From jan-oliver.wagner at intevation.de Wed Jun 4 22:27:42 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 4 Jun 2008 22:27:42 +0200 Subject: [Openvas-announce] openvas-plugins 1.0.1 released Message-ID: <200806042227.45455.jan-oliver.wagner@intevation.de> Hello, the OpenVAS developers are happy to announce that openvas-plugins 1.0.1 is released. It is recommended that you update your installation with this new version as it extends the test range. Script developers get some new APIs. This is a maintenance release with several new scripts, some package restructuring and packaging support. Outstanding is the up-to-date Debian Local Security Checks, the newly developed base funcationality for writing Windows Local Security Checks and the new base functionality for generic software version tests. openvas-plugins is licensed under GNU GPLv2. Main changes since 1.0.0 (2008-02-05): * 118 additional Debian Local Security Checks Contributed by www.securityspace.com * New: Windows local security checks via smbclient added. The new base library is smbcl_func.inc. A sample test is win_CVE-2007-0043.nasl. The old Nessus Windows Local Security Checks were removed because the base library was under a propritary license. * New methodology to test for software version on a remote host by asking the actual software rather than the RPM/DEB package database (version_func.inc). clamav-CB-A08-0001.nasl (CVE 2007-6335, CVE 2007-6336, CVE 2007-6337) as a sample how this is works. This makes it possible to check for tools that were not installed via the package management (typical for many services). Additionally, the tests are to some extend independent of the operating system of the targets. * openvas-nvt-sync now less verbose. PID file location fixed. * Debian packaging files moved from debian/ to packagig/debian. * New: sample RPM spec files for SUSE and Fedora. * Several bug fixes in .nasl and .inc files. * Removed several obsolete files and docs (e.g. "nessus-update-plugins.in"). * Plugin Factory removed. See also: http://www.openvas.org/openvas-cr-3.html Packagers: You do not need to consider the plugin factory installation files/dirs. * Several .inc NASL files from older Nessus distributions added (the old versions were under GNU GPL while the new ones are not in OpenVAS because they switched to a proprietary license). Download and more information on the OpenVAS Server page: http://www.openvas.org/openvas-server.html Best regards Jan-Oliver Wagner -- Dr. Jan-Oliver Wagner Intevation GmbH Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Tue Jun 24 09:30:10 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 24 Jun 2008 09:30:10 +0200 Subject: [Openvas-announce] openvas-plugins 1.0.2 released Message-ID: <200806240930.12751.jan-oliver.wagner@intevation.de> Hello, the OpenVAS developers are happy to announce that openvas-plugins 1.0.2 is released. This is a maintenance release with some fixes, new scripts and cleanups. It is recommended to update your installation with this release to get rid of a ugly behaviour of the snychronisation routine (see below). Apart from this, Nikto users will get an improved and updated NASL script to comfortably run Nikto via OpenVAS. Main changes are: * Bugfix in "openvas-nvt-sync": Wrong quoting in this script created strange directory structure in OpenVAS server installation. This is fixed now. In case you started this script as shipped by openvas-plugins 1.0.1, you should manually remove the directory, e.g.: # cd /usr/lib/openvas # ls -l (watch-out for the directory named '"') # rm -rf \" * 8 new Debian Local Security Checks contributed by www.securityspace.com * 6 new Windows Local Security Checks and generic Linux Security Checks, by DN-Systems. * Updated integration of Nikto: Adaptions for new Nikto 2.0 and further improvements to run Nikto via OpenVAS (nikto.nasl). Also, the obsolete C-Plugin for Nikto (nikto.nes) has now been finally removed. * Improved framework for Windows Local Security Checks based in smbclient. * Various other small fixes. Best regards Jan-Oliver Wagner -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Fri Jun 27 13:52:45 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 27 Jun 2008 13:52:45 +0200 Subject: [Openvas-announce] OpenVAS-Client 1.0.4 released Message-ID: <200806271352.45712.michael.wiegand@intevation.de> Hello, the OpenVAS developers are happy to announce that OpenVAS-Client 1.0.4 has just been released. The source code is already available for download (at http://wald.intevation.org/frs/?group_id=29&release_id=189); binary packages are expected to follow soon. This is a consolidation release. Various cleanups and bug fixes are included in this release. Most obvious is the simplified connection dialog. Also, some changes to be compatible with future Server updates are already integrated (OTP, OIDs). Supported languages: german, spanish, swedish and hebrew. OpenVAS-Client is licensed under GNU GPLv2 and may be linked with OpenSSL. Main changes since 1.0.3: * new: Reports now show the name and OID of the NVT together with it's results. * new: Support for the upcoming OpenVAS Transport Protocol (OTP) has been introduced into OpenVAS-Client. * improved: Command line parsing has been completely reworked. * fixed: Fixed issues with credential preferences showing up incorrectly in the preferences dialog. * fixed: Fixed a bug that could result in filename corruption or segmentation faults when exporting a report from the OpenVAS-Client GUI. * fixed: Fixed issues that prevented OpenVAS-Client from compiling without GTK support. It is now possible to compile OpenVAS-Client without GUI support if desired. * fixed: Fixed a bug in report conversion that resulted in incorrect memory allocation on certain 64bit installations. * fixed: Fixed a bug that resulted in a segmentation fault when connecting to the server while using an alternate configuration file. * fixed: Fixed a bug that resulted in a segmentation fault when the user supplied an inconclusive filename for the results file in batch mode. * fixed: Fixed a bug that resulted in a segmentation fault when running in batch mode with a non-existent targets file and the html_graph output type. * removed: Support for unencrypted connections has been removed from OpenVAS-Client since unencrypted connections to the server were no longer possible since OpenVAS-Server 0.9.0. * removed: Support for saving reports in the legacy XML format was removed as this format has already been superseded by a new XML format and was marked as deprecated. You can find more information on OpenVAS-Client at: http://www.openvas.org/openvas-client.html Regards, Michael Wiegand -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Mon Jun 30 16:27:45 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 30 Jun 2008 16:27:45 +0200 Subject: [Openvas-announce] openvas-libraries 1.0.2 released Message-ID: <200806301627.45315.michael.wiegand@intevation.de> Hello, the OpenVAS developers are happy to announce that openvas-libraries 1.0.2 has just been released. The source code is already available for download (at http://wald.intevation.org/frs/?group_id=29&release_id=190); binary packages are expected to follow soon. This release contains improvements to plugin handling and to the packaging files for various distributions as well as minor bug fixes and cleanups. Apart from this, this release prepares OID support for OpenVAS. It is recommended to update to this release, because future releases of openvas-libnasl and openvas-libnasl will require openvas-libraries 1.0.2 as minimum version. * Updates of the OpenSUSE, Fedora and Debian packaging files. * Preparation for support for OpenVAS OIDs. * Increased internal storage space for plugin preferences to allow for plugins with a large number of options. * Fixed a bug that resulted in incorrect memory allocation on certain 64bit installations. * Removed support for unencrypted communication with the client. * Fixed a configuration issue that broke the build process on certain 64bit installations. * Various code cleanups. Regards, Michael Wiegand -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner