Hello, The OpenVAS developers have just released an important security release for the Open Vulnerability Assessment System release series 8 (OpenVAS-8). The following package was released: - Greenbone Security Assistant 6.0.9. We highly recommend to update your OpenVAS installation to the version listed above as soon as possible. It has been identified that Greenbone Security Assistant (GSA) is vulnerable to a denial-of-service attack due to a improper handling of UTF-8 in GET and POST requests. Given the attacker has access to a GSA web interface, a respective HTTP request can crash gsad. For details and current information on this vulnerability please refer to the following page on the OpenVAS website: http://openvas.org/OVSA20160202.html The source tarballs for the releases are available for download from the OpenVAS website at: https://wald.intevation.org/frs/?group_id=29 This page contains signatures and checksums for the source tarballs as well. You can find links to the latest source tarballs for all currently maintained releases here: http://openvas.org/install-source.html Binary packages for major GNU/Linux distributions by third parties are expected to follow soon. Regards, Michael Wiegand
Update committed. No stable keywords, so I think we're done.
@Hanno, please cleanup vulnerable version 6.0.8 and feel free to close this bug. If time doesn't permit I can cleanup with your permission. Thanks.
cleanup done
(In reply to Hanno Boeck from comment #3) > cleanup done 6.0.8 is still in the tree... mix up bug numbers? :D
No, just forgot to git push :-) Now really done.
(In reply to Hanno Boeck from comment #5) > No, just forgot to git push :-) > Now really done. Thanks, Hanno!