Download
| Alert*
oval:org.secpod.oval:def:34299
Apple Mac OS X Server 10.10 (Yosemite) is installed oval:org.secpod.oval:def:34298 Apple Mac OS X Server 10.11 (el capitan) is installed oval:org.secpod.oval:def:1501254 Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051. oval:org.secpod.oval:def:1504859 [1.0.2k-21.0.1] - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] oval:org.secpod.oval:def:1501787 It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate is ... oval:org.secpod.oval:def:1501645 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the default sudo configur ... oval:org.secpod.oval:def:1502072 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:34297 Apple Mac OS X 10.11 (el capitan) is installed oval:org.secpod.oval:def:1501276 git : arbitrary code execution via crafted URLs oval:org.secpod.oval:def:1501660 Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network . Secu ... oval:org.secpod.oval:def:1502089 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501226 The remote host is missing a patch containing a security fix, which affects the following package(s): krb5 oval:org.secpod.oval:def:1502196 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502199 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502107 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502110 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502117 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501652 A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. oval:org.secpod.oval:def:1501663 RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. Security Fix: * It was discovered that under certain conditions RESTEasy could be forced to pa ... oval:org.secpod.oval:def:1505641 [1.6.4-32.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - handle redirect from the docker registry v2 [Orabug: 29874238] - remove changes in NaiveDiffDriver [1.6.4-32] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel [1.6.4-3 ... oval:org.secpod.oval:def:1501239 The remote host is missing a patch containing a security fix, which affects the following package(s): rubygem-bundler and rubygem-thor oval:org.secpod.oval:def:1502005 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501235 The remote host is missing a patch containing a security fix, which affects the following package(s): unbound oval:org.secpod.oval:def:1501249 The remote host is missing a patch containing a security fix, which affects the following package(s): cpio oval:org.secpod.oval:def:1503947 Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1501244 The remote host is missing a patch containing a security fix, which affects the following package(s): netcf oval:org.secpod.oval:def:1501342 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:1501035 The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ... oval:org.secpod.oval:def:1501113 Important: Oracle Linux 7 lxc security update. oval:org.secpod.oval:def:1501189 lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. oval:org.secpod.oval:def:1501237 The remote host is missing a patch containing a security fix, which affects the following package(s): grub2 oval:org.secpod.oval:def:1501992 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501340 An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop ... oval:org.secpod.oval:def:1501657 Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbi ... oval:org.secpod.oval:def:1501241 The remote host is missing a patch containing a security fix, which affects the following package(s): squid oval:org.secpod.oval:def:1501478 It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. oval:org.secpod.oval:def:36268 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36265 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to cause a sys ... oval:org.secpod.oval:def:36264 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to discl ... oval:org.secpod.oval:def:1500692 An updated mod_wsgi package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500746 Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from th ... oval:org.secpod.oval:def:49385 Disable LDAP Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49383 The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system. oval:org.secpod.oval:def:49384 Disable Server Activity Status (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49397 The file /etc/pam.d/system-auth should not contain the nullok option oval:org.secpod.oval:def:49391 The rsh service should be disabled if possible. oval:org.secpod.oval:def:49340 The /etc/httpd/conf/* files should have the appropriate permissions. oval:org.secpod.oval:def:49349 Define default gateways for IPv6 traffic oval:org.secpod.oval:def:49345 Disable MIME Magic (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49346 The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ... oval:org.secpod.oval:def:49358 The apache2 server's ServerTokens value should be set appropriately oval:org.secpod.oval:def:49359 The rlogin service should be disabled if possible. oval:org.secpod.oval:def:49354 Avahi publishing of IP addresses should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49364 The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate oval:org.secpod.oval:def:49360 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49367 Audit rules should be configured to log successful and unsuccessful logon and logout events. oval:org.secpod.oval:def:49378 Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet. oval:org.secpod.oval:def:49316 The '/boot/grub2/grub.cfg' file should be owned by appropriate User. oval:org.secpod.oval:def:49317 Configure the system to notify users of last logon/access using pam_lastlog. oval:org.secpod.oval:def:49328 Verify which group owns the /boot/grub2/grub.cfg file. oval:org.secpod.oval:def:49325 Configure auditd to use audispd plugin (/etc/audisp/plugins.d/syslog.conf) should be configured appropriately. oval:org.secpod.oval:def:49326 Directory permissions for /var/log/httpd should be set appropriately. oval:org.secpod.oval:def:49321 Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate. oval:org.secpod.oval:def:49329 Manually configure addresses for IPv6 oval:org.secpod.oval:def:49331 The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate. oval:org.secpod.oval:def:49337 The SELinux state should be set appropriately. oval:org.secpod.oval:def:49405 Root squashing should be enabled or disabled as appropriate for all NFS shares. oval:org.secpod.oval:def:49409 Configure SNMP Service to Use Only SNMPv3 or Newer (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49407 The TFTP daemon should use secure mode. oval:org.secpod.oval:def:49416 The RPC IPv6 Support should be configured appropriately based rpc services. oval:org.secpod.oval:def:49414 Disable HTTP mod_rewrite (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49411 Disable Web Server Configuration Display (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26788 jakarta-taglibs-standard is the Java Standard Tag Library . This library is used in conjunction with Tomcat and Java Server Pages . It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on ... oval:org.secpod.oval:def:1500619 Oracle Linux 7 is installed oval:org.secpod.oval:def:49468 Disable URL Correction on Misspelled Entries (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49469 The Avahi daemon should be configured to serve via Ipv6 or not as appropriate. oval:org.secpod.oval:def:49464 The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49472 mod_ssl package installation should be configured appropriately. oval:org.secpod.oval:def:49470 The ability for users to perform interactive startups should be disabled. oval:org.secpod.oval:def:49477 File permissions for '/boot/grub2/grub.cfg' should be set appropriate. oval:org.secpod.oval:def:49488 Ctrl-Alt-Del Reboot Activation should be set as appropriate. oval:org.secpod.oval:def:49489 Configure statd to use static port (/etc/sysconfig/nfs) should be configured appropriately. oval:org.secpod.oval:def:49486 Disable Server Side Includes (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49495 The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1". oval:org.secpod.oval:def:49493 Disable WebDAV (Distributed Authoring and Versioning) (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:26790 The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X ... oval:org.secpod.oval:def:26792 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposit ... oval:org.secpod.oval:def:49419 Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate. oval:org.secpod.oval:def:49418 Disable Logwatch on Clients if a Logserver Exists (/etc/cron.daily/0logwatch) should be configured appropriately. oval:org.secpod.oval:def:49421 System Audit Logs Must Be Owned By Root (/var/log/*) should be configured appropriately. oval:org.secpod.oval:def:49437 Enable privacy extensions for IPv6 oval:org.secpod.oval:def:49435 DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate oval:org.secpod.oval:def:49434 Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49431 Check if SplitHosts line in logwatch.conf is set appropriately. oval:org.secpod.oval:def:49439 The HTTPD Proxy Module Support should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49451 The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate. oval:org.secpod.oval:def:49505 Ensure all yum repositories utilize signature checking. oval:org.secpod.oval:def:49514 The apache2 server's ServerSignature value should be set appropriately. oval:org.secpod.oval:def:49515 Disable HTTP Digest Authentication (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49512 Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ... oval:org.secpod.oval:def:49510 Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate oval:org.secpod.oval:def:49511 Disable Cache Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49518 The rexec service should be disabled if possible. oval:org.secpod.oval:def:49523 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". oval:org.secpod.oval:def:1500901 Updated libyaml packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:49534 By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ... oval:org.secpod.oval:def:49532 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:49530 Audit rules about the Information on the Use of Privileged Commands are enabled oval:org.secpod.oval:def:1500963 It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting i ... oval:org.secpod.oval:def:1500962 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:1500981 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ... oval:org.secpod.oval:def:1500911 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:1500922 lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. oval:org.secpod.oval:def:1500925 The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would forc ... oval:org.secpod.oval:def:1500929 GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a ... oval:org.secpod.oval:def:1500930 The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. oval:org.secpod.oval:def:1500935 named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor manage ... oval:org.secpod.oval:def:1500945 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. oval:org.secpod.oval:def:1500793 An updated wget package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500798 Updated shim packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vul ... oval:org.secpod.oval:def:1500797 Updated cups-filters packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ea ... oval:org.secpod.oval:def:49538 Record attempts to alter time through stime, note that this is only relevant on 32bit architecture. oval:org.secpod.oval:def:49548 Configure Periodic Execution of AIDE (/etc/crontab) should be configured appropriately. oval:org.secpod.oval:def:49545 The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack. oval:org.secpod.oval:def:49546 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:49543 Directory permissions for /etc/httpd/conf/ should be set as appropriate. oval:org.secpod.oval:def:49550 BOOTP queries should be accepted or denied by the DHCP server as appropriate. oval:org.secpod.oval:def:49556 System Audit Logs Must Have Mode 0640 or Less Permissive (/var/log/audit/*) should be configured appropriately. oval:org.secpod.oval:def:49557 Disable CGI Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:1500836 Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ... oval:org.secpod.oval:def:1500863 Oracle Linux has issued an update for docker. This fixes two security issues, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. oval:org.secpod.oval:def:1500873 Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500875 Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ea ... oval:org.secpod.oval:def:1500874 Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CV ... oval:org.secpod.oval:def:1500876 Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500831 An updated wpa_supplicant package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:34301 The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ... oval:org.secpod.oval:def:1505979 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:1505982 [91.13.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:1505980 [219-78.0.9.el7_9.7] - Core: explicitly trigger changing udev systemd_wants property [Orabug: 31858125] - Disable unprivileged BPF by default [Orabug: 32871008] - Resolve missing installation files for systemd-pstore [Orabug 32497787] - Change to have file tmpfiles.d/systemd-pstore.conf installed on ... oval:org.secpod.oval:def:1501972 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506198 [1:1.8.1.3-15] - Fix possible remote code execution vulnerability - Resolves: CVE-2022-41853 oval:org.secpod.oval:def:1506407 istio [1.15.3-1] - Added Oracle specific files for 1.15.3-1 olcne [1.5.10-2] - Update istio to 1.15.3 to address Istio CVE-2022-392787 [1.5.9-1] - Fix a regression during provisioning where arguments for the externalip restriction webhook are handled incorrectly [1.5.8-4] - Fix 1.21 kubernetes versi ... oval:org.secpod.oval:def:1506404 istio [1.13.9-1] - Added Oracle specific files for 1.13.9-1 olcne [1.4.10-1] - Upgraded istio-1.13.7 to istio-1.13.9 to resolve Istio CVE-2022-39278 [1.4.9-2] - Fix 1.21 kubernetes version to align with last upstream release [1.4.9-1] - Resolve kubernetes CVE-2022-3294 CVE-2022-3162 for version 1.2 ... oval:org.secpod.oval:def:1506013 istio [1.13.7-1] - Added Oracle specific files for 1.13.7-1 olcne [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip prin ... oval:org.secpod.oval:def:1506018 istio [1.13.7-1] - Added Oracle specific files for 1.13.7-1 olcne [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29 ... oval:org.secpod.oval:def:1505233 olcne [1.3.2-2] - Turn off default PodDisruptionBudget in istio template to unblock kubernetes module upgrade - Update Kubernetes version to 1.20.11 to address CVE-2021-25741 - Update Istio to 1.9.8, 1.10.4 to address CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, CVE-2021-32780 & CVE-2021-32781 - ... oval:org.secpod.oval:def:1505251 olcne [1.2.5-2] - Update Istio to 1.9.8 to address CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, CVE-2021-32780 & CVE-2021-32781 - Update proxyv2 image to select iptables legacy or latest based on host operating system - Turn off Istio PodDisruptionBudget istio [1.9.8-3] - Updated iptables-switch ... oval:org.secpod.oval:def:1502161 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501053 Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application t ... oval:org.secpod.oval:def:1501028 abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality. oval:org.secpod.oval:def:1500837 Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for eac ... oval:org.secpod.oval:def:1500829 Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for eac ... oval:org.secpod.oval:def:1501186 During Docker pulls validation and extraction of the manifest object from its JSON representation are done in separate steps. The digest that represents the manifest corresponds to a hash of the payload portion of the JSON blob returned by the remote registry. Even though the validity of the payload ... oval:org.secpod.oval:def:1501225 The remote host is missing a patch containing a security fix, which affects the following package(s): chrony oval:org.secpod.oval:def:1502399 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502087 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501234 The remote host is missing a patch containing a security fix, which affects the following package(s): openhpi oval:org.secpod.oval:def:1501002 A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. oval:org.secpod.oval:def:1501228 The remote host is missing a patch containing a security fix, which affects the following package(s): rest oval:org.secpod.oval:def:1501627 The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. The following packages have been upgraded to a newer upstream version: mod_nss . Security Fix: * A ... oval:org.secpod.oval:def:1501958 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:38256 A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capab ... oval:org.secpod.oval:def:1501388 Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw t ... oval:org.secpod.oval:def:1501651 The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream ve ... oval:org.secpod.oval:def:1501348 The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way th ... oval:org.secpod.oval:def:1501647 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ... oval:org.secpod.oval:def:1501260 libreport only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) a ... oval:org.secpod.oval:def:1501203 A flaw was discovered in the way Libreswan's IKE daemon processed IKE KE payloads. A remote attacker could send specially crafted IKE payload with a KE payload of g^x=0 that, when processed, would lead to a denial of service (daemon crash). oval:org.secpod.oval:def:1501090 Moderate: Oracle Linux 7 clutter security update oval:org.secpod.oval:def:1501233 The remote host is missing a patch containing a security fix, which affects the following package(s): cups-filters oval:org.secpod.oval:def:1501043 Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network . A fl ... oval:org.secpod.oval:def:26791 HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. An implementation error related to the memory management of request and responses was found within HAProxy"s buffer_slow_realign function. An unauthenticated remote attacker could possibly use this ... oval:org.secpod.oval:def:1501014 The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel"s kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel"s kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism ... oval:org.secpod.oval:def:1500960 It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash. It was discovered that the ... oval:org.secpod.oval:def:1501246 The remote host is missing a patch containing a security fix, which affects the following package(s): libssh2 oval:org.secpod.oval:def:1500926 Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. oval:org.secpod.oval:def:1500931 The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1500937 Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. oval:org.secpod.oval:def:1500933 Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. oval:org.secpod.oval:def:1500747 Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1500673 It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive ... oval:org.secpod.oval:def:1500620 An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host wi ... oval:org.secpod.oval:def:1502078 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501980 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501994 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501867 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501917 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502167 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501945 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501971 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501238 The remote host is missing a patch containing a security fix, which affects the following package(s): openldap oval:org.secpod.oval:def:34300 The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ... oval:org.secpod.oval:def:1506227 kubernetes [1.21.14-3] - Addresses CVE-2022-3294 CVE-2022-3162 [1.21.14-2] - Fixed kubernetes-cni version. [1.21.14-1] - Addresses CVE-2022-3172 olcne [1.4.9-2] - Fix 1.21 kubernetes version to align with last upstream release [1.4.9-1] - Resolve kubernetes CVE-2022-3294 CVE-2022-3162 for version ... oval:org.secpod.oval:def:1506230 kubernetes [1.22.16-1] - Added Oracle specific build files for Kubernetes - Add preBuildOL8Commands to Jenkinsfile kubernetes [1.23.14-1] - Added Oracle specific build files for Kubernetes kubernetes [1.24.8-1] - Added Oracle specific build files for Kubernetes olcne [1.5.8-4] - Fix 1.21 kubernetes ... oval:org.secpod.oval:def:1502587 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506576 [9.0.3-8.0.3] - CVE-2021-3572 [Orabug: 35240686] oval:org.secpod.oval:def:1506376 [1.16.5-10.0.3] - Revert Redhat"s change of disallowing duplicated incomplete gid when id_provider=ldap is used, which caused regression in AD environment. [Orabug: 29286774] [Doc ID 2605732.1] [1.16.5-10.15] - Resolves: rhbz#2149703 - smartcards: special characters must be escaped when building sea ... oval:org.secpod.oval:def:1502186 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502193 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502469 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502498 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502318 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502319 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502500 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504543 accountsservice [0.6.50-7] - version bump to prevent future update path introduced by RHBA-2019:45836 Resolves: #1721562 colord [1.3.4-2] - Downgrade a trivial warning to a debug statement - Resolves: #1421231 control-center [3.28.1-6] - Calculate better extents for the configured displays arrangeme ... oval:org.secpod.oval:def:1503055 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502465 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504949 [0.3.0-10] - Added fixes for rhbz#1956829, rhbz#1956843, rhbz#1956919 oval:org.secpod.oval:def:1501444 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a sp ... oval:org.secpod.oval:def:1500936 Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. oval:org.secpod.oval:def:72826 Ensure ip6tables in enabled and running oval:org.secpod.oval:def:49560 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:49496 A remote NTP Server for time synchronization should be specified (and dependencies are met) oval:org.secpod.oval:def:72771 The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivil ... oval:org.secpod.oval:def:49374 Disable Avahi Publishing (/etc/avahi/avahi-daemon.conf) should be configured appropriately. oval:org.secpod.oval:def:72758 If any users' home directories do not exist, create them and make sure the respective user owns the directory. Users without an assigned home directory should be removed or assigned a home directory as appropriate. oval:org.secpod.oval:def:72746 SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server, or servers to clients. