Detections
Analytics

Oracle Linux 9 : glibc (ELSA-2026-20597)

medium Nessus Plugin ID 322986

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20597 advisory.

 [2.34-270.0.1]
 - Forward-port Oracle patches for ol9-u8 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history:
 May-20-2026 Cupertino Miranda <[email protected]> - 2.34-266.0.1
 - Forward-port Oracle patches for ol9-u8 Reviewed-by: David Faust <[email protected]> March-25-2026 Cupertino Miranda <[email protected]> - 2.34-262.0.1
 - Forward-port Oracle patches for ol9-u8 Reviewed-by: David Faust <[email protected]> March-6-2026 Cupertino Miranda <[email protected]> - 2.34-256.0.1
 - Forward-port Oracle patches for ol9-u8 Reviewed-by: David Faust <[email protected]> February-3-2026 Cupertino Miranda <[email protected]> - 2.34-245.0.1
 - Forward-port Oracle patches for ol9-u8 Reviewed-by: David Faust <[email protected]> November-14-2025 Cupertino Miranda <[email protected]> - 2.34-231.0.1.1
 - Forward-port Oracle patches for ol9-u7 Reviewed-by: Jose E. Marchesi <[email protected]> September-24-2025 Cupertino Miranda <[email protected]> - 2.34-231.0.1
 - Forward-port Oracle patches for ol9-u7 Reviewed-by: Jose E. Marchesi <[email protected]> September-8-2025 Jose E. Marchesi <[email protected]> - 2.34-228.0.1
 - Forward-port Oracle patches for ol9-u7 Reviewed-by: Jose E. Marchesi <[email protected]> August-5-2025 Cupertino Miranda <[email protected]> - 2.34-217.0.1
 - Forward-port Oralce patches for ol9-u7 Reviewed-by: Jose E. Marchesi <[email protected]> August-5-2025 Cupertino Miranda <[email protected]> - 2.34-168.0.1.23
 - Forward-port Oracle patches for ol9-u6 Reviewed-by: Jose E. Marchesi <[email protected]> June-30-2025 Cupertino Miranda <[email protected]> - 2.34-168.0.1.20
 - Forward-port Oracle patches for ol9-u6 Reviewed-by: Jose E. Marchesi <[email protected]> June-9-2025 Cupertino Miranda <[email protected]> - 2.34-168.0.1.19
 - Forward-port Oracle patches for ol9-u6 Reviewed-by: David Faust <[email protected]> May-17-2025 Cupertino Miranda <[email protected]> - 2.34-168.0.1.14
 - Forward-port Oracle patches for ol9-u6 Reviewed-by: Jose E. Marchesi <[email protected]> March-6-2025 Cupertino Miranda <[email protected]> - 2.34-168.0.1
 - Forward-port Oracle patches for ol9-u6 Reviewed by: Jose E. Marchesi <[email protected]> February-18-2025 Cupertino Miranda <[email protected]> - 2.34-160.0.1
 - Forward-port Oracle patches for ol9-u6 DP Reviewed by: Jose E. Marchesi <[email protected]> November-12-2024 Cupertino Miranda <[email protected]> - 2.34-125.0.1.1
 - Forward-port Oracle patches for ol9-u5 Reviewed by: Jose E. Marchesi <[email protected]> October-1-2024 Cupertino Miranda <[email protected]> - 2.34-100.0.1.4
 - Forward-port Oracle patches for ol9-u4 Reviewed by: David Faust <[email protected]> August-26-2024 Jose E. Marchesi <[email protected]> - 2.34-100.0.1.3
 - Forward-port Oracle patches for ol9-u4 Reviewed by: David Faust <[email protected]> May-24-2024 Cupertino Miranda <[email protected]> - 2.34-100.0.1.2
 - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi <[email protected]> April-30-2024 Cupertino Miranda <[email protected]> - 2.34-100.0.1
 - Forward-port Oracle patches for ol9-u4 Reviewed by: Indu Bhagat <[email protected]> March-28-2024 Cupertino Miranda <[email protected]> - 2.34-100.0.1
 - Forward-port Oracle patches for ol9-u4-beta Reviewed by: Jose E. Marchesi <[email protected]> March 15 2024 Cupertino Miranda <[email protected]> - 2.34-83.0.2.12
 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <[email protected]> February-26-2024 Cupertino Miranda <[email protected]> - 2.34-83.0.2.7
 - OraBug 36322437 getaddrinfo does not return correct ipv6 address and family Reviewed by: Jose E. Marchesi <[email protected]> October-24-2023 Cupertino Miranda <[email protected]> - 2.34-83.0.1.7
 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <[email protected]> October-4-2023 Cupertino Miranda <[email protected]> - 2.34-82.0.1
 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <[email protected]> April-18-2023 Cupertino Miranda <[email protected]> - 2.34-60.0.2
 - OraBug 35305078 Glibc tunable to disable huge pages on pthread_create stacks
 - Created tunable glibc.pthread.stack_hugetlb to control when hugepages can be used for stack allocation.
 - In case THP are enabled and glibc.pthread.stack_hugetlb is set to 0, glibc will madvise the kernel not to use allow hugepages for stack allocations.
 Reviewed by: Jose E. Marchesi <[email protected]> March-28-2023 Cupertino Miranda <[email protected]> - 2.34-60.0.1
 - Merge Oracle patches for ol9-u2 beta Reviewed by: Jose E. Marchesi <[email protected]> September-28-2022 Patrick McGehearty <[email protected]> - 2.34-40.0.1
 - Merge Oracle patches for ol9-u1 beta Reviewed by: Jose E. Marchesi <[email protected]> April-25-2022 Patrick McGehearty <[email protected]> - 2.34-28.0.1
 - Merge Oracle patches with ol9 beta
 - Reviewed-by: Jose E. Marchesi <[email protected]>

