Oracle Linux 9 : osbuild-composer (ELSA-2024-9456)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9456 advisory. 118-2.0.1 - Simplify repository names JIRA: OLDIS-35893 118-2 - Ensure build on latest golang: CVE-2024-34156 Tenable has extracted the preceding description...

Oracle Linux 9 : python3.12-urllib3 (ELSA-2024-9457)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-9457 advisory. 1.26.18-2.1 - Security fix for CVE-2024-37891 Resolves: RHEL-59997 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12830)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12830 advisory. - x86/fpu: Keep xfdstate in sync with MSRIA32XFD Adamos Ttofari Orabug: 37281022 CVE-2024-35801 - devlink: fix possible use-after-free and memory...

Oracle Linux 9 : cups (ELSA-2024-9470)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9470 advisory. 1:2.3.3op2-31 - RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file Tenable has extracted the preceding descriptio...

Oracle Linux 9 : podman (ELSA-2024-9454)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9454 advisory. 5.2.2-9.0.1 - Add devices on container startup, not on creation - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat...

Oracle Linux 9 : grafana-pcp (ELSA-2024-9472)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-9472 advisory. 5.1.1-9 - Resolves: RHEL-57932 5.1.1-8 - Add a premade uwsgi dashboard for the vector datasource Tenable has extracted the preceding description block directly...

Oracle Linux 9 : krb5 (ELSA-2024-9474)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9474 advisory. - libkrad: implement support for Message-Authenticator CVE-2024-3596 Resolves: RHEL-55423 Tenable has extracted the preceding description block directly from th...

Oracle Linux 9 : python3.11-urllib3 (ELSA-2024-9458)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-9458 advisory. 1.26.12-2.1 - Security fix for CVE-2024-37891 Resolves: RHEL-59990 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 9 : grafana (ELSA-2024-9473)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9473 advisory. - Resolves RHEL-62308: CVE-2024-47875 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 9 : python3.9 (ELSA-2024-9468)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9468 advisory. 3.9.19-8.1 - Security fix for CVE-2024-6232 Resolves: RHEL-57420 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 9 : buildah (ELSA-2024-9459)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9459 advisory. - rebuild to fix CVE-2024-34156 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

Oracle Linux 9 : tigervnc (ELSA-2024-10090)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10090 advisory. 1.14.1-1 - 1.14.1 Resolves: RHEL-66600 - Fix CVE-2024-9632: xorg-x11-server: heap-based buffer overflow privilege escalation vulnerability Resolves: RHEL-62000...

.NET 9.0 security update

9.0.100-1.0.1 - Add support for Oracle Linux 9.0.100-1 - Update to .NET SDK 9.0.100 and Runtime 9.0.0 - Resolves: RHEL-65539 9.0.100rc.2.24474.1-0.7 - Disable bootstrap - Related: RHEL-62776 9.0.100rc.2.24474.1-0.6 - Rebootstrap - Related: RHEL-62776 9.0.100rc.2.24474.1-0.5 - Add missing runtime...

kernel security update

5.14.0-503.14.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

Oracle Linux 9 : grafana (ELSA-2024-9115)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9115 advisory. - fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - resolve CVE-2023-3128 grafana: account takeover possible when using...

Oracle Linux 9 : httpd (ELSA-2024-9306)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9306 advisory. - Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix - Resolves: RHEL-31856 - httpd: HTTP response splitting CVE-2023-38709 - Resolves:...

Oracle Linux 9 : vim (ELSA-2024-9405)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9405 advisory. 8.2.2637-21.0.1 - Remove upstream references Orabug: 31197557 2:8.2.2637-21 - RHEL-40602 CVE-2021-3903 vim: heap-based buffer overflow vulnerability Tenable has...

Oracle Linux 9 : gnome-shell / and / gnome-shell-extensions (ELSA-2024-9114)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9114 advisory. gnome-shell 40.10-21 - Only open portal login in response to user action Resolves: RHEL-39098 40.10-20 - Fix inhibit-shortcut permissions Resolves: RHEL-2031...

Oracle Linux 9 : cyrus-imapd (ELSA-2024-9195)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9195 advisory. 3.4.8-1 - Update to 3.4.8, fixing CVE-2024-34055 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...

Oracle Linux 9 : qemu-kvm (ELSA-2024-9136)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9136 advisory. - kvm-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch RHEL-52617 - Resolves: RHEL-52617 CVE-2024-7409 qemu-kvm: Denial of Service via Improp...