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into ... oval:org.secpod.oval:def:72740 Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automat ... oval:org.secpod.oval:def:72803 All accounts must have passwords or be locked to prevent the account from being used by an unauthorized user. oval:org.secpod.oval:def:49484 The RPM package mcstrans should be installed. oval:org.secpod.oval:def:49561 The /etc/group file should be owned by the appropriate user. oval:org.secpod.oval:def:49339 The password retry should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:49455 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:49462 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:49368 A warning banner for all FTP users should be enabled or disabled as appropriate oval:org.secpod.oval:def:72743 iptables allows configuration of the IPv4 tables in the linux kernel and the rules stored within them. Most firewall configuration utilities operate as a front end to iptables. oval:org.secpod.oval:def:49452 Audit rules should detect modification to system files that hold information about users and groups. oval:org.secpod.oval:def:49529 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:49363 Dovecot plaintext authentication of clients should be enabled or disabled as necessary oval:org.secpod.oval:def:49379 The Kernel Parameter for Accepting Source-Routed Packets By Default and all interfaces should be enabled or disabled as appropriate oval:org.secpod.oval:def:49449 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:49487 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49528 Record attempts to alter time through settimeofday. oval:org.secpod.oval:def:49322 The passwords to remember should be set correctly. oval:org.secpod.oval:def:49404 The RPM package dovecot should be removed. oval:org.secpod.oval:def:49542 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:org.secpod.oval:def:72780 The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable. oval:org.secpod.oval:def:49413 The RPM package rsh-server should be removed. oval:org.secpod.oval:def:49537 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:49338 The squashfs Kernel Module should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49425 space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:49481 The password minclass should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:49508 The RPM package squid should be removed. oval:org.secpod.oval:def:49485 The kernel module dccp should be disabled. oval:org.secpod.oval:def:49516 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:49388 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:49509 The password hashing algorithm should be set correctly in /etc/libuser.conf. oval:org.secpod.oval:def:49544 The RPM package bind should be removed. oval:org.secpod.oval:def:49351 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:72744 Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub boot parameters. Rationale: SELinux must be enabled at boot time in your grub configuration to ensure that the controls it provides are not overridden. oval:org.secpod.oval:def:72751 To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartups to protect availability of sshd logins and prevent overwhelming the daemon. oval:org.secpod.oval:def:49460 The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1". oval:org.secpod.oval:def:49475 The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0". oval:org.secpod.oval:def:72811 Ensure root is the only UID 0 account oval:org.secpod.oval:def:49324 Protect against unnecessary release of information. oval:org.secpod.oval:def:72837 Ensure mounting of FAT filesystems is limited oval:org.secpod.oval:def:49507 Specify Additional Remote NTP Servers (/etc/ntp.conf) should be configured appropriately. oval:org.secpod.oval:def:49399 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:49323 The RPM package dhcpd should be removed. oval:org.secpod.oval:def:49461 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). oval:org.secpod.oval:def:49313 Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49352 Record attempts to alter time through adjtimex. oval:org.secpod.oval:def:49526 IP forwarding should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49479 SSH warning banner should be enabled (and dependencies are met). oval:org.secpod.oval:def:49377 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49502 The kernel module usb-storage should be disabled. oval:org.secpod.oval:def:49424 The RPM package rsyslog should be installed. oval:org.secpod.oval:def:49412 Force a reboot to change audit rules is enabled oval:org.secpod.oval:def:72741 The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability. oval:org.secpod.oval:def:49453 The requirement for a password to boot into single-user mode should be configured correctly. oval:org.secpod.oval:def:49430 Disable Prelinking (/etc/sysconfig/prelink) should be configured appropriately. oval:org.secpod.oval:def:49478 The password difok should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72824 Ensure cron daemon is enabled and running oval:org.secpod.oval:def:49454 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:72836 Ensure only strong MAC algorithms are used oval:org.secpod.oval:def:49420 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49320 The /etc/group file should be owned by the appropriate group. oval:org.secpod.oval:def:72749 The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure. oval:org.secpod.oval:def:72752 When usePAM is set to yes, PAM runs through account and session types properly. This is important if you want to restrict access to services based off of IP, time or other factors of the account. Additionally, you can make sure users inherit certain environment variables on login or disallow access ... oval:org.secpod.oval:def:49517 The RPM package talk-server should be installed. oval:org.secpod.oval:def:49522 The SELinux state should be enforcing the local policy. oval:org.secpod.oval:def:72806 The .netrcfile presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .netrcfiles from other systems which could pose a risk to those systems. oval:org.secpod.oval:def:49353 Audit rules should capture information about session initiation. oval:org.secpod.oval:def:49504 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:49314 Record attempts to alter time through /etc/localtime oval:org.secpod.oval:def:72823 Ensure nftables is not installed or stopped and masked oval:org.secpod.oval:def:49458 The kernel module bluetooth should be disabled. oval:org.secpod.oval:def:49403 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:72742 Ensure LDAP Client is not installed oval:org.secpod.oval:def:49366 The password lcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72822 Ensure nfs-utils is not installed or the nfs-server service is masked oval:org.secpod.oval:def:72808 sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy. oval:org.secpod.oval:def:72800 Ensure users' home directories permissions are 750 or more restrictive oval:org.secpod.oval:def:72777 Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:49501 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:72798 An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authent ... oval:org.secpod.oval:def:72754 The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Server Message Block (SMB) protocol. Windows desktop users will be able to mount these directories ... oval:org.secpod.oval:def:72799 An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and ... oval:org.secpod.oval:def:49524 Logging of vsftpd transactions should be enabled or disabled as appropriate oval:org.secpod.oval:def:49390 The RPM package screen should be installed. oval:org.secpod.oval:def:72838 Disable Automounting oval:org.secpod.oval:def:49441 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:72755 The X Window System provides a Graphical User Interface (GUI) where users can have multiple windows in which to run programs and various add on. The X Windows system is typically used on workstations where users login, but not on servers where users typically do not login. oval:org.secpod.oval:def:72776 Since the /var/tmp partition is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:49558 Core dumps for all users should be disabled oval:org.secpod.oval:def:49521 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:72827 Ensure iptables in enabled and running oval:org.secpod.oval:def:72817 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:49482 The maximum number of concurrent login sessions per user should meet minimum requirements. oval:org.secpod.oval:def:72807 Ensure sudo log file exists oval:org.secpod.oval:def:49513 The RPM package aide should be installed. oval:org.secpod.oval:def:72834 Ensure rsyslog default file permissions configured oval:org.secpod.oval:def:72804 The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users should be assigned to the shadow group. oval:org.secpod.oval:def:72768 A firewall zone defines the trust level for a connection, interface or source address binding. This is a one to many relation, which means that a connection, interface or source can only be part of one zone, but a zone can be used for many network connections, interfaces and sources. oval:org.secpod.oval:def:49410 The RPM package telnet should be installed. oval:org.secpod.oval:def:49503 Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled. oval:org.secpod.oval:def:72786 The contents of the /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:72814 Ensure no duplicate group names account oval:org.secpod.oval:def:49333 rsyslogd should reject remote messages oval:org.secpod.oval:def:49463 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72767 TMOUT is an environmental setting that determines the timeout of a shell in seconds. oval:org.secpod.oval:def:72772 Since the user partitions are not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:49334 The RPM package setroubleshoot should be installed. oval:org.secpod.oval:def:49553 The password hashing algorithm should be set correctly in /etc/login.defs. oval:org.secpod.oval:def:49520 The RPM package rsh should be installed. oval:org.secpod.oval:def:72830 Ensure rsync is not installed or the rsyncd service is masked oval:org.secpod.oval:def:72765 chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. chrony can be configured to be a client and/or a ... oval:org.secpod.oval:def:49436 The SELinux policy should be set appropriately. oval:org.secpod.oval:def:49456 The RPM package openldap-servers should be removed. oval:org.secpod.oval:def:49370 The RPM package net-snmp should be removed. oval:org.secpod.oval:def:72794 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:49350 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:49335 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:49429 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49442 The RPM package ypserv should be removed. oval:org.secpod.oval:def:49417 Audit rules that detect the mounting of filesystems should be enabled. oval:org.secpod.oval:def:49401 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account oval:org.secpod.oval:def:49362 Restrict Access to Anonymous Users should be configured appropriately. oval:org.secpod.oval:def:49450 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:72764 Setting the boot loader password will require that anyone rebooting the system must enter a password before being able to set command line boot parameters. oval:org.secpod.oval:def:49559 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:72750 To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of sshd logins and prevent overwhelming the daemon. oval:org.secpod.oval:def:49527 The daemon umask should be set as appropriate oval:org.secpod.oval:def:72841 Ensure auditd service is enabled and running oval:org.secpod.oval:def:49344 The RPM package tftp-server should be removed. oval:org.secpod.oval:def:49347 The kernel runtime parameter "fs.suid_dumpable" should be set to "0". oval:org.secpod.oval:def:49448 The rsyslog to Accept Messages via UDP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49380 The RPM package sendmail should be removed. oval:org.secpod.oval:def:49373 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:49535 The password ocredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:49371 The RPM package tftp should be installed. oval:org.secpod.oval:def:49499 This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:72770 The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access. oval:org.secpod.oval:def:72785 It is critical to ensure that the /etc/passwd- file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions. oval:org.secpod.oval:def:49315 The default umask for users of the bash shell oval:org.secpod.oval:def:72821 Ensure inactive password lock is 30 days or less oval:org.secpod.oval:def:72745 SELinux gives that extra layer of security to the resources in the system. It provides the MAC (mandatory access control) as contrary to the DAC (Discretionary access control). oval:org.secpod.oval:def:49319 The RPM package httpd should be removed. oval:org.secpod.oval:def:72792 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:72818 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:49357 The /etc/passwd file should be owned by the appropriate user. oval:org.secpod.oval:def:72791 The /etc/cron.weekly directory contains system cron jobs that need to run on a weekly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to use ... oval:org.secpod.oval:def:72815 nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames and is the successor to iptables. oval:org.secpod.oval:def:72762 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk oval:org.secpod.oval:def:49443 Record attempts to alter time through clock_settime. oval:org.secpod.oval:def:49394 The /etc/gshadow file should be owned by the appropriate user. oval:org.secpod.oval:def:49427 The /etc/shadow file should be owned by the appropriate user. oval:org.secpod.oval:def:49547 The RPM package xinetd should be removed. oval:org.secpod.oval:def:49386 The RPM package ypbind should be installed. oval:org.secpod.oval:def:49536 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72760 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:49361 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:72795 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:49423 Specify UID and GID for Anonymous NFS Connections (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:72773 Since the /tmp partition is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:72781 There are two important reasons to ensure that system logs are stored on a separate partition: protection against resource exhaustion (since logs can grow quite large) and protection of audit data. oval:org.secpod.oval:def:72819 Ensure journald is configured to write logfiles to persistent disk oval:org.secpod.oval:def:49387 The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49483 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:49336 The '/etc/shadow' file should be owned by the appropriate group. oval:org.secpod.oval:def:72763 Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup. Audit events need to be captured on processes that start up prior to auditd, so that potential malicious activity cannot go undetected. oval:org.secpod.oval:def:49332 Plaintext authentication of mail clients should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72835 Ensure only strong Key Exchange algorithms are used oval:org.secpod.oval:def:49465 Set Password to Maximum of Three Consecutive Repeating Characters should be configured appropriately. oval:org.secpod.oval:def:74448 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (::1).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loopback net ... oval:org.secpod.oval:def:72759 If a users recorded password change date is in the future then they could bypass any set password expiration. oval:org.secpod.oval:def:49562 The kernel module rds should be disabled. oval:org.secpod.oval:def:72840 >Ensure mail transfer agent is configured for local-only mode oval:org.secpod.oval:def:49381 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:49474 Configure Dovecot to Use the SSL Key file should be configured appropriately. oval:org.secpod.oval:def:49375 The RPM package vsftpd should be removed. oval:org.secpod.oval:def:72784 The /etc/shadow- file is used to store backup information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:49376 The RPM package telnet-server should be removed. oval:org.secpod.oval:def:49428 Limit Users SSH Access should be configured appropriately. oval:org.secpod.oval:def:49432 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49471 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. oval:org.secpod.oval:def:49466 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:72802 System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them. oval:org.secpod.oval:def:49393 Logging (/etc/rsyslog.conf) should be configured appropriately. oval:org.secpod.oval:def:49539 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72833 Ensure ntp is configured oval:org.secpod.oval:def:72809 sudo can be configured to run only from a pseudo-pty oval:org.secpod.oval:def:72748 Setting the LoginGraceTime parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. It will also limit the number of concurrent unauthenticated connections While the recommended setting is 60 seconds (1 Minute), set the number based on site policy. oval:org.secpod.oval:def:49531 Ensure Default Password Is Not Used (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:72828 Ensure rsyslog Service is enabled and running oval:org.secpod.oval:def:72813 Ensure no duplicate user names account oval:org.secpod.oval:def:72831 Ensure no users have .forward files oval:org.secpod.oval:def:72756 The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su co ... oval:org.secpod.oval:def:72788 The file is used to store backup information about groups that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:72747 SSH provides several logging levels with varying amounts of verbosity. DEBUG is specifically not recommended other than strictly for debugging SSH communications since it provides so much data that it is difficult to identify important security information. INFO level is the basic level that only re ... oval:org.secpod.oval:def:72753 Disable X11 forwarding unless there is an operational requirement to use X11 applications directly. There is a small risk that the remote X11 servers of users who are logged in via SSH with X11 forwarding could be compromised by other users on the X11 server. Note that even if X11 forwarding is disa ... oval:org.secpod.oval:def:49498 The system login banner text should be set correctly. oval:org.secpod.oval:def:49355 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:49365 The password hashing algorithm should be set correctly in /etc/pam.d/system-auth. oval:org.secpod.oval:def:49342 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:49491 Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ... oval:org.secpod.oval:def:72820 Ensure journald is configured to send logs to rsyslog oval:org.secpod.oval:def:49490 Postfix network listening should be disabled oval:org.secpod.oval:def:72757 Groups defined in the /etc/passwd file but not in the /etc/group file pose a threat to system security since group permissions are not properly managed. oval:org.secpod.oval:def:72793 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:72774 Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:72783 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:49372 The password minimum length should be set appropriately. oval:org.secpod.oval:def:72789 The file is used to store backup information about groups that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:49552 The password dcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:49519 The anacron service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72775 Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:49541 The /etc/gshadow file should be owned by the appropriate group. oval:org.secpod.oval:def:49476 The password ucredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72766 Ensure default group for the root account is GID 0 oval:org.secpod.oval:def:49402 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:49408 SSL capabilities should be enabled for the mail server. oval:org.secpod.oval:def:49382 PermitUserEnvironment should be disabled oval:org.secpod.oval:def:49445 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:49549 Audit actions taken by system administrators on the system. oval:org.secpod.oval:def:72761 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:72842 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Rationale: Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system ... oval:org.secpod.oval:def:49406 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:49447 The kernel module udf should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49398 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:72805 Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user dot file permissions and determine the action to be taken in accordance with site po ... oval:org.secpod.oval:def:49392 Ensure Insecure File Locking is Not Allowed (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:49422 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:49444 The mod_security package installation should be configured appropriately. oval:org.secpod.oval:def:72829 Ensure rpcbind is not installed or the rpcbind services are masked oval:org.secpod.oval:def:72778 Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:72796 Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them. oval:org.secpod.oval:def:72812 Ensure root is the only UID 0 account oval:org.secpod.oval:def:49318 The kernel module sctp should be disabled. oval:org.secpod.oval:def:72769 The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unau ... oval:org.secpod.oval:def:49400 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:49440 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:72779 The /home directory is used to support disk storage needs of local users. oval:org.secpod.oval:def:49327 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:72801 While the complete removal of /etc/sshd/sshd_config files is recommended if any are required on the system secure permissions must be applied. oval:org.secpod.oval:def:49348 The kernel module tipc should be disabled. oval:org.secpod.oval:def:49389 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:49369 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". oval:org.secpod.oval:def:49492 The RPM package libreswan should be installed. oval:org.secpod.oval:def:49500 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49438 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:72797 It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. Other/world should not have the ability to view this information. Group should not have the ability to modify this information. oval:org.secpod.oval:def:72839 Ensure use of privileged commands is collected oval:org.secpod.oval:def:72790 The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file. oval:org.secpod.oval:def:72810 Ensure root is the only UID 0 account oval:org.secpod.oval:def:49395 The kernel module hfs should be disabled. oval:org.secpod.oval:def:49433 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. oval:org.secpod.oval:def:49446 The default umask for users of the csh shell oval:org.secpod.oval:def:49356 The /etc/passwd file should be owned by the appropriate group. oval:org.secpod.oval:def:49494 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:72825 Ensure firewalld service is enabled and running oval:org.secpod.oval:def:49415 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. oval:org.secpod.oval:def:49341 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:72782 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:49396 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49467 The default umask for all users should be set correctly oval:org.secpod.oval:def:49473 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:49330 File uploads via vsftpd should be enabled or disabled as appropriate oval:org.secpod.oval:def:49506 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49525 The RPM package talk should be installed. oval:org.secpod.oval:def:49457 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:49555 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49551 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. oval:org.secpod.oval:def:72787 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. oval:org.secpod.oval:def:49480 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:72832 Ensure ntp is configured oval:org.secpod.oval:def:49497 The password warning age should be set appropriately. oval:org.secpod.oval:def:49343 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:49426 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:49554 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:49540 The SSH idle timeout interval should be set to an appropriate value. oval:org.secpod.oval:def:1506721 [2.10.1-1.0.1] - Fix for CVE-2021-40348 [Orabug: 33531467] [2.10.1-1] - copy cert file instead of linking [2.8.4-1] - remove install/clean section initial cleanup - removed Group from specfile - removed BuildRoot from specfiles [2.8.3-1] - 1524221 - ship systemd target on RHEL 7 too [2.8.2-1] - don" ... oval:org.secpod.oval:def:1502396 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504597 [2.03-3.1.1] - Fixed integer overflow in decompressor Resolves: CVE-2014-4607 oval:org.secpod.oval:def:1504596 [1:2.0.9-7.1] - fix CVE-2014-3430: denial of service through maxxing out SSL connections oval:org.secpod.oval:def:1501564 An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. oval:org.secpod.oval:def:1501505 The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. The setroubleshoot-plugins package provides a set of analysis plugins ... oval:org.secpod.oval:def:1501142 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ... oval:org.secpod.oval:def:1501149 Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary function of PAM"s unix_pam module could write to a blocking pipe, possibly ca ... oval:org.secpod.oval:def:1501155 Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. oval:org.secpod.oval:def:1501184 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:1501191 Use-after-free vulnerability in libwmf allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. oval:org.secpod.oval:def:1501038 CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operation ... oval:org.secpod.oval:def:1501055 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:1501391 A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. oval:org.secpod.oval:def:1501395 The SMB1 implementation in smbd in Samba allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. oval:org.secpod.oval:def:1501346 An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system ... oval:org.secpod.oval:def:1501258 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blo ... oval:org.secpod.oval:def:1501266 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ... oval:org.secpod.oval:def:1501508 OCamel does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. oval:org.secpod.oval:def:1501041 Mailman is a program used to help manage email discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. This update also fixes the following bugs: * Previ ... oval:org.secpod.oval:def:1501094 The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the / ... oval:org.secpod.oval:def:1501908 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501725 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX ... oval:org.secpod.oval:def:1501632 The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Virt-v2v converts guests from a foreign hypervisor to run on KVM. The following packages have been upgraded to a newer upstream version: libguestfs , virt-v2v . Security Fix: * An inte ... oval:org.secpod.oval:def:1501223 The remote host is missing a patch containing a security fix, which affects the following package(s): autofs oval:org.secpod.oval:def:1501724 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ... oval:org.secpod.oval:def:1502218 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502284 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:72816 Ensure iptables packages are installed oval:org.secpod.oval:def:73058 The dovecot service should be disabled if possible. oval:org.secpod.oval:def:73059 Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor changes in scope. The file /etc/sudoers will be written t ... oval:org.secpod.oval:def:73057 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:73065 Verify that Shared Library Files Have Root Ownership (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:73066 File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly. oval:org.secpod.oval:def:73063 chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. chrony can be configured to be a client and/or a ... oval:org.secpod.oval:def:73064 Verify that Shared Library Files Have Restrictive Permissions (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:73061 System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them. oval:org.secpod.oval:def:73062 All password hashes should be shadowed. oval:org.secpod.oval:def:73060 Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or /etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if they have been opened for write or have had attribu ... oval:org.secpod.oval:def:73086 Ensure ntp is configured oval:org.secpod.oval:def:74455 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:74462 Change the default policy to DROP (from ACCEPT) for the OUTPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:74476 The use of wireless networking can introduce many different attack vectors into the organization's network. Common attack vectors such as malicious association and ad hoc networks will allow an attacker to spoof a wireless access point (AP), allowing validated systems to connect to the malicious AP ... oval:org.secpod.oval:def:74483 Change the default policy to DROP (from ACCEPT) for the OUTPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:74469 Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The /var/run/failock directory maint ... oval:org.secpod.oval:def:74434 Change the default policy to DROP (from ACCEPT) for the FORWARD built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:74441 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (::1).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loopback net ... oval:org.secpod.oval:def:1502242 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506196 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 oval:org.secpod.oval:def:1506213 [102.5.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.5.0-1] - Update to 102.5.0 build1 oval:org.secpod.oval:def:1505822 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 oval:org.secpod.oval:def:1505835 [1.3.10.2-16] - Bump version to 1.3.10.2-16 - Resolves: Bug 2077395 - CVE-2022-0918 389-ds:1.4/389-ds-base: sending crafted message could result in DoS - Resolves: Bug 2014768 - Log the Auto Member invalid regex rules in the LDAP errors log - Resolves: Bug 2018153 - RFE - Provide an option to abort ... oval:org.secpod.oval:def:1501423 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name function of the MIT Kerberos kadmind service. An authenticated attacker could r ... oval:org.secpod.oval:def:1501638 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ... oval:org.secpod.oval:def:1506316 [102.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer fe ... oval:org.secpod.oval:def:1506317 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption oval:org.secpod.oval:def:1501635 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a newer upstream version: 389-ds-base . Security Fix: * It was ... oval:org.secpod.oval:def:1500642 Multiple buffer overflow flaws were found in the way the json-c library handled long strings in JSON documents. An attacker able to make an application using json-c parse excessively large JSON input could cause the application to crash. oval:org.secpod.oval:def:1504963 [1.3.10.2-12] - Bump version to 1.3.10.2-12 [1.3.10.2-11] - Bump version to 1.3.10.2-11 - Resolves: Bug 1953673 - Add new access log keywords for time spent in work queue and actual operation time - Resolves: Bug 1931182 - information disclosure during the binding of a DN oval:org.secpod.oval:def:1501247 The remote host is missing a patch containing a security fix, which affects the following package(s): python oval:org.secpod.oval:def:1507044 [6.9.10.68-7] - Added fix for CVE-2021-40211 oval:org.secpod.oval:def:1502209 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502446 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506232 [1.15.1-55.0.1] - Add recursion limit for ASN.1 indefinite lengths [Orabug: 32582360] [1.15.1-55] - Fix integer overflows in PAC parsing - Resolves: rhbz#2140961 oval:org.secpod.oval:def:1506375 [3.5.12-2] - Fix CVE-2022-4883: compression commands depends on $PATH oval:org.secpod.oval:def:1506575 [39.2.0-10.0.1] - Back port fix for CVE-2022-40897 [Orabug: 35034581] oval:org.secpod.oval:def:1506140 [1.20.4-19] - CVE fix for: CVE-2022-3550, CVE-2022-3551 Resolves: rhbz#2140765, rhbz#2140770 oval:org.secpod.oval:def:1505976 [3.1.2-11] - Resolves: #2111170 - remote arbitrary files write inside the directories of connecting peers oval:org.secpod.oval:def:1505819 olcne [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1 ... oval:org.secpod.oval:def:1505825 olcne [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-202 ... oval:org.secpod.oval:def:1504897 coredns [1.7.0-1] - Added Oracle specific build files cri-o [1.18.4-2] - Fix for CVE-2021-27918 [1.18.4-1] - Added Oracle Specifile Files for cri-o cri-tools [1.18.0-2] - Address CVE-2021-27918 etcd [3.4.3-1.0.5] - Address CVE-2021-27918 flannel [0.12.0-2] - Address CVE-2021-27918 yq [3.4.0-2] - Add ... oval:org.secpod.oval:def:1504947 [15:4.2.1-9.el7] - Revert oslib-posix: refactor memory prealloc threads [Orabug: 32903662] - Revert oslib-posix: initialize backend memory objects in parallel [Orabug: 32903662] [15:4.2.1-8.el7] - i386/pc: let iterator handle regions below 4G [15:4.2.1-7.el7] - arm/virt: Add memory hot remove sup ... oval:org.secpod.oval:def:1504967 [5.9.7-2] - libwebp security fixes: Resolves: bz#1961742 Resolves: bz#1961743 Resolves: bz#1961744 Resolves: bz#1961745 oval:org.secpod.oval:def:1505308 [4.11.3-48] - Fix double-free in previously added patch [4.11.3-47] - Improve range checks on signature and main header tags - Fixes CVE-2021-20271 oval:org.secpod.oval:def:1504616 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500648 Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on th ... oval:org.secpod.oval:def:1502427 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501556 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:1502524 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504742 [5.0.0-4.el7] - logging: restrict sockets to mode 0600 [Orabug: 29861433] {CVE-2019-10132} - locking: restrict sockets to mode 0600 [Orabug: 29861433] {CVE-2019-10132} - admin: reject clients unless their UID matches the current UID [Orabug: 29861433] {CVE-2019-10132} oval:org.secpod.oval:def:1504762 [15:3.0.0-4.el7] - usb-mtp: use O_NOFOLLOW and O_CLOEXEC. [Orabug: 29056673] {CVE-2018-16872} - pvrdma: add uar_read routine {CVE-2018-20191} - pvrdma: release ring object in case of an error [Orabug: 29171822] {CVE-2018-20126} - pvrdma: check number of pages when creating rings [Orabug: 2917182 ... oval:org.secpod.oval:def:1502317 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501965 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501499 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ... oval:org.secpod.oval:def:1501498 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ... oval:org.secpod.oval:def:1501982 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501997 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501252 It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application enc ... oval:org.secpod.oval:def:1501261 It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents) in certain cases. A local attacker could potentially use this flaw to escalate their privileges. oval:org.secpod.oval:def:1500858 Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) docker load operation or (2) registry communications. oval:org.secpod.oval:def:1500969 Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. oval:org.secpod.oval:def:1500765 An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. oval:org.secpod.oval:def:1500761 Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ... oval:org.secpod.oval:def:1500727 An updated haproxy package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from th ... oval:org.secpod.oval:def:1500634 It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read th ... oval:org.secpod.oval:def:1500647 It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on the Tomcat server by sending a specially crafted request to that server. It was found that whe ... oval:org.secpod.oval:def:1500676 It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could ... oval:org.secpod.oval:def:1501567 The monlist feature in ntp_request.c in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. oval:org.secpod.oval:def:1501224 The remote host is missing a patch containing a security fix, which affects the following package(s): grep oval:org.secpod.oval:def:1506715 [1.6.1-9] - Updated the CVE ID"s in Istio-1.16.4 changelog entry * [1.6.1-8] - Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x * [1.6.1-7] - Bugfix:Append a slash in oci-instance-metada query url * [1.6.1-6] - Fixed helm installation in OLCNE upgrade * [1.6.1-5] - Deprec ... oval:org.secpod.oval:def:1506720 istio [1.15.7-1] - Added Oracle specific files for 1.15.7-1 kubernetes [1.24.8-2] - libct/cg: add misc controller to v1 drivers [1.24.8-1] - Added Oracle specific build files for Kubernetes olcne [1.5.12-6] - Updated the CVE ID"s in Istio-1.15.7 changelog entry [1.5.12-5] - Bug fix - Append a slash ... oval:org.secpod.oval:def:1506636 istio [1.16.4-1] - Added Oracle specific files for 1.16.4-1 kubernetes [1.25.7-2] - libct/cg: add misc controller to v1 drivers olcne [1.6.1-9] - Updated the CVE ID"s in Istio-1.16.4 changelog entry [1.6.1-8] - Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x [1.6.1-7] - ... oval:org.secpod.oval:def:1506621 [1.10.0-3.1] - Resolves: rhbz#2209503 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-7.9.z] oval:org.secpod.oval:def:1506976 [1:1.6.3-52] - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation oval:org.secpod.oval:def:1505376 [0.2.0-19.1] - fix CVE-2021-45463 oval:org.secpod.oval:def:1505437 [1.0.2k-23] - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#1996054 oval:org.secpod.oval:def:1505436 [1.0.2k-23.0.1] - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] [1.0.2k ... oval:org.secpod.oval:def:1505294 [1.15.1-51.0.1] - Add recursion limit for ASN.1 indefinite lengths [Orabug: 32582360] [1.15.1-51] - Fix KDC null deref on TGS inner body null server - Resolves: #1997599 oval:org.secpod.oval:def:1505005 [2.0-2.el7_9.1] - validate length of forwarded messages oval:org.secpod.oval:def:1504971 [1.0.0-1.rc95] - Addresses CVE-2021-30465 oval:org.secpod.oval:def:1505239 docker-engine [19.03.11-11] - Addresses CVE-2021-30465 - updated runc minimum version to runc oval:org.secpod.oval:def:1505281 [1.0.0-1.rc95] - Addresses CVE-2021-30465 oval:org.secpod.oval:def:1504970 [12:4.2.5-83.0.1] - Direct users to Oracle Linux support site. [12:4.2.5-83.1] - Fix for CVE-2021-25217 [12:4.2.5-83] - Revert fix for 1668696 oval:org.secpod.oval:def:1504954 [1.3.10-6.11] - Bounds check for block exceeding page length resolves: rhbz#1950500 oval:org.secpod.oval:def:1504748 [2.02-0.87.0.7] - Fix CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 [Orabug: 32530657] - Fix various coverity issues [Orabug: 32530657] - Add SBAT metadata to grubx64.efi [Orabug: 32530657] [2.02-0.87.0.5] - Use similar format for menu entry ... oval:org.secpod.oval:def:1504738 kubernetes [1.18.10-3] - Kata CVE-2020-28914 kata-proxy [1.11.5-1] - Added Oracle Specific Build Files for kata-proxy kata-shim [1.11.5-1] - Added Oracle Specific Build Files for kata-shim kata-ksm-throttler [1.11.5-1] - Added Oracle Specific Build Files for kata-ksm-throttler kata-runtime [1.11.5-1 ... oval:org.secpod.oval:def:1504757 kata-runtime [1.7.3-1.0.7] - Address CVE-2020-28914 kata [1.7.3-1.0.12] - UEKR6 guest kernel support [1.7.3-1.0.11] - Address CVE-2020-28914 kubernetes [1.17.9-1.0.6] - Kata CVE-2020-28914 olcne [1.1.10-1] - Address CVE-2020-28914: An improper file permissions vulnerability affects Kata Containers p ... oval:org.secpod.oval:def:1504857 [3.53.1-7] - Fix HSM load failure because of CKO_Profile - Allow builds with strict-proto [3.53.1-6] - Update to CVE 2020-256423 TLS flood DOS attack patch. [3.53.1-5] - Fix CVE 2020-256423 TLS flood DOS Attack. [3.53.1-4] - Fix deadlock issue - Fix 3 FTBS issues, 2 expired certs, one semantic chang ... oval:org.secpod.oval:def:1504770 olcne [1.1.5-2] - kubernetes pod subnet flag not honored in flannel configuration [1.1.5-1] - Address CVE-2020-16845 conmon [2.0.10-3] - Address CVE-2020-16845 coredns [1.6.5-1.0.3] - Address CVE-2020-16845 cri-o [1.17.0-1.0.5] - Address CVE-2020-16845 cri-tools [1.17.0-1.0.2] - Address CVE-2020-168 ... oval:org.secpod.oval:def:1504758 coredns [1.3.1-1.0.6] - Address CVE-2020-16845 [1.3.1-1.0.5] - Fix image location cri-o [1.14.7-1.0.8] - Address CVE-2020-16845 cri-tools [1.14.0-1.0.6] - Address CVE-2020-16845 etcd [3.3.10-1.0.5] - Address CVE-2020-16845 [3.3.10-1.0.4] - Fix image location flannel [0.10.0-2.1.12] - Address CVE-202 ... oval:org.secpod.oval:def:1503006 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505206 [4.1.1-61.4] - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz#1850992 [4.1.1-61.2] - azure-lb: fix redirect issue Resolves: rhbz#1850779 [4.1.1-61.1] - gcp-vpc-move-vip: add support for multiple alias IPs - sybaseASE: run verify action during start action only - azure-events: h ... oval:org.secpod.oval:def:1504736 [5.7.0-13.el7] - domain groups: Fix multiple Domain Group vCPU administration flaws [Orabug: 31145304] - qemu: fix missing #if defined - build: Fix qemu-submodule-init syntax-check issue - libvirt: Fix various introduced Fedora/RHEL build violations [Orabug: 31143337] - qemu: don"t hold both job ... oval:org.secpod.oval:def:1502853 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502791 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502758 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502426 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502477 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504544 freerdp [2.0.0-1.rc4] - Update to 2.0.0-rc4 vinagre [3.22.0-12] - Apply the patch - Resolves: #1569552 [3.22.0-11] - Set maximum length of RDP password to 255 characters - Resolves: #1569552 [3.22.0-10] - Make vinagre build with FreeRDP 2 library - Resolves: #1680229 oval:org.secpod.oval:def:1502171 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501677 A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions. oval:org.secpod.oval:def:1501993 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501646 firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. The following packages have been upgraded to a newer upstream version: firewalld . Security Fix: * A flaw was found in the way firewalld allowed certain firewall configurations to be modifie ... oval:org.secpod.oval:def:1504546 clutter-gst2 [2.0.18-1] - Update to 2.0.18 - Remove obsolete patches - Use license macro for COPYING - Resolves: #1386833 gnome-video-effects [0.4.3-1] - Update to 0.4.3 - Resolves: #1386968 [0.4.1-5] - Fix URL gstreamer-plugins-bad-free [0.10.23-23] - Rebuild with hardened flags Resolves: #1420764 ... oval:org.secpod.oval:def:1501723 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer"s VMware ... oval:org.secpod.oval:def:1501722 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer"s VMware ... oval:org.secpod.oval:def:1501662 Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos ... oval:org.secpod.oval:def:1501643 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:1501308 Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. oval:org.secpod.oval:def:1501295 A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of m ... oval:org.secpod.oval:def:1501291 A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls. oval:org.secpod.oval:def:1501967 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501221 The remote host is missing a patch containing a security fix, which affects the following package(s): wireshark oval:org.secpod.oval:def:1501250 The remote host is missing a patch containing a security fix, which affects the following package(s): binutils oval:org.secpod.oval:def:1504619 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505734 [2.17-325.0.3.ksplice1] - Latest Ksplice-aware release. [2.17-325.0.3] - OraBug 33968985 Security Patches This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi oval:org.secpod.oval:def:1502077 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502308 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504610 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504943 [78.11.0-3.