Detections
Analytics

Oracle Linux 8 : dnf (ELSA-2021-4464)

high Nessus Plugin ID 155416

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4464 advisory.

 dnf [4.7.0-4.0.1]
 -Fixed python stack trace with updateinfo list cves command [Orabug: 32749660]
 - Replaced upstream bugzilla reporting reference. [Orabug: 32829849]

 [4.7.0-4]
 - Update translations (RhBug:1961632)

 [4.7.0-3]
 - Improve signature checking using rpmkeys (RhBug:1967454)

 [4.7.0-2]
 - Fix covscan issue: dnf/rpm/miscutils.py: fix usage of _()

 [4.7.0-1]
 - Update to 4.7.0
 - New optional parameter for filter_modules enables following modular obsoletes based on a config option module_obsoletes
 - Fix module remove --all when no match spec (RhBug:1904490)
 - Make an error message more informative (RhBug:1814831)
 - Expand history to full term size when output is redirected (RhBug:1852577) (RhBug:1852577,1906970)
 - Print additional information when verifying GPG key using DNS
 - Enhanced detection of plugins removed in transaction (RhBug:1929163)
 - Improve repo config path ordering to fix a comps merging issue (RhBug:1928181)
 - Keep reason when package is removed (RhBug:1921063)
 - Improve mechanism for application of security filters (RhBug:1918475)
 - [API] Add new method for reset of security filters
 - Remove hardcoded logfile permissions (RhBug:1910084)
 - Preserve file mode during log rotation (RhBug:1910084)
 - Increase loglevel in case of invalid config options
 - Prevent traceback (catch ValueError) if pkg is from cmdline
 - Check for specific key string when verifing signatures (RhBug:1915990)
 - Use rpmkeys binary to verify package signature (RhBug:1915990)
 - [doc] Improve description of modular filtering
 - [doc] deprecated alias for dnf repoquery --deplist <deplist_option-label>
 - [doc] Describe install with just a name and obsoletes (RhBug:1902279)
 - [doc] Fix: 'sslcacert' contains path to the file
 - [doc] Added proxy ssl configuration options, increase libdnf require
 - [doc] Update documentation for module_obsoletes and module_stream_switch
 - [doc] Improve documentation for Hotfix repositories
 - [doc] fix: 'makecache' command downloads only enabled repositories
 - [doc] Add info that maximum parallel downloads is 20
 - [doc] installonly_limit documentation follows behavior
 - [doc] Add documentation for config option sslverifystatus (RhBug:1814383)
 - The noroot plugin no longer exists, remove mention

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2021-4464.html

Plugin Details

Severity: High

ID: 155416

File Name: oraclelinux_ELSA-2021-4464.nasl

Version: 1.5

Type: local

Agent: unix

Published: 11/17/2021

Updated: 11/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3445

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:libdnf-devel, p-cpe:/a:oracle:linux:dnf-plugins-core, p-cpe:/a:oracle:linux:python3-dnf-plugin-versionlock, p-cpe:/a:oracle:linux:dnf-data, p-cpe:/a:oracle:linux:yum, p-cpe:/a:oracle:linux:libdnf, p-cpe:/a:oracle:linux:python3-dnf, p-cpe:/a:oracle:linux:python3-libdnf, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:python3-dnf-plugin-post-transaction-actions, p-cpe:/a:oracle:linux:python3-dnf-plugins-core, p-cpe:/a:oracle:linux:yum-utils, p-cpe:/a:oracle:linux:dnf, p-cpe:/a:oracle:linux:python3-hawkey, p-cpe:/a:oracle:linux:dnf-automatic

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 11/16/2021

Vulnerability Publication Date: 5/19/2021

Reference Information

CVE: CVE-2021-3445