No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Oracle Solaris Third Party Bulletin - April 2020

 

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.

 

Patch Availability

Please see My Oracle Support Note 1448883.1

 

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 14 July 2020
  • 13 October 2020
  • 19 January 2021
  • 13 April 2021

References

 

Modification History

Date Note
2020-June-16 Rev 3. Added CVEs fixed in Solaris 11.4 SRU 22
2020-May-19 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 21
2020-April-14 Rev 1. Initial Release with all CVEs fixed in Solaris 11.4 SRU 20

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 75 new security patches for the Oracle Solaris Operating System. 58 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 3: Published on 2020-06-16

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-12519 Oracle Solaris Squid HTTP Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2020-11656 Oracle Solaris SQLite Multiple No 8.8 Network Low Low None Un
changed
High High High 11.4  
CVE-2020-12388 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-12395 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-6825 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-6825 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-7065 Oracle Solaris PHP Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-8616 Oracle Solaris Bind Multiple Yes 8.6 Network Low None None Changed None None High 11.4, 10  
CVE-2020-11647 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-12243 Oracle Solaris OpenLDAP LDAP Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-12767 Oracle Solaris libexif Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-13164 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-9484 Oracle Solaris Apache Tomcat Multiple No 7 Local High Low None Un
changed
High High High 11.4  
CVE-2020-1934 Oracle Solaris Apache HTTP server HTTP Yes 6.5 Network Low None None Un
changed
Low Low None 11.4, 10  
CVE-2020-9327 Oracle Solaris SQLite Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4  

Revision 2: Published on 2020-05-19

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2017-18342 Oracle Solaris PyYAML Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 1
CVE-2017-5645 Oracle Solaris Apache Ant Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2019-1010238 Oracle Solaris GNOME Pango Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2019-15605 Oracle Solaris Node.js HTTP Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 2
CVE-2019-9636 Oracle Solaris Python HTTP Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2020-7471 Oracle Solaris Django HTTP Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2020-9402 Oracle Solaris Django HTTP Yes 9.1 Network Low None None Un
changed
High High None 11.4  
CVE-2019-8720 Oracle Solaris WebKitGTK HTTP Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2019-9278 Oracle Solaris libexif Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-3864 Oracle Solaris WebKitGTK Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 3
CVE-2020-9273 Oracle Solaris ProFTPD FTP No 8.8 Network Low Low None Un
changed
High High High 11.4  
CVE-2019-16789 Oracle Solaris Waitress HTTP Yes 8.2 Network Low None None Un
changed
Low High None 11.4  
CVE-2017-6363 Oracle Solaris LibGD Multiple Yes 8.1 Network Low None Required Un
changed
High None High 11.4  
CVE-2019-12526 Oracle Solaris Squid HTTP Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 4
CVE-2020-9308 Oracle Solaris libarchive Multiple Yes 7.6 Network Low None Required Un
changed
Low Low High 11.4  
CVE-2015-9541 Oracle Solaris Qt Toolkit Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2017-15041 Oracle Solaris GCC Go Multiple Yes 7.5 Network Low None None Un
changed
None High None 11.4 See
Note 5
CVE-2018-12120 Oracle Solaris Node.js Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 6
CVE-2019-12528 Oracle Solaris Squid Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 7
CVE-2019-14907 Oracle Solaris Samba Multiple Yes 7.5 Network Low None None Un
changed
None None High , 10 See
Note 8
CVE-2019-16785 Oracle Solaris Waitress Multiple Yes 7.5 Network Low None None Un
changed
None High None 11.4 See
Note 9
CVE-2019-16792 Oracle Solaris Waitress HTTP Yes 7.5 Network Low None None Un
changed
None High None 11.4  
CVE-2019-19956 Oracle Solaris libxml2 Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2019-20454 Oracle Solaris PCRE Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2019-6977 Oracle Solaris LibGD Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 10
CVE-2019-9512 Oracle Solaris GCC Go HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 11
CVE-2019-9928 Oracle Solaris GStreamer RTSP Yes 7.5 Network High None Required Un
changed
High High High 11.4  
CVE-2020-10018 Oracle Solaris WebKitGTK Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-0569 Oracle Solaris Qt Toolkit None No 7.3 Local Low Low Required Un
changed
High High High 11.4 See
Note 12
CVE-2019-15690 Oracle Solaris VNC RFB No 7.2 Network Low High None Un
changed
High High High 11.4  
CVE-2019-3855 Oracle Solaris libssh2 SSH Yes 6.8 Network High None Required Un
changed
None High High 11.4 See
Note 13
CVE-2020-2579 Oracle Solaris MySQL Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 14
CVE-2019-19317 Oracle Solaris SQLite Multiple No 6.3 Network Low Low None Un
changed
Low Low Low 11.4 See
Note 15
CVE-2019-19244 Oracle Solaris SQLite Multiple Yes 5.9 Network High None None Un
changed
None None High 11.4  
CVE-2019-19948 Oracle Solaris ImageMagick Multiple Yes 5.9 Network High None None Un
changed
None None High 11.4 See
Note 16
CVE-2020-2570 Oracle Solaris MySQL Multiple Yes 5.9 Network High None None Un
changed
None None High 11.4 See
Note 17
CVE-2019-20433 Oracle Solaris GNU Aspell None No 5.8 Local High Low None Un
changed
Low Low High 11.4  
CVE-2019-15890 Oracle Solaris QEMU None No 5.6 Local High Low None Changed None None High 11.4  
CVE-2017-18248 Oracle Solaris Common Unix Printing System (CUPS) Multiple No 5.3 Network High Low None Un
changed
None None High 11.4  
CVE-2018-12121 Oracle Solaris Node.js Multiple Yes 5.3 Network Low None None Un
changed
None None Low 11.4 See
Note 18
CVE-2019-10218 Oracle Solaris Samba Multiple Yes 5.3 Network High None Required Un
changed
None High None , 10 See
Note 19
CVE-2019-1551 Oracle Solaris OpenSSL Multiple Yes 5.3 Network Low None None Un
changed
Low None None , 10  
CVE-2018-18751 Oracle Solaris Gnu gettext None No 4 Local Low None None Un
changed
Low None None 11.4 See
Note 20
CVE-2019-8675 Oracle Solaris Common Unix Printing System (CUPS) SNMP No 3.5 Adjacent
Network
Low Low None Un
changed
None None Low 11.4 See
Note 21
CVE-2019-14249 Oracle Solaris libdwarf None No 3.3 Local Low Low None Un
changed
None None Low 11.4  
CVE-2019-19308 Oracle Solaris gnome-font-viewer None No 3.3 Local Low None Required Un
changed
None None Low 11.4  
CVE-2018-3639 Oracle Solaris Firefox Multiple No 0 Network High Low None Un
changed
None None None 11.4  

