Linux Operating System (MOSC)

MOSC Banner

CVE-2024-1441 and swtpm Package Update

edited Jan 28, 2025 10:34PM in Linux Operating System (MOSC) 7 commentsAnswered ✓

Hi ,
We are experiencing an issue where the vulnerability CVE-2024-1441, related to ELSA-2024-12536 has been detected on a system running OEM 13.5 on Oracle Linux 8.10 (30 packages are affected).

One of theses packages is swtpm is mentioned in the Oracle Linux errata, but it is currently at version 0.7.0-4.20211109gitb79fd91.module+el8.9.0+90052+d3bf71d8 from the ol8_appstream repository and needs to be updated to version 0.7.0-4.20211109gitb79fd91.module+el8.10.0+90353+09180a4e from the ol8_x86_64_kvm_appstream repository to address the CVE.

We have enabled the necessary repositories, but the update for the swtpm package is not being applied correctly. We are unsure if the correct version of swtpm is available in the repository or if there is a configuration issue preventing the update or we can erase these packages .

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center