oscap is broken in ubuntu 19.10
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openscap (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bionic |
Fix Released
|
Low
|
Unassigned | ||
Focal |
Fix Released
|
Low
|
Unassigned | ||
Groovy |
Fix Released
|
Low
|
Unassigned |
Bug Description
[Impact]
The bug causes oscap to fail to run with OVAL files produced by the Ubuntu Security team.
This is the upstream issue: https:/
The fix is simple and I've tested in under bionic, eoan, and focal.
The patch corrects an typo or copy/paste error in the original code.
https:/
[Test Case]
This can be reproduced on eoan and focal by following the instructions for using ubuntu security oval data here: https:/
The bug does not manifest directly in bionic but if you include libopenscap8 in a snap based on core18, the version of oscap in the snap will produce the same behavior when you run the snap on eoan or focal
[Regression Potential]
The potential for regression seems low in this case. I've built the deb locally for bionic, eoan, and focal and smoke tested in in VMs using the ubuntu security OVAL files and the test file from the comment below https:/
If a regression were to exist, it would likely manifest itself with a runtime error much like the original problem.
#######
ORIGINAL BUG REPORT BELOW
#######
oscap segfaults while trying to check using ubuntu-security definitions:
The command:
oscap oval eval --report /tmp/oscap_
Segfault:
...
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Probe with PID=26379 has been killed with signal 11 [../../
Probe with PID=26379 has core dumped. [../../
Unable to close probe sd [../../
Unable to receive a message from probe [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Invalid oval result type: -1. [../../
Probe with PID=26393 has been killed with signal 11 [../../
Probe with PID=26393 has core dumped. [../../
Unable to close probe sd [../../
Unable to receive a message from probe [../../
Invalid oval result type: -1. [../../
The OVAL definitions are taken directly from https:/
Version:
oscap --version
OpenSCAP command line tool (oscap) 1.2.16
Copyright 2009--2017 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ====
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1
==== Capabilities added by auto-loaded plugins ====
SCE Version: 1.0 (from libopenscap_
==== Paths ====
Schema files: /usr/share/
Default CPE files: /usr/share/
Probes: /usr/lib/
Changed in openscap (Ubuntu Bionic): | |
importance: | Undecided → Low |
Changed in openscap (Ubuntu Eoan): | |
importance: | Undecided → Low |
Changed in openscap (Ubuntu Focal): | |
importance: | Undecided → Low |
Changed in openscap (Ubuntu Groovy): | |
status: | Confirmed → Fix Released |
no longer affects: | openscap (Ubuntu Eoan) |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
tags: |
added: verification-done-focal removed: verification-needed-focal |
Status changed to 'Confirmed' because the bug affects multiple users.