I’m getting a lot of false positives from vulnerability scans because openvas does not understand the ‘fips’ versions of ubuntu packages.
Is there a workaround that doesn’t involve overrides?
I’m running the latest community edition
The remote host is missing an update for the 'strongswan' package(s) announced via the USN-5250-1 advisory.
Vulnerable package: libstrongswan
Installed version: libstrongswan-5.8.2-1ubuntu3.fips.3.5
Fixed version: >=libstrongswan-5.8.2-1ubuntu3.4
Vulnerable package: strongswan
Installed version: strongswan-5.8.2-1ubuntu3.fips.3.5
Fixed version: >=strongswan-5.8.2-1ubuntu3.4