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.11.0-3] - Update to 78.11.0 build2 [78.11.0-2] - Fix rhel_minor_version for dist .el8_4 and . ... oval:org.secpod.oval:def:1504951 [78.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.11.0-1] - Update to 78.11.0 build1 oval:org.secpod.oval:def:1505072 [78.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.13.0-1] - Update to 78.13.0 build1 [78.12.0-3] - Rebuild to pickup older nss oval:org.secpod.oval:def:1505076 [78.13.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.13.0-2] - Update to 78.13.0 build2 [78.13.0-1] - Update to 78.13.0 build1 [78.12.0-2] - Rebuil ... oval:org.secpod.oval:def:1505415 [91.5.0-1.0.2] - Enabled aarch64 builds [91.5.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.5.0-1] - Update to 91.5.0 build1 oval:org.secpod.oval:def:1505739 [91.10.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.10.0-1] - Update to 91.10.0 build1 oval:org.secpod.oval:def:1505728 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.10.0-1] - Update to 91.10.0 build1 oval:org.secpod.oval:def:1505188 [2:2.2.0-5] - Update: Refactored RPC gateway parser + fix issues discovered by Covscan [2:2.2.0-4] - Refactored RPC gateway parser [2.1.1-3] - Add checks for bitmap and glyph width/heigth values oval:org.secpod.oval:def:1501227 The remote host is missing a patch containing a security fix, which affects the following package(s): xfsprogs oval:org.secpod.oval:def:1507137 [2.76-17.0.3.3] - Fixed heap-based buffer overflow in sort_rrset [Orabug: 35904921] - Fixed buffer overflow in extract_name [Orabug: 35904921] oval:org.secpod.oval:def:1507144 [0:2.4.2-6] - Avoid override target symlink by standard file in AbstractUnArchiver - Fixes: CVE-2023-37460 oval:org.secpod.oval:def:1505439 [0.15.1-13.0.1] - Fix sha256 and sha512 output length [Orabug: 30820565] [0.15.1.1] - backported fix for CVE-2021-45417 resolves: rhbz#2041952 oval:org.secpod.oval:def:1507110 [2.76-17.0.1.3] - Prevent use after free in dhcp6_no_relay [Orabug: 34775167] oval:org.secpod.oval:def:1500725 Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500733 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the Fo ... oval:org.secpod.oval:def:1501248 The remote host is missing a patch containing a security fix, which affects the following package(s): postgresql oval:org.secpod.oval:def:1500684 A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute a ... oval:org.secpod.oval:def:1500690 Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1500693 Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1500697 Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CV ... oval:org.secpod.oval:def:1500637 It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. oval:org.secpod.oval:def:1500639 It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. oval:org.secpod.oval:def:1500638 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1500644 Unspecified vulnerability in MariaDB allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR. oval:org.secpod.oval:def:1500734 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each v ... oval:org.secpod.oval:def:1500736 Updated xerces-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500738 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500750 Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:1500701 Updated httpcomponents-client packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1500703 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity r ... oval:org.secpod.oval:def:1504594 [1.7.0.65-2.5.1.2.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115874 [1.7.0.65-2.5.1.1.el6] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115874 [1.7.0.60-2.5.0.1. ... oval:org.secpod.oval:def:1504595 [1:1.6.0.1-6.1.13.4] - moved to icedteaver 1.13.4 - moved to openjdkver b32 and openjdkdate 15_jul_2014 - added upstreamed patch patch9 rh1115580-unsyncHashMap.patch - Resolves: rhbz#1115580 - Resolves: rhbz#1115867 oval:org.secpod.oval:def:1500623 An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code wi ... oval:org.secpod.oval:def:1500631 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1500880 Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:1503942 Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503940 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503945 Updated samba packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503944 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1505720 [8.24.0-57.0.1.el7_9.3] - added patch to flush the journal state file [Orabug: 32583987] - Reviewed-by: Laurence Rochfort < laurence.rochfort at oracle.com > [8.24.0-57.3] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081395 oval:org.secpod.oval:def:1505310 [3.10.0-1160.49.1.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 - Update oracle value to match new certificate [3.10.0-1160.49.1] - NFS: Fix interrupted slots b ... oval:org.secpod.oval:def:1500959 The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied ... oval:org.secpod.oval:def:1500975 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:1500977 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:1500913 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:1500917 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:1500932 The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated use ... oval:org.secpod.oval:def:1500938 Multiple unspecified vulnerabilities in the browser engine in Mozilla Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:1500954 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ... oval:org.secpod.oval:def:1500759 Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ... oval:org.secpod.oval:def:1500763 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500769 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1500776 Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:1500782 Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500791 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1500851 Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1500861 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1500868 Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulne ... oval:org.secpod.oval:def:1500807 Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500816 Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the C ... oval:org.secpod.oval:def:1500820 Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500823 Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ea ... oval:org.secpod.oval:def:1501558 Security vulnerabilities are present in kernel-uek and dtrace-modules oval:org.secpod.oval:def:1501131 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501153 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501161 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ... oval:org.secpod.oval:def:1501160 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s RTL8139 emulation implementation processed network packets under RTL8139 ... oval:org.secpod.oval:def:1501570 A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with C ... oval:org.secpod.oval:def:1501596 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501597 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501123 The get_bitmap_file function in drivers/md/md.c in the Linux kernel does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. oval:org.secpod.oval:def:1501180 OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ... oval:org.secpod.oval:def:1501406 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:1501400 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME reco ... oval:org.secpod.oval:def:1501016 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel"s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use ... oval:org.secpod.oval:def:1501018 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:1501036 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ... oval:org.secpod.oval:def:1501469 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel"s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 ce ... oval:org.secpod.oval:def:1501472 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel"s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 ce ... oval:org.secpod.oval:def:1501004 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access wh ... oval:org.secpod.oval:def:1501005 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:26789 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ... oval:org.secpod.oval:def:1501057 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:1501069 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It ... oval:org.secpod.oval:def:1501076 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIN ... oval:org.secpod.oval:def:1501082 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU"s IDE subsystem handled I/O buffer access while processing certain ATAPI ... oval:org.secpod.oval:def:1501087 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote ... oval:org.secpod.oval:def:1501316 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. oval:org.secpod.oval:def:1501314 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. oval:org.secpod.oval:def:1501327 apl_42.c in ISC BIND allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. oval:org.secpod.oval:def:1501326 A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. oval:org.secpod.oval:def:1501765 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500907 This Critical Patch Update contains new security fixes for mariadb. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. oval:org.secpod.oval:def:1501827 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501834 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500989 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:1500988 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:1500990 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:1501654 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:1501676 Several vulnerabilities have been discovered in Linux Kernel and dtrace-modules oval:org.secpod.oval:def:1501680 Several vulnerabilities have been discovered in Linux Kernel and dtrace-modules oval:org.secpod.oval:def:1501202 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU"s websocket frame decoder processed incoming frames without limiting resources used to process the ... oval:org.secpod.oval:def:1501251 Race condition in the IPC object implementation in the Linux kernel allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. oval:org.secpod.oval:def:1501280 A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server t ... oval:org.secpod.oval:def:1500865 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1501714 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ... oval:org.secpod.oval:def:1507141 [3.6.8-21.0.1] - Remove the getfile feature of pydoc [Orabug: 33182027][CVE-2021-3426] - Fix buffer overflow in PyCArg_repr [Orabug: 32551171][CVE-2021-3177] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-21] - Test fixups for CVE-2023-40217 Resolves: RHEL-3139 [3.6.8-20] - ... oval:org.secpod.oval:def:1507147 [2.7.5-94.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-94] - Security fix for CVE-2023-40217 Resolves: RHEL-9615 oval:org.secpod.oval:def:1505290 [3.6.8-18.0.5] - Remove the "getfile" feature of pydoc [Orabug: 33182027][CVE-2021-3426] oval:org.secpod.oval:def:1506610 [2.7.5-93.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-93] - Fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:1506596 [3.6.8-19.0.1] - Remove the getfile feature of pydoc [Orabug: 33182027][CVE-2021-3426] - Fix buffer overflow in PyCArg_repr [Orabug: 32551171][CVE-2021-3177] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-19] - Security fix for CVE-2023-24329 - Fix the test suite support fo ... oval:org.secpod.oval:def:1502051 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501007 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make T ... oval:org.secpod.oval:def:1503939 Updated tomcat packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1501600 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ... oval:org.secpod.oval:def:1502003 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501245 The remote host is missing a patch containing a security fix, which affects the following package(s): curl oval:org.secpod.oval:def:1502142 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501831 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501975 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501665 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ... oval:org.secpod.oval:def:1501801 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501532 The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang . Security Fix: * An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HT ... oval:org.secpod.oval:def:1501640 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. ... oval:org.secpod.oval:def:1501719 It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services. * It was ... oval:org.secpod.oval:def:1501961 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502187 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501986 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502174 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502172 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501546 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to ... oval:org.secpod.oval:def:1501978 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501739 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501741 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501748 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ... oval:org.secpod.oval:def:1501661 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid . Security Fix: * Incorrect boundary checks were found in the way squid handled headers in HTTP responses, wh ... oval:org.secpod.oval:def:1502523 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501990 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502480 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502484 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502422 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501421 Kernel update : x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) and fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list() (Mike Kravetz) oval:org.secpod.oval:def:1501431 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501453 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions su ... oval:org.secpod.oval:def:1504962 [1.5.3-175.el7_9.4] - kvm-ide-atapi-check-logical-block-address-and-read-size-.patch [bz#1917449] - Resolves: bz#1917449 oval:org.secpod.oval:def:1501468 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local sockets to allocate an unfair share of kernel memory, leading to ... oval:org.secpod.oval:def:1501471 It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the net ... oval:org.secpod.oval:def:1501903 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501736 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502299 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501650 Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU"s ... oval:org.secpod.oval:def:1501658 The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * It was found that util-linux"s libblkid library did not properly handle Ext ... oval:org.secpod.oval:def:1504707 [15:4.2.1-5.el7] - qemu.spec: use --tls-priority=NORMAL for OL7 - hostmem: fix default prealloc-threads count [Orabug: 32472127] - hostmem: introduce prealloc-threads property - qom: introduce object_register_sugar_prop - migration/multifd: Do error_free after migrate_set_error to avoid memleaks ... oval:org.secpod.oval:def:1501693 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:1501713 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ... oval:org.secpod.oval:def:1501529 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501536 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501547 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:1501554 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel"s networking subsystem allowed an off-path attacker to leak certain information about a given connection b ... oval:org.secpod.oval:def:1501559 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw t ... oval:org.secpod.oval:def:1501568 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ... oval:org.secpod.oval:def:1501987 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501996 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501518 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ... oval:org.secpod.oval:def:1501516 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly ... oval:org.secpod.oval:def:1501520 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connectio ... oval:org.secpod.oval:def:1501523 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ... oval:org.secpod.oval:def:37213 The host is installed with MySQL 5.1.73 and earlier on OEL 6, mariadb 5.5.50 and earlier on OEL 7 or MySQL 5.0.95 and earlier on OEL 5 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle MySQL logging functions. Successful exploi ... oval:org.secpod.oval:def:1501577 Oracle Linux : Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501574 Oracle Linux : Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501575 Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox oval:org.secpod.oval:def:1501579 Oracle Linux : Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501588 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a response ... oval:org.secpod.oval:def:1501585 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a response ... oval:org.secpod.oval:def:1501586 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a response ... oval:org.secpod.oval:def:1501591 Multiple unspecified vulnerabilities in thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:1501599 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ... oval:org.secpod.oval:def:1502060 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501603 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501601 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Linux kernel built with the 802.1Q/802.1ad VLAN OR Virtual eXtensible Local Area Network with Transparent Ethernet Bridging GRO support, is vulnerable to a stack overflow issue. It could occur while ... oval:org.secpod.oval:def:1501859 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501866 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501495 The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. oval:org.secpod.oval:def:1501494 The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. oval:org.secpod.oval:def:1501458 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a s ... oval:org.secpod.oval:def:1501484 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:1501489 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:1501939 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501952 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501769 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501770 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503957 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501789 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potent ... oval:org.secpod.oval:def:1501788 Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630) * A race ... oval:org.secpod.oval:def:1501793 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501790 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501796 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501795 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501728 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501731 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501738 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501744 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ... oval:org.secpod.oval:def:1501749 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501757 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501758 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501759 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505339 [3:2.1.15-30.2] - Fix for CVE-2021-44227 - Resolves: #2026866 [3:2.1.15-30.1] - Fix for CVE-2016-6893 - Fix for CVE-2021-42097 - Resolves: #2024884, #2020688 oval:org.secpod.oval:def:1502265 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501833 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501839 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501649 A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. oval:org.secpod.oval:def:1501653 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * A v ... oval:org.secpod.oval:def:1501656 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ... oval:org.secpod.oval:def:1501673 Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501682 memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: * Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached bin ... oval:org.secpod.oval:def:1501687 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:1501688 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501611 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ... oval:org.secpod.oval:def:1501615 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ... oval:org.secpod.oval:def:1501616 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on t ... oval:org.secpod.oval:def:1501621 The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. oval:org.secpod.oval:def:1501622 The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. oval:org.secpod.oval:def:1501629 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses con ... oval:org.secpod.oval:def:1501630 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ... oval:org.secpod.oval:def:1501633 The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file wi ... oval:org.secpod.oval:def:1501637 Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ... oval:org.secpod.oval:def:36263 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36262 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36261 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36260 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36269 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a cross-protocol cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attack ... oval:org.secpod.oval:def:36267 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a cross-protocol cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attack ... oval:org.secpod.oval:def:36266 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to compr ... oval:org.secpod.oval:def:36259 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36258 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to an user interface spoofing vulnerability. A flaw is present in the application, which improperly validates security origins. Successful exploitation could allow attackers to us ... oval:org.secpod.oval:def:36257 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly processes of SVG. Successful exploitation could allow attackers to disclose imag ... oval:org.secpod.oval:def:1501691 A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:36270 The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-5. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attackers to crash the service, disclose th ... oval:org.secpod.oval:def:36754 The host is installed with Linux kernel and is prone to a TCP session hijack vulnerability. A flaw is present in the application, which fails to handle a blind in-window attack. Successful exploitation allows man-in-the-middle attackers to hijack TCP sessions. oval:org.secpod.oval:def:1501701 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501706 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501720 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ... oval:org.secpod.oval:def:1501973 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501970 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501974 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501979 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501983 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501984 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501985 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501995 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501998 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502001 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502002 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502006 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502009 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502010 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502018 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502064 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502067 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502065 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502069 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502071 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502075 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502020 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502024 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502027 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502025 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502036 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502037 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502044 Several security issues were fixed in wget. oval:org.secpod.oval:def:1502054 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501895 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501894 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501899 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501898 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501852 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501865 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501874 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501888 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501887 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501926 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501927 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501933 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501935 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501944 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501942 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501950 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501960 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501901 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501905 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501921 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502294 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501823 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501837 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501842 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501843 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502101 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502114 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502128 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502131 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502141 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502169 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502170 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502176 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504657 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504654 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501587 Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: * It was discovered that python-twisted-web used the value of the Proxy header from ... oval:org.secpod.oval:def:1502079 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502343 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502344 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504566 [0:7.0.76-9] - Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet - Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended expo sure of resources - Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Lat ... oval:org.secpod.oval:def:1502232 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502235 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502212 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502264 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502272 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502276 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502279 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501628 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ... oval:org.secpod.oval:def:1501641 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ... oval:org.secpod.oval:def:1502108 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502139 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502181 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502184 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502198 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:45299 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502148 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502146 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502147 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502152 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502153 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502159 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502163 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502179 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502409 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501868 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501869 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504545 gdm [3.28.2-16] - Dont bring up login screen if background session gets killed Related: #1680120 [3.28.2-15] - sync AllowMultipleSessionsPerUser patch from 7.6 branch Resolves: #1664353 - Create dconf dirs by default Resolves: #1664284 [3.28.2-14] - Fix unlock on XDMCP sessions Resolves: #1693060 [3 ... oval:org.secpod.oval:def:1502301 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502322 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502330 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504567 [219-67.0.1] - do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896] - OL7 udev rule for virtio net standby interface [Orabug: 28826743] - fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] - set "RemoveIPC=no" in logind.conf as default for OL7.2 [222248 ... oval:org.secpod.oval:def:1502393 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502391 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502397 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502298 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502408 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502468 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502466 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502474 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502472 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502476 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502423 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502429 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502437 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502445 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502447 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502347 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502313 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502285 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502507 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502520 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502499 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504541 glib2 [2.56.1-7] - Backport patch to limit access to files when copying Resolves: #1722099 [2.56.1-6] - Backport patches for GDBus auth Resolves: #1777221 ibus [1.5.17-11] - Resolves: #1750835 - Fix CVE-2019-14822 missing authorization allows oval:org.secpod.oval:def:1504826 [7:3.5.20-17.6] - Resolves: #1944256 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling oval:org.secpod.oval:def:1502501 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502527 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502538 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502191 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502832 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502709 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502600 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502601 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502610 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502675 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504734 olcne [1.1.6-1] - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx [1.17.7-2] - Changed nginx home dir to /var/lib/nginx for consistency [1.17.7-1] - Added Oracle Specific Build Files for nginx - Adress CVE-2019-9511 - Ad ... oval:org.secpod.oval:def:1504752 olcne [1.0.8-2] - Added nginx-image resource in module definitions to ensure nginx image upgrading [1.0.8-1] - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx [1.17.7-2] - Changed nginx home dir to /var/lib/nginx for con ... oval:org.secpod.oval:def:1502821 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502846 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502851 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503045 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503056 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503059 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503007 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503026 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503027 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503077 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503078 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502488 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504612 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504617 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504549 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504969 [1.15.1-50.0.1] - Add recursion limit for ASN.1 indefinite lengths [Orabug: 32582360] oval:org.secpod.oval:def:1504593 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501959 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504855 [2.4.44-23] - Fix CVE-2020-25692 openldap: NULL pointer dereference for unauthenticated packet in slapd oval:org.secpod.oval:def:1501829 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501840 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502180 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503057 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503065 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503062 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505208 [1.1.23-1.0.1] - Upstream reference in pacemaker crm_report binary [Orabug: 31611300] [1.1.23-1.1] - Prevent ACL bypass - Resolves: rhbz#1892140 oval:org.secpod.oval:def:1503071 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504652 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504661 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504952 [4.10.16-15] - resolves: #1949444 - Fix CVE-2021-20254 [4.10.16-14] - resolves: #1937867 - Fix possible core dump with printing support - resolves: #1930747 - Ensure that libwbclient has been updated before restarting services oval:org.secpod.oval:def:1504800 [78.9.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.9.0-1] - Update to 78.9.0 build1 oval:org.secpod.oval:def:1504890 [2.56.1-9] - Fix CVE-2021-27219 Resolves: #1960596 oval:org.secpod.oval:def:1504860 [32:9.11.4-26.P2.5] - Possible assertion failure on DNAME processing oval:org.secpod.oval:def:1501800 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504706 [3.6.8-18.0.3] - Fix buffer overflow in PyCArg_repr [Orabug: 32551171][CVE-2021-3177] oval:org.secpod.oval:def:1504796 [78.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.9.0-3] - Update to 78.9.0 build2, updated langpacks [78.9.0-2] - Update to 78.9.0 build2 [78.9.0-1] - Update to 78.9.0 build1 oval:org.secpod.oval:def:1504723 [4.1.0-0.27.2012314git3c2946] - fix CVE-2021-26937 oval:org.secpod.oval:def:1504724 [1:2.6-12.1] - P2P: Fix a corner case in peer addition based on PD Request oval:org.secpod.oval:def:1504728 [2.7.5-90.0.3] - Fix buffer overflow in PyCArg_repr [Orabug: 32551171][CVE-2021-3177] oval:org.secpod.oval:def:1506420 tigervnc [1.8.0-24] - CVE fix for: CVE-2023-0494 Resolves: bz#2166532 xorg-x11-server [1.20.4-22] - CVE fix for: CVE-2023-0494 oval:org.secpod.oval:def:1501134 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:1506047 kubernetes [1.22.14-1] - Added Oracle specific build files for Kubernetes kubernetes [1.23.11-1] - Added Oracle specific build files for Kubernetes olcne [1.5.6-1] - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 - R ... oval:org.secpod.oval:def:1504620 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501981 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502004 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502076 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502041 Several security issues were fixed in java-1.8.0-openjdk. oval:org.secpod.oval:def:1501857 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501934 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501732 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine"s memory and completely bypass Java sandbox restrictions. * It was discov ... oval:org.secpod.oval:def:1501844 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501648 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. It was discov ... oval:org.secpod.oval:def:1501605 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:1501545 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ... oval:org.secpod.oval:def:1501424 MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ... oval:org.secpod.oval:def:1501467 PCRE is a Perl-compatible regular expression library. Security Fix: * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to c ... oval:org.secpod.oval:def:1501752 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500923 Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. oval:org.secpod.oval:def:1501855 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500835 Updated jasper packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1506450 [1.8.3.1-24] - Fixes CVE-2022-23521 and CVE-2022-41903 - Resolves: #2162067 oval:org.secpod.oval:def:1502157 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502034 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501951 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506713 kubernetes [1.24.8-2] - libct/cg: add misc controller to v1 drivers [1.24.8-1] - Added Oracle specific build files for Kubernetes olcne [1.5.13-1] - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.24.15 - Added script to support upgrade from OL7 to OL8 using leapp oval:org.secpod.oval:def:1506722 [1.6.2-1] - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x oval:org.secpod.oval:def:1506697 kubernetes [1.25.11-1] - Added Oracle specific build files for Kubernetes olcne [1.6.2-1] - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x [1.6.1-9] - Updated the CVE ID"s in Istio-1.16.4 changelog entry [1.6.1-8] - Update Is ... oval:org.secpod.oval:def:1507142 [2:2.1-73.19.0.3] - update 06-6a-06 to 0xd0003b9 {CVE-2023-23583} [2:2.1-73.19.0.1] - don"t bother calling dracut if virtualized [Orabug: 35702409] - also rebuild initramfs for kernel-ueknano [Orabug: 35698043] - ensure UEK also rebuilds initramfs [Orabug: 34280052] - for Intel, do not trigger load ... oval:org.secpod.oval:def:1506598 [1:24.3-23.1] - Fix htmlfontify.el command injection vulnerability oval:org.secpod.oval:def:1507016 [102.15.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.15.1-1] - Update to 102.15.1 oval:org.secpod.oval:def:1507014 [102.15.