I am receiving positive reports for the below 4 Ubuntu mariadb-server vulnerabilities, however, I believe they are false positives as the installed version exceeds the reported problematic ones.
It looks to be something wrong with the version detection, we it wants >= 10.6.18 (which is installed), but is still triggering. Could this detection method be updated, please?
Is it possible that this version detection issue is being caused by the fact we installed mariadb-server from the official MariaDB repo instead of the Ubuntu jammy-updates repo?
From MariaDB repo…
$ sudo apt list --installed | grep mariadb-server
mariadb-server-10.6/unknown,now 1:10.6.18+maria~ubu2204 amd64 [installed,automatic]
mariadb-server-core-10.6/unknown,now 1:10.6.18+maria~ubu2204 amd64 [installed,automatic]
mariadb-server/unknown,now 1:10.6.18+maria~ubu2204 all [installed]
$ sudo dpkg -l | grep mariadb-server
ii mariadb-server 1:10.6.18+maria~ubu2204 all MariaDB database server binaries (metapackage depending on the latest version)
ii mariadb-server-10.6 1:10.6.18+maria~ubu2204 amd64 MariaDB database server binaries
ii mariadb-server-core-10.6 1:10.6.18+maria~ubu2204 amd64 MariaDB database core server files
$ mariadb --version
mariadb Ver 15.1 Distrib 10.6.18-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper
From Ubuntu repo…
$ sudo apt list --installed | grep mariadb-server
mariadb-server-10.6/jammy-updates,jammy-security,now 1:10.6.18-0ubuntu0.22.04.1 amd64 [installed,automatic]
mariadb-server-core-10.6/jammy-updates,jammy-security,now 1:10.6.18-0ubuntu0.22.04.1 amd64 [installed,automatic]
mariadb-server/jammy-updates,jammy-security,now 1:10.6.18-0ubuntu0.22.04.1 all [installed]
$ sudo dpkg -l | grep mariadb-server
ii mariadb-server 1:10.6.18-0ubuntu0.22.04.1 all MariaDB database server (metapackage depending on the latest version)
ii mariadb-server-10.6 1:10.6.18-0ubuntu0.22.04.1 amd64 MariaDB database server binaries
ii mariadb-server-core-10.6 1:10.6.18-0ubuntu0.22.04.1 amd64 MariaDB database core server files
$ mariadb --version
mariadb Ver 15.1 Distrib 10.6.18-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper
A new stable image of openvas-scanner was pushed 4 days ago. So it should already be in it by now. Please provide feedback if the fix is not working as intended.