Oracle Linux 9 : mod_http2 (ELSA-2024-1872)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1872 advisory. 1.15.19-5.1 - Resolves: RHEL-29826 - modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 Tenable has extracted the preceding description block directly from...

Oracle Linux 9 : gnutls (ELSA-2024-1879)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1879 advisory. 3.7.6-23.4 - Fix timing side-channel in deterministic ECDSA RHEL-28958 - Fix potential crash during chain building/verification RHEL-28953 Tenable has...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2024-1817)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1817 advisory. 1:1.8.0.412.b08-1 - Update to shenandoah-jdk8u412-b08 GA - Update release notes for shenandoah-8u412-b08. - Complete release note for Certainly roots -...

Oracle Linux 7 : cri-o (ELSA-2024-12329)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12329 advisory. - Address CVE-2024-24786 cri-tools - Address CVE-2024-24786 etcd - Address protobuf CVE-2024-24786 - Address CVE-2023-39326 by upgrading golang to...

Oracle Linux 8 : cri-o (ELSA-2024-12328)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12328 advisory. - Address CVE-2024-24786 cri-tools - Address CVE-2024-24786 etcd - Address protobuf CVE-2024-24786 - Address CVE-2023-39326 by upgrading golang to...

Oracle Linux 8 : gnutls (ELSA-2024-1784)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1784 advisory. 3.6.16-8.3fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug: 33200526 ...

Oracle Linux 8 : httpd:2.4/mod_http2 (ELSA-2024-1786)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1786 advisory. httpd modhttp2 1.15.7-8.5 - Resolves: RHEL-29816 - httpd:2.4/modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 modmd Tenable has extracted the preceding...

Oracle Linux 9 : bind (ELSA-2024-1789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1789 advisory. - Add downstream change complementing CVE-2023-50387 - Prevent increased CPU load on large DNS messages CVE-2023-4408 - Prevent assertion failure when...

Oracle Linux 8 : unbound (ELSA-2024-1751)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1751 advisory. - Ensure group access correction reaches also updated configs CVE-2024-1488 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 7 : X.Org / server (ELSA-2024-1785)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1785 advisory. - Fix regression caused by the fix for CVE-2024-31083 - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 Resolves:...

Oracle Linux 8 : bind9.16 (ELSA-2024-1781)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1781 advisory. - Prevent crashing at masterformat system test CVE-2023-6516 - Prevent increased CPU load on large DNS messages CVE-2023-4408 - Prevent assertion failu...

Oracle Linux 8 : bind / and / dhcp (ELSA-2024-1782)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1782 advisory. - Speed up parsing of DNS messages with many different names CVE-2023-4408 - Prevent increased CPU consumption in DNSSEC validator CVE-2023-50387...

Oracle Linux 7 : squid (ELSA-2024-1787)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1787 advisory. - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing 778 - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manag...

Oracle Linux 9 : unbound (ELSA-2024-1750)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1750 advisory. - Ensure group access correction reaches also updated configs CVE-2024-1488 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 8 : kernel (ELSA-2024-1607)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1607 advisory. - ext4: fix kernel BUG in 'ext4writeinlinedataend' Carlos Maiolino RHEL-26331 RHEL-23386 CVE-2021-33631 - serial: core: return early on unsupported...

Oracle Linux 8 : rear (ELSA-2024-1719)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1719 advisory. 2.6-11.0.1 - Change OSVENDOR to OracleServer 2.6-11 - make initrd accessible only by root CVE-2024-23301, PR 3123 Tenable has extracted the preceding descriptio...

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2024-12276)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12276 advisory. - Fixes: CVE-2022-40284 - Fix off-by-one error in udevListInterfacesByStatus Martin Kletzander Orabug: 36364464 CVE-2024-1441 libvirt-dbus...

kernel security, bug fix, and enhancement update

4.18.0-513.24.19.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12270)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12270 advisory. - netfilter: nftables: reject QUEUE/DROP verdict parameters Florian Westphal Orabug: 36467681 CVE-2024-1086 - netfilter: nftables: Reject tables of...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12271)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12271 advisory. - KVM: x86: Add BHINO Daniel Sneddon Orabug: 36384803 CVE-2024-2201 - x86/bhi: Mitigate KVM by default Pawan Gupta Orabug: 36384803 CVE-2024-2201 ...