SuMa - Audit function

pkurekpkurek New or Quiet Member
Hello all,

we are using suse manger 3.2.13 and it works fine so far.

i also tried the CVE Audit function with the "Ghostcat" example but i don´t understand this mechanic.
When i search after the CVE-2020-1938 (ghostcat) i get the error

"The specified CVE number was not found. This can happen for very old or yet-unknown numbers, please also check it for possible typing errors."
I checked the last CVE update and also start a single run shedule for the "cve-server-channels" without success.

When i search after an older CVE (CVE-2019-11477) the system work as designed and i am able to see my affected machines.
some CVE are working fine and some are not available.

But why doesn´t it work on new CVE where i have a need to check the vulnerability of my servers?
Can somebody help here?

Best Regards
Patrick

Comments

  • malcolmlewismalcolmlewis Knowledge Partner
    Hi
    AFAIK the mechanics are the CVE needs to exist on the system as a 'patch' (check the patches tab) and is for relevant (registered) systems that either need or have the patch. Are you running systems that have Tomcat running? I see there was an update to my SuMA instance for it (https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-1938)...
  • pkurekpkurek New or Quiet Member
    we have got several servers with affected tomcat installation. (Sles12Sp4 Sles12SP5 Sles15SP1)
    yesterday i was able to update 1 test server with the tomcat installation but it seems that the patch is rolled back because it disappear again and i am not able to patch any other server any more.

    And i am still not able to check my servers with the audit function of this cve. It seems that the patch (checked the patches tab) isn´t mirrored on our SuMa.

    So i am not able to check new security issues still there is an update?
  • malcolmlewismalcolmlewis Knowledge Partner
    pkurek wrote: »
    we have got several servers with affected tomcat installation. (Sles12Sp4 Sles12SP5 Sles15SP1)
    yesterday i was able to update 1 test server with the tomcat installation but it seems that the patch is rolled back because it disappear again and i am not able to patch any other server any more.

    And i am still not able to check my servers with the audit function of this cve. It seems that the patch (checked the patches tab) isn´t mirrored on our SuMa.

    So i am not able to check new security issues still there is an update?
    Hi
    If you have a read of comment 11 in the bug report above and check your systems, are the ok or not?

    In SuMA if you check patches, it has gone after the last sync with the SUSE repositories?
  • pkurekpkurek New or Quiet Member
    Sry for the late response.

    We have some trouble with the Suma that the connection to the scc was lost because of the certificate chain.
    after a manually import of the certificates it works again. Dont know why it appears.



    the Audit function works now with my CVE without any issues.
    best regards and thanks
    Patrick
Sign In or Register to comment.