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.15.1-1] - Update to 102.15.1 oval:org.secpod.oval:def:1507228 [1.10.4-4] - Patch CVE-2023-44446: MXF demuxer use-after-free - Disable gtk-doc to fix build - Resolves: RHEL-16793 oval:org.secpod.oval:def:1506716 [11.0.5-3.0.1] - fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified ... oval:org.secpod.oval:def:1507022 [11.0.5-3.0.1] - fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified ... oval:org.secpod.oval:def:1506314 [0:5.2-19] - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920 oval:org.secpod.oval:def:1506039 [32:9.11.4-26.P2.10] - Fix memory leak in ECDSA verify processing - Fix memory leak in EdDSA verify processing oval:org.secpod.oval:def:1506367 [32:9.11.4-26.P2.13] - Tighten cache protection against record from forwarders [32:9.11.4-26.P2.12] - Include test of forwarders [32:9.11.4-26.P2.11] - Prevent excessive resource use while processing large delegations oval:org.secpod.oval:def:1504827 [2.7.1-9] - Port fixes for potential miscalculation in ecdsa_verify oval:org.secpod.oval:def:1501281 Multiple integer underflows in Grub2 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get func ... oval:org.secpod.oval:def:1502068 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505434 [2.4.6-97.0.5.4] - mod_session: save one apr_strtok [Orabug: 33338149][CVE-2021-26690] - replace index.html with Oracle"s index page oracle_index.html [2.4.6-97.4] - Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests - Resolves: #2031074 - CVE-2021-39275 httpd ... oval:org.secpod.oval:def:1501275 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:1502140 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501541 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy. oval:org.secpod.oval:def:1501566 Multiple unspecified vulnerabilities in Mozilla thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. oval:org.secpod.oval:def:1501512 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501130 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501163 gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bit ... oval:org.secpod.oval:def:1501101 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:1501122 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:1501175 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:1501182 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:1501193 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:1501197 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:1501434 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:1501435 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:1501439 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501440 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ... oval:org.secpod.oval:def:1501405 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Mu ... oval:org.secpod.oval:def:1501493 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ... oval:org.secpod.oval:def:1501456 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:1501462 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:1501485 he Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configured ... oval:org.secpod.oval:def:1501300 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1501306 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1501312 Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. oval:org.secpod.oval:def:1501322 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:1501328 It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to ... oval:org.secpod.oval:def:1501755 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501385 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1501384 A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an applicatio ... oval:org.secpod.oval:def:1501389 A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an applicatio ... oval:org.secpod.oval:def:1501335 An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restr ... oval:org.secpod.oval:def:1501332 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501341 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Re ... oval:org.secpod.oval:def:1501343 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ... oval:org.secpod.oval:def:1501664 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ... oval:org.secpod.oval:def:1501669 It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. oval:org.secpod.oval:def:1501200 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ... oval:org.secpod.oval:def:1501206 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. oval:org.secpod.oval:def:1501259 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:1501271 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. oval:org.secpod.oval:def:1501273 The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to ... oval:org.secpod.oval:def:1501284 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501209 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:1501231 The remote host is missing a patch containing a security fix, which affects the following package(s): java-1.6.0-openjdk oval:org.secpod.oval:def:1501290 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501297 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1501299 An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. oval:org.secpod.oval:def:1502173 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501988 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501989 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502489 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502007 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502492 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502491 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502496 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502011 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502495 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502014 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502452 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502453 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502451 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502073 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502029 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502045 Several security issues were fixed in Linux Kernel and dtrace-modules. oval:org.secpod.oval:def:1502050 Several security issues were fixed in Linux Kernel. oval:org.secpod.oval:def:1501891 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501864 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501875 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501876 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501881 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501883 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501889 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502341 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502307 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502304 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504972 [2:2.1-73.9.0.1] - for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727] - set early_microcode=no in virtualized guests to avoid early load bugs [Orabug: 30618736] - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early and late load for 5.4 ... oval:org.secpod.oval:def:1502310 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502392 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505432 [5.4.17-2136.302.6.1] - rds/ib: Use both iova and key in free_mr socket call [Orabug: 33667276] [5.4.17-2136.302.6] - Revert fs: align IOCB_* flags with RWF_* flags [Orabug: 33627551] [5.4.17-2136.302.5] - Revert drm: Initialize struct drm_crtc_state.no_vblank from device settings [Orabug: 336118 ... oval:org.secpod.oval:def:1501924 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505069 [4.14.35-2047.506.10.el7uek] - Revert rds/ib: reap tx completions during connection shutdown [Orabug: 33220435] - Revert rds/ib: handle posted ACK during connection shutdown [Orabug: 33220435] - Revert rds/ib: recover rds connection from interrupt loss scenario [Orabug: 33220435] - Revert rds/ib: ... oval:org.secpod.oval:def:1501940 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501941 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501947 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505075 [5.4.17-2102.204.4.3.el7] - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested [Orabug: 33205365] {CVE-2021-3656} - KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl [Orabug: 33205443] {CVE-2021-3653} oval:org.secpod.oval:def:1505079 [5.4.17-2102.204.4.3.el7uek] - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested [Orabug: 33205365] {CVE-2021-3656} {CVE-2021-3656} - KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl [Orabug: 33205443] {CVE-2021-3653} {CVE-2021-3653} oval:org.secpod.oval:def:1501957 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501914 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501918 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501919 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502246 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502250 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502251 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502204 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502205 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502210 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502213 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502277 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:46444 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:1502282 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502287 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502295 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502292 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505322 [5.4.17-2136.301.1.2.el7] - Revert "net/rds: Allocate pages on HCA NUMA nodeid" [Orabug: 33561324] - Revert "net/rds: Allocate rds_ib_{incoming,frag}_slab on HCA NUMA nodeid" [Orabug: 33561324] - Revert "net/rds: Use the same vector for send & receive" [Orabug: 33561324] - Revert "net/rds: Get ri ... oval:org.secpod.oval:def:1501832 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501835 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501207 The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. oval:org.secpod.oval:def:1501631 Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix: * Multiple flaws were found in the way nettle imple ... oval:org.secpod.oval:def:1502112 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501695 The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. The sctp_sf_ootb function i ... oval:org.secpod.oval:def:1502574 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502577 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502575 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502189 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503042 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502168 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505297 [5.4.17-2136.301.1.2] - Revert "net/rds: Allocate pages on HCA NUMA nodeid" [Orabug: 33561324] - Revert "net/rds: Allocate rds_ib_{incoming,frag}_slab on HCA NUMA nodeid" [Orabug: 33561324] - Revert "net/rds: Use the same vector for send & receive" [Orabug: 33561324] - Revert "net/rds: Get rid of ... oval:org.secpod.oval:def:1501700 The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. The sctp_sf_ootb function i ... oval:org.secpod.oval:def:1505744 [15:4.2.1-17.el7] - arm/acpi: fix an out of spec _UID for PCI root - arm/acpi: fix duplicated _UID of PCI interrupt link devices - arm/acpi: fix PCI _PRT definition - docs: fix references to docs/devel/atomics.rst [Orabug: 33659123] - rcu: do not mention atomic_mb_read/set in documentation [Ora ... oval:org.secpod.oval:def:1504760 [15:4.2.1-4.el7] - Document CVE-2020-25723 as fixed [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors [Orabug: 32217570] - libslirp: Update version ... oval:org.secpod.oval:def:1506426 [4.14.35-2047.522.3.el7uek] - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC [Orabug: 34653896] {CVE-2022-3303} - net/rds: Fill in rds_exthdr_size gaps [Orabug: 34979172] - net/rds: Trigger rds_send_hs_ping more than once. oval:org.secpod.oval:def:1506462 [4.14.35-2047.522.3] - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC [Orabug: 34653896] {CVE-2022-3303} - net/rds: Fill in rds_exthdr_size gaps [Orabug: 34979172] - net/rds: Trigger rds_send_hs_ping more than once [Orabug: 34607787] - Revert "RDS: TCP: Track peer"s connection generation number" [O ... oval:org.secpod.oval:def:1506718 [5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW [Orabug: 35449815] - KVM: arm64: Add kvm_vcpu_has_pmu helper [Orabug ... oval:org.secpod.oval:def:1506714 [4.1.12-124.75.3] - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg [Orabug: 35354791] {CVE-2023-2248} [4.1.12-124.75.2] - prlimit: do_prlimit needs to have a speculation check [Orabug: 35354303] {CVE-2023-0458} - kernel/sys.c: fix potential Spectre v1 issue [Orabug: 35354303] ... oval:org.secpod.oval:def:1505811 [4.1.12-124.64.1.el7uek] - iscsi-target: Fix the issue with shutdown_session removal [Orabug: 29661566] - scsi: target: fix hang when multiple threads try to destroy the same iscsi session [Orabug: 29661566] - scsi: target: remove boilerplate code [Orabug: 29661566] - iscsi-target: remove usage o ... oval:org.secpod.oval:def:1506337 [5.4.17-2136.315.5.el7uek] - Revert xfs: Lower CIL flush limit for large logs [Orabug: 34917369] - Revert xfs: Throttle commits on delayed background CIL push [Orabug: 34917369] - Revert xfs: fix use-after-free on CIL context on shutdown [Orabug: 34917369] [5.4.17-2136.315.4.el7uek] - net/mlx5: S ... oval:org.secpod.oval:def:1506635 [5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW [Orabug: 35449815] - KVM: arm64: Add kvm_vcpu_has_pmu helper [Orabug: 35 ... oval:org.secpod.oval:def:1504613 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504587 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504589 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504599 [5.4.17-2036.102.0.2uek] - xen-blkback: set ring- oval:org.secpod.oval:def:1505026 [5.4.17-2102.203.6.el7uek] - seq_file: disallow extremely large seq buffer allocations [Orabug: 33135632] {CVE-2021-33909} oval:org.secpod.oval:def:1505037 [5.4.17-2102.203.6.el7] - seq_file: disallow extremely large seq buffer allocations [Orabug: 33135632] {CVE-2021-33909} oval:org.secpod.oval:def:1501774 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501780 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsocko ... oval:org.secpod.oval:def:1501783 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsocko ... oval:org.secpod.oval:def:1501784 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsocko ... oval:org.secpod.oval:def:1504730 [4.14.35-2025.404.1.2.el7] - Revert "rds: Deregister all FRWR mr with free_mr" [Orabug: 32426280] oval:org.secpod.oval:def:1504731 [4.14.35-2025.404.1.1.el7] - target: fix XCOPY NAA identifier lookup [Orabug: 32248040] {CVE-2020-28374} [4.14.35-2025.404.1.el7] - xenbus/xenbus_backend: Disallow pending watch messages [Orabug: 32253412] {CVE-2020-29568} - xen/xenbus: Count pending messages for each watch [Orabug: 32253412] {CV ... oval:org.secpod.oval:def:1506898 [20230516-999.20.git6c9e0ed5.el7] - cd72938cb480 linux-firmware: Update AMD fam17h cpu microcode - 92624e57af69 linux-firmware: Update AMD cpu microcode oval:org.secpod.oval:def:1506973 [3.10.0-1160.99.1.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.99.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < ... oval:org.secpod.oval:def:1506937 [20230516-999.22.git6c9e0ed5.el7] - remove amd-ucode/README - Resolves Zenbleed {CVE-2023-20593} oval:org.secpod.oval:def:1505928 [3.10.0-1160.76.1.0.1.el7.OL7] [debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.76.1.el7.OL7] [Update Oracle Linux certificates [Oracle Linux RHCK Module Signing Key was compiled into kernel [Update x509.genkey [Orabug: 24817676] [Conflict with shim-ia32 and shim-x64 lt;= 15- ... oval:org.secpod.oval:def:1506025 [5.4.17-2136.311.6.el7] - Revert KVM: x86: Print error code in exception injection tracepoint iff valid oval:org.secpod.oval:def:1506027 [5.4.17-2136.311.6.el7uek] - Revert KVM: x86: Print error code in exception injection tracepoint iff valid [Orabug: 34535896 oval:org.secpod.oval:def:1506009 [4.14.35-2047.517.3.el7uek] - KVM: x86: use raw clock values consistently [Orabug: 34575637] - KVM: x86: reorganize pvclock_gtod_data members [Orabug: 34575637] - KVM: x86: switch KVMCLOCK base to monotonic raw clock [Orabug: 34575637] [4.14.35-2047.517.2.el7uek] - kernfs: Replace global kernfs_o ... oval:org.secpod.oval:def:1506017 [4.14.35-2047.517.3.el7] - KVM: x86: use raw clock values consistently [Orabug: 34575637] - KVM: x86: reorganize pvclock_gtod_data members [Orabug: 34575637] - KVM: x86: switch KVMCLOCK base to monotonic raw clock [Orabug: 34575637] [4.14.35-2047.517.2.el7] - kernfs: Replace global kernfs_open_fi ... oval:org.secpod.oval:def:1506717 [5.4.17-2136.321.4.el7] - tick/common: Align tick period during sched_timer setup [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit loop if cp_index oval:org.secpod.oval:def:1506719 [5.4.17-2136.321.4] - tick/common: Align tick period during sched_timer setup [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit loop if cp_index oval:org.secpod.oval:def:1505813 [4.14.35-2047.515.3.el7uek] - uek-rpm: Enable Pensando EMMC reset controller [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 [Orabug: 34325721] [4.14.35-2047.515.2.el7uek] - net/rds: Delayed DR_SOCK ... oval:org.secpod.oval:def:1505823 [4.14.35-2047.515.3.el7] - uek-rpm: Enable Pensando EMMC reset controller [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 [Orabug: 34325721] [4.14.35-2047.515.2.el7] - net/rds: Delayed DR_SOCK_CANCE ... oval:org.secpod.oval:def:1506335 [5.4.17-2136.315.5.el7] - Revert xfs: fix use-after-free on CIL context on shutdown oval:org.secpod.oval:def:1506389 [3.10.0-1160.83.1.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.83.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15- ... oval:org.secpod.oval:def:1505738 [4.14.35-2047.513.2.2.el7] - debug: Lock down kgdb [Orabug: 34152700] {CVE-2022-21499} oval:org.secpod.oval:def:1505736 [4.1.12-124.62.3.1] - debug: Lock down kgdb [Orabug: 34152701] {CVE-2022-21499} oval:org.secpod.oval:def:1506968 [5.4.17-2136.321.4.el7uek] - tick/common: Align tick period during sched_timer setup oval:org.secpod.oval:def:1506966 [5.4.17-2136.321.4.el7] - tick/common: Align tick period during sched_timer setup [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit loop if cp_index 0 [Orabug: 35510149] [5.4.17-2136.321.3.el7] - selinux: don"t use make"s grouped targets feature yet - lib: cpu_rmap: Fix potential use-after ... oval:org.secpod.oval:def:1506533 [3.10.0-1160.90.1.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.90.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 lt; ... oval:org.secpod.oval:def:1506142 [5.4.17-2136.313.6.el7] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy [Orabug: 34475857] - EDAC/mce_amd: Do not load edac_mce_amd module on guests oval:org.secpod.oval:def:1506137 [5.4.17-2136.313.6.el7uek] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy [Orabug: 34475857] oval:org.secpod.oval:def:1505821 [5.4.17-2136.309.5] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386637] {CVE-2022-21505} oval:org.secpod.oval:def:1505831 [5.4.17-2136.309.5] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386637] {CVE-2022-21505} oval:org.secpod.oval:def:1505846 [5.4.17-2136.309.5.el7uek] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386637] {CVE-2022-21505} oval:org.secpod.oval:def:1505842 [5.4.17-2136.309.5.el7] - lockdown: Fix kexec lockdown bypass with ima policy [Orabug: 34386637] {CVE-2022-21505} oval:org.secpod.oval:def:1506164 [4.14.35-2047.519.2.1.el7] - xfs: trim IO to found COW extent limit [Orabug: 34765284] - xfs: don"t use delalloc extents for COW on files with extsize hints [Orabug: 34765284] [4.14.35-2047.519.2] - Revert "xfs: don"t use delalloc extents for COW on files with extsize hints" [Orabug: 34715947] - ... oval:org.secpod.oval:def:1506138 [4.14.35-2047.519.2.1.el7uek] - xfs: trim IO to found COW extent limit [Orabug: 34765284] - xfs: don"t use delalloc extents for COW on files with extsize hints oval:org.secpod.oval:def:1506421 [5.4.17-2136.316.7.el7uek] - runtime revert of virtio_net: Stripe queue affinities across cores. [Orabug: 35001045] [5.4.17-2136.316.6.el7uek] - block: Change the granularity of io ticks from ms to ns oval:org.secpod.oval:def:1506424 [5.4.17-2136.316.7.el7] - runtime revert of virtio_net: Stripe queue affinities across cores. [Orabug: 35001045] [5.4.17-2136.316.6.el7] - block: Change the granularity of io ticks from ms to ns oval:org.secpod.oval:def:1506400 [4.14.35-2047.521.4.el7] - tcp: Tunables for TCP delayed ack timers [Orabug: 34883100] [4.14.35-2047.521.3.el7] - Revert "random: use expired timer rather than wq for mixing fast pool" [Orabug: 34918228] [4.14.35-2047.521.2.el7] - RDS/IB: Fix the misplaced counter update rdma dto path [Orabug: 3 ... oval:org.secpod.oval:def:1506311 [4.1.12-124.69.5.1.el7uek] - proc: proc_skip_spaces shouldn"t think it is working on C strings oval:org.secpod.oval:def:1506313 [5.4.17-2136.314.6.2.el7] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1.el7] - RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to destroy_u ... oval:org.secpod.oval:def:1506310 [5.4.17-2136.314.6.2.el7uek] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1.el7uek] - RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to des ... oval:org.secpod.oval:def:1505431 [5.4.17-2136.302.7.2.3] - cgroup-v1: Require capabilities to set release_agent [Orabug: 33832574] {CVE-2022-0492} oval:org.secpod.oval:def:1505374 [5.4.17-2136.302.7.2.1.el7] - vfs: fs_context: fix up param length parsing in legacy_parse_param [Orabug: 33761451] {CVE-2022-0185} oval:org.secpod.oval:def:1505373 [5.4.17-2136.302.7.2.1.el7uek] - vfs: fs_context: fix up param length parsing in legacy_parse_param [Orabug: 33761451] {CVE-2022-0185} oval:org.secpod.oval:def:1505422 [15:4.2.1-15.el7] - Document CVE-2021-4158 and CVE-2021-3947 as fixed [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-3947} {CVE-2021-4158} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive [Orabug: ... oval:org.secpod.oval:def:1505071 [15:4.2.1-11.el7] - pvrdma: Fix the ring init error flow [Orabug: 33120142] {CVE-2021-3608} - pvrdma: Ensure correct input on ring init [Orabug: 33120146] {CVE-2021-3607} - hw/rdma: Fix possible mremap overflow in the pvrdma device [Orabug: 33120084] {CVE-2021-3582} - vhost-user-gpu: reorder f ... oval:org.secpod.oval:def:1501583 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:1501581 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:1501946 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501772 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502238 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:97429 Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudo.log . Any time a command i ... oval:org.secpod.oval:def:97430 The GNOME Display Manager (GDM) is a program that manages graphical display servers and handles graphical user logins. If a Graphical User Interface (GUI) is not required, it should be removed to reduce the attack surface of the system. oval:org.secpod.oval:def:97431 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. Unix-based systems have typically displayed information about the OS release and patch level upon logging in to the system. This information can be useful to developers who ... oval:org.secpod.oval:def:97432 Ensure that the systemd-journald service is enabled to allow capturing of logging events. If the systemd-journald service is not enabled to start on boot, the system will not capture logging events. oval:org.secpod.oval:def:97433 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97434 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97435 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97436 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97437 sudo provides users with temporary elevated privileges to perform operations, either as the superuser or another user. Creating an audit log of users with temporary elevated privileges and the operation(s) they performed is essential to reporting. Administrators will want to correlate the events wr ... oval:org.secpod.oval:def:97438 Without re-authentication, users may access resources or perform tasks for which they do not have authorization. oval:org.secpod.oval:def:97439 Sudo caches used credentials for a default of 15 minutes. This is for ease of use when there are multiple administrative tasks to perform. The timeout can be modified to suit local security policies. oval:org.secpod.oval:def:97441 The contents of the /etc/issue file are displayed to users prior to login for local terminals. Rationale: If the /etc/issue file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. oval:org.secpod.oval:def:97442 The contents of the file /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:97443 The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Making /tmp its own file system allows an administrator to set the noexec option on the mount, making /tmp useless for an attacker to install executable code. It ... oval:org.secpod.oval:def:97444 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. The disable-user-list option controls is a list of users is displayed on the login screen. Rationale: Displaying the user list eliminates half of the Userid/Password equation that an unauthorized ... oval:org.secpod.oval:def:97445 By default GNOME automatically mounts removable media when inserted as a convenience to the user. Rationale: With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it ... oval:org.secpod.oval:def:97446 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/log filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var/log. oval:org.secpod.oval:def:97447 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var. oval:org.secpod.oval:def:97448 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /home filesystem is only intended for user file storage, set this option to ensure that users cannot create setuid files in /home oval:org.secpod.oval:def:97449 The noexec mount option specifies that the filesystem cannot contain executable . Rationale: Since the /var/log filesystem is only intended for log files, set this option to ensure that users cannot run executable binaries from /var/log . oval:org.secpod.oval:def:97450 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var/log. oval:org.secpod.oval:def:97451 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var. oval:org.secpod.oval:def:97452 X Display Manager Control Protocol (XDMCP) is designed to provide authenticated access to display management services for remote displays Rationale: XDMCP is inherently insecure. 