The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7958 advisory.

    The libguestfs packages contain a library used for accessing and modifying virtual machine disk images.

    Security Fix(es):

    * libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7979 advisory.

    Speex is a patent-free compression format designed especially for speech. It is specialized for voice     communications at low bit-rates.

    Security Fix(es):

    * speex: divide by zero in read_samples() via crafted WAV file (CVE-2020-23903)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8011 advisory.

    FriBidi is a library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is     done in the proper way, while the text data itself is always written in logical order.

    Security Fix(es):

    * fribidi: Stack based buffer overflow (CVE-2022-25308)

    * fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode (CVE-2022-25309)

    * fribidi: SEGV in fribidi_remove_bidi_marks (CVE-2022-25310)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7935 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * pcs: improper authentication via PAM (CVE-2022-1049)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8078 advisory.

    FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project     consists of the stream format, reference encoders and decoders in library form, a command-line program to     encode and decode FLAC files, and a command-line metadata editor for FLAC files.

    Security Fix(es):

    * flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c (CVE-2021-0561)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8415 advisory.

    The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as     related support libraries.

    Security Fix(es):

    * gcc: uncontrolled recursion in libiberty/rust-demangle.c (CVE-2021-46195)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8340 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * FreeType: Buffer overflow in sfnt_init_face (CVE-2022-27404)

    * FreeType: Segmentation violation via FNT_Size_Request (CVE-2022-27405)

    * Freetype: Segmentation violation via FT_Request_Size (CVE-2022-27406)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7959 advisory.

    guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk     used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests     from scratch, and much more.

    Security Fix(es):

    * libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8400 advisory.

    The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-     RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages.

    Security Fix(es):

    * libtirpc: DoS vulnerability with lots of connections (CVE-2021-46828)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8197 advisory.

    PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

    The following packages have been upgraded to a later upstream version: php (8.0.20). (BZ#2095752)

    Security Fix(es):

    * php: Use after free due to php_filter_float() failing for ints (CVE-2021-21708)

    * php: Uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7967 advisory.

    Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm packages provide the user-space component for running virtual machines that     use KVM.

    The following packages have been upgraded to a later upstream version: qemu-kvm (7.0.0). (BZ#2064757)

    Security Fix(es):

    * QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750)

    * QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507)

    * QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611)

    * QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8057 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)

    Security Fix(es):

    * sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)

    * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

    * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

    * grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)

    * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

    * grafana: XSS vulnerability in data source handling (CVE-2022-21702)

    * grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)

    * grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)

    * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

    * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

    * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

    * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

    * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

    * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

    * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8067 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    The following packages have been upgraded to a later upstream version: httpd (2.4.53). (BZ#2079939)

    Security Fix(es):

    * httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

    * httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)

    * httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)

    * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

    * httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)

    * httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

    * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)

    * httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)

    * httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

    * httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8100 advisory.

    SWTPM is a TPM emulator built on libtpms providing TPM functionality for QEMU VMs.

    Security Fix(es):

    * swtpm: Unchecked header size indicator against expected size (CVE-2022-23645)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8385 advisory.

    The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP     network to get their own network configuration information, including an IP address, a subnet mask, and a     broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and     administer DHCP on a network.

    Security Fix(es):

    * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8096 advisory.

    Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can     contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data     set. You can persist it either by dumping the data set to disk every once in a while, or by appending each     command to a log.

    Security Fix(es):

    * redis: Code injection via Lua script execution environment (CVE-2022-24735)

    * redis: Malformed Lua script can crash Redis (CVE-2022-24736)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8112 advisory.

    FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3,     ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

    The following packages have been upgraded to a later upstream version: frr (8.2.2). (BZ#2069563)

    Security Fix(es):

    * frrouting: overflow bugs in unpack_tlv_router_cap (CVE-2022-26125)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7933 advisory.

  - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)

  - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)

  - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)

  - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)

  - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)

  - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM     (CVE-2022-1016)

  - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)

  - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image     (CVE-2022-1184)

  - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)

  - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)

  - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)

  - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)

  - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)

  - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)

  - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)

  - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)

  - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)

  - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)

  - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)

  - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)

  - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation     (CVE-2022-2586)

  - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)

  - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)

  - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)

  - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)

  - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)

  - hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)

  - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)

  - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)

  - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7970 advisory.

