kernel security update

5.14.0-427.31.14.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

Oracle Linux 8 : httpd:2.4 (ELSA-2024-5193)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5193 advisory. - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 - Resolves...

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-5258)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5258 advisory. aardvark-dns buildah 2:1.33.8-4 - rebuild for golang fixes - Related: RHEL-28452 cockpit-podman 84.1-1 - update to...

Oracle Linux 9 : .NET / 8.0 (ELSA-2024-5334)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5334 advisory. 8.0.108-1.0.1 - Add support for Oracle Linux 8.0.108-1 - Update to .NET SDK 8.0.108 and Runtime 8.0.8 - Resolves: RHEL-52389 8.0.107-2 - Fix ownership of some...

.NET 8.0 security update

8.0.108-1.0.1 - Add support for Oracle Linux 8.0.108-1 - Update to .NET SDK 8.0.108 and Runtime 8.0.8 - Resolves: RHEL-52389 8.0.107-2 - Fix ownership of some missed directories - Resolves: RHEL-47080...

.NET 8.0 security update

8.0.108-1.0.1 - Add support for Oracle Linux 8.0.108-1 - Update to .NET SDK 8.0.108 and Runtime 8.0.8 - Resolves: RHEL-52388...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2024-12585)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12585 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879157 CVE-2024-41090 CVE-2024-41091 Tenable has extracted the preceding descripti...

Oracle Linux 8 : gnome-shell (ELSA-2024-5298)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-5298 advisory. 3.32.2-56 - Only open portal login in response to user action Resolves: RHEL-39097 Tenable has extracted the preceding description block directly from the Oracl...

Oracle Linux 8 : wget (ELSA-2024-5299)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-5299 advisory. 1.19.5-12.0.1 - SSLv3 support dropped from openssl, v3 test certificates need to be replaced Orabug: 29613455 1.19.5-12 - Resolves: RHEL-43559 - Misinterpretati...

Oracle Linux 8 : orc (ELSA-2024-5306)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5306 advisory. - Add patch for CVE-2024-40897 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12582)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12582 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879156 CVE-2024-41090 CVE-2024-41091 Tenable has extracted the preceding...

Oracle Linux 8 : python-urllib3 (ELSA-2024-5309)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-5309 advisory. 1.24.2-8 - Security fix for CVE-2024-37891 Resolves: RHEL-45334 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 8 : edk2 (ELSA-2024-5297)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5297 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-21854 RHEL-21856 RHEL-40099 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12583)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12583 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879158 CVE-2024-41090 CVE-2024-41091 Tenable has extracted the preceding descripti...

Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12584)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12584 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879157 CVE-2024-41090 CVE-2024-41091 Tenable has extracted the preceding descripti...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12581)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12581 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879157 CVE-2024-41090 CVE-2024-41091 - netfilter: ipset: Fix race between...

Oracle Linux 9 : bind / and / bind-dyndb-ldap (ELSA-2024-5231)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5231 advisory. - Minor fix of reclimit test backport CVE-2024-1737 - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Resolve CVE-2024-4076 - Prevent crashing at...

Oracle Linux 9 : 389-ds-base (ELSA-2024-5192)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5192 advisory. 2.4.5-9 - Bump version to 2.4.5-9 - Resolves: RHEL-44323 - unauthenticated user can trigger a DoS by sending a specific extended search request -...

Oracle Linux 8 : kernel (ELSA-2024-5101)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5101 advisory. - ionic: fix use after netifnapidel CKI Backport Bot RHEL-47624 CVE-2024-39502 - ionic: clean interrupt before enabling queue to avoid credit race CKI...

Oracle Linux 7 : linux-firmware (ELSA-2024-12579)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12579 advisory. 20240715-999.34.git4c8fb21e.el7 - Rebase to latest upstream Orabug: 36826157 Tenable has extracted the preceding description block directly from the Oracle Lin...