1. XDMCP is not a ciphered protocol. This may allow an attacker to capture keystrokes entered by a ... oval:org.secpod.oval:def:97453 Journald includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageably large. The file /etc/systemd/journald.conf is the configuration file used to specify how logs generated by Journald should be rotated.Rationale:By keeping the log ... oval:org.secpod.oval:def:97454 Journald (via systemd-journal-remote) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralized log management.Rationale:Storing log data on a remote host protects log integrity from local attacks. If an attacker gains ... oval:org.secpod.oval:def:97455 Journald (via systemd-journal-remote) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralized log management.Rationale:Storing log data on a remote host protects log integrity from local attacks. If an attacker gains ... oval:org.secpod.oval:def:97456 Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not receive data from other hosts.Rationale:If a client is configured to also receive data, thus turning it into a server, the client system is acting outside it's operational boundary. oval:org.secpod.oval:def:97457 systemd-coredump file should configured properly oval:org.secpod.oval:def:97458 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log/audit filesystem is not intended to support devices, set this option to ensure that users cannot create a block or character special devices in /var/log/audit. oval:org.secpod.oval:def:97459 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/log/audit filesystem is only intended for audit logs, set this option to ensure that users cannot run executable binaries from /var/log/audit oval:org.secpod.oval:def:97460 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/log/audit filesystem is only intended for variable files such as logs, set this option to ensure that users cannot create setuid files in /var/log/audit. oval:org.secpod.oval:def:1506381 [1.8.23-10.3] RHEL 7.9.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161222 oval:org.secpod.oval:def:1502293 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1507230 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.6.0-1] - Update to 115.6.0 build2 oval:org.secpod.oval:def:1507225 [115.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.6.0-1] - Update to 115.6.0 build1 oval:org.secpod.oval:def:1507149 [11.0.5-3.0.1] - fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified ... oval:org.secpod.oval:def:1505341 [91.4.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.4.0-1] - Update to 91.4.0 build1 oval:org.secpod.oval:def:1505344 [91.4.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.4.0-3] - Bump NVR for ppc64 build [91.4.0-2] - Update to 91.4.0 build2 [91.4.0-1] - Update to 91.4.0 build1 oval:org.secpod.oval:def:1505035 containerd [1.4.8-1] - Address CVE-2021-32760 docker-cli [19.03.11-13] - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. docker-engine [19.03.11-13] - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. oval:org.secpod.oval:def:1505267 containerd [1.4.8-1] - Address CVE-2021-32760 docker-cli [19.03.11-13] - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. docker-engine [19.03.11-13] - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. oval:org.secpod.oval:def:1503058 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504858 [1.0.0-92.rc92] - Add epoch value of 2 to allow upgrade to 1.0.0-92.rc92 from 1.0.0-93.rc93. [1.0.0-92.rc92] - Build for https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92 oval:org.secpod.oval:def:1501020 Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. oval:org.secpod.oval:def:97440 Without re-authentication, users may access resources or perform tasks for which they do not have authorization. oval:org.secpod.oval:def:1506577 [1.8.3.1-25] - Fixes CVE-2023-25652 and CVE-2023-29007 - Resolves: #2188354, #2188365 oval:org.secpod.oval:def:1505829 [15.1.0-7] - Security fix for CVE-2019-20916 for the bundled pip wheel Resolves: rhbz#1868135 oval:org.secpod.oval:def:1505338 [3.67.0-4] - fix CVE-2021-43527 oval:org.secpod.oval:def:1506048 [ - 7:4.11-3.0.1] oval:org.secpod.oval:def:1505816 [7:3.5.20-17.0.1] - Mutiple CVE fixes for squid [Orabug: 33146289] - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range reque ... oval:org.secpod.oval:def:1507226 [1.20.4-25] - CVE fix for: CVE-2023-6377, CVE-2023-6478 Resolves: https://issues.redhat.com/browse/RHEL-18416 Resolves: https://issues.redhat.com/browse/RHEL-18428 oval:org.secpod.oval:def:1507229 [1.8.0-28.0.1] - Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6377.patch, and xorg-CVE-2023-6478.patch [1.8.0-28] - Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18415 [1.8.0-27] - Fix CVE-2023-6377 tigervnc: xorg-x ... oval:org.secpod.oval:def:1507139 [1.20.4-24] - CVE fix for: CVE-2023-5367 Resolves: https://issues.redhat.com/browse/RHEL-13424 oval:org.secpod.oval:def:1501109 Important: Oracle Linux 7 java-1.6.0-openjdk security update. oval:org.secpod.oval:def:1501023 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ... oval:org.secpod.oval:def:1501051 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ... oval:org.secpod.oval:def:1501062 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certa ... oval:org.secpod.oval:def:1501066 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ... oval:org.secpod.oval:def:1507114 [115.4.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.4.0-1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release ... oval:org.secpod.oval:def:1507125 [115.4.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.4.1-1] - Update to 115.4.1 build1 [115.4.0-3] - Update to 115.4.0 build3 [115.4.0-2] - Update to 115.4.0 build2 [115.4.0-1] - Update to 115.4.0 build1 oval:org.secpod.oval:def:1506978 [102.15.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.15.0-1] - Update to 102.15.0 build1 [102.14.0-3] - Bump NVR to rebuild [102.14.0-2] - Rebuild due to rhbz#2228948 oval:org.secpod.oval:def:1506146 [1.2.7-20.0.1] - Resolves: CVE-2022-37434 [Orabug: 34752508] oval:org.secpod.oval:def:1506139 [1.2.7-20.0.1] - Resolves: CVE-2022-37434 [Orabug: 34752508] oval:org.secpod.oval:def:1506526 [1:11.0.19.0.7-1.0.1] - link atomic for ix86 build [1:11.0.19.0.7-1] - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 amp; JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run ... oval:org.secpod.oval:def:1506532 [1:1.8.0.372.b07-1] - Update to shenandoah-jdk8u372-b07 - Update release notes for shenandoah-8u372-b07. - Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to ge ... oval:org.secpod.oval:def:1502222 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502225 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502223 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502224 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502228 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502231 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502240 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504737 [15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access ... oval:org.secpod.oval:def:1502094 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505557 [5.4.17-2136.305.5.5.el7uek] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34034594] {CVE-2022-1158} oval:org.secpod.oval:def:1505556 [5.4.17-2136.305.5.5.el7] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34034594] {CVE-2022-1158} oval:org.secpod.oval:def:1505560 [4.14.35-2047.511.5.8.el7uek] - netfilter: nf_tables: initialize registers in nft_do_chain [Orabug: 34048826] {CVE-2022-1016} oval:org.secpod.oval:def:1505815 [3.10.0-1160.71.1.0.1.el7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.71.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 less th ... oval:org.secpod.oval:def:1505746 [4.14.35-2047.513.2.1.el7] - perf: Fix sys_perf_event_open race against self [Orabug: 34175592] {CVE-2022-1729} oval:org.secpod.oval:def:1505745 [5.4.17-2136.307.3.2] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:1502105 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505636 [5.4.17-2136.307.3.2.el7uek] - perf: Fix sys_perf_event_open race against self [Orabug: 34172709] {CVE-2022-1729} oval:org.secpod.oval:def:1505639 [4.14.35-2047.513.2.1.el7uek] - perf: Fix sys_perf_event_open race against self [Orabug: 34175592] {CVE-2022-1729} oval:org.secpod.oval:def:1505444 [7.4p1-22.0.1_fips] - Change Epoch from 1 to 10 - Enable fips KDF POST [Orabug: 32461750] - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739] [7.4p1-22.0.1] - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer witho ... oval:org.secpod.oval:def:1505329 [7.4p1-22.0.1] - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation [Orabug: 30448895] [7.4p1-22 + 0.10.3-2] - avoid segfault in Kerberos cache cleanup - fix CVE-2021-41617 oval:org.secpod.oval:def:1501655 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ... oval:org.secpod.oval:def:1501708 Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running ... oval:org.secpod.oval:def:1505850 [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use git apply with patch ... oval:org.secpod.oval:def:1505848 [1:11.0.16.0.8-1.0.1] - link atomic for ix86 build [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8284920 patch now upstreamed - Print release file during build, which should now in ... oval:org.secpod.oval:def:1505433 [1:11.0.14.0.9-1.0.1] - link atomic for ix86 build [1:11.0.14.0.9-1] - Update to jdk-11.0.14.0+9 - Update release notes to 11.0.14.0+9 - Switch to GA mode for final release. - This tarball is embargoed until 2022-01-18 @ 1pm PT. - Resolves: rhbz#2039366 [1:11.0.14.0.8-0.1.ea] - Update to jdk-11.0.14 ... oval:org.secpod.oval:def:1505027 [1:1.8.0.302.b08-0] - Update to aarch64-shenandoah-jdk8u302-b08 - Update release notes for 8u302-b08. - Switch to GA mode for final release. - This tarball is embargoed until 2021-07-20 @ 1pm PT. - Resolves: rhbz#1972395 [1:1.8.0.302.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u302-b07 - Update ... oval:org.secpod.oval:def:1505034 [1:11.0.12.0.7-0.0.1] - link atomic for ix86 build [1:11.0.12.0.7-0] - Update to jdk-11.0.12.0+7 - Update release notes to 11.0.12.0+7 - Switch to GA mode for final release. - This tarball is embargoed until 2021-07-20 @ 1pm PT. - Resolves: rhbz#1972395 [1:11.0.12.0.6-0.0.ea] - Update to jdk-11.0.12 ... oval:org.secpod.oval:def:1503072 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503073 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505580 [4.14.35-2047.512.6.el7uek] - Revert rds/ib: recover rds connection from stuck rx path [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols [Orabug: 33993774] [4.14.35-2047.512.5.el7uek] - netfilter: nf_tables: initialize registers in nft_do_chain [Orabug: 34012925] {CVE-2022-1016} - r ... oval:org.secpod.oval:def:1505555 [4.1.12-124.61.2.el7uek] - exec, elf: ignore invalid note data [Orabug: 34023956] [4.1.12-124.61.1.el7uek] - drm/i915: Flush TLBs before releasing backing store [Orabug: 33835812] {CVE-2022-0330} - drm/i915: Reduce locking in execlist command submission [Orabug: 33835812] {CVE-2022-0330} - ipv4: ... oval:org.secpod.oval:def:1505438 [4.1.12-124.60.1] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate [Orabug: 33699627] [Orabug: 33762471] {CVE-2021-4155} - fix regression in "epoll: Keep a reference on files added to the check list" [Orabug: 33679854] [Orabug: 33762505] {CVE-2021-1048} {CVE-2021-1048} - B ... oval:org.secpod.oval:def:1505435 [4.14.35-2047.510.5.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate [Orabug: 33722441] {CVE-2021-4155} [4.14.35-2047.510.5.1] - fget: check that the fd still exists after getting a ref to it [Orabug: 33679805] {CVE-2021-0920} - fs: add fget_many and fput_many [Orabug: ... oval:org.secpod.oval:def:1504591 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505443 [5.4.17-2136.302.7.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate [Orabug: 33699625] {CVE-2021-4155} [5.4.17-2136.302.7.1] - fget: check that the fd still exists after getting a ref to it [Orabug: 33691332] {CVE-2021-0920} [5.4.17-2136.302.7] - rds: ib: Reduce the con ... oval:org.secpod.oval:def:1505051 [4.14.35-2047.506.8.el7uek] - A/A Bonding: dev_hold/put the delayed GARP work handler"s netdev in rdmaip [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean [Orabug: 33187195] - rds/ib: update mr incarnation after forming inv ... oval:org.secpod.oval:def:1505050 [5.4.17-2102.204.4.2.el7uek] - rds/ib: quarantine STALE mr before dereg [Orabug: 33150447] [5.4.17-2102.204.4.1.el7uek] - rds/ib: update mr incarnation after forming inv wr [Orabug: 33177348] - rds/ib: avoid dereg of mr in frwr_clean [Orabug: 33150427] - arm64: mm: kdump: Fix /proc/kcore [Orabug ... oval:org.secpod.oval:def:1505038 [4.14.35-2047.505.4.el7] - rds/ib: move rds_ib_clear_irq_miss to .h file [Orabug: 33044345] - rds/ib: recover rds connection from interrupt loss scenario [Orabug: 32804265] - rds/ib: handle posted ACK during connection shutdown [Orabug: 32863569] - rds/ib: reap tx completions during connection sh ... oval:org.secpod.oval:def:1505048 [5.4.17-2102.204.4.2.el7] - rds/ib: quarantine STALE mr before dereg [Orabug: 33150447] [5.4.17-2102.204.4.1.el7] - rds/ib: update mr incarnation after forming inv wr [Orabug: 33177348] - rds/ib: avoid dereg of mr in frwr_clean [Orabug: 33150427] - arm64: mm: kdump: Fix /proc/kcore [Orabug: 3257 ... oval:org.secpod.oval:def:1504802 [4.14.35-2047.501.2.el7] - scsi: iscsi: Verify lengths on passthrough PDUs [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365} - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365} - scsi: iscsi: Repo ... oval:org.secpod.oval:def:1505074 [0.27.0-4] - Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS Resolves: bz#1990352 oval:org.secpod.oval:def:1505081 [0.26-3] - Fix heap-based buffer overflow vulnerability in jp2image.cpp Resolves: bz#1990394 oval:org.secpod.oval:def:1505080 [0.23-3] - Fix heap-based buffer overflow vulnerability in jp2image.cpp Resolves: bz#1990393 oval:org.secpod.oval:def:1504615 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504618 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504624 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504623 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504627 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504626 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504548 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504966 [3.10.0-1160.31.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 less than or = 15-2.0.9.el7 - Update oracle value to match new certificate [3.10.0-1160.31.1. ... oval:org.secpod.oval:def:1505343 [4.1.12-124.58.2.el7uek] - ovl: prevent private clone if bind mount is not allowed [Orabug: 33560431] {CVE-2021-3732} [4.1.12-124.58.1.el7uek] - sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags [Orabug: 33443537] - xen/netfront: stop tx queues during live migration [Orabug: 33536410] oval:org.secpod.oval:def:1504712 [4.14.35-2047.501.0.el7uek] - block/diskstats: accumulate all per-cpu counters in one pass [Orabug: 32531559] - uek-rpm: config-aarch-embedded2 update for Jan 2021 Elba patches [Orabug: 32532588] - dts/pensando: Fix compatile - compatible typeo. [Orabug: 32532588] - Interrupt domain controllers f ... oval:org.secpod.oval:def:1504735 [4.14.35-2025.405.3.el7] - Revert "rds: Deregister all FRWR mr with free_mr" [Orabug: 32426280] [4.14.35-2025.405.2.el7] - nfs: Fix security label length not being reset [Orabug: 32350995] [4.14.35-2025.405.1.el7] - net/rds: Fix gfp_t parameter [Orabug: 32372162] - uek-rpm: update kABI lists for ... oval:org.secpod.oval:def:1504755 [4.14.35-2047.501.0.el7] - block/diskstats: accumulate all per-cpu counters in one pass [Orabug: 32531559] - uek-rpm: config-aarch-embedded2 update for Jan 2021 Elba patches [Orabug: 32532588] - dts/pensando: Fix compatile - oval:org.secpod.oval:def:1503063 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503066 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503018 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503070 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503079 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503080 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502739 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502752 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504550 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502793 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502792 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501050 arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ... oval:org.secpod.oval:def:1502676 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502674 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502678 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502505 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502502 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502511 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502512 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502510 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502513 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502529 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504751 [15:3.1.0-3.el7] - x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as fixed [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} [15:3.1.0-2.el7] - x86: Add mds feature - e1000: Never increment the RX undersize count register - qemu.spec ... oval:org.secpod.oval:def:1503038 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503061 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503016 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503076 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502525 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502531 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502847 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502479 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502481 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502348 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505046 [2:2.1-73.11.0.1] - for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727] - set early_microcode=no in virtualized guests to avoid early load bugs [Orabug: 30618736] - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early and late load for 5. ... oval:org.secpod.oval:def:1502533 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502535 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502589 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502590 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504745 [4.14.35-1902.3.2] - x86/speculation: Exclude ATOMs from speculation through SWAPGS [Orabug: 29967570] {CVE-2019-1125} - x86/speculation: Enable Spectre v1 swapgs mitigations [Orabug: 29967570] {CVE-2019-1125} - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations [Orabug: 299675 ... oval:org.secpod.oval:def:1503041 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502487 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502497 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502425 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502443 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502321 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502245 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502207 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502288 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502289 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502515 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502519 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502518 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503036 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502252 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501263 It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections libra ... oval:org.secpod.oval:def:1502091 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502096 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502097 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502055 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502059 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502214 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502267 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502268 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502103 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502175 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501506 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ... oval:org.secpod.oval:def:1501454 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools. oval:org.secpod.oval:def:1501379 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ... oval:org.secpod.oval:def:1501264 libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-termin ... oval:org.secpod.oval:def:1501507 The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ... oval:org.secpod.oval:def:1501143 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet. oval:org.secpod.oval:def:1501164 