    The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can     encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and     automated mechanism for serializing structured data.

    Security Fix(es):

    * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference     (CVE-2021-22570)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8418 advisory.

    GLib provides the core application building blocks for libraries and applications written in C. It     provides the core object system used in GNOME, the main loop implementation, and a large set of utility     functions for strings and common data structures.

    Security Fix(es):

    * glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink     (CVE-2021-28153)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8353 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    The following packages have been upgraded to a later upstream version: python3.9 (3.9.14). (BZ#2128249)

    Security Fix(es):

    * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107)

    * python: open redirection vulnerability in lib/http/server.py may lead to information disclosure     (CVE-2021-28861)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7978 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: buffer overflow through a crafted XCF file (CVE-2022-30067)

    * gimp: unhandled exception via a crafted XCF file may lead to DoS (CVE-2022-32990)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8208 advisory.

    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind.
    It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL     drivers and authentication plug-ins are provided as subpackages.

    Security Fix(es):

    * dovecot: Privilege escalation when similar master and non-master passdbs are used (CVE-2022-30550)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7928 advisory.

    The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to     manage multipath devices.

    Security Fix(es):

    * device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux (CVE-2022-3787)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7927 advisory.

    KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as the CMS easily accessible by     other applications. Both specifications are building blocks of S/MIME and TLS.

    Security Fix(es):

    * libksba: integer overflow may lead to remote code execution (CVE-2022-3515)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7887 advisory.

    The linux-firmware packages contain all of the firmware files that are required by various devices to     operate.

    Security Fix(es):

    * hardware: buffer overflow in bluetooth firmware (CVE-2020-12321)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7885 advisory.

    The kpatch management tool provides a kernel patching infrastructure which     allows you to patch a running kernel without rebooting or restarting any     processes.

    Security Fix(es):

    * kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation     (CVE-2022-2588)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7592 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7581 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7822 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * podman: possible information disclosure and modification (CVE-2022-2989)

    * buildah: possible information disclosure and modification (CVE-2022-2990)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2125644)

    * (podman image trust) does not support the new trust type sigstoreSigned  (BZ#2125645)

    * podman kill may deadlock (BZ#2125647)

    * Error: runc: exec failed: unable to start container process: open /dev/pts/0: operation not permitted:
    OCI permission denied [RHEL 8.7] (BZ#2125648)

    * containers-common-1-44 is missing RPM-GPG-KEY-redhat-beta [RHEL 8.7] (BZ#2125686)

    * ADD Dockerfile reference is not validating HTTP status code [rhel8-8.7.0] (BZ#2129767)

    * Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.7.0.z] (netavark)     (BZ#2130234)

    * containers config.json gets empty after sudden power loss (BZ#2130236)

    * PANIC podman API service endpoint handler panic (BZ#2132412)

    * Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4     network (BZ#2133390)

    * Skopeo push image to redhat quay with sigstore was failed (BZ#2136406)

    * Podman push image to redhat quay with sigstore was failed (BZ#2136433)

    * Buildah push image to redhat quay with sigstore was failed (BZ#2136438)

    * Two aardvark-dns instances trying to use the same port on the same interface. [rhel-8.8] (aardvark-dns)     (BZ#2137295)

    Enhancement(s):

    * [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2130911)

    * [RFE] python-podman: Podman support to perform custom actions on unhealthy containers (BZ#2132360)

    * Podman volume plugin timeout should be configurable (BZ#2132992)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7633 advisory.

    The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic     Host Configuration Protocol) server.

    Security Fix(es):

    * dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7704 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    GLib provides the core application building blocks for libraries and applications written in C. It     provides the core object system used in GNOME, the main loop implementation, and a large set of utility     functions for strings and common data structures.

    Security Fix(es):

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)

    * webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)

    * webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)

    * webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary     code execution (CVE-2022-30293)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7715 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxml2: Incorrect server side include parsing can lead to XSS (CVE-2016-3709)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7618 advisory.

