From michael.wiegand at intevation.de Wed Dec 3 15:52:17 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 3 Dec 2008 15:52:17 +0100 Subject: [Openvas-announce] openvas-plugins 1.0.5 released Message-ID: <20081203145217.GH27198@intevation.de> Hello, the OpenVAS developers are happy to announce the release of openvas-plugins 1.0.5. This release is a maintenance release with an updated NVT collection. As with all openvas-plugins releases, it is recommended that you execute the openvas-nvt-sync tool provided by the openvas-server component after installing this release to ensure that your OpenVAS installation has access to the latest NVTs. Main changes from 1.0.4 are: * A large number of new NVTs has been added. * A large number of new NVTs has been updated. * Several NVTs written in C have been updated to improve their 64-bit cleanliness and to build more reliable. This introduces a new dependency on glib to openvas-plugins. * Improved host OS detection when gathering package information from a remote host. * Various bugfixes. * Code cleanup. * Updated packaging for Debian. This release contains contributions by: Tim Brown Hanno Boeck Chandrashekhar B Stjepan Gros Vlatko Kosturjak Thomas Reinke Joey Schulze Jan-Oliver Wagner Michael Wiegand -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Fri Dec 5 15:52:14 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 5 Dec 2008 15:52:14 +0100 Subject: [Openvas-announce] OpenVAS 2.0-rc1 modules released Message-ID: <20081205145214.GF15435@intevation.de> Hello, the OpenVAS developers are happy to announce the release of the 2.0-rc1 versions of openvas-libraries, openvas-libnasl, openvas-server and openvas-client. This release is the first release candidate for the upcoming 2.0 release of OpenVAS. Unless serious bugs are discovered, this release candidate will become the final OpenVAS 2.0 release. Users are encouraged to test this release and to report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . This release marks another milestone towards the improvement of the OpenVAS infrastructure; it uses the finalized version of OTP, the new OpenVAS Transport Protocol which debuted in 2.0-beta1 and has now completely replaced the old Nessus Transport Protocol (NTP). If you have used the 2.0-beta2 release, we recommend that you update all your OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and openvas-client) to 2.0-rc1. If you are currently using the stable 1.0.x branch and want to take part in testing this release candidate, we recommend that you install 2.0-rc1 separately from your OpenVAS 1.0 installation. Instructions on how to do this are available from the OpenVAS website. In either case, you can continue to use openvas-plugins 1.0.x and the OpenVAS NVT Feed, because OpenVAS 2.0 will stay compatible. Please refer to the CHANGES files in the individual modules for detailed information on the changes since the 2.0-beta2 release. Many thanks to everyone who has contributed to this release candidate, keep your patches, suggestions and ideas coming! Regards, Michael Wiegand -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Wed Dec 17 15:35:11 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 17 Dec 2008 15:35:11 +0100 Subject: [Openvas-announce] OpenVAS 2.0.0 Released Message-ID: <20081217143511.GF28795@intevation.de> Network Security Scanner OpenVAS 2.0.0 Released On December 17th, 2008, the OpenVAS[1] developer team released OpenVAS 2.0.0 which marks the start of the next generation of the Open Vulnerability Assessment System for network security scanning. OpenVAS is a fork of the Nessus security scanner which has continued development under a proprietary license since late 2005. Since the release of OpenVAS 1.0.0 in October 2007, the OpenVAS developers continued the auditing of the code inherited from Nessus and have added a variety of useful features for OpenVAS users, for server adminstrators and for developers of Network Vulnerability Tests (NVTs). The main changes compared to the 1.0 series cover: * OVAL Support: OpenVAS 2.0.0 introduces preliminary support for OVAL, the Open Vulnerability and Assessment Language[2]. OVAL is an international, information security, community standard to promote open, standardized and publicly available security content. The OpenVAS server can now execute OVAL files just like its own Network Vulnerability Tests (NVTs) using the OVAL definitions interpreter "ovaldi". While the plain ovaldi tool can only check local systems where it is installed, the combination with OpenVAS enables ovaldi to test any target system for which OpenVAS has collected information. OpenVAS 2.0.0 includes readily available support for Red Hat Enterprise Linux security announcements as published in OVAL format. OVAL support will expand to further platforms. * OpenVAS Transfer Protocol (OTP): A comprehensive audit of the Nessus Transfer Protocol (NTP) resulted in numerous improvements and fixes and lead to the OpenVAS Transfer Protocol (OTP). Since NTP support was dropped entirely, the 1.0 and 2.0 series of OpenVAS Server and Client can not operate in mixed mode. * Object Identifiers (OIDs): In order to make identifying individual NVTs easier, OpenVAS adopted an OID-based numbering scheme for NVTs. OIDs in OpenVAS will start with the prefix 1.3.6.1.4.1.25623, backward compatibility in server and client has been ensured. * 64-bit Support: Intensive work on 64-bit cleanliness has been undertaken. OpenVAS 2.0.0 is expected be fully 64-bit compatible. * Improved GUI Client: The OpenVAS-Client has seen a number of improvements and is now able to display NVT signature information in the GUI and in the various reports. Reporting has been improved as well as localization for various languages (best support in this order: German, Spanish/French, Swedish, Hebrew, Croatian). * Bugfixes: Any spotted bugs have been fixed. Please refer to the CHANGES files supplied with the individual modules for details. * Code Audit: A large amount of outdated or unused code has been idenfied and removed or replaced. Compatibility of NASL NVTs and the OpenVAS Feed Service: The available NVT package (openvas-plugins) and OpenVAS Feed which provides more than 6000 NVTs are compatible for both the 1.0 and the 2.0 series of OpenVAS. Migration from OpenVAS 1.0: If you want to migrate your existing reports created with an 1.0 series client to OpenVAS 2.0.0, please use the script provided in the openvas-client/tools directory. If you are currently using OpenVAS 1.0.x, we recommend that you install the OpenVAS 2.0.0 source code relase seperately from your existing installation. Documentation: An extensive documentation for OpenVAS has been created as well and was recently released. Users, adminstrators and developers can now access more than 100 pages of the OpenVAS Compendium, available in English and German. Downloads: All download links for OpenVAS 2.0.0 and additional information can be found on the OpenVAS website[1]. OpenVAS 2.0.0 is initially relased as a source code release; packages for various distributions are expected to follow. The OpenVAS team would like to thank everybody who has contributed to this release. We have worked hard to bring you the best OpenVAS version. If you have any questions or suggestions, please feel free to use the public mailing list and our online chat. Please use the OpenVAS bug tracker[3] to report bugs. The OpenVAS developers would like to wish all users a recreative holiday season and a a happy new year. [1] http://www.openvas.org [2] http://oval.mitre.org [3] http://bugs.openvas.org -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner