
u00a0gos-grub was missing a dependency to e2fsprogs which resulted in an error message when starting the appliance (#GOS-1576).
n- Security fix: the microcode included in the hardware kernels of the appliance models Greenbone Enterprise 6500/5400/650 R2/600 R2/450 R2/400 R2 were upgraded to the state of the release microcode-20230808 (CVE-2022-40982).
n- Security fix: the Linux kernel was upgraded from version 5.10.179-1 to version 5.10.191-1 for virtual appliances (CVE-2022-4269, CVE-2022-39189, CVE-2022-40982, CVE-2023-1206, CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-2124, CVE-2023-2156, CVE-2023-2269, CVE-2023-2898, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3268, CVE-2023-3269, CVE-2023-3338, CVE-2023-3389, CVE-2023-3390, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3863, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-20588, CVE-2023-20593, CVE-2023-21255, CVE-2023-21400, CVE-2023-31084, CVE-2023-31248, CVE-2023-32250, CVE-2023-32254, CVE-2023-34319, CVE-2023-35001, CVE-2023-35788, CVE-2023-40283).
n- Security fix: the Linux kernel was upgraded from version 5.10.186-greenbone1 to version 5.10.192-greenbone-1 for hardware appliances (CVE-2022-4269, CVE-2022-39189, CVE-2022-40982, CVE-2023-1206, CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-2124, CVE-2023-2156, CVE-2023-2269, CVE-2023-2898, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3268, CVE-2023-3269, CVE-2023-3338, CVE-2023-3389, CVE-2023-3390, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3863, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-20588, CVE-2023-20593, CVE-2023-21255, CVE-2023-21400, CVE-2023-31084, CVE-2023-31248, CVE-2023-32250, CVE-2023-32254, CVE-2023-34319, CVE-2023-35001, CVE-2023-35788, CVE-2023-40283).
n- Minor bug fix: an error was fixed where setting the GOS state variable max_ips_per_target to 0 in the GOS shell caused the gvmd service to fail. The minimum input value for
u00a0max_ips_per_target
u00a0is now 1 (#GOS-1539).
n- Minor bug fix: a superfluous GnuPG key ring file for the OpenVAS scanner was removed from GOS (#GOS-1572).
n- Minor security fix: a missing kernel-side mitigation for the ‘Processor MMIO Stale Data’ and ‘SRBDS – Special Register Buffer Data Sampling’ hardware appliance vulnerabilities was added for the appliance models Greenbone Enterprise 650 R2/600 R2/450 R2/400 R2 (#GOS-1541).
n
n
n- Vulnerability Management:
n
n- Improvement: the product logo on the web interface was replaced to show the correct product name “Greenbone Enterprise Appliance” (#GOS-1538).
n- Improvement: the error message displayed when clicking a CPE name that does not have a linked CPE entry was reworded to clarify the reasons for a missing CPE entry (#GEA-207, #GS-43).
n- Improvement: the performance when editing scan configurations or policies on the web interface has been improved (#GEA-235).
n- Improvement: the performance of gvmd rebuilds has been further improved (#GEA-235).
n- Bug fix: an error was fixed where the setting Use workaround default certificate for an alert with the TippingPoint SMS method
u00a0was not saved (#GEA-181, #GEA-230, #GS-4209).
n- Bug fix: an error was fixed where uploading an unsupported certificate file format for an alert with the TippingPoint SMS method did not show a warning but silently corrupted the alert data used by gmvd (#GEA-254).
n- Bug fix: an error was fixed where IP addresses were cropped in the
u00a0Top 10 Hosts overview of the report formats Vulnerability Report PDF and Vulnerability Report HTML (#GEA-46, #GS-3693).
n- Bug fix: an error was fixed where in rare cases scan reports could not be deleted (#GEA-2, #GS-2073).
n- Bug fix: an error was fixed where in rare cases only a partial response would be received via the GMP API (#GEA-235).
n- Minor bug fix: an error was fixed where the “?” icon on the page
u00a0SecInfo > NVTs did not lead to the correct user manual section (#GEA-262).
n- Minor bug fix: an error was fixed where the browser tab of the web interface showed incorrect and changing text when logging in and out of the web interface (#GEA-1543).
n- Minor improvement: when a user with the Super Admin role changes their own user settings, a warning is now displayed explaining that saving the changes will log the user out immediately (#GEA-37).
n- Minor improvement: the included appliance manual was updated to the current version from 2023-08-14 (#PR-718).
n
n
n- Vulnerability Scanning:
n
n- Bug fix: an additional error was fixed where not every JSON string was parsed correctly during inter-process communication (#SC-886).
n
n
n
n
n
u00a0
n
22.04.13 (2023-07-17):
n
n- Vulnerability Management:
n
n- Major bug fix: another error was fixed where scan tasks appeared to be frozen on gvmd side/the web interface, while they were actually progressing or even finishing on ospd/ospd-openvas side. This problem could occur when both error messages (e.g., from VT timeouts) and duplicated scan results occurred at the same time during a scan (#GEA-250, #GS-4727, #GS-4734, #GS-4780).
