Update to package checks for RPM-based Linux distributions - detecting the running kernel version 

Change

Nessus and our other scanning products run package level checks against kernel packages from security advisories of RPM-based Linux distributions. In an effort to further enhance accuracy, we are making a change to detect the running version of the kernel in addition to any other installed versions.

If an up-to-date kernel package is installed on the system, but the `uname -r` indicates that you are running a kernel level that is lower than the up-to-date package (several kernel packages can be present on a system at once), our scanner products will detect that the system is still running a vulnerable version of the kernel, instructing you to reboot.

Impact

If the system hasn’t been rebooted since installing a new Linux kernel, you are likely still running an older version of the kernel. This change will cause older advisories to begin flagging systems running older kernels, even if the updated kernel is installed, but not running. This change enables a more accurate detection of cyber exposure for our customers.

This change excludes an assessment of SUSE and openSUSE systems at this time due to unacceptable false positive risks. If you are running a known kernel hotfixing mechanism such as KSplice, you will not see a change in scan results. 

If you experience what you believe is a false positive scan result because of this change, please contact Tenable Customer Support.

Updated Library Files

RPM.inc

Plugins Impacted

Plugins including RPM.inc and checking for kernel packages from security advisories of RPM-based Linux distributions 

Target Release Date

16 September 2019

__________________________________

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.