(Security) OVAL definition may be wrong

Asked by Hombre

recently published OVAL definition (https://people.canonical.com/~ubuntu-security/oval/) may have some breaking change as following:

all definition which referenced 'linux' binary package object, has been affected.

How to reproduce:
for example find definition id: oval:com.ubuntu.xenial:def:2019114770000000
then in criterions find test_ref="oval:com.ubuntu.xenial:tst:2019114770000000"
then in that test, find object: oval:com.ubuntu.xenial:obj:201245420000000, which represent 'linux' package binaries.
in this `dpkginfo_object`, <linux-def:name> used to contain only the name of the binary package, but now it contains a var_ref which points to multiple full name of the most recent binary package for linux kernel image:

         <constant_variable id="oval:com.ubuntu.xenial:var:201245420000000" version="1" datatype="string" comment="'linux' package binaries">

I believe this is an error, an 'linux' binary package should not contain any version information, as can be seen in other packages objects which only contains a name of package.

can you please explain the purpose of this section?

Question information

English Edit question
Ubuntu Edit question
No assignee Edit question
Last query:
Last reply:

Can you help with this problem?

Provide an answer of your own, or ask Hombre for more information if necessary.

To post a message you must log in.