n- Bug fix: an error was fixed where a gvmd rebuild could cause a segmentation fault when VT preference names in old scan configurations were updated (#GEA-245).
n- Minor improvement: the included appliance manual was updated to the current version from 2023-07-14 (#PR-696).
n
n
n
n
22.04.12 (2023-07-10):
n
n
n- Greenbone OS:
n
n- Improvement: the package python-gvm included in GOS was updated to version 23.5.1 (#PR-644).
n- Security fix: the Linux kernel was upgraded from version 5.10.180-greenbone1 to version 5.10.186-greenbone1 for hardware appliances (CVE-2023-35788).
n- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u4 to version 1.1.1n-0+deb11u5 (CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650).
n
n
n- Vulnerability Management:
n
n- Major bug fix: an error was fixed where scan tasks appeared to be frozen on gvmd side/the web interface, while they were actually progressing or even finishing on ospd/ospd-openvas side. This problem could occur when unexpected characters were contained in the scan results (#GEA-223, #GS-4639, #GS-4672, #GS-4679, #GS-4727, #GS-4706, #GS-4698, #GS-4712, #GS-4721).
n- Major bug fix: an error was fixed where a gvmd rebuild, which can occur due to hash value mismatches during feed updates, caused failed scan task requests, and missing VT and result names in the SecInfo menu and in scan reports (#GEA-49, #GEA-50, #GS-3459, #GS-3346, #GS-2947, #GS-3367).
n- Security fix: an issue was fixed where scan tasks could cause an SQL error due to missing SQL quoting, potentially allowing a denial of service (DoS) attack against the scan task that triggered the error via SQL-Injection, causing the task to be interrupted (#GEA-226, #GS-4596, #GS-4639, #GS-4672, #GS-4679, #GS-4727, #GS-4706, #GS-4698, #GS-4712, #GS-4721).
n- Improvement: the performance of gvmd rebuilds, which can occur due to hash value mismatches during feed updates, has been improved, and rebuilds should now finish noticeably faster (#GEA-49, #GEA-50).
n- Improvement: the performance of the GMP command get_targets has been improved, which should noticeably speed up the use of menus and dialogs with links to a large number of targets (#GEA-241).
n- Improvement: the usability of the dialog for creating permissions was improved by making it clearer which object the permission refers to and which the related resources are (#GEA-74, #GS-50, #GS-2948).
n- Bug fix: an error was fixed where scan tasks were interrupted at 100 %, if the scan used an alert with the “Filter … matches at least … results more than previous scan” condition (#GEA-146, #GS-4112).
n- Bug fix: an error was fixed where running a CVE scan could sometimes cause subsequent OpenVAS scans to fail (#GEA-211).
n- Bug fix: an error was fixed where the details of TippingPoint alerts did not show any information about the saved TLS certificate (#GEA-180, #GS-4209).
n- Bug fix: an error was fixed where the usage_type element contained the value “(null)” instead of “policy” or “config” when using the GMP command get_configs, which could, for example, cause scan configurations and policies to appear under the wrong menus when manually imported or when moved to the trashcan (#GEA-204, #GEA-225, #GS-4653).
n- Minor improvement: the placeholder subject for an e-mail alert now shows the new, correct product name “Greenbone Enterprise Appliance” instead of the formerly used abbreviation “GSM” (#GOS-1491).
n- Minor improvement: a log message has been added explaining the reason why scans will not run when no feed has been synced on the appliance yet (#GEA-49).
n- Minor improvement: the included appliance manual was updated to the current version from 2023-07-03 (#PR-681).
n- Minor bug fix: an error was fixed where two German translations – in the LDAP authentication dialog and in the SMB alert drop-down menu – were missing (#GEA-163).
n
n
n- Vulnerability Scanning:
n
n- Bug fix: an error was fixed where scans were interrupted if a host was reached for which scanner access had been denied via the user settings, so that further, allowed hosts were not scanned (#SC-837).
n
n
n
n
n
22.04.11 (2023-05-31):
n
n
n
n- Greenbone OS:
n
n- Improvement: the package gvm-tools included in GOS was updated to version 23.4.0 (#PR-615).
n- Improvement: the package python-gvm included in GOS was updated to version 23.4.2 (#PR-615).
n- Security fix: the included package libxml2 was upgraded from version 2.9.10+dfsg-6.7+deb11u3 to version 2.9.10+dfsg-6.7+deb11u4 (CVE-2023-28484, CVE-2023-29469).
n- Security fix: the included package libssh was upgraded from version 0.9.5-1+deb11u1 to version 0.9.7-0+deb11u1 (CVE-2023-1667, CVE-2023-2283).
n- Security fix: the included package postgresql-13 was upgraded from version 13.10-0+deb11u1 to version 13.11-0+deb11u1 (CVE-2023-2454, CVE-2023-2455).
n- Security fix: the Linux kernel was upgraded from version 5.10.162-1 to version 5.10.179-1 for virtual appliances (CVE-2022-2196, CVE-2022-3424, CVE-2022-3707, CVE-2022-4129, CVE-2022-4379, CVE-2023-0045, CVE-2023-0458, CVE-2023-0459, CVE-2023-0461, CVE-2023-1073, CVE-2023-1074, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118, CVE-2023-1281, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1872, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2162, CVE-2023-2194, CVE-2023-22998, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328, CVE-2023-28466, CVE-2023-30456, CVE-2023-0386, CVE-2023-31436, CVE-2023-32233).
