The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8506 advisory.
The Bzip2 decompression decoder function doesn’t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack (CVE-2021-37136)
The Snappy frame decoder function doesn’t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. (CVE-2021-37137)
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. (CVE-2022-22818)
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4
contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4
. There are no known workarounds for this issue. (CVE-2022-24836)
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = ‘origin’, opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. (CVE-2022-25648)
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. (CVE-2022-29970)
select
and style
elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [select, style]
see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a :tags
option to the Action View helper sanitize
:```<%= sanitize @comment.body, tags:[select, style] %>see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:
ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [select, style]or
ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [select, style])```All users overriding the allowed tags by any of the above mechanisms to include both select and style should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either select
or style
from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by windshock. (CVE-2022-32209)
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value.
Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
(CVE-2022-34265)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:8506.
##
include('compat.inc');
if (description)
{
script_id(184617);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");
script_cve_id(
"CVE-2021-37136",
"CVE-2021-37137",
"CVE-2022-22818",
"CVE-2022-24836",
"CVE-2022-25648",
"CVE-2022-29970",
"CVE-2022-32209",
"CVE-2022-34265"
);
script_xref(name:"RLSA", value:"2022:8506");
script_name(english:"Rocky Linux 8 : Satellite 6.12 Release (Important) (RLSA-2022:8506)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2022:8506 advisory.
- The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed
output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are
affected. The malicious input can trigger an OOME and so a DoS attack (CVE-2021-37136)
- The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory
usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which
may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious
input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable
chunk. (CVE-2021-37137)
- The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not
properly encode the current context. This may lead to XSS. (CVE-2022-22818)
- Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient
regular expression that is susceptible to excessive backtracking when attempting to detect encoding in
HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for
this issue. (CVE-2022-24836)
- The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling
the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch
subcommand in a way that additional flags can be set. The additional flags can be used to perform a
command injection. (CVE-2022-25648)
- Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static
files. (CVE-2022-29970)
- # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain
configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier
CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS
vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject
content if the application developer has overridden the sanitizer's allowed tags to allow both `select`
and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via
application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags =
[select, style]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may
be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags:
[select, style] %>```see
https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be
done with Rails::Html::SafeListSanitizer directly:```ruby# class-level
optionRails::Html::SafeListSanitizer.allowed_tags = [select, style]```or```ruby# instance-level
optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [select, style])```All users
overriding the allowed tags by any of the above mechanisms to include both select and style should
either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at
the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.##
CreditsThis vulnerability was responsibly reported by
[windshock](https://hackerone.com/windshock?type=user). (CVE-2022-32209)
- An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract()
database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value.
Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
(CVE-2022-34265)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:8506");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1309740");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1703496");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1732590");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1775813");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1829468");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830968");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1834897");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1850393");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1868175");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1868323");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1870816");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1879811");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1884148");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1892218");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1892752");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1894033");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