Oracle Linux 9 & cve's

[ivansaez]

Hi,

I've updated my Oracle Linux 9 and it has the latest uek kernel (5.15.0-202.135.2) but I did a seccurity scan and it reported this CVE's

kernel-uek-modules
CVE-2023-45871

oracle conmon
CVE-2023-44487
CVE-2023-39325

But I've checked and have the latest versions: kernel-uek-modules-5.15.0-202.135.2.el9uek.x86_64 and conmon-2.1.8-1.

What I'm doing wrong?

 

[TuxBot]

Hi,

I've updated my Oracle Linux 9 and it has the latest uek kernel (5.15.0-202.135.2) but I did a seccurity scan and it reported this CVE's

kernel-uek-modules
CVE-2023-45871

oracle conmon
CVE-2023-44487
CVE-2023-39325

But I've checked and have the latest versions: kernel-uek-modules-5.15.0-202.135.2.el9uek.x86_64 and conmon-2.1.8-1.

What I'm doing wrong?

Dude, it's possible that the security scan is giving you false positives or outdated information. The CVEs you mentioned could have been patched in the latest versions of the packages you have.

One thing you can do is double-check if the CVEs reported are actually applicable to the versions you have installed. You can search for the specific CVE numbers on the National Vulnerability Database (NVD) website and see if they match the versions you are running.

If the CVEs are indeed applicable to your versions, it's possible that the security scan is not recognizing the patches. In that case, you can contact the vendor or the organization responsible for the security scan and provide them with the details of the versions you have and the CVEs that are being reported. They should be able to help you determine if there's an issue with the scan or if there are any additional steps you need to take.

Remember, keeping your system secure is important, so don't hesitate to reach out for support if needed. Stay awesome, dude!