n- Security fix: the Linux kernel was upgraded from version 5.10.155-greenbone1 to version 5.10.180-greenbone1 for hardware appliances (CVE-2022-2873, CVE-2022-3545, CVE-2022-3623, CVE-2022-4696, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455, CVE-2022-2196, CVE-2022-3424, CVE-2022-3707, CVE-2022-4129, CVE-2022-4379, CVE-2023-0045, CVE-2023-0458, CVE-2023-0459, CVE-2023-0461, CVE-2023-1073, CVE-2023-1074, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118, CVE-2023-1281, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1872, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2162, CVE-2023-2194, CVE-2023-22998, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328, CVE-2023-28466, CVE-2023-30456, CVE-2023-0386, CVE-2023-31436, CVE-2023-32233).
n
n
n- Vulnerability Management:
n
n- Major bug fix: an error was fixed where new CPEs could not be processed during feed updates, causing the gvmd service to be stuck in a loop (#GEA-208).
n- Improvement: the company name displayed in the footer of the web interface was updated to show the new company name “Greenbone AG” (#GEA-147).
n- Improvement: the Operating Systems list page now shows two columns for Hosts: All and Best OS, making it possible to differentiate between hosts for which the operating system was found at all and hosts for which the operating system is the most suitable operating system (#GEA-117).
n- Bug fix: an error was fixed where subsequent scans against the same scan target sometimes resulted in duplicated scan results (#GEA-51, #GS-169. #GS-3697, #GS-3739).
n- Bug fix: an error was fixed where tasks were set from the scan status “Requested” to “Stopped” when starting a scheduled task manually, but the scanner started the scan nonetheless (#GEA-12, #GS-173, #GS-2919).
n- Bug fix: an error was fixed where the “Product Detection Result” section was missing for results of reports that were imported into a container task (#GEA-135).
n- Bug fix: an error was fixed where false-positive result counts were not shown in the reports overview (#GEA-79).
n- Bug fix: an error was fixed where TippingPoint SMS alerts did not save the specified credentials and used the alphabetically first credentials instead (#GEA-158, #GS-4209).
n- Bug fix: an error was fixed where the line chart on the web interface (e.g., on the CVE page) did not show any lines (#GEA-143, #GS-4105, #GS-4390).
n- Bug fix: an error was fixed where using an alert for the event New CVEs did not work and resulted in SQL errors in the logs (#GEA-129).
n- Bug fix: an error was fixed where an operating system asset was shown to be “in use” and therefore could not be deleted even though no hosts for the operating system were shown in the counter (#GEA-117, #GS-837).
n- Bug fix: an error was fixed where setting the correct permissions for data-objects during feed updates failed for custom roles (#GEA-116, #GS-3860).
n- Bug fix: an error was fixed where successful SNMP authentication was shown as unsuccessful on the web interface if the authentication was successful with one protocol version (e.g., SNMPv3) but unsuccessful with another protocol version (e.g., SNMPv1) (#GEA-131, #GS-3967).
n- Bug fix: an error was fixed where the authentication type LDAP was not correctly displayed in the details preview of a user and on the details page of a user (#GEA-27, #GS-625).
n- Minor improvement: a new debug message to identify duplicate host details was added for the gvmd service (#GEA-182).
n- Minor improvement: when creating an SMB alert, the menu option for using the latest supported SMB version is now called “Default” to avoid confusion (#GEA-161).
n- Minor improvement: the included appliance manual was updated to the current version from 2023-05-15 (#PR-627).
n
n
n
n
n
n
22.04.10 (2023-04-19):
n
n
n- Greenbone OS:
n
n- Bug fix: an error was fixed where after adding a temporary upgrade key, GOS upgrades did not work as expected (#GOS-1082).
n- Bug fix: an error was fixed where GOS upgrades would fail when remote syslog was enabled (#GEA-148, #GS-4153, #GS-4120).
n- Improvement: the package gvm-tools included in GOS was updated to version 23.3.0 (#PR-596).
n- Improvement: the package python-gvm included in GOS was updated to version 23.4.0 (#PR-596).
n
n
n- Vulnerability Management:
n
n- Major bug fix: an error was fixed where opening the details page of a CPE that has associated CVEs caused all RAM and swap to be occupied, leading to gvmd and the web interface being unresponsive (#GEA-138, #GS-4088, #GS-4044, #GS-4115).
n- Major bug fix: an error was fixed where opening the details page of a CPE that has associated CVEs would fail with the error “e.entry.cvss is undefined” or “Cannot read properties of undefined (reading ‘base_metrics’)” (#GEA-157, #GS-4088, #GS-4044, #GS-4115).
n- Bug fix: an error was fixed where reports from CVE scans, both on the web interface and in downloaded reports, only displayed the IP addresses of the scanned hosts and not the host names (#GEA-4, #GS-2458).
n- Improvement: an option to set the maximum SMB version used for an SMB alert was added (#GEA-38, #GS-1588).
