Vulnerability scans return warning about outdated GVM version, but logs show GVM is v9.0.3

All my scans are returning High warnings due to GVM being out of date:

Vulnerability Detection Result
Installed GVM version: 9.0.1
Latest available GVM version: 9.0.3

So I duly updated through apt-get and it still returns the same warning. “apt-cache policy openvas” returns:

Installed: 9.0.3kali1
Candidate: 9.0.3kali1

Is there some configuration setting I need to change to ensure Greenbone is using the new version?

Please check that you really updated the version.
Did you restart the GVM with all components or rebooted the machine ?

If you are unsure about uncoordinated 3rd party packages like Kali, you should try with the Greenbone Communiy Edition.

Some technical background on your observation. The mentioned VT is checking for the version provided by the OPENVAS_VERSION constant of the following GVM components:

major version component
<= 9.0 openvas-libraries
= 10.0 openvas-scanner
>= 11.0 openvas

As you’re on the GVM 9.0 release shipped by Kali Linux this means:

  1. Your openvas-libraries package wasn’t updated to version 9.0.3 yet to match the existing version 9.0.3 of the openvas package.
  2. The version 9.0.3 of the openvas package isn’t actually a lower version like e.g. 9.0.1 and should have been received a version number like e.g. 9.0.1kali3.

In both cases please contact the maintainer of the Kali packages about this issue.

1 Like