1908841");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1912941");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1925165");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1930577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1931532");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1931665");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1934210");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1938092");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1940396");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1951542");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1952939");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1959136");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1962253");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1964080");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1970132");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1970623");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1971747");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1973329");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1974180");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1981444");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1982698");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1982745");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1984400");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1989631");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1990119");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1991557");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1994877");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1994945");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1998477");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2000613");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2001517");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2001552");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2004133");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2004135");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2006974");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2007117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2011312");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2013611");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2015062");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2015757");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016924");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2022065");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2022649");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2024175");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2024576");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2024968");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2025892");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2025926");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2027947");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2028112");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2033321");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2033381");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2035287");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2036151");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2038989");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043126");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043242");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2048547");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2048775");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2049595");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2051648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2051891");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2052076");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2053842");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2054011");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2054042");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2054786");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2054969");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2055391");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2055416");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2055979");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056188");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056702");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2058037");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2059179");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2060651");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2062800");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2064979");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2068454");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2069306");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2069440");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2069634");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070001");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070535");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070732");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070972");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2072696");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2073305");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2074346");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2075056");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2076843");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2077811");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2077822");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2077824");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2080324");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2080423");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2081096");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2084130");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2085490");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2088303");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2089445");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2089828");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2091044");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2092039");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2093884");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2094019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095187");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2095820");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2096429");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2098240");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2099620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2100578");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2100887");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2101579");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2101882");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2101986");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2102145");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2102456");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2102825");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2102867");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2102896");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2103096");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2103099");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2103102");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2103106");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2103110");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2103129");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2103522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2104401");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2104498");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2105048");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2105107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2105144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2105299");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2105941");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106000");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106090");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106091");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106092");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106093");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106333");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106659");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106691");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106700");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2106885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107252");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107572");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107701");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2108169");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2108611");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2108637");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2108719");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2109254");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2109260");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2109298");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2109421");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2109594");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2109606");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2109810");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2110003");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2110163");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2110222");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2110731");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2110872");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111222");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111373");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111469");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111570");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111571");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111578");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2111921");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2112015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2112093");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2112098");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2112436");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2112979");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2113013");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2113905");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2113946");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2113996");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115229");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115686");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115767");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115775");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115822");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115832");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2116123");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2116276");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2116385");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2116871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2117382");