n- Improvement: an option to enforce LDAPS for the LDAP authentication was added (#GEA-82, #GS-3777).
n- Minor improvement: the included appliance manual was updated to the current version from 2023-04-14 (#PR-598).
n
n
n- Vulnerability Scanning:
n
n- Minor bug fix: an error was fixed where a traceback occurred if the ospd-openvas service could not locate the scanner binary (#SC-789).
n- Minor improvement: the detection of unreachable (dead) hosts in the end_denial function of the scanner has been improved (#SC-772).
n- Minor improvement: the option sign is now set as a default for the wmi_connect function of the scanner (#SC-779, #GS-1771, #GS-3756, #GS-3628).
n- Minor improvement: support for epoch in RPM package version comparison was added (#SC-795, #GS-3272).
n
n
n
n
n
22.04.9 (2023-03-08):
n
n
n- Greenbone OS:
n
n- Improvement: the package gvm-tools included in GOS was updated to version 23.2.0 (#PR-568).
n- Improvement: the package python-gvm included in GOS was updated to version 23.2.0 (#PR-568).
n- Security fix: the included package syslog-ng was upgraded from version 3.28.1-2 to version 3.28.1-2+deb11u1 (CVE-2022-38725).
n- Minor improvement: if a custom value for the maximum number of concurrent connections to the PostgreSQL database has been configured, it is now included in the GOS support package for debugging purposes (#GEA-25).
n
n
n- Vulnerability Management:
n
n- Bug fix: an error was fixed where creating a downloadable Debian (.deb) credential package was not possible (#GEA-45, #GS-1253, #GS-1628).
n- Bug fix: an error was fixed where the appliance caused re-authentications with RADIUS-2FA every 5 minutes (#GEA-36, #GS-224).
n- Bug fix: an error was fixed where the performance graphs could sometimes not be created (#GEA-28, #GS-3507).
n- Security fix: an issue was fixed where the shared key for RADIUS authentication was stored in plain text (without encryption) in the database and included in the GMP responses (#GEA-41).
n- Security fix: for the included package gsm-greenbone-security-assistant, multiple vulnerabilities in the build dependencies were fixed (#GEA-53).
n- Minor improvement: the included appliance manual was updated to the current version from 2023-02-28 (#PR-581).
n
n
n- Vulnerability Scanning:
n
n- Bug fix: an error was fixed where simultaneously started scans erroneously had the same position in the scan queue (#SC-755, #GS-3450).
n- Bug fix: two potential memory leaks in the misc/bpf_share.c and nasl/nasl_packet_forgery.c functions were fixed (#SC-769).
n
n
n
n
n
22.04.8 (2023-02-15):
n
n
n- Greenbone OS:
n
n- Extension: the SNMP service (GOS menu Setup > Services > SNMP) and the automatic time synchronization via NTP (GOS menu Setup > Timesync) are made available for the appliance model Greenbone Enterprise CENO. To access the newly enabled features it is required to log out and then log back in to the GOS menu (#GEA-31, #GS-3658).
n- Bug fix: an error was fixed where the airgap FTP functionality did not work and the folder /tmp was filled with unwanted data, potentially causing the file system to run out of free space (#GEA-23, #GS-3032).
n- Bug fix: an error was fixed where the optional package gsm-debug could not be installed due to a broken dependency (#GEA-81).
n- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u3 to version 1.1.1n-0+deb11u4 (CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286).
n- Security fix: the Linux kernel was upgraded from version 5.10.158-2 to version 5.10.162-1 for virtual appliances (CVE-2022-2873, CVE-2022-3545, CVE-2022-3623, CVE-2022-4696, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455).
n
n
n- Vulnerability Management:
n
n- Minor improvement: the included appliance manual was updated to the current version from 2023-02-14 (#PR-572).
n
n
n
n
n
22.04.7 (2023-01-26):
n
n
n- Greenbone OS:
n
n- Bug fix: an error was fixed where formatting a USB drive to serve as a GOS backup device was not possible (#GOS-1287, #GS-3610).
n- Security fix: the included package libksba8:amd64 was upgraded from version 1.5.0-3+deb11u1 to version 1.5.0-3+deb11u2 (CVE-2022-47629).
n- Minor improvement: the gos-network-manager self-check now fails only when an error occurs for the corresponding service. Previously, it failed if an error or warning occurred for the service. Warnings are still logged in the system log for debugging purposes, however (#GOS-1266, #GS-3437).
n
n
n- Vulnerability Management:
n
n- Bug fix: an error was fixed where many special characters were not accepted in the names and comments of multiple web interface objects (#DEVOPS-475, #DEVOPS-477, #GS-3509, #GS-3549, #GS-3608, #GS-3629, #GS-3649).
n- Bug fix: an error was fixed where reports sent via alerts did not contain all results they were supposed to contain according to the configured filter (#T4-420, #GS-3458).
n- Bug fix: an error was fixed where manually triggering an alert for a report always sent the report for the latest scan run of that task and not for the triggered one (#T4-411).
n- Bug fix: an error was fixed where the LDAP version could get wrongly set to 2 instead of 3 when STARTTLS was disabled, resulting in the LDAPS connection not being possible (#T4-398).
