Photon OS 4.0: Sqlite PHSA-2025-4.0-0873

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0873. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CBL Mariner 2.0 Security Update: rsync (CVE-2024-12087)

The version of rsync installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12087 advisory. - A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option,...

Fedora 40 : pdns-recursor (2024-af0bf62ac6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-af0bf62ac6 advisory. Update to latest upstream Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

AlmaLinux 9 : python3.12-setuptools (ALSA-2024:5533)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:5533 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : shadow (SUSE-SU-2024:2804-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2804-1 advisory. - Fixed not copying of skel files bsc1228770 Tenable has extracted the preceding description block direct...

Photon OS 3.0: Go PHSA-2023-3.0-0702

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0702. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid204030...

Photon OS 3.0: Kubernetes PHSA-2023-3.0-0559

An update of the kubernetes package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0559. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Imagemagick PHSA-2023-3.0-0611

An update of the ImageMagick package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0611. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Haproxy PHSA-2023-3.0-0637

An update of the haproxy package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0637. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: E2Fsprogs PHSA-2023-3.0-0518

An update of the e2fsprogs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0518. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Suricata PHSA-2024-5.0-0246

An update of the suricata package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0246. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

openSUSE Security Update : curl (openSUSE-2021-808)

This update for curl fixes the following issues : - CVE-2021-22898: Fixed curl TELNET stack contents disclosure bsc1186114. - Allow partial chain verification jscSLE-17956 - Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA...

openSUSE Security Update : MozillaThunderbird (openSUSE-2021-209)

This update for MozillaThunderbird fixes the following issues : - Mozilla Thunderbird was updated to 78.7.0 ESR MFSA 2021-05, bsc1181414 - CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests - CVE-2021-23954: Fixed a type confusion when using logical assignment...

openSUSE Security Update : ceph (openSUSE-2021-79)

This update for ceph fixes the following issues : Security issues fixed : - CVE-2020-27781: Fixed a privilege escalation via the cephvolumeclient Python interface bsc1179802 bsc1180155. Non-security issues fixed : - Fixes an issue when check in legacy collection reaches end. bsc1179139 - Fixes an...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2020-2170)

This update for java-180-openjdk fixes the following issues : - Update to version jdk8u275 icedtea 3.17.1 - JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 - JDK-8223940: Private key not supported by chosen signature algorithm - JDK-8236512: PKCS11...

openSUSE Security Update : postgresql12 (openSUSE-2020-2029)

This update for postgresql12 fixes the following issues : - Upgrade to version 12.5 : - CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. - CVE-2020-25694, bsc1178667: a Fix usage of complex...

openSUSE Security Update : python-waitress (openSUSE-2020-1922)

This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...

openSUSE Security Update : apache-commons-httpclient (openSUSE-2020-1875)

This update for apache-commons-httpclient fixes the following issues : - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

openSUSE Security Update : php7 (openSUSE-2020-1767)

This update for php7 fixes the following issues : - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...

openSUSE Security Update : go1.14 (openSUSE-2020-1587)

This update for go1.14 fixes the following issues : - go1.14.9 released 2020-09-09 includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc1164903 go1.14 release tracking - go41192 net/http/fcgi: race detected during execution of...