 [2.34-270]
 - Fix incorrect setting of CXX variable in spec file (RHEL-148252)

 [2.34-269]
 - Fix __nss_get_default_domain logic to restore netgroup user enumeration (RHEL-168096)

 [2.34-268]
 - resolv: Correctly count records and check hostname validity (RHEL-168851, RHEL-168852)

 [2.34-267]
 - CVE-2026-4046: Fix assertion failure in IBM1390 and IBM1399 iconv modules (RHEL-162901)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2026-20597.html

Plugin Details

Severity: Medium

ID: 322986

File Name: oraclelinux_ELSA-2026-20597.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/26/2026

Updated: 6/26/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, tenable_cloud_security, tenable_self_hosted_container_security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2026-4437

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2026-4438

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:glibc-langpack-ug, p-cpe:/a:oracle:linux:glibc-langpack-yi, p-cpe:/a:oracle:linux:glibc-langpack-gez, p-cpe:/a:oracle:linux:glibc-langpack-ga, p-cpe:/a:oracle:linux:glibc-langpack-te, p-cpe:/a:oracle:linux:glibc-langpack-dz, cpe:/o:oracle:linux:9:8:baseos_patch, p-cpe:/a:oracle:linux:glibc-langpack-fi, p-cpe:/a:oracle:linux:glibc-langpack-or, p-cpe:/a:oracle:linux:glibc-langpack-fil, p-cpe:/a:oracle:linux:libnsl, p-cpe:/a:oracle:linux:glibc-langpack-ig, p-cpe:/a:oracle:linux:glibc-langpack-mk, p-cpe:/a:oracle:linux:glibc-langpack-ja, p-cpe:/a:oracle:linux:glibc-langpack-ks, p-cpe:/a:oracle:linux:glibc-langpack-sid, p-cpe:/a:oracle:linux:glibc-langpack-et, p-cpe:/a:oracle:linux:glibc-langpack-ha, p-cpe:/a:oracle:linux:glibc-langpack-yuw, p-cpe:/a:oracle:linux:glibc-langpack-nl, p-cpe:/a:oracle:linux:glibc-langpack-ve, p-cpe:/a:oracle:linux:glibc-langpack-bo, p-cpe:/a:oracle:linux:glibc-langpack-mhr, p-cpe:/a:oracle:linux:glibc-langpack-tg, p-cpe:/a:oracle:linux:nss_hesiod, p-cpe:/a:oracle:linux:glibc-langpack-lv, p-cpe:/a:oracle:linux:glibc-langpack-pt, p-cpe:/a:oracle:linux:glibc-langpack-zh, p-cpe:/a:oracle:linux:glibc-langpack-agr, p-cpe:/a:oracle:linux:glibc-langpack-anp, p-cpe:/a:oracle:linux:glibc-langpack-tpi, p-cpe:/a:oracle:linux:glibc-langpack-se, p-cpe:/a:oracle:linux:glibc-langpack-wal, p-cpe:/a:oracle:linux:glibc-langpack-oc, p-cpe:/a:oracle:linux:glibc-langpack-nb, p-cpe:/a:oracle:linux:glibc-langpack-mni, p-cpe:/a:oracle:linux:glibc-langpack-mr, p-cpe:/a:oracle:linux:glibc-langpack-sr, p-cpe:/a:oracle:linux:glibc-langpack-ml, p-cpe:/a:oracle:linux:glibc-langpack-wo, p-cpe:/a:oracle:linux:glibc-langpack-ar, p-cpe:/a:oracle:linux:glibc-langpack-si, p-cpe:/a:oracle:linux:glibc-langpack-wae, p-cpe:/a:oracle:linux:glibc-langpack-sd, p-cpe:/a:oracle:linux:glibc-langpack-xh, p-cpe:/a:oracle:linux:glibc-langpack-crh, p-cpe:/a:oracle:linux:glibc-headers, p-cpe:/a:oracle:linux:glibc-langpack-nan, p-cpe:/a:oracle:linux:glibc-langpack-ayc, p-cpe:/a:oracle:linux:glibc-langpack-am, p-cpe:/a:oracle:linux:glibc-langpack-eo, p-cpe:/a:oracle:linux:glibc-langpack-ta, p-cpe:/a:oracle:linux:glibc-langpack-vi, p-cpe:/a:oracle:linux:glibc-langpack-hak, p-cpe:/a:oracle:linux:glibc-langpack-ss, p-cpe:/a:oracle:linux:glibc-langpack-fy, p-cpe:/a:oracle:linux:glibc-langpack-bho, p-cpe:/a:oracle:linux:glibc-langpack-bi, p-cpe:/a:oracle:linux:glibc-langpack-ln, p-cpe:/a:oracle:linux:glibc-langpack-gl, p-cpe:/a:oracle:linux:glibc-minimal-langpack, p-cpe:/a:oracle:linux:glibc-langpack-aa, p-cpe:/a:oracle:linux:glibc-langpack-sat, p-cpe:/a:oracle:linux:glibc-langpack-sw, p-cpe:/a:oracle:linux:glibc-langpack-fur, p-cpe:/a:oracle:linux:glibc-langpack-mi, p-cpe:/a:oracle:linux:glibc-langpack-yo, p-cpe:/a:oracle:linux:glibc-langpack-id, p-cpe:/a:oracle:linux:glibc-langpack-kk, p-cpe:/a:oracle:linux:glibc-langpack-sm, p-cpe:/a:oracle:linux:glibc-langpack-so, p-cpe:/a:oracle:linux:glibc-langpack-nso, p-cpe:/a:oracle:linux:glibc-langpack-szl, p-cpe:/a:oracle:linux:glibc-benchtests, p-cpe:/a:oracle:linux:glibc-langpack-pl, p-cpe:/a:oracle:linux:glibc-langpack-kw, p-cpe:/a:oracle:linux:glibc-langpack-cs, p-cpe:/a:oracle:linux:glibc-langpack-mai, p-cpe:/a:oracle:linux:glibc-langpack-it, p-cpe:/a:oracle:linux:glibc-langpack-ne, p-cpe:/a:oracle:linux:glibc-langpack-ro, p-cpe:/a:oracle:linux:glibc-langpack-ru, p-cpe:/a:oracle:linux:glibc-langpack-hy, p-cpe:/a:oracle:linux:glibc-langpack-tt, p-cpe:/a:oracle:linux:glibc-langpack-lt, p-cpe:/a:oracle:linux:glibc-langpack-li, p-cpe:/a:oracle:linux:glibc-nss-devel, p-cpe:/a:oracle:linux:glibc-langpack-lb, p-cpe:/a:oracle:linux:glibc-langpack-ko, p-cpe:/a:oracle:linux:glibc-langpack-kok, p-cpe:/a:oracle:linux:glibc-langpack-hu, p-cpe:/a:oracle:linux:glibc-langpack-hif, p-cpe:/a:oracle:linux:glibc-langpack-as, p-cpe:/a:oracle:linux:glibc-langpack-bn, p-cpe:/a:oracle:linux:glibc-langpack-hr, p-cpe:/a:oracle:linux:glibc-langpack-mg, p-cpe:/a:oracle:linux:glibc-langpack-sl, p-cpe:/a:oracle:linux:glibc-langpack-wa, p-cpe:/a:oracle:linux:glibc-langpack-sa, p-cpe:/a:oracle:linux:glibc-langpack-ht, p-cpe:/a:oracle:linux:glibc-langpack-cv, p-cpe:/a:oracle:linux:glibc-langpack-km, p-cpe:/a:oracle:linux:glibc-langpack-ff, p-cpe:/a:oracle:linux:glibc-langpack-unm, p-cpe:/a:oracle:linux:glibc-langpack-quz, p-cpe:/a:oracle:linux:glibc-langpack-af, p-cpe:/a:oracle:linux:glibc-langpack-ckb, p-cpe:/a:oracle:linux:glibc-langpack-kn, p-cpe:/a:oracle:linux:glibc-locale-source, p-cpe:/a:oracle:linux:glibc-langpack-sk, p-cpe:/a:oracle:linux:glibc-langpack-bg, p-cpe:/a:oracle:linux:glibc-langpack-ber, p-cpe:/a:oracle:linux:glibc-all-langpacks, p-cpe:/a:oracle:linux:glibc-langpack-csb, p-cpe:/a:oracle:linux:glibc-langpack-ps, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:glibc-langpack-mfe, p-cpe:/a:oracle:linux:glibc-langpack-iu, p-cpe:/a:oracle:linux:glibc-langpack-ti, p-cpe:/a:oracle:linux:glibc-langpack-ms, p-cpe:/a:oracle:linux:glibc-langpack-an, p-cpe:/a:oracle:linux:glibc-langpack-en, p-cpe:/a:oracle:linux:glibc-langpack-ka, p-cpe:/a:oracle:linux:nss_db, p-cpe:/a:oracle:linux:glibc-langpack-mag, p-cpe:/a:oracle:linux:glibc-common, p-cpe:/a:oracle:linux:glibc-langpack-lzh, p-cpe:/a:oracle:linux:glibc-langpack-gu, p-cpe:/a:oracle:linux:glibc-langpack-tl, p-cpe:/a:oracle:linux:glibc-langpack-raj, p-cpe:/a:oracle:linux:glibc-langpack-th, p-cpe:/a:oracle:linux:glibc-langpack-kl, p-cpe:/a:oracle:linux:glibc-langpack-hsb, p-cpe:/a:oracle:linux:glibc-gconv-extra, p-cpe:/a:oracle:linux:glibc-langpack-miq, p-cpe:/a:oracle:linux:glibc-langpack-cmn, p-cpe:/a:oracle:linux:glibc-langpack-ky, p-cpe:/a:oracle:linux:glibc-langpack-mjw, p-cpe:/a:oracle:linux:glibc-langpack-is, p-cpe:/a:oracle:linux:glibc-langpack-os, p-cpe:/a:oracle:linux:glibc-langpack-fa, p-cpe:/a:oracle:linux:glibc-langpack-ku, p-cpe:/a:oracle:linux:glibc-langpack-mnw, p-cpe:/a:oracle:linux:glibc-langpack-lo, p-cpe:/a:oracle:linux:glibc-langpack-sah, p-cpe:/a:oracle:linux:glibc-langpack-az, p-cpe:/a:oracle:linux:glibc-langpack-ur, p-cpe:/a:oracle:linux:glibc, p-cpe:/a:oracle:linux:glibc-langpack-sgs, p-cpe:/a:oracle:linux:glibc-langpack-fr, p-cpe:/a:oracle:linux:glibc-langpack-he, p-cpe:/a:oracle:linux:glibc-langpack-my, p-cpe:/a:oracle:linux:glibc-langpack-dsb, p-cpe:/a:oracle:linux:glibc-langpack-ts, p-cpe:/a:oracle:linux:glibc-devel, p-cpe:/a:oracle:linux:glibc-langpack-fo, p-cpe:/a:oracle:linux:glibc-langpack-es, p-cpe:/a:oracle:linux:glibc-langpack-kab, p-cpe:/a:oracle:linux:glibc-langpack-shn, p-cpe:/a:oracle:linux:glibc-langpack-br, p-cpe:/a:oracle:linux:glibc-langpack-ia, p-cpe:/a:oracle:linux:glibc-langpack-brx, p-cpe:/a:oracle:linux:glibc-langpack-shs, p-cpe:/a:oracle:linux:glibc-langpack-mt, p-cpe:/a:oracle:linux:glibc-langpack-niu, p-cpe:/a:oracle:linux:glibc-langpack-pap, p-cpe:/a:oracle:linux:glibc-langpack-tk, p-cpe:/a:oracle:linux:glibc-langpack-to, p-cpe:/a:oracle:linux:glibc-langpack-lij, p-cpe:/a:oracle:linux:glibc-langpack-sv, p-cpe:/a:oracle:linux:glibc-langpack-ik, p-cpe:/a:oracle:linux:glibc-langpack-ast, p-cpe:/a:oracle:linux:glibc-langpack-tcy, p-cpe:/a:oracle:linux:glibc-utils, p-cpe:/a:oracle:linux:glibc-langpack-bhb, p-cpe:/a:oracle:linux:glibc-langpack-eu, p-cpe:/a:oracle:linux:glibc-langpack-dv, p-cpe:/a:oracle:linux:glibc-langpack-ak, p-cpe:/a:oracle:linux:glibc-langpack-bs, p-cpe:/a:oracle:linux:glibc-langpack-de, p-cpe:/a:oracle:linux:glibc-doc, p-cpe:/a:oracle:linux:glibc-langpack-nn, p-cpe:/a:oracle:linux:glibc-langpack-st, p-cpe:/a:oracle:linux:glibc-langpack-lg, p-cpe:/a:oracle:linux:glibc-langpack-nhn, p-cpe:/a:oracle:linux:glibc-langpack-tn, p-cpe:/a:oracle:linux:glibc-langpack-the, p-cpe:/a:oracle:linux:glibc-langpack-rw, p-cpe:/a:oracle:linux:glibc-static, p-cpe:/a:oracle:linux:glibc-langpack-doi, p-cpe:/a:oracle:linux:glibc-langpack-sq, p-cpe:/a:oracle:linux:glibc-langpack-tig, p-cpe:/a:oracle:linux:glibc-langpack-tr, p-cpe:/a:oracle:linux:glibc-langpack-uz, p-cpe:/a:oracle:linux:glibc-langpack-byn, p-cpe:/a:oracle:linux:glibc-langpack-hne, p-cpe:/a:oracle:linux:glibc-langpack-mn, p-cpe:/a:oracle:linux:glibc-langpack-uk, p-cpe:/a:oracle:linux:glibc-langpack-ce, p-cpe:/a:oracle:linux:glibc-langpack-da, p-cpe:/a:oracle:linux:glibc-langpack-chr, p-cpe:/a:oracle:linux:glibc-langpack-zu, p-cpe:/a:oracle:linux:glibc-langpack-cy, p-cpe:/a:oracle:linux:nscd, p-cpe:/a:oracle:linux:glibc-langpack-el, p-cpe:/a:oracle:linux:glibc-langpack-pa, p-cpe:/a:oracle:linux:glibc-langpack-gv, p-cpe:/a:oracle:linux:glibc-langpack-hi, p-cpe:/a:oracle:linux:glibc-langpack-ca, p-cpe:/a:oracle:linux:glibc-langpack-bem, p-cpe:/a:oracle:linux:glibc-langpack-om, p-cpe:/a:oracle:linux:glibc-langpack-gd, p-cpe:/a:oracle:linux:glibc-langpack-be, p-cpe:/a:oracle:linux:glibc-langpack-yue, p-cpe:/a:oracle:linux:glibc-langpack-nds, p-cpe:/a:oracle:linux:glibc-langpack-nr, p-cpe:/a:oracle:linux:glibc-langpack-sc

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/23/2026

Vulnerability Publication Date: 3/20/2026

Reference Information

CVE: CVE-2026-4046, CVE-2026-4437, CVE-2026-4438