No results found

Your search did not match any results.

We suggest you try the following to help find what you're looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.

 

Trending Questions

Oracle Solaris Third Party Bulletin - April 2019

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin fixes as soon as possible.

Patch Availability

Please see My Oracle Support Note 1448883.1

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 16 July 2019
  • 15 October 2019
  • 14 January 2020
  • 14 April 2020

References

Modification History

2019-June-25 Rev 3. Added CVEs fixed in Solaris 11.4 SRU 10
2019-May-29 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 9
2019-April-16 Rev 1. Initial Release with all CVEs fixed in Solaris 11.3 LSU 36.10 and Solaris 11.4 SRU 8

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 44 new security fixes for the Oracle Solaris Operating System. 28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 3: Published on 2019-06-25

CVE# Product Third Party component Protocol Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Attack Vector Attack Complexity Privs­Req'd User Interact Scope Confid­entiality Inte­grity Avail­ability
CVE-2019-9797 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 1
CVE-2019-9797 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 2
CVE-2019-9903 Oracle Solaris Poppler None Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 3
CVE-2019-12295 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Unchanged None None High 11.4  
CVE-2017-18258 Oracle Solaris libxml2 None Yes 5.6 Network High None None Unchanged Low Low Low 11.3, 10  
CVE-2019-8936 Oracle Solaris NTP NTP No 5.3 Network High Low None Unchanged None None High 11.4, 10  
CVE-2018-20650 Oracle Solaris Poppler None Yes 4.3 Network Low None Required Unchanged None None Low 11.4  
CVE-2019-9936 Oracle Solaris SQLite3 None No 3.3 Local Low Low None Unchanged Low None None 11.4 See Note 4
CVE-2018-6260 Oracle Solaris NVIDIA Graphics Driver None No 2.2 Local High Low Required Unchanged Low None None 11.4  

Revision 2: Published on 2019-05-29

CVE# Product Third Party component Protocol Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Attack Vector Attack Complexity Privs­Req'd User Interact Scope Confid­entiality Inte­grity Avail­ability
CVE-2019-9636 Oracle Solaris Python Multiple Yes 9.8 Network Low None None Unchanged High High High 11.4  
CVE-2019-9636 Oracle Solaris Python Multiple Yes 9.8 Network Low None None Unchanged High High High 11.4  
CVE-2019-9636 Oracle Solaris Python Multiple Yes 9.8 Network Low None None Unchanged High High High 11.4  
CVE-2018-18356 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 5
CVE-2018-18505 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 6
CVE-2019-6212 Oracle Solaris WebKitGTK+ Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 7
CVE-2019-9794 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 8
CVE-2019-9810 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 9
CVE-2019-0215 Oracle Solaris Apache HTTP server HTTP No 8.2 Local Low Low Required Changed High High High 11.4, 10 See Note 10
CVE-2018-1000876 Oracle Solaris GNU binary utilities None No 7.8 Local Low None Required Unchanged High High High 11.4 See Note 11
CVE-2018-1000876 Oracle Solaris GNU binary utilities None No 7.8 Local Low None Required Unchanged High High High 11.4  
CVE-2019-0199 Oracle Solaris Apache Tomcat HTTP Yes 7.5 Network Low None None Unchanged None None High 11.4, 10  
CVE-2019-10899 Oracle Solaris Wireshark None Yes 7.5 Network Low None None Unchanged None None High 11.4 See Note 12
CVE-2019-6116 Oracle Solaris Ghostscript Multiple Yes 7.3 Network Low None None Unchanged Low Low Low 11.4  
CVE-2018-17985 Oracle Solaris GNU binary utilities None No 5.5 Local Low None Required Unchanged None None High 11.4 See Note 13
CVE-2019-6975 Oracle Solaris Django Multiple Yes 5.3 Network Low None None Unchanged None None Low 11.4  
CVE-2013-4288 Oracle Solaris PolicyKit None No 4.7 Network Low High None Unchanged Low Low Low 11.4 See Note 14
CVE-2019-3498 Oracle Solaris Django Multiple Yes 4.3 Network Low None Required Unchanged None Low None 11.4  
CVE-2017-11164 Oracle Solaris PCRE None No 3.3 Local Low None Required Unchanged None None Low 11.4  
CVE-2018-9234 Oracle Solaris GnuPG OpenPGP No 2.2 Local High Low Required Unchanged None Low None 11.4  

