The Oracle Linux operating system must be a vendor-supported release.

STIG ID: OL07-00-020250  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: high (CAT I)  |  CCI: CCI-000366 |  Vulnerability Id: V-221719

Vulnerability Discussion

An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.

The version is still partially supported but has been superseded and must be removed from the enclave network or upgraded to a supported version.

Premier Support (full patches and updates) ended on December 31, 2024.
Extended Support (critical security fixes only) continues through June 30, 2028.

Check

Verify the version of the operating system is vendor supported.

Check the version of the operating system with the following command:

# cat /etc/oracle-release

Oracle Linux Server release 7.9

Current End of Premier Support for Oracle Linux 7 was Jul 2024.

If the release is not supported by the vendor, this is a finding.

Fix

Upgrade to a supported version of the operating system.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.