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2117489");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2117522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118055");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118252");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118356");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118431");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118689");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118694");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118772");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118790");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118950");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2118966");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2119112");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2119117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2119120");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2119124");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2119190");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2119234");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2119688");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120148");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120224");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120299");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120327");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120414");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120579");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120632");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120715");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120992");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121238");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121249");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121583");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121689");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121738");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121739");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121954");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2122090");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2122214");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2122764");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2122780");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2122945");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2123352");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2123405");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124047");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124087");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124271");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124568");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124663");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124850");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124851");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2124928");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125022");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125244");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125317");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125585");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125669");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2127099");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2127318");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2127934");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2127940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2128209");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2128422");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2129002");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2131729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133468");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2139368");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2139369");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2139371");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-34265");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/09");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-cxx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-cxx-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-sql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-sql-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-utils-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var pkgs = [
{'reference':'libdb-cxx-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-debugsource-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-devel-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-utils-debuginfo-5.3.28-42.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libdb-cxx / libdb-cxx-debuginfo / libdb-debuginfo / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
rocky | linux | libdb-cxx | p-cpe:/a:rocky:linux:libdb-cxx |
rocky | linux | libdb-cxx-debuginfo | p-cpe:/a:rocky:linux:libdb-cxx-debuginfo |
rocky | linux | libdb-debuginfo | p-cpe:/a:rocky:linux:libdb-debuginfo |
rocky | linux | libdb-debugsource | p-cpe:/a:rocky:linux:libdb-debugsource |
rocky | linux | libdb-sql-debuginfo | p-cpe:/a:rocky:linux:libdb-sql-debuginfo |
rocky | linux | libdb-sql-devel-debuginfo | p-cpe:/a:rocky:linux:libdb-sql-devel-debuginfo |
rocky | linux | libdb-utils-debuginfo | p-cpe:/a:rocky:linux:libdb-utils-debuginfo |
rocky | linux | 8 | cpe:/o:rocky:linux:8 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
bugzilla.redhat.com/show_bug.cgi?id=1309740
bugzilla.redhat.com/show_bug.cgi?id=1703496
bugzilla.redhat.com/show_bug.cgi?id=1732590
bugzilla.redhat.com/show_bug.cgi?id=1775813
bugzilla.redhat.com/show_bug.cgi?id=1829468
bugzilla.redhat.com/show_bug.cgi?id=1830968
bugzilla.redhat.com/show_bug.cgi?id=1834897
