Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-1472)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1472 advisory. - Fix CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

Oracle Linux 8 : postgresql-jdbc (ELSA-2024-1435)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1435 advisory. 42.2.14-3 - Fix CVE-2024-1597 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...

Oracle Linux 7 : kernel (ELSA-2024-1249)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1249 advisory. - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 - sched/membarrier: reduce the ability to hammer on sysmembarrier Wander Lairson Costa RHEL-264...

Oracle Linux 8 : ruby:3.1 (ELSA-2024-1431)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1431 advisory. ruby 3.1.4-142 - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in UR...

Oracle Linux 7 : python-cryptography (ELSA-2024-12234)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-12234 advisory. 3.2.1-1.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36143838 Tenable has extracted the preceding description block...

Oracle Linux 7 : python-cryptography (ELSA-2024-19480)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-19480 advisory. 3.2.1-1.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36143838 Tenable has extracted the preceding description block...

Oracle Linux 8 : squid:4 (ELSA-2024-1375)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1375 advisory. - Resolves: RHEL-19551 - squid:4/squid: denial of service in HTTP request parsing CVE-2023-50269 - Resolves: RHEL-28611 - squid:4/squid: Denial of...

Oracle Linux 9 : golang (ELSA-2024-1462)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1462 advisory. - Fix CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

Oracle Linux 9 : nodejs (ELSA-2024-1438)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1438 advisory. 1:16.20.2-4.0.1 - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 Tenable has extracted the precedin...

Oracle Linux 9 : libreoffice (ELSA-2024-1427)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1427 advisory. - Fix CVE-2023-6185 escape url passed to gstreamer Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 9 : postgresql-jdbc (ELSA-2024-1436)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1436 advisory. 42.2.28-1 - rebase to 42.2.28 - fix for CVE-2024-1597 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

Oracle Linux 9 : squid (ELSA-2024-1376)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1376 advisory. - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing CVE-2023-50269 - Resolves: RHEL-28614 - squid: Denial of Service in HTTP...

Oracle Linux 8 : conmon (ELSA-2024-12226)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12226 advisory. - address CVE-2023-39326 cri-o - Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0 cri-tools - Address CVE-2023-39326 etcd - Address CVE-2023-39326 by...

kernel security and bug fix update

3.10.0-1160.114.2.0.1.OL7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.114.2.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug:...

Oracle Linux 9 : conmon (ELSA-2024-12225)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12225 advisory. - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than ar...

Oracle Linux 7 : openssh (ELSA-2024-12232)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12232 advisory. 7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug:...

Oracle Linux 7 : openssh (ELSA-2024-12233)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12233 advisory. 7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug:...

Oracle Linux 9 : kernel (ELSA-2024-1248)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1248 advisory. - drm/amdgpu: Fix potential fence use-after-free v2 Jan Stancek RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507 CVE-2023-51042 - netfilter: nftables: skip...

Oracle Linux 8 : .NET / 7.0 (ELSA-2024-1308)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1308 advisory. 7.0.117-1.0.1 - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port Revert 'Disable implicit rejection for RSA PKCS1 95217 patch Tenable has extracted the...