Oracle Linux 9 : libsoup (ELSA-2024-9559)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9559 advisory. - Backport upstream patch for CVE-2024-52532 - infinite loop while reading websocket data - Backport upstream patch for CVE-2024-52530 - HTTP request...

kernel security update

5.14.0-503.14.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

Oracle Linux 9 : thunderbird (ELSA-2024-9552)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-9552 advisory. 128.4.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 128.4.0 - Add OpenELA debranding 128.4.0-1 - Update to 128.4.0 build1 Tenable...

Oracle Linux 9 : xorg-x11-server-Xwayland (ELSA-2024-9093)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9093 advisory. - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 New build to add xorg-x11-server-Xwayland-devel RHEL-25083 Fix for CVE-2023-6816,...

Oracle Linux 9 : libvpx (ELSA-2024-9827)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9827 advisory. 1.9.0-8 - Add patch to fix integer overflows. - Disable LTO to fix build - Resolves: RHEL-58144 Tenable has extracted the preceding description block directly...

Oracle Linux 9 : gtk3 (ELSA-2024-9184)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9184 advisory. - Stop looking for modules in cwd CVE-2024-6655 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-9333)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9333 advisory. - Fix CVE-2024-6119: Possible denial of service in X.509 name checks Resolves: RHEL-55339 - Fix CVE-2024-5535: SSLselectnextproto buffer overread...

Oracle Linux 9 : NetworkManager (ELSA-2024-9317)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9317 advisory. 1.48.10-2.0.1 - disable MPTCP handling by default Orabug: 34801142 - add connectivity check via Oracle servers Orabug: 32051972 1:1.48.10-2 - cloud-setup: Allow...

Oracle Linux 9 : bubblewrap / and / flatpak (ELSA-2024-9449)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9449 advisory. - Backport upstream fix to help address CVE-2024-42472 in flatpak flatpak - Backport upstream patches for CVE-2024-42472 Tenable has extracted the preceding...

Oracle Linux 9 : python3.12 (ELSA-2024-9190)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9190 advisory. - Security fix for CVE-2024-8088 Resolves: RHEL-55963 - Security fix for CVE-2024-6923 Resolves: RHEL-53041 Tenable has extracted the preceding...

Oracle Linux 9 : python3.11 (ELSA-2024-9192)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9192 advisory. - Security fix for CVE-2024-8088 Resolves: RHEL-55959 - Security fix for CVE-2024-6923 Resolves: RHEL-53038 - Security fix for CVE-2024-4032 Resolves:...

Oracle Linux 9 : python3.9 (ELSA-2024-9371)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9371 advisory. - Security fix for CVE-2024-8088 Resolves: RHEL-55967 - Security fix for CVE-2024-6923 Resolves: RHEL-53045 - Security fix for CVE-2024-4032 Resolves: RHEL-4410...

Oracle Linux 9 : openexr (ELSA-2024-9548)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9548 advisory. 3.1.1-2.1 - fix CVE-2023-5481 RHEL-64162 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

Oracle Linux 9 : edk2 (ELSA-2024-9088)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9088 advisory. - Resolves: RHEL-55336 CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks rhel-9.5 - Resolves: RHEL-21653 CVE-2023-6237 edk2:...

Oracle Linux 9 : podman (ELSA-2024-9102)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9102 advisory. - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...

Oracle Linux 9 : httpd (ELSA-2024-9306)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9306 advisory. - Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix - Resolves: RHEL-31856 - httpd: HTTP response splitting CVE-2023-38709 - Resolves:...

Oracle Linux 9 : grafana (ELSA-2024-9115)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9115 advisory. - fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - resolve CVE-2023-3128 grafana: account takeover possible when using...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12713)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12713 advisory. 5.15.0-300.163.18.1 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37132350 Tenable has extracted the preceding description blo...

Oracle Linux 8 : webkit2gtk3 (ELSA-2024-9636)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9636 advisory. 2.46.3-1 - Update to 2.46.3 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

Oracle Linux 8 : binutils (ELSA-2024-9689)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9689 advisory. 2.30-125.0.1 - Forward port Oracle patches from 2.30-125 Reviewed-by: Jose E. Marchesi Oracle history: Tenable has extracted the preceding description block...