bugzilla.redhat.com/show_bug.cgi?id=1850393
bugzilla.redhat.com/show_bug.cgi?id=1868175
bugzilla.redhat.com/show_bug.cgi?id=1868323
bugzilla.redhat.com/show_bug.cgi?id=1870816
bugzilla.redhat.com/show_bug.cgi?id=1879811
bugzilla.redhat.com/show_bug.cgi?id=1884148
bugzilla.redhat.com/show_bug.cgi?id=1892218
bugzilla.redhat.com/show_bug.cgi?id=1892752
bugzilla.redhat.com/show_bug.cgi?id=1894033
bugzilla.redhat.com/show_bug.cgi?id=1908841
bugzilla.redhat.com/show_bug.cgi?id=1912941
bugzilla.redhat.com/show_bug.cgi?id=1925165
bugzilla.redhat.com/show_bug.cgi?id=1930577
bugzilla.redhat.com/show_bug.cgi?id=1931532
bugzilla.redhat.com/show_bug.cgi?id=1931665
bugzilla.redhat.com/show_bug.cgi?id=1934210
bugzilla.redhat.com/show_bug.cgi?id=1938092
bugzilla.redhat.com/show_bug.cgi?id=1940396
bugzilla.redhat.com/show_bug.cgi?id=1951542
bugzilla.redhat.com/show_bug.cgi?id=1952939
bugzilla.redhat.com/show_bug.cgi?id=1959136
bugzilla.redhat.com/show_bug.cgi?id=1962253
bugzilla.redhat.com/show_bug.cgi?id=1964080
bugzilla.redhat.com/show_bug.cgi?id=1970132
bugzilla.redhat.com/show_bug.cgi?id=1970623
bugzilla.redhat.com/show_bug.cgi?id=1971747
bugzilla.redhat.com/show_bug.cgi?id=1973329
bugzilla.redhat.com/show_bug.cgi?id=1974180
bugzilla.redhat.com/show_bug.cgi?id=1981444
bugzilla.redhat.com/show_bug.cgi?id=1982698
bugzilla.redhat.com/show_bug.cgi?id=1982745
bugzilla.redhat.com/show_bug.cgi?id=1984400
bugzilla.redhat.com/show_bug.cgi?id=1989631
bugzilla.redhat.com/show_bug.cgi?id=1990119
bugzilla.redhat.com/show_bug.cgi?id=1991557
bugzilla.redhat.com/show_bug.cgi?id=1994877
bugzilla.redhat.com/show_bug.cgi?id=1994945
bugzilla.redhat.com/show_bug.cgi?id=1998477
bugzilla.redhat.com/show_bug.cgi?id=2000613
bugzilla.redhat.com/show_bug.cgi?id=2001517
bugzilla.redhat.com/show_bug.cgi?id=2001552
bugzilla.redhat.com/show_bug.cgi?id=2004133
bugzilla.redhat.com/show_bug.cgi?id=2004135
bugzilla.redhat.com/show_bug.cgi?id=2006974
bugzilla.redhat.com/show_bug.cgi?id=2007117
bugzilla.redhat.com/show_bug.cgi?id=2011312
bugzilla.redhat.com/show_bug.cgi?id=2013611
bugzilla.redhat.com/show_bug.cgi?id=2015062
bugzilla.redhat.com/show_bug.cgi?id=2015757
bugzilla.redhat.com/show_bug.cgi?id=2016924
bugzilla.redhat.com/show_bug.cgi?id=2022065
bugzilla.redhat.com/show_bug.cgi?id=2022649
bugzilla.redhat.com/show_bug.cgi?id=2024175
bugzilla.redhat.com/show_bug.cgi?id=2024576
bugzilla.redhat.com/show_bug.cgi?id=2024968
bugzilla.redhat.com/show_bug.cgi?id=2025892
bugzilla.redhat.com/show_bug.cgi?id=2025926
bugzilla.redhat.com/show_bug.cgi?id=2027947
bugzilla.redhat.com/show_bug.cgi?id=2028112
bugzilla.redhat.com/show_bug.cgi?id=2033321
bugzilla.redhat.com/show_bug.cgi?id=2033381
bugzilla.redhat.com/show_bug.cgi?id=2035287
bugzilla.redhat.com/show_bug.cgi?id=2036151
bugzilla.redhat.com/show_bug.cgi?id=2038989
bugzilla.redhat.com/show_bug.cgi?id=2043126
bugzilla.redhat.com/show_bug.cgi?id=2043242
bugzilla.redhat.com/show_bug.cgi?id=2048547
bugzilla.redhat.com/show_bug.cgi?id=2048775
bugzilla.redhat.com/show_bug.cgi?id=2049595
bugzilla.redhat.com/show_bug.cgi?id=2051648
bugzilla.redhat.com/show_bug.cgi?id=2051891
bugzilla.redhat.com/show_bug.cgi?id=2052076
bugzilla.redhat.com/show_bug.cgi?id=2053842
bugzilla.redhat.com/show_bug.cgi?id=2054011
bugzilla.redhat.com/show_bug.cgi?id=2054042
bugzilla.redhat.com/show_bug.cgi?id=2054786
bugzilla.redhat.com/show_bug.cgi?id=2054969
bugzilla.redhat.com/show_bug.cgi?id=2055391
bugzilla.redhat.com/show_bug.cgi?id=2055416
bugzilla.redhat.com/show_bug.cgi?id=2055979
bugzilla.redhat.com/show_bug.cgi?id=2056188
bugzilla.redhat.com/show_bug.cgi?id=2056702
bugzilla.redhat.com/show_bug.cgi?id=2058037
bugzilla.redhat.com/show_bug.cgi?id=2059179
bugzilla.redhat.com/show_bug.cgi?id=2060651
bugzilla.redhat.com/show_bug.cgi?id=2062800
bugzilla.redhat.com/show_bug.cgi?id=2064979
bugzilla.redhat.com/show_bug.cgi?id=2068454
bugzilla.redhat.com/show_bug.cgi?id=2069306
bugzilla.redhat.com/show_bug.cgi?id=2069440
bugzilla.redhat.com/show_bug.cgi?id=2069634
bugzilla.redhat.com/show_bug.cgi?id=2070001
bugzilla.redhat.com/show_bug.cgi?id=2070535
bugzilla.redhat.com/show_bug.cgi?id=2070732
bugzilla.redhat.com/show_bug.cgi?id=2070972
bugzilla.redhat.com/show_bug.cgi?id=2072696
bugzilla.redhat.com/show_bug.cgi?id=2073305
bugzilla.redhat.com/show_bug.cgi?id=2074346
bugzilla.redhat.com/show_bug.cgi?id=2075056
bugzilla.redhat.com/show_bug.cgi?id=2076843
bugzilla.redhat.com/show_bug.cgi?id=2077811
bugzilla.redhat.com/show_bug.cgi?id=2077822
bugzilla.redhat.com/show_bug.cgi?id=2077824
bugzilla.redhat.com/show_bug.cgi?id=2080324
bugzilla.redhat.com/show_bug.cgi?id=2080423
bugzilla.redhat.com/show_bug.cgi?id=2081096
bugzilla.redhat.com/show_bug.cgi?id=2084130
bugzilla.redhat.com/show_bug.cgi?id=2085490
bugzilla.redhat.com/show_bug.cgi?id=2088303
bugzilla.redhat.com/show_bug.cgi?id=2089445
bugzilla.redhat.com/show_bug.cgi?id=2089828
bugzilla.redhat.com/show_bug.cgi?id=2091044
bugzilla.redhat.com/show_bug.cgi?id=2092039
bugzilla.redhat.com/show_bug.cgi?id=2093884
bugzilla.redhat.com/show_bug.cgi?id=2094019
bugzilla.redhat.com/show_bug.cgi?id=2095187
bugzilla.redhat.com/show_bug.cgi?id=2095820
bugzilla.redhat.com/show_bug.cgi?id=2096429
bugzilla.redhat.com/show_bug.cgi?id=2098240
bugzilla.redhat.com/show_bug.cgi?id=2099620
bugzilla.redhat.com/show_bug.cgi?id=2100578
bugzilla.redhat.com/show_bug.cgi?id=2100887
bugzilla.redhat.com/show_bug.cgi?id=2101579
bugzilla.redhat.com/show_bug.cgi?id=2101882
bugzilla.redhat.com/show_bug.cgi?id=2101986
bugzilla.redhat.com/show_bug.cgi?id=2102145
bugzilla.redhat.com/show_bug.cgi?id=2102456
bugzilla.redhat.com/show_bug.cgi?id=2102825
bugzilla.redhat.com/show_bug.cgi?id=2102867
bugzilla.redhat.com/show_bug.cgi?id=2102896
bugzilla.redhat.com/show_bug.cgi?id=2103096
bugzilla.redhat.com/show_bug.cgi?id=2103099
bugzilla.redhat.com/show_bug.cgi?id=2103102
bugzilla.redhat.com/show_bug.cgi?id=2103106
bugzilla.redhat.com/show_bug.cgi?id=2103110
bugzilla.redhat.com/show_bug.cgi?id=2103129
