Tenable Core Offline ISO Updates (Q2 2022)

These release notes summarize updates made to Tenable Core in Q2 2022. Downloading and installing the most recent version of the offline ISO image initiates these updates on your Tenable Core machine.

Tip: Tenable recommends applying all offline updates, in order, to your offline Tenable Core machine. Do not skip offline updates.

To update using the Tenable Core offline ISO image, see the documentation for your application:

Note: To update Tenable Core + OT Security using the offline ISO image, contact Tenable Support.

For more information about product updates, see the release notes for your application.

New Features and Changed Functionality

April 2022

  • The Tenable Core backup page now has support for taking and restoring Tenable Security Center Configuration-only backups for Tenable Security Center 5.21.0 and newer.

  • UpdatedPackages.txt, included in the Quarterly Offline ISO, contains a summary of the package changes.

  • AllPackages.txt, included in the Quarterly Offline ISO, contains a list of all the packages on the ISO.

May 2022

  • Tenable Core diagnostic reports now include a copy of the Tenable.ot diagnostic report if Tenable.ot is installed and if the report is under 110 MB.

  • Fixed an issue that would cause SNMP to be unavailable until a reboot when completing Tenable.ot installation.

June 2022

  • Reduced the number of retained kernels from five to two on Tenable.ot instances that were migrated from the Indegy OS to accommodate a smaller /boot partition.

Bug Fixes

April 2022

  • Fixed an issue where automatic Tenable Security Center Configuration-only backups would incorrectly show as disabled in the webui.

May 2022

  • Fixed an issue that would cause SNMP to be unavailable until a reboot when completing Tenable.ot installation.

June 2022

  • Fixed handling of the '%' character in proxy usernames and passwords.

Application Updates

Package Updates

This ISO includes the following updates:

April 2022

CESA-2022:1198 Important: kernel security, bug fix, and enhancement update

CESA-2022:1284 Important: Firefox security update

May 2022

CESA-2022:2213 Important CentOS 7 zlib Security Update

CESA-2022:2191 Important CentOS 7 gzip Security Update

CESA-2022:1440 Important CentOS 7 java-11-openjdk Security Update

CESA-2022:4642 Important CentOS 7 kernel Security Update

CEBA-2022:4640 CentOS 7 grub2 BugFix Update

CEBA-2022:4641 CentOS 7 glibc BugFix Update

CEBA-2022:4638 CentOS 7 at BugFix Update

June 2022

CESA-2022:4803 Important rsyslog Security Update

CESA-2022:5052 xz Important Security Update

CESA-2022:5232 kernel Important Security Update

CESA-2021:3252: python27 Moderate Security Update

CVE-2019-13225 oniguruma Security Update

CVE References

Type Reference
CentOS 7: gzip (CESA-2022:2191)
  • CVE-2022-1271

CentOS 7 : Firefox (No Announcement)

  • CVE-2022-1097

  • CVE-2022-1196

  • CVE-2022-24713

  • CVE-2022-28281

  • CVE-2022-28282

  • CVE-2022-28285

  • CVE-2022-28286

  • CVE-2022-28289

CentOS 7: java-11-openjdk (CESA-2022:1440)

  • CVE-2022-21426

  • CVE-2022-21434

  • CVE-2022-21443

  • CVE-2022-21476

  • CVE-2022-21496

CentOS 7: kernel (CESA-2022:4642)

  • CVE-2021-4028

  • CVE-2021-4083

  • CVE-2022-0492

  • CVE-2022-1729

  • CVE-2022-1966

CentOS 7: python27 (No Announcement)
  • CVE-2020-27619
  • CVE-2020-28493

  • CVE-2021-20095

  • CVE-2021-20270

  • CVE-2021-23336

  • CVE-2021-27291

  • CVE-2021-3177

CentOS 7: rsyslog (No Announcement)
  • CVE-2022-24903

CentOS 7: xz (No Announcement)
  • CVE-2022-1271

CentOS 7: zlib (CESA-2022:2213)

  • CVE-2018-25032