n- Security fix: the attribute “SameSite=Strict” was set for the cookies used by the web interface (#T3-509).
n- Minor improvement: the included appliance manual was updated to the current version from 2023-01-16 (#PR-557).
n
n
n- Vulnerability Scanning:
n
n- Bug fix: an error was fixed where the OpenVAS scanner was still processing vulnerability tests after the corresponding scan task was stopped (#SC-744).
n- Bug fix: an error was fixed where the Notus package comparison was not working correctly for packages containing a “~” in the version, causing false-positive results (#SC-752, #SC-754, #GS-3051, #GS-3499).
n- Bug fix: an error was fixed where the ospd-openvas service could not start normally when a corresponding empty .pid file existed (#SC-746).
n- Bug fix: an error was fixed where the Notus scanner could not start normally when a corresponding empty .pid file existed (#SC-748).
n- Bug fix: an error was fixed where not every JSON string was parsed correctly during inter-process communication, potentially causing interrupted scan tasks (#SC-747).
n- Minor improvement: the openvas-wmiclient library was updated to provide better Windows Management Instrumentation (WMI) support when scanning Windows Server 2022 targets (#SC-645).
n
n
n
n
n
22.04.6 (2022-12-15):
n
n
n- Vulnerability Management:
n
n- Major improvement: the new WID-SEC format of the CERT-Bund advisories which has been available since June 2022, is now also supported. Numerous new WID-SEC advisories have been added to the feed and are visible on the web interface under SecInfo > CERT-Bund Advisories (#DEVOPS-355).
n- Minor improvement: the included appliance manual was updated to the current version from 2022-12-13 (#PR-541).
n
n
n- Vulnerability Scanning:
n
n- Improvement: if a database inconsistency is detected while performing a vulnerability test, the vulnerability test is now aborted immediately, since the result is lost anyway. In addition, the method for detecting such inconsistencies has been improved (#SC-647).
n- Bug fix: an error was fixed where JSON strings were not parsed correctly during inter-process communication, causing interrupted scan tasks (#SC-738).
n
n
n
n
n
22.04.5 (2022-12-01):
n
n
n- Greenbone OS:
n
n- Status: The lifecycle status of GOS 22.04 was set to “mature”. (#GOS-1267).
n- Bug fix: an error was fixed where copying files via SCP to or from the appliance was not possible as the openssh server configuration of GOS was not compatible with newer openssh versions (#GOS-883).
n- Security fix: the Linux kernel was upgraded from version 5.10.140-1 to version 5.10.155-greenbone1 for hardware appliances and to version 5.10.149-2 for virtual appliances (CVE-2021-4037, CVE-2022-0171, CVE-2022-1184, CVE-2022-2602, CVE-2022-2663, CVE-2022-3061, CVE-2022-3176, CVE-2022-3303, CVE-2022-20421, CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722).
n- Security fix: the included package libxml2:amd64 was upgraded from version 2.9.10+dfsg-6.7+deb11u2 to version 2.9.10+dfsg-6.7+deb11u3 (CVE-2022-40303, CVE-2022-40304).
n- Security fix: the included package libexpat1:amd64 was upgraded from version 2.2.10-2+deb11u4 to version 2.2.10-2+deb11u5 (CVE-2022-43680).
n- Security fix: the included package isc-dhcp-client was upgraded from version 4.4.1-gos2110+1 to version 4.4.1-2.3+deb11u1 (CVE-2022-2928, CVE-2022-2929).
n- Security fix: the included packages libkrb5-3:amd64, libkrb5support0:amd64 and libgssapi-krb5-2:amd64 were upgraded from version 1.18.3-6+deb11u2 to version 1.18.3-6+deb11u3 (CVE-2022-42898).
n
n
n- Vulnerability Management:
n
n- Bug fix: an error was fixed where selecting the permission scope, i.e., whether it should be created only for the resource, for related resources as well or only for related resources, was not possible when creating a permission via the object’s details page (#T4-276).
n- Minor improvement: the included appliance manual was updated to the current version from 2022-11-25 (#PR-536).
n
n
n- Vulnerability Scanning:
n
n- Major bug fix: an error was fixed where scans would get stuck for no apparent reason (#SC-741).
n- Bug fix: an error was fixed where RPM packages for Mageia were not detected correctly, causing false-negative results (#SC-722).
n
n
n
n
n
22.04.4 (2022-11-01):
n
n
n- Greenbone OS:
n
n- Improvement: the package gvm-tools included in GOS was updated to version 22.9.0 (#PR-499).
n- Improvement: the package python-gvm included in GOS was updated to version 22.9.1 (#PR-499).
n- Security fix: the included package libksba8:amd64 was upgraded from version 1.5.0-3 to version 1.5.0-3+deb11u1 (CVE-2022-3515).
n- Security fix: the included package python3-django was upgraded from version 2:2.2.28-1 to version 2:2.2.28-1~deb11u1 (CVE-2022-22818, CVE-2022-23833, CVE-2022-28346, CVE-2022-28347, CVE-2022-34265, CVE-2022-36359, CVE-2022-41323).
