Hello,
My system is monitoring by Wazuh SIEM.
Before July, I didn’t have any vulnerabilities, but they seem to have accumulated since then.
See attached files
My system is up to date.
Do you know if any action is planned to remedy them?
Thank you.
Your profile says you are on stable branch. Switch to unstable to become the latest patches and bugs from upstream. Or maybe just switch to upstream arch, because manjaro unstable is like the arch stable? So arch unstable should be with the latest patches and bugs.
Who believes that Wazuh SIEM is right?
For example:
This first screenshot shows that openssl
version 3.13 still has CVE-2022-2068. Is that true?
But this CVE was already fixed in version 3.0.4 1 year ago:
See the official openssl
site: git commit
https://www.openssl.org/news/vulnerabilities-3.0.html#CVE-2022-2068
What @Zesko said. Either you’re not using it properly or it’s reporting many false positives. Take it up with Wazuh support.
With grub for example we ship the latest master commit so there is no newer version of it: grub.git - GNU GRUB. Other reported CVEs are already fixed, even in stable branch. Also check which LInux OSs that company actually supports: Packages list - Installation guide · Wazuh documentation
For reference, there’s also https://security.archlinux.org/, however, I’m not sure how often they update it.
arch-audit
would be free, open, from the source, and apparently more accurate than whatever you are using now.
(though its from Arch so some funnies will still be, such as the grub warning)
2 posts were split to a new topic: Is packages.manjaro.org stuck at 7 Oct for all or just me?