Detections
Analytics

MiracleLinux 9 : container-tools, python-podman-4.2.0-1.el9, toolbox-0.0.99.3-5.el9 (AXSA:2023-5056:01)

high Nessus Plugin ID 292898

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5056:01 advisory.

 * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
 * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
 * podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024)
 * podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)
 * containers/storage: DoS via malicious image (CVE-2021-20291)
 * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
 * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
 * golang: net: lookup functions may return invalid host names (CVE-2021-33195)
 * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
 * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
 * podman: possible information disclosure and modification (CVE-2022-2989)
 * buildah: possible information disclosure and modification (CVE-2022-2990)
 * golang: net/[http:](http:) improper sanitization of Transfer-Encoding header (CVE-2022-1705)
 * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
 * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
 * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) CVE(s):
 CVE-2020-28851 CVE-2020-28852 CVE-2021-20199 CVE-2021-20291 CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 CVE-2021-34558 CVE-2021-4024 CVE-2022-1705 CVE-2022-2989 CVE-2022-2990 CVE-2022-27191 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/16240

Plugin Details

Severity: High

ID: 292898

File Name: miracle_linux_AXSA-2023-5056.nasl

Version: 1.1

Type: local

Published: 1/20/2026

Updated: 1/20/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-33195

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:container-selinux, p-cpe:/a:miracle:linux:python3-podman, p-cpe:/a:miracle:linux:netavark, p-cpe:/a:miracle:linux:buildah-tests, p-cpe:/a:miracle:linux:container-tools, p-cpe:/a:miracle:linux:cockpit-podman, p-cpe:/a:miracle:linux:toolbox, p-cpe:/a:miracle:linux:containernetworking-plugins, p-cpe:/a:miracle:linux:podman-docker, p-cpe:/a:miracle:linux:podman-catatonit, p-cpe:/a:miracle:linux:podman, p-cpe:/a:miracle:linux:podman-gvproxy, p-cpe:/a:miracle:linux:toolbox-tests, p-cpe:/a:miracle:linux:podman-tests, p-cpe:/a:miracle:linux:podman-plugins, p-cpe:/a:miracle:linux:oci-seccomp-bpf-hook, p-cpe:/a:miracle:linux:podman-remote, cpe:/o:miracle:linux:9, p-cpe:/a:miracle:linux:containers-common, p-cpe:/a:miracle:linux:aardvark-dns, p-cpe:/a:miracle:linux:buildah

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/10/2023

Vulnerability Publication Date: 12/3/2020

Reference Information

CVE: CVE-2020-28851, CVE-2020-28852, CVE-2021-20199, CVE-2021-20291, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-4024, CVE-2022-1705, CVE-2022-27191, CVE-2022-2989, CVE-2022-2990, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632

IAVB: 2021-B-0047-S, 2022-B-0025