n- Security fix: the included package libdbus-1-3:amd64 was upgraded from version 1.12.20-2 to version 1.12.24-0+deb11u1 (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012).
n- Bug fix: an error was fixed where the switch release from GOS 21.04 to GOS 22.04 would fail if the PostgreSQL package was updated to version 13.8.0 or later (#GOS-1143).
n
n
n- Vulnerability Management:
n
n- Bug fix: an error was fixed where the migration of the gvmd database would fail if the PostgreSQL package was updated to version 13.8.0 or later (#T3-364).
n- Minor improvement: the included appliance manual was updated to the current version from 2022-10-24 (#PR-506).
n
n
n- Vulnerability Scanning:
n
n- Improvement: support for Slackware Linux packages was added to the Notus scanner (#SC-637).
n- Improvement: the list of default TCP ports which the Boreas Alive Scanner uses for the alive test was improved and now contains the Nmap top 20 ports (#SC-663).
n- Improvement: the new scanner preference alive_test_ports was added to configure the TCP ports used by the Boreas Alive Scanner for the alive test. The setting only has an effect on the alive tests TCP-ACK Service Ping and TCP-SYN Service Ping (#SC-689).
n- Improvement: the new scanner preference test_alive_wait_timeout was added to configure the timeout of the Boreas Alive Scanner (#SC-680).
n- Improvement: the Redis caches for OpenVAS and Notus were separated, the nvticache module now only handles OpenVAS VTs and the Notus cache module now only handles Notus advisories (#SC-692).
n- Improvement: a fork observing mechanism was added which makes it possible to track every fork within a parent process, to manage forked children and to set limits to the number of possible forks (#SC-565).
n- Bug fix: an error was fixed where the values set for Maximum concurrently scanned hosts and Maximum concurrently executed NVTs per host were limited to 15 and 10 respectively, even if the appliance model supported larger values (#SC-696).
n- Bug fix: an error was fixed where the Quality of Detection (QoD) was incorrectly displayed on the web interface and in scan reports for Notus VTs (#SC-683).
n- Bug fix: an error was fixed where tasks were interrupted when the severity_vector tag of a VT contained additional metrics other than the base score metrics (#SC-706).
n- Bug fix: an error was fixed where version ranges defined for a lower version bound were ignored by the Notus scanner leading to a broken version range comparison for RPM packages (#SC-694).
n- Bug fix: an error was fixed where comparing the two RPM packages for Oracle Linux did not work correctly due to “1.1.1c” being parsed as “1.1.1rc0”, leading to false-positive results (#SC-691, #GS-3085).
n- Bug fix: an error was fixed where comparing RPM packages for Oracle Linux that contain fips or ksplice did not work correctly and led to false-positive results (#SC-690, #GS-3085).
n- Bug fix: an error was fixed where Debian packages containing a “-” were parsed incorrectly, leading to false-positive results (#SC-682, #SC-684, #GS-3034, #GS-3051, #GS-3188, #GS-3189).
n- Bug fix: an error was fixed where the comparison for Debian packages was not correct, as the single parts of the version were not compared part by part, but as a whole, leading to false-positive results (#SC-677).
n- Minor improvement: the error message issued when chdir fails has been reworded from “Not able to open nor to locate it in include paths” to “Not able to change working directory to” to avoid confusion (#PR-500).
n
n
n
n
n
22.04.3 (2022-10-06):
n
n
n- Greenbone OS:
n
n- Security fix: the included package libexpat1:amd64 was upgraded from version 2.2.10-2+deb11u3 to version 2.2.10-2+deb11u4 (CVE-2022-40674).
n- Security fix: the included packages libgdk-pixbuf-2.0-0:amd64 and libgdk-pixbuf2.0-common were upgraded from version 2.42.2+dfsg-1 to version 2.42.2+dfsg-1+deb11u1 (CVE-2021-44648, CVE-2021-46829).
n- Minor improvement: if it exists, the superfluous file /var/lib/redis/dump.rdb is removed automatically when upgrading to GOS 22.04.3 or later (#GOS-1141).
n
n
n- Vulnerability Management:
n
n- Improvement: a problem was fixed where the filter keyword first was used twice for different filter functions and thus, filtering for tasks having a first report within a certain period of time was not possible. To filter for the time of the first or last report respectively, the new filter keywords first_report_created and last_report_created have been added. These replace the previously documented keywords first and last, which are thereby deprecated for this use case
u00a0(#T3-226).
n- Minor improvement: the included appliance manual was updated to the current version from 2022-10-05 (#PR-482).
n
n
n- Vulnerability Scanning:
n
n- Major bugfix: an error was fixed where Redis occupied an increasing amount of RAM and disk space after every reboot or VT reload, which could negatively affect system stability and scan performance (#SC-675, #SC-679, #GS-2809, #GS-2836, #GS-3000, #GS-3021).
n- Bugfix: an error was fixed where Notus used the Redis namespace 0 for the advisories and not an own namespace (#SC-678).
n
n
n
n
n
22.04.2 (2022-09-12):
n
n
n- Greenbone OS:
n
n- Major bug fix: an error was fixed where activating the SNMP service was not possible and thus, no SNMP connection to the appliance could be established (#GOS-1081).
