Issued: Monday, 24 October, 2022 |
Last Revision: Monday, 24 October, 2022 |
Vendor: |
Product: |
Severity Level: |
Oracle Linux have released security patches which addressed multiple vulnerabilities in their various components. Advisory contains 89 patches out this 43 are remotely exploitable without any authentication. Attackers might could take advantage of these vulnerabilities for exploitation which could lead to remote code execution and lateral movements which could have an adversely impact on confidentiality, integrity of data and reputational loss.
|
|
| |||||
| CVE/Vulnerability | Description | Cvss Score | Exploitable |
| ||
| CVE-2022-40674 | Vulnerability related to expat lib | 9.8 | Yes |
| ||
| CVE-2022-41318 | Multiple vulnerabilities related to Squid component | 8.9 | Yes |
| ||
| CVE-2022-32893 | Multiple vulnerabilities related to webkit2gtk3 | 8.8 | Yes |
| ||
| CVE-2022-3080 | Multiple vulnerabilities related to bind component | 7.5 | Yes |
| ||
| CVE-2022-31212 | Vulnerability related to dbus-broker | 7.5 | Yes |
| ||
| CVE-2022-40959 | Multiple vulnerabilities in Firefox | 7.5 | Yes |
| ||
| CVE-2022-2509 | Vulnerabilities in gnutls and nettle | 7.5 | Yes |
| ||
| CVE-2020-28469 | nodejs and nodejs-nodemon | 7.5 | Yes |
| ||
| CVE-2022-25857 | prometheus-jmx-exporter | 7.5 | Yes |
| ||
| CVE-2022-3033 | Multiple vulnerabilities in thunderbird component | 7.5 | Yes |
| ||
| CVE-2022-21546 | Unbreakable Enterprise kernel | 7.5 | Yes |
| ||
| CVE-2022-34903 | Vulnerabilities in gnupg2 component | 5.9 | Yes |
| ||
| CVE-2022-21457 | Vulnerabilities in Mysql | 5.9 | Yes |
| ||
Table 1: Vulnerability details
| CVE/Vulnerability | Affected Product(s) | Affected Component | Affected Versions |
| |
| CVE-2022-40674 | Oracle Linux | expat | 7,8,9 |
| |
| CVE-2022-41318 | Oracle Linux | squid | 7,9 |
| |
| CVE-2022-32893 | Oracle Linux | webkit2gtk3 | 8,9 |
| |
| CVE-2022-3080 | Oracle Linux | bind | 7,8,9 |
| |
| CVE-2022-31212 | Oracle Linux | dbus-broker | 9 |
| |
| CVE-2022-40959 | Oracle Linux | firefox | 8,9 |
| |
| CVE-2022-2509 | Oracle Linux | gnutls and nettle | 9 |
| |
| CVE-2020-28469 | Oracle Linux | nodejs and nodejs-nodemon | 9 |
| |
| CVE-2022-25857 | Oracle Linux | prometheus-jmx-exporter | 8 |
| |
| CVE-2022-3033 | Oracle Linux | thunderbird | 8,9 |
| |
| CVE-2022-21546 | Oracle Linux | Unbreakable Enterprise kernel | 7,8 |
| |
| CVE-2022-34903 | Oracle Linux | gnupg2 | 9 |
| |
| CVE-2022-21457 | Oracle Linux | mysql | 9 |
| |
Table 2: Vulnerable versions
We strongly recommends to review all list of affected products mentioned in "Oracle Linux Bulletin - October 2022" in "REFERENCES" and apply appropriate patches released by vendor.