bugzilla.redhat.com/show_bug.cgi?id=2103522
bugzilla.redhat.com/show_bug.cgi?id=2104401
bugzilla.redhat.com/show_bug.cgi?id=2104498
bugzilla.redhat.com/show_bug.cgi?id=2105048
bugzilla.redhat.com/show_bug.cgi?id=2105107
bugzilla.redhat.com/show_bug.cgi?id=2105144
bugzilla.redhat.com/show_bug.cgi?id=2105299
bugzilla.redhat.com/show_bug.cgi?id=2105941
bugzilla.redhat.com/show_bug.cgi?id=2106000
bugzilla.redhat.com/show_bug.cgi?id=2106090
bugzilla.redhat.com/show_bug.cgi?id=2106091
bugzilla.redhat.com/show_bug.cgi?id=2106092
bugzilla.redhat.com/show_bug.cgi?id=2106093
bugzilla.redhat.com/show_bug.cgi?id=2106333
bugzilla.redhat.com/show_bug.cgi?id=2106659
bugzilla.redhat.com/show_bug.cgi?id=2106691
bugzilla.redhat.com/show_bug.cgi?id=2106700
bugzilla.redhat.com/show_bug.cgi?id=2106885
bugzilla.redhat.com/show_bug.cgi?id=2107252
bugzilla.redhat.com/show_bug.cgi?id=2107572
bugzilla.redhat.com/show_bug.cgi?id=2107577
bugzilla.redhat.com/show_bug.cgi?id=2107701
bugzilla.redhat.com/show_bug.cgi?id=2108169
bugzilla.redhat.com/show_bug.cgi?id=2108611
bugzilla.redhat.com/show_bug.cgi?id=2108637
bugzilla.redhat.com/show_bug.cgi?id=2108719
bugzilla.redhat.com/show_bug.cgi?id=2109254
bugzilla.redhat.com/show_bug.cgi?id=2109260
bugzilla.redhat.com/show_bug.cgi?id=2109298
bugzilla.redhat.com/show_bug.cgi?id=2109421
bugzilla.redhat.com/show_bug.cgi?id=2109594
bugzilla.redhat.com/show_bug.cgi?id=2109606
bugzilla.redhat.com/show_bug.cgi?id=2109810
bugzilla.redhat.com/show_bug.cgi?id=2110003
bugzilla.redhat.com/show_bug.cgi?id=2110163
bugzilla.redhat.com/show_bug.cgi?id=2110222
bugzilla.redhat.com/show_bug.cgi?id=2110731
bugzilla.redhat.com/show_bug.cgi?id=2110872
bugzilla.redhat.com/show_bug.cgi?id=2111038
bugzilla.redhat.com/show_bug.cgi?id=2111074
bugzilla.redhat.com/show_bug.cgi?id=2111222
bugzilla.redhat.com/show_bug.cgi?id=2111373
bugzilla.redhat.com/show_bug.cgi?id=2111469
bugzilla.redhat.com/show_bug.cgi?id=2111570
bugzilla.redhat.com/show_bug.cgi?id=2111571
bugzilla.redhat.com/show_bug.cgi?id=2111578
bugzilla.redhat.com/show_bug.cgi?id=2111921
bugzilla.redhat.com/show_bug.cgi?id=2112015
bugzilla.redhat.com/show_bug.cgi?id=2112093
bugzilla.redhat.com/show_bug.cgi?id=2112098
bugzilla.redhat.com/show_bug.cgi?id=2112436
bugzilla.redhat.com/show_bug.cgi?id=2112979
bugzilla.redhat.com/show_bug.cgi?id=2113013
bugzilla.redhat.com/show_bug.cgi?id=2113905
bugzilla.redhat.com/show_bug.cgi?id=2113946
bugzilla.redhat.com/show_bug.cgi?id=2113996
bugzilla.redhat.com/show_bug.cgi?id=2115229
bugzilla.redhat.com/show_bug.cgi?id=2115686
bugzilla.redhat.com/show_bug.cgi?id=2115767
bugzilla.redhat.com/show_bug.cgi?id=2115775
bugzilla.redhat.com/show_bug.cgi?id=2115822
bugzilla.redhat.com/show_bug.cgi?id=2115832
bugzilla.redhat.com/show_bug.cgi?id=2116123
bugzilla.redhat.com/show_bug.cgi?id=2116276
bugzilla.redhat.com/show_bug.cgi?id=2116385
bugzilla.redhat.com/show_bug.cgi?id=2116871
bugzilla.redhat.com/show_bug.cgi?id=2117382
bugzilla.redhat.com/show_bug.cgi?id=2117489
bugzilla.redhat.com/show_bug.cgi?id=2117522
bugzilla.redhat.com/show_bug.cgi?id=2118055
bugzilla.redhat.com/show_bug.cgi?id=2118252
bugzilla.redhat.com/show_bug.cgi?id=2118356
bugzilla.redhat.com/show_bug.cgi?id=2118431
bugzilla.redhat.com/show_bug.cgi?id=2118689
bugzilla.redhat.com/show_bug.cgi?id=2118694
bugzilla.redhat.com/show_bug.cgi?id=2118772
bugzilla.redhat.com/show_bug.cgi?id=2118790
bugzilla.redhat.com/show_bug.cgi?id=2118950
bugzilla.redhat.com/show_bug.cgi?id=2118966
bugzilla.redhat.com/show_bug.cgi?id=2119112
bugzilla.redhat.com/show_bug.cgi?id=2119117
bugzilla.redhat.com/show_bug.cgi?id=2119120
bugzilla.redhat.com/show_bug.cgi?id=2119124
bugzilla.redhat.com/show_bug.cgi?id=2119190
bugzilla.redhat.com/show_bug.cgi?id=2119234
bugzilla.redhat.com/show_bug.cgi?id=2119688
bugzilla.redhat.com/show_bug.cgi?id=2120148
bugzilla.redhat.com/show_bug.cgi?id=2120224
bugzilla.redhat.com/show_bug.cgi?id=2120299
bugzilla.redhat.com/show_bug.cgi?id=2120327
bugzilla.redhat.com/show_bug.cgi?id=2120414
bugzilla.redhat.com/show_bug.cgi?id=2120579
bugzilla.redhat.com/show_bug.cgi?id=2120632
bugzilla.redhat.com/show_bug.cgi?id=2120715
bugzilla.redhat.com/show_bug.cgi?id=2120992
bugzilla.redhat.com/show_bug.cgi?id=2121238
bugzilla.redhat.com/show_bug.cgi?id=2121249
bugzilla.redhat.com/show_bug.cgi?id=2121583
bugzilla.redhat.com/show_bug.cgi?id=2121689
bugzilla.redhat.com/show_bug.cgi?id=2121738
bugzilla.redhat.com/show_bug.cgi?id=2121739
bugzilla.redhat.com/show_bug.cgi?id=2121954
bugzilla.redhat.com/show_bug.cgi?id=2122090
bugzilla.redhat.com/show_bug.cgi?id=2122214
bugzilla.redhat.com/show_bug.cgi?id=2122764
bugzilla.redhat.com/show_bug.cgi?id=2122780
bugzilla.redhat.com/show_bug.cgi?id=2122945
bugzilla.redhat.com/show_bug.cgi?id=2123352
bugzilla.redhat.com/show_bug.cgi?id=2123405
bugzilla.redhat.com/show_bug.cgi?id=2124047
bugzilla.redhat.com/show_bug.cgi?id=2124051
bugzilla.redhat.com/show_bug.cgi?id=2124087
bugzilla.redhat.com/show_bug.cgi?id=2124271
bugzilla.redhat.com/show_bug.cgi?id=2124568
bugzilla.redhat.com/show_bug.cgi?id=2124663
bugzilla.redhat.com/show_bug.cgi?id=2124850
bugzilla.redhat.com/show_bug.cgi?id=2124851
bugzilla.redhat.com/show_bug.cgi?id=2124928
bugzilla.redhat.com/show_bug.cgi?id=2125022
bugzilla.redhat.com/show_bug.cgi?id=2125244
bugzilla.redhat.com/show_bug.cgi?id=2125317
bugzilla.redhat.com/show_bug.cgi?id=2125585
bugzilla.redhat.com/show_bug.cgi?id=2125669
bugzilla.redhat.com/show_bug.cgi?id=2127099
bugzilla.redhat.com/show_bug.cgi?id=2127318
bugzilla.redhat.com/show_bug.cgi?id=2127934
bugzilla.redhat.com/show_bug.cgi?id=2127940
bugzilla.redhat.com/show_bug.cgi?id=2128209
bugzilla.redhat.com/show_bug.cgi?id=2128422
bugzilla.redhat.com/show_bug.cgi?id=2129002
bugzilla.redhat.com/show_bug.cgi?id=2131729
bugzilla.redhat.com/show_bug.cgi?id=2133468
bugzilla.redhat.com/show_bug.cgi?id=2139368
bugzilla.redhat.com/show_bug.cgi?id=2139369
bugzilla.redhat.com/show_bug.cgi?id=2139371
errata.rockylinux.org/RLSA-2022:8506