Oracle Linux 7 : openssh (ELSA-2024-12233)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12233 advisory. 7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug:...

Oracle Linux 9 : kernel (ELSA-2024-1248)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1248 advisory. - drm/amdgpu: Fix potential fence use-after-free v2 Jan Stancek RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507 CVE-2023-51042 - netfilter: nftables: skip...

Oracle Linux 8 : .NET / 7.0 (ELSA-2024-1308)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1308 advisory. 7.0.117-1.0.1 - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port Revert 'Disable implicit rejection for RSA PKCS1 95217 patch Tenable has extracted the...

Oracle Linux 8 : .NET / 8.0 (ELSA-2024-1311)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1311 advisory. 8.0.103-1.0.1 - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Backport MSBuild locale fix Tenable has extracted the preceding description block directly from t...

kernel security update

5.14.0-362.24.13.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

Oracle Linux 9 : .NET / 7.0 (ELSA-2024-1309)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1309 advisory. - 7.0.117-1.0.1 - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port revert 'Disable implicit rejection for RSA PKCS1 95217' patch - 7.0.116-1.0.1 - Update to...

Oracle Linux 9 : .NET / 8.0 (ELSA-2024-1310)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1310 advisory. - 8.0.103-2.0.1 - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Disable checking the signature of the last certificate in a chain if the certificate is...

Oracle Linux 8 : dnsmasq (ELSA-2024-1335)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1335 advisory. 2.79-31.2 - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25628 - Resolves: RHEL-25666 2.79-31.1 - Do not crash on invalid domain in...

Oracle Linux 9 : dnsmasq (ELSA-2024-1334)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1334 advisory. 2.85-14.1 - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25674 - Resolves: RHEL-25638 Tenable has extracted the preceding description block...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12208)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12208 advisory. - netfilter: nftables: check if catch-all set element is active in next generation Pablo Neira Ayuso Orabug: 36250951 CVE-2024-1085 Tenable has extracted t...

Oracle Linux 9 : edk2 (ELSA-2024-1075)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1075 advisory. - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853 -...

Oracle Linux 9 : opencryptoki (ELSA-2024-1239)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1239 advisory. 3.21.0-9 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22792 Tenable has extracted the preceding description bloc...

Oracle Linux 8 : kernel (ELSA-2024-0897)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0897 advisory. - net: tls, update curr on splice as well Sabrina Dubroca RHEL-22091 RHEL-19065 CVE-2024-0646 - smb: client: fix potential OOB in smb2dumpdetail Scott...

Oracle Linux 9 : buildah (ELSA-2024-1150)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1150 advisory. 1.31.4-1.0.1 - update to https://github.com/containers/buildah/releases/tag/v1.31 - https://github.com/containers/buildah/commit/11bbf33 Tenable has extracted t...

kernel security update

5.14.0-362.18.1.el93.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

Oracle Linux 9 : golang (ELSA-2024-1131)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1131 advisory. 1.20.12-1 - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 9 : tomcat (ELSA-2024-1134)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1134 advisory. 1:9.0.62-37.el93.2 - Resolves: 2252050 HTTP request smuggling via malformed trailer headers CVE-2023-46589 Tenable has extracted the preceding description block...

Oracle Linux 9 : skopeo (ELSA-2024-1149)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1149 advisory. 2:1.13.3-4 - Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 Tenable has...

Oracle Linux 9 : curl (ELSA-2024-1129)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1129 advisory. 7.76.1-26.el93.3 - cap SFTP packet size sent RHEL-14697 - lowercase the domain names before PSL checks CVE-2023-46218 Tenable has extracted the preceding...

Oracle Linux 9 : kernel (ELSA-2024-0461)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0461 advisory. - nfp: fix use-after-free in areacacheget Ricardo Robaina RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241 CVE-2022-3545 - fbcon: setcon2fbmap needs to set...