OpenVAS 9.0.1 Update to 9.0.3 [Centos]

[DRIgnazGortngschirl]

Please update the packet would be very nice.

Please have a look here for further info's:

[HT43-bqxFqB]

:+1: This would be realy nice, as the current version now reports the update with serverity score of 10 (possible automatically after 6 months of public release). Details https://community.greenbone.net/t/gvm-9-stable-initial-release-2017-03-07/211

[atomicturtle]

its in the works, EL7 is going to require a pretty major support package update to handle the functions here (libgcrypt, libgpg-error, gpgme, gnupg2, libassuan just to name a few). Right now we've gotten as far as building Openvas-libraries, and openvas-scanner. openvas-manager is still failing on some functions.

A more extreme way to solve this is to update core OS packages, but that would have downstream affects on other components on the system, and I dont want to do that. If you're in a position to assist on that please let me know here, and we can coordinate on our slack channel.

[HT43-bqxFqB]

What kind of assistance do you require? Maybe we (Aperto) could offer some help.

[cfi-gb]

as the current version now reports the update with serverity score of 10 (possible automatically after 6 months of public release)

Just a short note / some backgrounds on this. It was chosen to report a severity of 10.0 even if this is not actually vulnerability on the remote host for the following reason:

There where two serious bugs fixed in the scheduler of openvas-scanner in 5.1.2 and 5.1.3 which could cause a lower coverage of vulnerabilities found on the remote host.

The severity might be decreased to a "0.0" / Log level entry in the future or once there is a better way to notify users of outdated components more prominently.

[atomicturtle]

The biggest one to take on would be getting openvas-smb updated, which requires an update/refactoring of the heimdal package. This one is key because without openvas-smb, you cant perform deeper scans on windows.

[atomicturtle]

oh for slack invites: invite@ossec.net!

[atomicturtle]

updates are going to atomic now, less the openvas-smb project. If you can assist!

[maennlse]

Hi, we (auto-)updated to 9.0.3 and ran into several problems.

after the update

• openvas-manager did not start anymore. (looks like certificate path is different now?)
• omp did not work (complained about missing library libgcrypt.so.20)

then we tried to rollback the update (yum history rollback ...) which did not work, because python-SocksiPy-1.00-4.el7.art.noarch.rpm was not found on the repository anymore (https://www*.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/, but its still available on other mirrors: http://mirrors.thzhost.com/atomic/centos/7/x86_64/RPMS/) (so we downgraded openvas packages manually)

you can reproduce (at least) the omp error by following the official documentation from this git repo...

(docker centos 7)
# wget -q -O - https://updates.atomicorp.com/installers/atomic | sh && yum install -y openvas
# rpm -q openvas
openvas-9.0.3-6767.el7.art.noarch
# omp
omp: error while loading shared libraries: libgcrypt.so.20: cannot open shared object file: No such file or directory

anyone else having similar issues?

[oneoffdallas]

Same issue here. My test install no longer starts after upgrading to 9.03.

[sa383218]

Same issues here as well. We're unable to get OpenVAS working on CentOS7 after the minor update to 9.0.3. GSA/openvas-manager is broken due to SQL errors with :

'sql_prepare_internal: sqlite3_prepare failed: near "WITH": syntax' errors

We were able to resolve the libgcrypt issue with omp by changing the LD_LIBRARY_PATH variable:

export LD_LIBRARY_PATH=/opt/atomic/atomic-libgcrypt/root/usr/lib64:/opt/atomic/atomic-libgpg-error/root/usr/lib64

We do have a similar atomic-sqlite package in /opt, but trying to do the same with PATH doesn't appear to work.

[ankush-grover-3pg]

I am also facing the same issue of libgcrypt.so.20 on Centos 7 after upgrade from 9.0.1 to 9.0.3 and I tried export LD_LIBRARY_PATH=/opt/atomic/atomic-libgcrypt/root/usr/lib64:/opt/atomic/atomic-libgpg-error/root/usr/lib64 but still the issue persist.

/usr/sbin/openvassd: error while loading shared libraries: libgcrypt.so.20: cannot open shared object file: No such file or directory

[atomicturtle]

GVM 10.0 packages should be available to address this. Note that upstream has asked that we rebrand many of the packages, so you will see that openvas libraries and manager are now rebranded as "gvm-libs" and "gvmd" respectively. The openvas package has been rebranded "greenbone-vulnerability-manager".

In order to maintain backwards compatibility for the upgrade, these packages are tagged Provides: with their previous names

[Alain75006]

Hi, I am facing errors when I try to update openvas from 9.0.3 to 10 and always after a clean install : Transaction check error: file /usr/bin/openvas-nasl conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64 file /usr/bin/openvas-nasl-lint conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64 file /usr/lib64/libopenvas_misc.so conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64 file /usr/lib64/libopenvas_nasl.so conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64 file /usr/share/man/man1/openvas-nasl.1.gz conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64

Can you help to resolve it ? I had also the same problem when I've tried to update from a working 9.0.1 version to 9.0.3, and now my greenbone is down... Thanks

[jacobamey]

Hi, I am facing errors when I try to update openvas from 9.0.3 to 10 and always after a clean install : Transaction check error: file /usr/bin/openvas-nasl conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64 file /usr/bin/openvas-nasl-lint conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64 file /usr/lib64/libopenvas_misc.so conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64 file /usr/lib64/libopenvas_nasl.so conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64 file /usr/share/man/man1/openvas-nasl.1.gz conflicts between attempted installs of openvas-libraries-9.0.3-6672.el7.art.x86_64 and openvas-scanner-6.0.0-6872.el7.art.x86_64

Can you help to resolve it ? I had also the same problem when I've tried to update from a working 9.0.1 version to 9.0.3, and now my greenbone is down... Thanks

Hi, Alain, I have reported this issue here. It seems to be happening to a few of us. https://github.com/Atomicorp/openvas/issues/9

[atomicturtle]

gvmd has been updated to address this issue, thanks for the report!

[Mb1984]

This is not fixed. Upgrade to GVMD 10 Still cant get gsad to start [root@openvas ~]# systemctl status gsad ● gsad.service - Greenbone Security Assistant (OpenVAS) Loaded: loaded (/usr/lib/systemd/system/gsad.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since Mon 2019-04-29 23:37:52 EDT; 16min ago Process: 6943 ExecStart=/usr/sbin/gsad $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 6946 (code=exited, status=1/FAILURE)

Apr 29 23:37:51 openvas. systemd[1]: Unit gsad.service entered failed state. Apr 29 23:37:51 openvas. systemd[1]: gsad.service failed. Apr 29 23:37:52 openvas. systemd[1]: gsad.service holdoff time over, scheduling restart. Apr 29 23:37:52 openvas.systemd[1]: Stopped Greenbone Security Assistant (OpenVAS). Apr 29 23:37:52 openvas. systemd[1]: start request repeated too quickly for gsad.service Apr 29 23:37:52 openvas.systemd[1]: Failed to start Greenbone Security Assistant (OpenVAS). Apr 29 23:37:52 openvassystemd[1]: Unit gsad.service entered failed state. Apr 29 23:37:52 openvas. systemd[1]: gsad.service failed.

I get that GVMD replaces GSAD? right? Well GVMD starts but I still cant get my weblink to load