Revision 1: Published on 2020-04-14

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2018-16301 Oracle Solaris Libpcap Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 22
CVE-2019-17569 Oracle Solaris Apache Tomcat Multiple Yes 8.6 Network Low None None Un
changed
High Low Low , 10 See
Note 23
CVE-2019-6477 Oracle Solaris Bind DNS Yes 7.5 Network Low None None Un
changed
None None High 10  
CVE-2020-6851 Oracle Solaris OpenJPEG Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-9428 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 24
CVE-2020-7061 Oracle Solaris PHP Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 25
CVE-2020-6814 Oracle Solaris Firefox Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 26
CVE-2020-6814 Oracle Solaris Thunderbird Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 27
CVE-2019-19232 Oracle Solaris Sudo None No 7 Local High Low None Un
changed
High High High 11.4 See
Note 28
CVE-2020-8112 Oracle Solaris OpenJPEG Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4  
CVE-2019-15164 Oracle Solaris Libpcap Multiple Yes 5.9 Network High None None Un
changed
None High None 11.4  
CVE-2019-13038 Oracle Solaris mod_auth_mellon HTTP Yes 5.4 Network Low None Required Un
changed
Low Low None 11.4  
CVE-2018-10103 Oracle Solaris TCPdump Multiple Yes 5.3 Network Low None None Un
changed
None None Low 11.4 See
Note 29

Notes:

1. This patch also addresses CVE-2019-20477.

2. This patch also addresses CVE-2019-15604 CVE-2019-15606.

3. This patch also addresses CVE-2020-3862 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868.

4. This patch also addresses CVE-2019-12523 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860.

5. This patch also addresses CVE-2017-15042 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-14809.

6. This patch also addresses CVE-2018-0734 CVE-2018-0735 CVE-2018-12116 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-5407.

7. This patch also addresses CVE-2020-8449 CVE-2020-8450 CVE-2020-8517.

8. This patch also addresses CVE-2019-14902 CVE-2019-19344.

9. This patch also addresses CVE-2019-16786 CVE-2020-5236.

10. This patch also addresses CVE-2018-14553.

11. This patch also addresses CVE-2019-9514.

12. This patch also addresses CVE-2020-0570.

13. This patch also addresses CVE-2019-13115 CVE-2019-17498.

14. This patch also addresses CVE-2020-2574 CVE-2020-2790.

15. This patch also addresses CVE-2019-19242 CVE-2019-19244 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218.

16. This patch also addresses CVE-2019-19949 CVE-2019-19952.

17. This patch also addresses CVE-2020-2572 CVE-2020-2573 CVE-2020-2577 CVE-2020-2584 CVE-2020-2589 CVE-2020-2660.

18. This patch also addresses CVE-2019-1559 CVE-2019-5737 CVE-2019-5739.

19. This patch also addresses CVE-2019-14833 CVE-2019-14847.

20. This patch also addresses CVE-2019-9740.

21. This patch also addresses CVE-2019-8696.

22. This patch also addresses CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15165.

23. This patch also addresses CVE-2020-1935 CVE-2020-1938.

24. This patch also addresses CVE-2020-9429 CVE-2020-9430 CVE-2020-9431.

25. This patch also addresses CVE-2020-7062 CVE-2020-7063.

26. This patch also addresses CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812.

27. This patch also addresses CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812.

28. This patch also addresses CVE-2019-19234.

29. This patch also addresses CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166.