AlmaLinux OS 9 security patches and updates must be installed and up to date.

STIG ID: ALMA-09-024330  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-269295

Vulnerability Discussion

Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities.

If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software.

The lack of prompt attention to patching could result in a system compromise.

Check

Verify AlmaLinux OS 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.

Obtain the list of available package security updates from TuxCare. The URL for updates is https://cve.tuxcare.com/els/cve/.

It is important to note that updates may not be present on the system if the underlying packages are not installed.

Check if there are security updates available that have not been installed with the following command:

$ dnf updateinfo list updates security

CLSA-2024:1708029809 Important/Sec. gnutls-3.7.6-21.el9_2.tuxcare.els1.x86_64
CLSA-2024:1708029936 Important/Sec. gnutls-3.7.6-21.el9_2.tuxcare.els2.x86_64
CLSA-2024:1708416911 Important/Sec. libxml2-2.9.13-3.el9_2.1.tuxcare.els1.x86_64
CLSA-2024:1708417063 Moderate/Sec. python3-rpm-4.16.1.3-22.el9.tuxcare.els1.x86_64
CLSA-2024:1708417063 Moderate/Sec. rpm-4.16.1.3-22.el9.tuxcare.els1.x86_64
CLSA-2024:1708417063 Moderate/Sec. rpm-build-libs-4.16.1.3-22.el9.tuxcare.els1.x86_64
CLSA-2024:1708417063 Moderate/Sec. rpm-libs-4.16.1.3-22.el9.tuxcare.els1.x86_64
CLSA-2024:1708417063 Moderate/Sec. rpm-plugin-audit-4.16.1.3-22.el9.tuxcare.els1.x86_64
CLSA-2024:1708417063 Moderate/Sec. rpm-plugin-selinux-4.16.1.3-22.el9.tuxcare.els1.x86_64
CLSA-2024:1708417063 Moderate/Sec. rpm-plugin-systemd-inhibit-4.16.1.3-22.el9.tuxcare.els1.x86_64
CLSA-2024:1708417063 Moderate/Sec. rpm-sign-libs-4.16.1.3-22.el9.tuxcare.els1.x86_64

Typical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.

If the system is in not compliant with the organizational patching policy, this is a finding.

Fix

Install AlmaLinux OS 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:

$ dnf upgrade
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.