    GStreamer is a streaming media framework based on graphs of filters that operate on media data. The     gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under     the LGPL license.

    Security Fix(es):

    * gstreamer-plugins-good: Use-after-free in matroska demuxing (CVE-2021-3497)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7683 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)

    * race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference     (CVE-2020-36558)

    * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)

    * memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c     (CVE-2021-30002)

    * smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)

    * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)

    * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)

    * uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)

    * race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)

    * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)

    * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image     (CVE-2022-1184)

    * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)

    * buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)

    * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)

    * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)

    * use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)

    * net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)

    * possible to use the debugger to write zero into a location of choice (CVE-2022-21499)

    * Spectre-BHB (CVE-2022-23960)

    * Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)

    * memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)

    * double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)

    * use after free in SUNRPC subsystem (CVE-2022-28893)

    * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)

    * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)

    * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7464 advisory.

    The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can     encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and     automated mechanism for serializing structured data.

    Security Fix(es):

    * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference     (CVE-2021-22570)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7647 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

    * httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)

    * httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)

    * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

    * httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)

    * httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

    * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)

    * httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)

    * httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

    * httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7594 advisory.

    Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

    Security Fix(es):

    * poppler: A logic error in the Hints::Hints function can cause denial of service (CVE-2022-27337)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7548 advisory.

    Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits,     that uses osbuild under the hood.

    Security Fix(es):

    * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short,     potentially allowing a denial of service (CVE-2022-32189)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7529 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

    * cri-o: memory exhaustion on the node when access to the kube api (CVE-2022-1708)

    * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

    * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

    * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

    * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

    * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

    * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

    * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

    * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7447 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * pcs: improper authentication via PAM (CVE-2022-1049)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7472 advisory.

    Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware     platforms. The virt:rhel module contains packages which provide user-space components used to run virtual     machines using KVM. The packages also provide APIs for managing and interacting with the virtualized     systems.

    The following packages have been upgraded to a later upstream version: qemu-kvm (6.2.0). (BZ#2066828)

    Security Fix(es):

    * QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507)

    * libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service (CVE-2022-0897)

    * libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211)

    * swtpm: Unchecked header size indicator against expected size (CVE-2022-23645)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7811 advisory.

    Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat     library for MinGW.

    The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8). (BZ#2057023,     BZ#2057037, BZ#2057127)

    Security Fix(es):

    * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

    * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code     execution (CVE-2022-25236)

    * expat: Integer overflow in storeRawNames() (CVE-2022-25315)

    * expat: Stack exhaustion in doctype parsing (CVE-2022-25313)

    * expat: Integer overflow in copyString() (CVE-2022-25314)

    * expat: Integer overflow in the doProlog function (CVE-2022-23990)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7720 advisory.

    The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the     ext2, ext3, and ext4 file systems.

    Security Fix(es):

    * e2fsprogs: out-of-bounds read/write via crafted filesystem (CVE-2022-1304)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7745 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * FreeType: Buffer overflow in sfnt_init_face (CVE-2022-27404)

    * FreeType: Segmentation violation via FNT_Size_Request (CVE-2022-27405)

    * Freetype: Segmentation violation via FT_Request_Size (CVE-2022-27406)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7730 advisory.

    The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP     servers, or use local TDB databases.

    The following packages have been upgraded to a later upstream version: libldb (2.5.2). (BZ#2077484)

    Security Fix(es):

    * samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request     (CVE-2022-32746)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7790 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7648 advisory.

    The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries     and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

    Security Fix(es):

    * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

    * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

    * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

    * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

    * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

    * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7692 advisory.

    XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a     transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a     simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to     a remote server using HTTP, and gets back the response in XML.

    Security Fix(es):

    * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)

    * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)

    * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)

    * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)

    * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)

    * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)

    * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7813 advisory.

    The zlib packages provide a general-purpose lossless data compression library that is used by many     different programs.