Revision 1: Published on 2019-04-16

CVE# Product Third Party component Protocol Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Attack Vector Attack Complexity Privs­Req'd User Interact Scope Confid­entiality Inte­grity Avail­ability
CVE-2018-18312 Oracle Solaris Perl Multiple Yes 9.8 Network Low None None Unchanged High High High 11.4 See Note 15
CVE-2015-7995 Oracle Solaris libxslt Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4, 11.3 See Note 16
CVE-2018-18506 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Unchanged High High High 11.4 See Note 17
CVE-2018-5745 Oracle Solaris BIND DNS Yes 7.5 Network Low None None Unchanged None None High 11.4, 10 See Note 18
CVE-2019-9208 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Unchanged None None High 11.4 See Note 19
CVE-2018-0734 Oracle Solaris MySQL Multiple No 7.1 Network Low Low None Unchanged High Low None 11.4 See Note 20
CVE-2018-0734 Oracle Solaris MySQL Multiple No 7.1 Network Low Low None Unchanged High Low None 11.4 See Note 21
CVE-2018-10194 Oracle Solaris Ghostscript Multiple No 7 Local High None Required Unchanged High High High 11.3  
CVE-2016-1549 Oracle Solaris NTP NTP No 6.5 Network Low Low None Unchanged None High None 11.4, 10 See Note 22
CVE-2018-5741 Oracle Solaris BIND DNS No 6.5 Network Low Low None Unchanged None High None 11.4, 10  
CVE-2018-14404 Oracle Solaris libxml2 Multiple Yes 6.5 Network Low None Required Unchanged None None High 11.4, 10  
CVE-2019-1559 Oracle Solaris OpenSSL SSL/TLS Yes 5.9 Network High None None Unchanged High None None 11.4, 11.3, 10  
CVE-2018-17189 Oracle Solaris Apache HTTP server HTTP Yes 4.3 Network Low None Required Unchanged None None Low 11.4 See Note 23
CVE-2018-17189 Oracle Solaris Apache HTTP server HTTP Yes 4.3 Network Low None Required Unchanged None None Low 11.4  
CVE-2017-16879 Oracle Solaris ncurses None No 3.3 Local Low None Required Unchanged None None Low 11.4 See Note 24

Notes:

  • 1. This fix also addresses CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820.
  • 2. This fix also addresses CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820.
  • 3. This fix also addresses CVE-2018-20662 CVE-2019-10873 CVE-2019-7310 CVE-2019-9200 CVE-2019-9631.
  • 4. This fix also addresses CVE-2019-9937.
  • 5. This fix also addresses CVE-2018-18509 CVE-2019-5785.
  • 6. This fix also addresses CVE-2016-5824 CVE-2017-16541 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12391 CVE-2018-12392 CVE-2018-12393 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18499 CVE-2018-18500 CVE-2018-18501 CVE-2018-18512 CVE-2018-18513 CVE-2018-5156 CVE-2018-5187.
  • 7. This fix also addresses CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234.
  • 8. This fix also addresses CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813.
  • 9. This fix also addresses CVE-2019-9813.
  • 10. This fix also addresses CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220.
  • 11. This fix also addresses CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-18309 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20002 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671.
  • 12. This fix also addresses CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10901 CVE-2019-10903.
  • 13. This fix also addresses CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-12641 CVE-2018-12697 CVE-2018-12698 CVE-2018-12699 CVE-2018-12700 CVE-2018-12934 CVE-2018-13033 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17794 CVE-2018-6759 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2018-9138 CVE-2018-9996.
  • 14. This fix also addresses CVE-2018-1116.
  • 15. This fix also addresses CVE-2018-18313 CVE-2018-18314.
  • 16. This fix also addresses CVE-2015-9019 CVE-2016-1683 CVE-2016-1684 CVE-2016-4607 CVE-2016-4610 CVE-2017-5029.
  • 17. This fix also addresses CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801.
  • 18. This fix also addresses CVE-2018-5744 CVE-2019-6465.
  • 19. This fix also addresses CVE-2019-9209.
  • 20. This fix also addresses CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-2537.
  • 21. This fix also addresses CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2503 CVE-2019-2507 CVE-2019-2529 CVE-2019-2531 CVE-2019-2534 CVE-2019-2537.
  • 22. This fix also addresses CVE-2018-7170.
  • 23. This fix also addresses CVE-2018-17199 CVE-2019-0190.
  • 24. This fix also addresses CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734.