Oracle Linux 8 : kernel (ELSA-2025-8056)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-8056 advisory. - net/mlx5: Always stop health timer during driver removal Michal Schmidt RHEL-47712 CVE-2024-40906 - net/mlx5e: SHAMPO, Fix invalid WQ linked list...

kernel security update

5.14.0-570.17.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...

kernel security update

5.14.0-570.16.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...

Oracle Linux 9 : gstreamer1, / gstreamer1-plugins-bad-free, / gstreamer1-plugins-ugly-free, / and / gstreamer1-rtsp-server (ELSA-2025-7178)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7178 advisory. gstreamer1 1.22.12-3 - Rebuild - Resolves: RHEL-38511, RHEL-41157 1.22.12-2 - Rebuild - Resolves: RHEL-38511, RHEL-41157 1.22.12-1 - Update to 1.22.12...

Oracle Linux 9 : mod_auth_openidc (ELSA-2025-7419)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7419 advisory. 2.4.10-1.el96.1 Resolves: RHEL-86224 - modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data CVE-2025-31492 Tenable has extracted the...

Oracle Linux 9 : .NET / 8.0 (ELSA-2025-7598)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7598 advisory. 8.0.116-1.0.1 - Add support for Oracle Linux 8.0.116-1 - Update to .NET SDK 8.0.116 and Runtime 8.0.16 - Resolves: RHEL-89448 Tenable has extracted the precedin...

Oracle Linux 9 : kernel (ELSA-2025-6966)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-6966 advisory. - net: stmmac: dwmac-tegra: Read iommu stream id from device tree Izabela Bakollari RHEL-75649 CVE-2025-21663 - net: stmmac: Fix zero-division error wh...

osbuild-composer security update

132.2-1.0.1 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Add support to create OpenScap images JIRA: OLDIS-35301 - Simplify repository names JIRA: OLDIS-35893 - Refactor patches to fix some naming and set a correct kernel for Oracle Linux Orabug: 37253643 - Support using OCI...

Oracle Linux 8 : osbuild-composer (ELSA-2025-7967)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7967 advisory. - Rebuilt to fix: - CVE-2024-34156 - CVE-2024-1394 - RHEL-24303 - RHEL-57905 Tenable has extracted the preceding description block directly from the Oracle Linu...

Oracle Linux 8 : webkit2gtk3 (ELSA-2025-8046)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-8046 advisory. 2.48.2-1 - Update to 2.48.2 - Reenable JavaScriptCore JIT Tenable has extracted the preceding description block directly from the Oracle Linux security...

kernel security update

4.18.0-553.53.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

osbuild-composer security update

101-3.0.1 - Rebuilt to fix: - CVE-2024-34156 - CVE-2024-1394 - RHEL-24303 - RHEL-57905 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types Minimal-raw and wsl JIRA: OLDIS-38123 - Increase default /boot size...

Oracle Linux 8 : ruby:2.5 (ELSA-2025-7539)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7539 advisory. - Fix integer overflow in searchinrange function in regexec.c CVE-2019-19012. Resolves: RHEL-87505 rubygem-abrt rubygem-bson rubygem-bundler Tenable ha...

Oracle Linux 8 : grafana (ELSA-2025-7894)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7894 advisory. 9.2.10-23 - Resolves RHEL-89949: CVE-2025-4123 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 8 : redis:6 (ELSA-2025-7686)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7686 advisory. 6.2.18-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.18-1 - rebase to 6.2.18 for CVE-2025-21605 Tenable has extracted the...

Oracle Linux 8 : compat-openssl10 (ELSA-2025-7895)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7895 advisory. 1.1.0.2o-4.1 - Fix CVE-2023-0286 X.400 address type confusion in X.509 GeneralName Resolves: RHEL-9699 Tenable has extracted the preceding description block...

Oracle Linux 8 : .NET / 8.0 (ELSA-2025-7589)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7589 advisory. 8.0.116-1.0.1 - Add support for Oracle Linux 8.0.116-1 - Update to .NET SDK 8.0.116 and Runtime 8.0.16 - Resolves: RHEL-89446 Tenable has extracted the precedin...

Oracle Linux 8 : libjpeg-turbo (ELSA-2025-7540)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7540 advisory. 1.5.3-14 - updated previous fix RHEL-87364 1.5.3-13 - fix CVE-2020-13790: heap-based buffer over-read in getrgbrow RHEL-87364 Tenable has extracted the precedin...

.NET 9.0 security update

9.0.106-1.0.1 - Add support for Oracle Linux 9.0.106-1 - Update to .NET SDK 9.0.106 and Runtime 9.0.5 - Resolves: RHEL-89451 9.0.105-2 - Update to .NET SDK 9.0.105 and Runtime 9.0.4 - Resolves: RHEL-85279...

.NET 8.0 security update

8.0.116-1.0.1 - Add support for Oracle Linux 8.0.116-1 - Update to .NET SDK 8.0.116 and Runtime 8.0.16 - Resolves: RHEL-89446...