    Security Fix(es):

    * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
167595	RHEL 9 : libguestfs (RHSA-2022:7958)	medium
167593	RHEL 9 : speex (RHSA-2022:7979)	medium
167591	RHEL 9 : fribidi (RHSA-2022:8011)	high
167590	RHEL 9 : pcs (RHSA-2022:7935)	high
167588	RHEL 9 : flac (RHSA-2022:8078)	medium
167583	RHEL 9 : mingw-gcc (RHSA-2022:8415)	medium
167582	RHEL 9 : freetype (RHSA-2022:8340)	critical
167578	RHEL 9 : guestfs-tools (RHSA-2022:7959)	medium
167576	RHEL 9 : libtirpc (RHSA-2022:8400)	high
167572	RHEL 9 : php (RHSA-2022:8197)	critical
167571	RHEL 9 : qemu-kvm (RHSA-2022:7967)	high
167570	RHEL 9 : grafana (RHSA-2022:8057)	high
167569	RHEL 9 : httpd (RHSA-2022:8067)	critical
167568	RHEL 9 : swtpm (RHSA-2022:8100)	medium
167567	RHEL 9 : dhcp (RHSA-2022:8385)	medium
167566	RHEL 9 : redis (RHSA-2022:8096)	high
167554	RHEL 9 : frr (RHSA-2022:8112)	high
167544	RHEL 9 : kernel-rt (RHSA-2022:7933)	high
167540	RHEL 9 : protobuf (RHSA-2022:7970)	medium
167535	RHEL 9 : mingw-glib2 (RHSA-2022:8418)	medium
167534	RHEL 9 : python3.9 (RHSA-2022:8353)	high
167525	RHEL 9 : gimp (RHSA-2022:7978)	medium
167523	RHEL 9 : dovecot (RHSA-2022:8208)	high
167501	RHEL 8 : device-mapper-multipath (RHSA-2022:7928)	high
167458	RHEL 8 : libksba (RHSA-2022:7927)	critical
167215	RHEL 7 : linux-firmware (RHSA-2022:7887)	high
167205	RHEL 8 : kpatch-patch (RHSA-2022:7885)	high
167194	RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2022:7592)	high
167193	RHEL 8 : python38:3.8 and python38-devel:3.8 (RHSA-2022:7581)	high
167179	RHEL 8 : container-tools:rhel8 (RHSA-2022:7822)	high
167173	RHEL 8 : dnsmasq (RHSA-2022:7633)	high
167169	RHEL 8 : webkit2gtk3 (RHSA-2022:7704)	high
167167	RHEL 8 : libxml2 (RHSA-2022:7715)	medium
167165	RHEL 8 : gstreamer1-plugins-good (RHSA-2022:7618)	high
167155	RHEL 8 : kernel (RHSA-2022:7683)	high
167153	RHEL 8 : protobuf (RHSA-2022:7464)	medium
167152	RHEL 8 : httpd:2.4 (RHSA-2022:7647)	critical
167151	RHEL 8 : poppler (RHSA-2022:7594)	medium
167150	RHEL 8 : Image Builder (RHSA-2022:7548)	high
167148	RHEL 8 : container-tools:3.0 (RHSA-2022:7529)	medium
167146	RHEL 8 : pcs (RHSA-2022:7447)	high
167145	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2022:7472)	medium
167142	RHEL 8 : mingw-expat (RHSA-2022:7811)	critical
167141	RHEL 8 : e2fsprogs (RHSA-2022:7720)	high
167139	RHEL 8 : freetype (RHSA-2022:7745)	critical
167138	RHEL 8 : libldb (RHSA-2022:7730)	medium
167137	RHEL 8 : bind (RHSA-2022:7790)	medium
167136	RHEL 8 : grafana-pcp (RHSA-2022:7648)	medium
167132	RHEL 8 : xmlrpc-c (RHSA-2022:7692)	critical
167130	RHEL 8 : mingw-zlib (RHSA-2022:7813)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

medium

medium

high

high

medium

medium

critical

medium

high

critical

high

high

critical

medium

medium

high

high

high

medium

medium

high

medium

high

high

critical

high

high

high

high

high

high

high

medium

high

high

medium

critical

medium

high

medium

high

medium

critical

high

critical

medium

medium

medium

critical

high