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel"s implementation of the Berkeley Packet Filter . A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly ... oval:org.secpod.oval:def:1501452 net/sctp/sm_sideeffect.c in the Linux kernel before does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. oval:org.secpod.oval:def:1501470 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local sockets to allocate an unfair share of kernel memory, leading to ... oval:org.secpod.oval:def:1501475 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1500897 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:26793 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel"s implementation of the Berkeley Packet Filter . A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly ... oval:org.secpod.oval:def:1500939 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveragin ... oval:org.secpod.oval:def:1500947 The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition inv ... oval:org.secpod.oval:def:1500949 Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. oval:org.secpod.oval:def:1501253 The flaws were found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their p ... oval:org.secpod.oval:def:1501256 The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2 ... oval:org.secpod.oval:def:1501267 The KVM subsystem in the Linux kernel allow guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. oval:org.secpod.oval:def:1501270 The KVM subsystem in the Linux kernel allow guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. oval:org.secpod.oval:def:1501219 The get_bitmap_file function in drivers/md/md.c in the Linux kernel before does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. oval:org.secpod.oval:def:1501294 It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. oval:org.secpod.oval:def:1501543 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ... oval:org.secpod.oval:def:1501139 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the- ... oval:org.secpod.oval:def:1500744 Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500708 Updated procmail packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1501042 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:1501060 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:1500895 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from t ... oval:org.secpod.oval:def:1501386 A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ... oval:org.secpod.oval:def:1500924 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." oval:org.secpod.oval:def:1500952 An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. oval:org.secpod.oval:def:1500951 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. oval:org.secpod.oval:def:1501634 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ... oval:org.secpod.oval:def:1501232 The remote host is missing a patch containing a security fix, which affects the following package(s): openssh oval:org.secpod.oval:def:1501230 The remote host is missing a patch containing a security fix, which affects the following package(s): net-snmp oval:org.secpod.oval:def:1501243 The remote host is missing a patch containing a security fix, which affects the following package(s): ntp oval:org.secpod.oval:def:1501240 The remote host is missing a patch containing a security fix, which affects the following package(s): file oval:org.secpod.oval:def:1502143 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500850 Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. oval:org.secpod.oval:def:1500811 Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vul ... oval:org.secpod.oval:def:1500828 Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1500680 The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. oval:org.secpod.oval:def:1500687 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. oval:org.secpod.oval:def:1500640 It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, e ... oval:org.secpod.oval:def:1500641 It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, e ... oval:org.secpod.oval:def:1500660 Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. oval:org.secpod.oval:def:1501102 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1500724 Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1500704 kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. oval:org.secpod.oval:def:1501033 The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. oval:org.secpod.oval:def:1501006 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel"s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use ... oval:org.secpod.oval:def:1501063 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ... oval:org.secpod.oval:def:1500622 The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. oval:org.secpod.oval:def:1501955 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501956 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500629 A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the cl ... oval:org.secpod.oval:def:1503943 Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500903 The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. oval:org.secpod.oval:def:1500956 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ... oval:org.secpod.oval:def:1500972 The InfiniBand (IB) implementation in the Linux kernel package does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by lev ... oval:org.secpod.oval:def:1501204 A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, ... oval:org.secpod.oval:def:1500770 include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. oval:org.secpod.oval:def:1500794 Updated kernel packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500838 A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. oval:org.secpod.oval:def:1500846 An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space. oval:org.secpod.oval:def:1500864 It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash t ... oval:org.secpod.oval:def:1500870 A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. oval:org.secpod.oval:def:1500683 It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. oval:org.secpod.oval:def:1500633 A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. oval:org.secpod.oval:def:1502033 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500635 A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd ch ... oval:org.secpod.oval:def:1501963 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501119 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ... oval:org.secpod.oval:def:1501685 Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ... oval:org.secpod.oval:def:1506401 [15:4.2.1-24.el7] - Revert "virtio-scsi: Send "REPORTED LUNS CHANGED" sense data upon disk hotplug events" [Orabug: 34905939] [15:4.2.1-23.el7] - hw/display/ati_2d: Fix buffer overflow in ati_2d_blt [Orabug: 33930374] {CVE-2021-3638} - tests/acpi: virt: update ACPI MADT and FADT binaries - acpi: ... oval:org.secpod.oval:def:1507128 [4.1.12-124.80.1.el7uek] - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb [Orabug: 35814478] {CVE-2023-40283} - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free [Orabug: 35814297] {CVE-2023-4208} - RDMA/core: net: fix kernel NULL error [Orabug: 35723252 ... oval:org.secpod.oval:def:1506975 [4.1.12-124.78.2.el7uek] - xfrm: fix crash in XFRM_MSG_GETSA netlink handler [Orabug: 35598955] {CVE-2023-3106} - netfilter: nf_tables: validate registers coming from userspace [Orabug: 34012909] {CVE-2022-1015} [4.1.12-124.78.1.el7uek] - vc_screen: move load of struct vc_data pointer in vcs_read ... oval:org.secpod.oval:def:1507005 [4.1.12-124.78.4.1.el7uek] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35741584] {CVE-2023-22024} oval:org.secpod.oval:def:1507006 [5.4.17-2136.323.8.1.el7] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35713696] {CVE-2023-22024} oval:org.secpod.oval:def:1507009 [5.4.17-2136.323.8.1.el7uek] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35713696] {CVE-2023-22024} oval:org.secpod.oval:def:1507011 [4.14.35-2047.529.3.1.el7uek] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35708852] {CVE-2023-22024} oval:org.secpod.oval:def:1505934 [5.4.17-2136.310.7.el7uek] - net_sched: cls_route: remove from list when handle is 0 [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only [Orabug: 34450896] - x86/bugs: display dynamic retbleed state [Orabug: 34450896] - x86/bugs: remove incorrect __init/__ro_after_ ... oval:org.secpod.oval:def:1505935 [5.4.17-2136.310.7.el7] - net_sched: cls_route: remove from list when handle is 0 [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only [Orabug: 34450896] - x86/bugs: display dynamic retbleed state [Orabug: 34450896] - x86/bugs: remove incorrect __init/__ro_after_ini ... oval:org.secpod.oval:def:1507183 [4.1.12-124.81.2.el7uek] - rebuild bumping release [4.1.12-124.81.1.el7uek] - netfilter: xt_sctp: validate the flag_info count [Orabug: 35923500] {CVE-2023-39193} - USB: ene_usb6250: Allocate enough memory for full object [Orabug: 35924058] {CVE-2023-45862} - netfilter: xt_u32: validate user space ... oval:org.secpod.oval:def:1505576 [1:11.0.15.0.9-2.0.1] - link atomic for ix86 build [1:11.0.15.0.9-2] - Add JDK-8284920 fix for XPath regression - Related: rhbz#2073422 [1:11.0.15.0.9-2] - Remove security items from release notes that were only in 17u and N/A for 11u - Related: rhbz#2073422 [1:11.0.15.0.9-1] - Update to jdk-11.0.15 ... oval:org.secpod.oval:def:1505578 [1:1.8.0.332.b09-1] - Update to shenandoah-jdk8u332-b09 - Update release notes for 8u332-b09. - Switch to GA mode for final release. - This tarball is embargoed until 2022-04-19 @ 1pm PT. - Resolves: rhbz#2073422 [1:1.8.0.332.b06-0.1.ea] - Update to shenandoah-jdk8u332-b06 - Update release notes f ... oval:org.secpod.oval:def:1502540 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502541 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502542 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1507356 [3.10.0-1160.108.1.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.108.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 & ... oval:org.secpod.oval:def:1507351 [115.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.8.0-1] - Update to 115.8.0 build1 oval:org.secpod.oval:def:1507359 [115.8.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.8.0-1] - Update to 115.8.0 build1 oval:org.secpod.oval:def:1506572 [1.5.2-6.0.1.1] - Rebuild bumping release [1.5.2-6.1] - Resolves: #2196120 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 oval:org.secpod.oval:def:1502215 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503052 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502177 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501530 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1502084 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502056 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501145 Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. oval:org.secpod.oval:def:1501040 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ... oval:org.secpod.oval:def:1501345 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges o ... oval:org.secpod.oval:def:1501350 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges o ... oval:org.secpod.oval:def:1500998 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root bina ... oval:org.secpod.oval:def:1500790 Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) ... oval:org.secpod.oval:def:1500852 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1506386 [1:11.0.18.0.10-1] - Update to jdk-11.0.18+10 - Update release notes to 11.0.18+10 - Switch to GA mode for release - ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** - Related: rhbz#2150192 [1:11.0.18.0.9-0.2.ea] - Update to jdk-11.0.18+9 - Update release notes to 11.0.18+9 - Drop local c ... oval:org.secpod.oval:def:1506379 [1:1.8.0.362.b08-1] - Update to shenandoah-jdk8u352-b08 - Update release notes for shenandoah-8u352-b08. - Fix broken links and missing release notes in older releases. - Drop RH1163501 patch which is not upstream or in 11, 17 19 packages and seems obsolete - Patch was broken by inclusion of JDK-8 ... oval:org.secpod.oval:def:1507367 [4.1.12-124.83.2.el7uek] - Input: add bounds checking to input_set_capability [Orabug: 36192120] {CVE-2022-48619} - netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack [Orabug: 36155598] {CVE-2023-7192} [4.1.12-124.83.1.el7uek] - ext4: improve error recovery code paths i ... oval:org.secpod.oval:def:1507042 [4.1.12-124.79.2] - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free [Orabug: 35814273] {CVE-2023-4206} - net/sched: sch_qfq: account for stab overhead in qfq_enqueue [Orabug: 35636291] {CVE-2023-3611} - rds: Fix lack of reentrancy for connection reset with dst add ... oval:org.secpod.oval:def:1504780 [4.6.8-5.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.4] - Resolves: #1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing - wgi/plugins.py: ignore empty plugin directories - Resolves: #1895 ... oval:org.secpod.oval:def:1506429 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506433 [102.8.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506385 [102.7.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.7.0-1] - Update to 102.7.0 build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit ... oval:org.secpod.oval:def:1506395 [102.7.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.7.1-1] - Update to 102.7.1 build1 [102.7.0-1] - Update to 102.7.0 build1 oval:org.secpod.oval:def:1506613 [102.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:1506622 [102.12.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:1506514 [102.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.10.0-2] - Update to 102.10.0 build2 [102.10.0-1] - Update to 102.10.0 build1 oval:org.secpod.oval:def:1506521 [102.10.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2 oval:org.secpod.oval:def:1507138 [7:3.5.20-17.0.1] - Mutiple CVE fixes for squid [Orabug: 33146289] - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range reque ... oval:org.secpod.oval:def:1507396 [3.10.0-1160.114.2.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.114.2.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 = ... oval:org.secpod.oval:def:1506965 [4.1.12-124.77.2.el7uek] - media: dm1105: Fix use after free bug in dm1105_remove due to race condition [Orabug: 35514108] {CVE-2023-35824} - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event* [Orabug: 35477742] {CVE-2023-31084} - media: dvb_frontend: fix locking issues at d ... oval:org.secpod.oval:def:1506308 [4.14.35-2047.520.3.1.el7uek] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883027] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883027] {CVE-2022-4378} - hugetlbfs: don"t delete error page from pagecache [Orabug: 34883072] - mm ... oval:org.secpod.oval:def:1506325 [4.14.35-2047.520.3.1.el7] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883027] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883027] {CVE-2022-4378} - hugetlbfs: don"t delete error page from pagecache [Orabug: 34883072] - mm: s ... oval:org.secpod.oval:def:1505453 [5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task use after free [Orabug: 33794250] - sc ... oval:org.secpod.oval:def:1505449 [5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task use after free [Orabug: 33794250] - sc ... oval:org.secpod.oval:def:1505442 [3.10.0-1160.53.1.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 - Update oracle value to match new certificate [3.10.0-1160.53.1] - fuse: fix live lock in fuse_ ... oval:org.secpod.oval:def:1504643 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504638 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504637 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504636 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504803 [4.14.35-2047.500.9.3.el7uek] - net/rds: Reject error code change [Orabug: 32577425] - PCI: hotplug: Add module parameter to allow user control of LEDs [Orabug: 32577399] - net/rds: increase 1MB MR pool size for RDS [Orabug: 32577394] [4.14.35-2047.500.9.2.el7uek] - Fix double free KASAN warnings ... oval:org.secpod.oval:def:1504801 [4.14.35-2047.500.9.3.el7] - net/rds: Reject error code change [Orabug: 32577425] - PCI: hotplug: Add module parameter to allow user control of LEDs [Orabug: 32577399] - net/rds: increase 1MB MR pool size for RDS [Orabug: 32577394] [4.14.35-2047.500.9.2.el7] - Fix double free KASAN warnings and u ... oval:org.secpod.oval:def:1504705 [5.4.17-2036.104.4.el7uek] - KVM: arm64: guest context in x18 instead of x29 [Orabug: 32545182] [5.4.17-2036.104.3.el7uek] - config: enable CONFIG_MLX5_MPFS [Orabug: 32249042] - net: Fix bridge enslavement failure [Orabug: 32503298] - inet: do not call sublist_rcv on empty list [Orabug: 32512814 ... oval:org.secpod.oval:def:1504711 [5.4.17-2036.104.4.el7uek] - KVM: arm64: guest context in x18 instead of x29 [Orabug: 32545182] [5.4.17-2036.104.3.el7uek] - config: enable CONFIG_MLX5_MPFS [Orabug: 32249042] - net: Fix bridge enslavement failure [Orabug: 32503298] - inet: do not call sublist_rcv on empty list [Orabug: 32512814 ... oval:org.secpod.oval:def:1504761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504766 [4.14.35-2047.500.9.1] - xen-blkback: fix error handling in xen_blkbk_map [Orabug: 32492110] {CVE-2021-26930} - xen-scsiback: dont "handle" error by BUG [Orabug: 32492102] {CVE-2021-26931} - xen-netback: dont "handle" error by BUG [Orabug: 32492102] {CVE-2021-26931} - xen-blkback: dont "handle" e ... oval:org.secpod.oval:def:1504727 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504747 [4.14.35-2047.500.10.el7] - xen-blkback: fix error handling in xen_blkbk_map [Orabug: 32492110] {CVE-2021-26930} - xen-scsiback: don"t "handle" error by BUG [Orabug: 32492102] {CVE-2021-26931} - xen-netback: don"t "handle" error by BUG [Orabug: 32492102] {CVE-2021-26931} - xen-blkback: don"t "han ... oval:org.secpod.oval:def:1505748 libvirt [5.7.0-33.el7] - qemu: refresh vNUMA/SMT pinning. [Orabug: 34083505] - qemu driver: Check exadataConfig and packCPUs whenever vNUMA/SMT applies [Orabug: 34023508] - nwfilter: fix crash when counting number of network filters [Orabug: 33973639] {CVE-2022-0897} libvirt-python [5.7.0-33.el7] ... oval:org.secpod.oval:def:1504754 [5.7.0-21.el7] - exadata: Fix the validation when defining domain groups [Orabug: 32085856] - Revert "qemu: dont take agent and monitor job for shutdown" [Orabug: 32080283] - Revert "qemu: dont hold a monitor and agent job for reboot" [Orabug: 32080283] - Revert "qemu: dont hold monitor and agent ... oval:org.secpod.oval:def:1502092 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502138 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502042 Several security issues were fixed in Linux kernel, python-perf and perf. oval:org.secpod.oval:def:1502043 Several security issues were fixed in Linux kernel, python-perf and perf. oval:org.secpod.oval:def:1501819 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501820 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501659 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that the Linux kernel"s IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a deni ... oval:org.secpod.oval:def:1502144 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504542 autotrace [0.31.1-38] - Resolves: #1765205 rebuild against new IM emacs [1:24.3-23] - Resolves: #1765208 rebuild against new IM ImageMagick [6.9.10.68-3] - Fixing freeze when svg file contains class="" [6.9.10.68-2] - Fixed ghostscript fonts, fixed multilib conflicts [6.9.10.68-1] - Rebase to 6.9.10 ... oval:org.secpod.oval:def:1507406 [115.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 oval:org.secpod.oval:def:1507415 [115.9.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115 ... oval:org.secpod.oval:def:1507146 [5.4.17-2136.325.5.el7uek] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer when access dtc object sharing the sa ... oval:org.secpod.oval:def:1506945 [20230516-999.25.git6c9e0ed5.el7] - Add missing amd-ucode/ files to nano rpm - Add posttrans scriptlet to reload microcode on AMD - Recreate initramfs for AMD systems [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD fam19h cpu microcode oval:org.secpod.oval:def:1506712 [4.1.12-124.76.2] - firewire: fix potential uaf in outbound_phy_packet_callback [Orabug: 35493606] {CVE-2023-3159} - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb [Orabug: 35448003] {CVE-2022-1679} - dm ioctl: fix nested locking in table_clear to remove deadlock concern [Orabug: 35354880] {CVE ... oval:org.secpod.oval:def:1506964 [4.1.12-124.76.2.el7uek] - firewire: fix potential uaf in outbound_phy_packet_callback [Orabug: 35493606] {CVE-2023-3159} - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb [Orabug: 35448003] {CVE-2022-1679} - dm ioctl: fix nested locking in table_clear to remove deadlock concern [Orabug: 3535488 ... oval:org.secpod.oval:def:1506045 [4.1.12-124.67.3] - media: imon: Fix null-ptr-deref in imon_probe [Orabug: 31225377] {CVE-2017-16537} - fbcon: remove soft scrollback code [Orabug: 31914703] {CVE-2020-14390} - inet: use bigger hash table for IP ID generation [Orabug: 33778986] {CVE-2021-45486} - ipv4: speedup ip_idents_reserve ... oval:org.secpod.oval:def:1506519 [5.4.17-2136.318.7.1.el7uek] - KVM: arm64: Disabling disabled PMU counters wastes a lot of time [Orabug: 33312587] - KVM: arm64: Don"t zero the cycle count register when PMCR_EL0.P is set oval:org.secpod.oval:def:1506520 [5.4.17-2136.318.7.1.el7] - KVM: arm64: Disabling disabled PMU counters wastes a lot of time [Orabug: 33312587] - KVM: arm64: Don"t zero the cycle count register when PMCR_EL0.P is set oval:org.secpod.oval:def:1506628 [15:4.2.1-26.el7] - migration: check magic value for deciding the mapping of channels [Orabug: 34735462] - io: Add support for MSG_PEEK for socket channel [Orabug: 34735462] - migration: Move channel setup out of postcopy_try_recover [Orabug: 34735462] - vdpa: commit all host notifier MRs in a si ... oval:org.secpod.oval:def:1503017 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503024 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502394 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502707 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503941 Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, whic ... oval:org.secpod.oval:def:1503946 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:49459 Audit files deletion events. oval:org.secpod.oval:def:49533 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled |