New OpenVAS releases
The OpenVAS developers have announced the sixth maintenance release of the openvas-libraries 4.0 module, the fifth maintenance release of the openvas-scanner 3.2 module, and the second maintenance release of the OpenVAS Administrator 1.1, the local and remote administrative tool for the Open Vulnerability Assessment System release 4 (OpenVAS-4)
The source tarball for these releases along with checksums and signatures are available for download from the OpenVAS website at http://www.openvas.org/. Binary packages for major GNU/Linux distributions by third parties are expected in the following weeks.
OpenVAS Libraries 4.0.6
This release fixes a cache file management issue and addresses compiler warnings discovered by Henri Doreau.
Many thanks to everyone who has contributed this release: Henri Doreau, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 4.0.5:
- A bug which caused outdated cache files to be used under rare circumstances has been fixed. * Compiler warnings from gcc 4.6 have been addressed.
OpenVAS Scanner 3.2.5
This release addresses a security issue related to the optional use of the external tool “ovaldi” by making file ownership and location more secure. This fixes the issue described in OSVDB-75177.
Many thanks to everyone who has contributed to this release: Michael Wiegand.
Main changes compared to 3.2.4:
- The optional use of the external tool “ovaldi” has been made more secure.
This release makes signal handling and the protocol handshake more consistent with other OpenVAS modules.
Many thanks to everyone who has contributed to this release: Stephan Kleine, Matthew Mundell and Michael Wiegand.
Main changes since 1.1.1:
- Handling of the SIGHUP signal has been made consistent with the other OpenVAS modules. This means that openvas-administrator will no longer exit upon receiving a SIGHUP. *
- OAP: The GET_VERSION command is now allowed before AUTHENTICATE to be consistent with OMP.