Detections
Analytics
Oracle Linux 9 : Image / Builder (ELSA-2022-7950)
high Nessus Plugin ID 168114
Language:
Synopsis
The remote Oracle Linux host is missing a security update.Description
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7950 advisory.cockpit-composer [41-1.0.1]
- Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922]
[41-1]
- New upstream release
[40-1]
- New upstream release
[39-1]
- New upstream release
[38-1]
- New upstream release
[37-1]
- New upstream release
[35-1]
- New upstream release
[34-1]
- New upstream release
[33-1]
- Add support for OCI upload target
- Update translations
- Update dependencies
[32-1]
- Add Edge Raw, RHEL Installer, Edge Simplified Installer image types
- Improve user account modal responsiveness
- Update tests
- Update minor NPM dependencies
- Update translation files
[31-1]
- Add new ostree image types
- Improve loading state when waiting for api responses
- Improve notification system
- Improve test stability
- Update NPM dependencies
- Update translations
[30-3]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
[30-2]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
[30-1]
- Add and update translations
- Update NPM dependencies
- Improve test reliability
[28-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
[28-1]
- Use sentence case rather than title case
- Add and update tests
- Update translations from weblate
- Update minor NPM dependencies
[27-1]
- Improve test reliability
- Update translations from weblate
- Update minor NPM dependencies
[26-1]
- Add additional form validation for the Create Image Wizard
- Improve page size dropdown styling
- Update minor NPM dependencies
- Improve code styling
- Improve test reliability
osbuild [65-1]
- New upstream release
[64-1]
- New upstream release
[63-1]
- New upstream release
[62-1]
- New upstream release
[61-1]
- New upstream release
[60-1]
- New upstream release
[59-1]
- New upstream release
[58-1]
- New upstream release
[57-1]
- New upstream release
[56-1]
- New upstream release
[55-1]
- New upstream release
[54-1]
- New upstream release
[53-1]
- New upstream release
[52-1]
- New upstream release
[50-1]
- New upstream release
[49-1]
- New upstream release
[48-1]
- New upstream release
[47-1]
- New upstream release
[46-1]
- New upstream release
[45-1]
- New upstream release
[44-1]
- New upstream release
[43-1]
- New upstream release
[42-1]
- New upstream release
[39-1]
- New upstream release
[35-1]
- Upstream release 35
[34-1]
- Upstream release 34
[33-1]
- Upstream release 33
[32-1]
- Upstream release 32
[31-1]
- Upstream release 31
[30-1]
- Upstream release 30
- Many new stages for building ostree-based raw images
- Bootiso.mono stage was deprecated and split into smaller stages
- Mounts are now represented as an array in a manifest
- Various bug fixes and improvements to various stages
[29-2]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
[29-1]
- Upstream release 29
- Adds host services
- Adds modprobe and logind stage
[27-3]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
[27-2]
- Include Fedora 35 runner (upstream commit 337e0f0)
[27-1]
- Upstream release 27
- Various bug fixes related to the new container and installer stages introdcued in version 25 and 26.
[26-1]
- Upstream release 26
- Support for building boot isos
- Grub stage gained support for saved_entry to fix grub tooling
[25-1]
- Upstream release 25
- First tech preview of the new manifest format. Includes various new stages and inputs to be able to build ostree commits contained in a oci archive.
[24-1]
- Upstream release 24
- Turn on dependency generator for everything but runners
- Include new input binaries
[23-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
[23-1]
- Upstream release 23
- Do not mangle shebangs for assemblers, runners & stages.
[22-1]
- Upstream release 22
[21-1]
- Upstream reelase 21
osbuild-composer [62.1-1]
- New upstream release
[62-1]
- New upstream release
[60-1]
- New upstream release
[59-1]
- New upstream release
[58-1]
- New upstream release
[57-1]
- New upstream release
[55-1]
- New upstream release
[54-1]
- New upstream release
[53-1]
- New upstream release
[51-1]
- New upstream release
[46-1]
- New upstream release
[45-1]
- New upstream release
[44-1]
- New upstream release
[43-1]
- New upstream release
[42-1]
- New upstream release
[41-1]
- New upstream release
[40-1]
- New upstream release
[39-1]
- New upstream release
[38-1]
- New upstream release
* Tue Nov 02 2021 lavocatt - 37-1
- New upstream release
[36-1]
- New upstream release
[33-1]
- New upstream release
[32-1]
- New upstream release
[31-1]
- New upstream release
[30-2]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
[30-1]
- New upstream release
[29-3]
- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065
[29-2]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
[29-1]
- New upstream release
[28-1]
- New upstream release
[27-1]
- New upstream release
[26-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
[26-2]
- Fix the compatibility with a new golang-github-azure-storage-blob 0.12
[26-1]
- New upstream release
[25-1]
- New upstream release
[24-1]
- New upstream release
[23-1]
- New upstream release
[22-1]
- New upstream release
weldr-client [35.5-4]
- tests: Add osbuild-composer repo file for RHEL 9.1 Related: rhbz#2118831
[35.5-3]
- tests: Update tests for osbuild composer changes Resolves: rhbz#2118831
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 168114
File Name: oraclelinux_ELSA-2022-7950.nasl
Version: 1.6
Type: local
Agent: unix
Published: 11/22/2022
Updated: 11/2/2024
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2022-32189
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:osbuild-selinux, p-cpe:/a:oracle:linux:osbuild-luks2, p-cpe:/a:oracle:linux:osbuild-lvm2, p-cpe:/a:oracle:linux:weldr-client, p-cpe:/a:oracle:linux:osbuild, p-cpe:/a:oracle:linux:osbuild-composer-core, p-cpe:/a:oracle:linux:osbuild-composer-worker, p-cpe:/a:oracle:linux:osbuild-ostree, p-cpe:/a:oracle:linux:osbuild-composer-dnf-json, p-cpe:/a:oracle:linux:python3-osbuild, p-cpe:/a:oracle:linux:cockpit-composer, p-cpe:/a:oracle:linux:osbuild-composer, cpe:/o:oracle:linux:9
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/22/2022
Vulnerability Publication Date: 8/2/2022
Reference Information
CVE: CVE-2022-32189