Hello,
Not really a proxmox issue and maybe v7 only.
I have a Debian/Proxmox setup on which I have debsecan making daily report of packages that are vulnerable/fixed/can be patched.
Example partial output
For https://security-tracker.debian.org/tracker/CVE-2021-3997, it expects 247.3-7+deb11u5 or above and it has 247.3-7+1-pmx11u1
is there a reason for the change as not many packages are like this?
any way to make it work with debsecan (https://gitlab.com/fweimer/debsecan) which used data from https://security-tracker.debian.org/tracker/ ?
any other distribution which change those patchset name?
what packages are falling under different patchset? those tied to proxmox kernel, I suppose.
This comes from a proxmox 7 system for which packages are
On proxmox 8
Thanks
Not really a proxmox issue and maybe v7 only.
I have a Debian/Proxmox setup on which I have debsecan making daily report of packages that are vulnerable/fixed/can be patched.
Example partial output
but those are patched, just that the patchset ended with proxmox (+pmx) and not debian (+deb)...*** Available security updates
CVE-2021-3997 A flaw was found in systemd. An uncontrolled...
<https://security-tracker.debian.org/tracker/CVE-2021-3997>
- libnss-systemd, libpam-systemd, libsystemd0, libudev1, systemd,
systemd-sysv, udev
CVE-2022-1304 An out-of-bounds read/write vulnerability was found...
<https://security-tracker.debian.org/tracker/CVE-2022-1304>
- e2fsprogs, libcom-err2, libext2fs2, libss2, logsave
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd...
<https://security-tracker.debian.org/tracker/CVE-2022-3821>
- libnss-systemd, libpam-systemd, libsystemd0, libudev1, systemd,
systemd-sysv, udev
CVE-2022-4415 A vulnerability was found in systemd. This security...
<https://security-tracker.debian.org/tracker/CVE-2022-4415>
- libnss-systemd, libpam-systemd, libsystemd0, libudev1, systemd,
systemd-sysv, udev
For https://security-tracker.debian.org/tracker/CVE-2021-3997, it expects 247.3-7+deb11u5 or above and it has 247.3-7+1-pmx11u1
is there a reason for the change as not many packages are like this?
any way to make it work with debsecan (https://gitlab.com/fweimer/debsecan) which used data from https://security-tracker.debian.org/tracker/ ?
any other distribution which change those patchset name?
what packages are falling under different patchset? those tied to proxmox kernel, I suppose.
This comes from a proxmox 7 system for which packages are
$ dpkg -l | grep systemd
ii dbus-user-session 1.12.28-0+deb11u1 amd64 simple interprocess messaging system (systemd --user integration)
ii libnss-systemd:amd64 247.3-7+1-pmx11u1 amd64 nss module providing dynamic user and group name resolution
ii libpam-systemd:amd64 247.3-7+1-pmx11u1 amd64 system and service manager - PAM module
ii libsystemd0:amd64 247.3-7+1-pmx11u1 amd64 systemd utility library
ii proxmox-mini-journalreader 1.3-1 amd64 Minimal systemd Journal Reader
ii python3-systemd 234-3+b4 amd64 Python 3 bindings for systemd
ii systemd 247.3-7+1-pmx11u1 amd64 system and service manager
ii systemd-sysv 247.3-7+1-pmx11u1 amd64 system and service manager - SysV links
rc systemd-timesyncd 247.3-7+1-pmx11u1 amd64 minimalistic service to synchronize local time with NTP servers
$ dpkg -l | grep -E '[-+]pmx'
ii ifupdown2 3.1.0-1+pmx4 all Network Interface Management tool similar to ifupdown
ii libnss-systemd:amd64 247.3-7+1-pmx11u1 amd64 nss module providing dynamic user and group name resolution
ii libpam-systemd:amd64 247.3-7+1-pmx11u1 amd64 system and service manager - PAM module
ii libsystemd0:amd64 247.3-7+1-pmx11u1 amd64 systemd utility library
ii libudev1:amd64 247.3-7+1-pmx11u1 amd64 libudev shared library
ii systemd 247.3-7+1-pmx11u1 amd64 system and service manager
ii systemd-sysv 247.3-7+1-pmx11u1 amd64 system and service manager - SysV links
rc systemd-timesyncd 247.3-7+1-pmx11u1 amd64 minimalistic service to synchronize local time with NTP servers
ii udev 247.3-7+1-pmx11u1 amd64 /dev/ and hotplug management daemon
On proxmox 8
$ dpkg -l | grep systemd
ii dbus-user-session 1.14.10-1~deb12u1 amd64 simple interprocess messaging system (systemd --user integration)
ii libnss-systemd:amd64 252.31-1~deb12u1 amd64 nss module providing dynamic user and group name resolution
ii libpam-systemd:amd64 252.31-1~deb12u1 amd64 system and service manager - PAM module
ii libsystemd-shared:amd64 252.31-1~deb12u1 amd64 systemd shared private library
ii libsystemd0:amd64 252.31-1~deb12u1 amd64 systemd utility library
ii proxmox-mini-journalreader 1.4.0 amd64 Minimal systemd Journal Reader
ii python3-systemd 235-1+b2 amd64 Python 3 bindings for systemd
ii systemd 252.31-1~deb12u1 amd64 system and service manager
ii systemd-sysv 252.31-1~deb12u1 amd64 system and service manager - SysV compatibility symlinks
rc systemd-timesyncd 252.31-1~deb12u1 amd64 minimalistic service to synchronize local time with NTP servers
$ dpkg -l | grep -E '[-+]pmx'
ii grub-common 2.06-13+pmx2 amd64 GRand Unified Bootloader (common files)
ii grub-efi-amd64 2.06-13+pmx2 amd64 GRand Unified Bootloader, version 2 (EFI-AMD64 version)
ii grub-efi-amd64-bin 2.06-13+pmx2 amd64 GRand Unified Bootloader, version 2 (EFI-AMD64 modules)
ii grub-efi-amd64-signed 1+2.06+13+pmx2 amd64 GRand Unified Bootloader, version 2 (amd64 UEFI signed by Debian)
ii grub2-common 2.06-13+pmx2 amd64 GRand Unified Bootloader (common files for version 2)
ii ifupdown2 3.2.0-1+pmx11 all Network Interface Management tool similar to ifupdown
ii shim-helpers-amd64-signed 1+15.8+1+pmx1 amd64 boot loader to chain-load signed boot loaders (signed by Proxmox)
ii shim-signed:amd64 1.44+pmx1+15.8-1+pmx1 amd64 Secure Boot chain-loading bootloader (Microsoft-signed binary)
ii shim-signed-common 1.44+pmx1+15.8-1+pmx1 all Secure Boot chain-loading bootloader (common helper scripts)
ii shim-unsigned:amd64 15.8-1+pmx1 amd64 boot loader to chain-load signed boot loaders under Secure Boot
Thanks