n- Improvement: a file system check is now run by default when booting a virtual appliance (#GOS-880, #GS-2111, #GS-1986, #GS-2170, #GS-2324).
n- Security fix: the kernel of the hardware appliances was upgraded from version 5.10.127 to version 5.10.136 (CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901, CVE-2022-36879 and CVE-2022-36946).
n- Improvement: the included package python-gvm was upgraded from version 22.6.1 to version 22.8.0 to assure full compatibility with GOS 22.04/GVM 22.4 (#GOS-1084).
n- Security fix: the included package libxslt was upgraded from version 1.1.34-4+deb11u1 to version 1.1.34-4+deb11u1 (CVE-2021-30560).
n- Security fix: the included package open-vm-tools was upgraded from version 2:11.2.5-2 to version 2:11.2.5-2+deb11u1 (CVE-2022-31676).
n- Security fix: the included package zlib was upgraded from version 1:1.2.11.dfsg-2+deb11u1 to version 1:1.2.11.dfsg-2+deb11u2 (CVE-2022-37434).
n
n
n- Vulnerability Management:
n
n- Minor improvement: the included appliance manual was updated to the current version from 2022-08-30 (#GOS-1084).
n
n
n- Vulnerability Scanning:
n
n- Improvement: ospd-openvas now tries to connect to the MQTT broker every 10 seconds if the last attempt failed to ensure that there is a broker connection even if ospd-openvas was started without a broker running (#SC-651).
n- Bug fix: an error was fixed where duplicate results or results of other scans appeared in the scan report (#SC-378, #SC-34, #GS-403).
n- Bug fix: an error was fixed where scans were continued in the background although they were stopped by the user (#SC-624, #GS-1864).
n- Bug fix: an error was fixed where nmap continued scanning although the scan was stopped by the user (#SC-626, #GS-1654).
n- Bug fix: an error was fixed where, in case no MQTT broker was running, notus-scanner ended with a ConnectionRefuseError as an exception (#SC-650).
n- Bug fix: an error was fixed where ospd-openvas data-pickle-files were not cleaned up properly, causing the root volume to fill up (#SC-643, #GS-2457).
n- Bug fix: an error was fixed where ospd-openvas stopped working instead of showing an error message when the sha256sums files were missing (#SC-646, #DEVOPS-314).
n- Bug fix: an error was fixed where Notus-based VTs did not include references in the vulnerability and result detail overviews (#SC-648).
n- Bug fix: an error was fixed where ospd-openvas got stuck when starting the appliance (#SC-662).
n- Bug fix: an error was fixed where SSL/TLS enabled services were not detected correctly (#SC-659, #GS-2774, #GS-2803, #GS-2836).
n- Minor improvement: a case where a missing scan_id threw an error with stacktrace in the logs was changed to a warning message, as this does not block the execution of ospd-openvas (#SC-285, #GS-156).
n- Minor improvement: the socket_negotiate_ssl called() logs now also show the target host’s IP addresses (#SC-625).
n
n
n
n
n
22.04.1 (2022-08-19):
n
n
n- Greenbone OS:
n
n- Major bugfix: an error was fixed where the checksum file signature verification of the Greenbone Enterprise Feed failed, which also impeded the scanning functionality (#GOS-1079).
n- Security fix: the RPC library libtirpc that is included in GOS was upgraded from version 3_1.3.1-1 to version 1.3.1-1+deb11u1 (CVE-2021-46828).
n- Security fix: the library GnuTLS was upgraded from version 3.7.1-5+deb11u1 to version 3.7.1-5+deb11u2 (CVE-2022-2509).
n- Security fix: the included InfoZIP’s unzip program version was upgraded from version 6.0-26 to version 6.0-26+deb11u1 (CVE-2022-0529 and CVE-2022-0530).
n- Security fix: the package samba that is included in GOS was upgraded from version 2:4.13.13+dfsg-1~deb11u4 to version 2:4.13.13+dfsg-1~deb11u5 (CVE-2022-2031,
u00a0CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746).
n- Security fix: the packages libldb and python3-ldb were upgraded from version 2:2.2.3-2~deb11u1 to version 2:2.2.3-2~deb11u2 (CVE-2022-32745).
n- Security fix: the included package openssl was upgraded from version openssl_1.1.1n-0+deb11u2 to version openssl_1.1.1n-0+deb11u3 (CVE-2022-2068).
n
n
n- Vulnerability Management:
n
n- Minor improvement: the included appliance manual was updated to the current version from 2022-08-18 (#GOS-1065).
n
n
n
n
n
22.04.0 (2022-08-08):
n
Notus Scanner
n
With GOS 22.04, the new Notus Scanner is implemented. It scans after every regular scan, so no user interaction is necessary.
n
The Notus Scanner offers better performance due to less system resource consumption and thus, faster scanning.
n
When creating a scan configuration manually and the Notus Scanner is supposed to work, the VT Determine OS and list of installed packages via SSH login (OID: 1.3.6.1.4.1.25623.1.0.50282) must be activated.
n
The Notus Scanner replaces the logic of potentially all NASL-based local security checks (LSCs). A comparison of installed software on a host against a list of known vulnerable software is done instead of running a VT script for each LSC.
n
The regular OpenVAS Scanner loads each NASL LSC individually and executes it one by one for every host. A single known vulnerability is then compared to the installed software. This is repeated for all LSCs.
n
With the Notus Scanner, the list of installed software determined during a scan is directly compared to all known vulnerabilities. This eliminates the need to run the LSCs because the information about the known vulnerable software is collected in one single list and not distributed in individual NASL scripts.
n
Currently, Notus data exists for a limited number of LSC VT families. For the list of supported LSC VT families, please refer to the Greenbone Enterprise Appliance manual.
n
The setting Report vulnerabilities of inactive Linux kernel(s) separately in the VT Options for Local Security Checks is deprecated. However, the setting is still visible, but no longer functional.
n
Appliance Feature Set
n
With GOS 22.04, the feature set for some appliances is extended:
n
n- The SNMP service (GOS menu Setup > Services > SNMP) is made available for the appliance models Greenbone Enterprise 150, Greenbone Enterprise 35, Greenbone Enterprise CENO and Greenbone Enterprise 25V.
n- The automatic time synchronization via NTP (GOS menu Setup > Timesync) is made available for the appliance models Greenbone Enterprise CENO and Greenbone Enterprise 25V.
n- The remote and local backup functionality (GOS menus Setup > Backup, Maintenance > Backup > Incremental Backup and Maintenance > Backup > List) is made available for the appliance model Greenbone Enterprise CENO.
n
n
Virtual Appliances
n
With GOS 22.04, the virtual hard disk sizes for virtual appliances are changed.
n
The new sizes are:
n
n- Greenbone Enterprise EXA: 225 GB
n- Greenbone Enterprise DECA/PETA/EXA: 220 GB
n- Greenbone Enterprise CENO: 135 GB
n- Greenbone Enterprise ONE: 130 GB
n- Greenbone Enterprise 25V: 70 GB
n
n
The new sizes are only relevant for newly installed virtual appliances. Upgraded appliances keep their partition layout and thus, their required disk size.
n
HTTP Web Interface Access
n
With GOS 22.04, unencrypted HTTP access for the web interface is not supported anymore. HTTPS must be used instead.
n
A valid HTTPS certificate (either self-signed, or signed by a CA) must now be configured on the appliance to use the web interface.
n
Backups
n
Password for Remote Backup Repository
n
With GOS 22.04, it is possible to change the password of the remote backup repository. For this, the menu option Setup > Backup > Backup Password is added to the GOS administration menu. The menu option is only visible if the backup location is configured as remote.
n
Changing the backup password is recommended.
n
If multiple appliances use the same remote backup repository, it is recommended that each appliance uses its own unique backup password.
n
obnam
n
With GOS 20.08, the backend for managing backups in GOS was changed from obnam to restic. However, obnam remained available in GOS 20.08 and 21.04 as did the backups created with obnam in GOS 6 or earlier.
n
With GOS 22.04, obnam and all backups created with obnam are removed. Incremental backups created with GOS 6 and earlier will be removed due to incompatibility and to reclaim disk space.
n
If these old backups should be kept, a copy of the files must be made before upgrading to GOS 22.04. If there are any questions, contact the Greenbone Enterprise Support.
n
Mail Server
n
With GOS 22.04, a new option for enforcing the usage of SMTPS for e-mails sent by a Greenbone Enterprise Appliance is added.
n
For this, the GOS administration menu contains the new menu Setup > Mail > SMTP Enforce TLS.
n
Web Interface
n
Business Process Map
n
With GOS 22.04, the Business Process Map (BPM) functionality is removed from the web interface. Existing Business Process Maps will be deleted and will not be recoverable. If the information contained in a Business Process Map is to be saved, this must be done in GOS 21.04.
n
Task Setting Network Source Interface
n
With GOS 22.04, the task setting Network Source Interface is removed. If this setting was previously configured for a task, it will be ignored.
n
User Setting Interface Access
n
As the task setting Network Source Interface is removed with GOS 22.04, the user setting Interface Access is removed as well. If this setting was previously configured for a user, it will be ignored.
n
OVAL Definitions
n
With GOS 22.04, the OVAL definitions are removed from the SecInfo management in the web interface. The previous OVAL definitions were outdated and no longer served any purpose.
n
OSP Scanners
n
With GOS 22.04, the scanner type OSP Scanner is removed. It is no longer possible to create OSP scanners and select them to run scans.
n
This only affects the scanner type OSP Scanner, not the OSP protocol in general. The scanner type Greenbone Sensor will continue to use OSP.
n
Quality of Detection (QoD)
n
With GOS 22.04, the new quality of detection (QoD) level package_unreliable is implemented with a QoD of 30 %. It is used for authenticated package-based checks which are not always fully reliable for, e.g., Linux(oid) systems.
n
Greenbone Management Protocol (GMP)
n
The Greenbone Management Protocol (GMP) has been updated to version 22.04 and the API has been adjusted slightly. The usage of some commands has changed and several commands, elements and attributes have been deprecated. The complete reference guide and the list of changes are available here.
n
