Your search did not match any results.
We suggest you try the following to help find what you’re looking for:
The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next monthly update.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin fixes as soon as possible.
Please see My Oracle Support Note 1448883.1
Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:
2016-April-12 | Rev 5. Added multiple Samba CVEs |
2016-March-18 | Rev 4. Added all CVEs fixed in Solaris 11.3 SRU 6.5 |
2016-March-15 | Rev 3. Added CVE-2016-1285, CVE-2016-1286 |
2016-February-19 | Rev 2. Added all CVEs fixed in Solaris 11.3 SRU 5.6 |
2016-January-19 | Rev 1. Initial Release |
This Third Party Bulletin contains 84 new security fixes for the Oracle Solaris. 69 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
CVE# | Product | Protocol | Third Party component | Remote Exploit without Auth.? | CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability | |||||||
CVE-2016-2118 | Solaris | Multiple | Samba | Yes | 6.8 | Network | Medium | None | Partial+ | Partial+ | Partial+ | 11.3. 10 | |
CVE-2016-2115 | Solaris | Multiple | Samba | Yes | 6.8 | Network | Medium | None | Partial+ | Partial+ | Partial+ | 11.3. 10 | |
CVE-2016-2111 | Solaris | Multiple | Samba | Yes | 4.3 | Network | Medium | None | Partial+ | None | None | 11.3. 10 | |
CVE-2016-2112 | Solaris | Multiple | Samba | Yes | 4.3 | Network | Medium | None | None | Partial+ | None | 11.3, 10 | |
CVE-2016-2110 | Solaris | Multiple | Samba | Yes | 4.3 | Network | Medium | None | None | Partial | None | 11.3. 10 | |
CVE-2015-5370 | Solaris | Multiple | Samba | Yes | 4.3 | Network | Medium | None | None | None | Partial+ | 11.3. 10 |
CVE# | Product | Protocol | Third Party component | Remote Exploit without Auth.? | CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability | |||||||
CVE-2016-0799 | Solaris | SSL/TLS | OpenSSL | Yes | 10.0 | Network | Low | None | Complete | Complete | Complete | 10 | |
CVE-2015-3280 | Solaris | Multiple | OpenStack Compute (Nova) | No | 6.8 | Network | Low | Single | None | None | Complete | 11.3 | |
CVE-2015-5174 | Solaris | Multiple | Apache Tomcat | Yes | 6.8 | Network | Medium | None | Partial | Partial | Partial | 11.3, 10 | See Note 2 |
CVE-2014-3636 | Solaris | None | DBus | No | 6.6 | Local | Medium | Single | Complete | Complete | Complete | 11.3 | See Note 10 |
CVE-2015-7705 | Solaris | Multiple | NTP | Yes | 6.4 | Network | Low | None | None | Partial | Partial | 11.3, 10 | See Note 3 |
CVE-2015-5252 | Solaris | Multiple | Samba | Yes | 5.0 | Network | Low | None | None | Partial | None | 11.3, 10 | |
CVE-2016-0797 | Solaris | SSL/TLS | OpenSSL | Yes | 5.0 | Network | Low | None | None | None | Partial | 10 | |
CVE-2015-5146 | Solaris | Multiple | NTP | No | 4.9 | Adjacent Network | Medium | Single | Partial | Partial | Partial | 11.3 | |
CVE-2015-5299 | Solaris | None | Samba | No | 4.6 | Local | Low | Single | Complete | None | None | 11.3, 10 | |
CVE-2015-5346 | Solaris | None | Apache Tomcat | No | 4.4 | Local | Medium | None | Partial | Partial | Partial | 11.3 | See Note 8 |
CVE-2014-3566 | Solaris | HTTP | Apache HTTP Server | Yes | 4.3 | Network | Medium | None | Partial | None | None | 10 | |
CVE-2015-3197 | Solaris | SSL/TLS | OpenSSL | Yes | 4.3 | Network | Medium | None | Partial | None | None | 10 | |
CVE-2015-4000 | Solaris | SSL/TLS | OpenSSL | Yes | 4.3 | Network | Medium | None | None | Partial | None | 10 | |
CVE-2015-3197 | Solaris | SSL/TLS | Wanboot | Yes | 4.3 | Network | Medium | None | Partial | None | None | 10 | |
CVE-2016-0800 | Solaris | SSL/TLS | OpenSSL | Yes | 4.3 | Network | Medium | None | Partial | None | None | 10 | |
CVE-2016-0703 | Solaris | SSL/TLS | OpenSSL | Yes | 4.3 | Network | Medium | None | Partial | None | None | 10 | |
CVE-2016-0704 | Solaris | SSL/TLS | OpenSSL | Yes | 4.3 | Network | Medium | None | Partial | None | None | 10 | |
CVE-2015-5296 | Solaris | None | Samba | No | 3.0 | Local | Medium | Single | Partial+ | Partial+ | None | 11.3, 10 | |
CVE-2015-5300 | Solaris | Multiple | NTP | Yes | 2.6 | Network | High | None | None | Partial | None | 11.3, 10 | |
CVE-2014-3533 | Solaris | None | DBus | No | 2.1 | Local | Low | None | None | None | Partial | 11.3 | See Note 9 |
CVE-2016-2533 | Solaris | None | Python Imaging Library (PIL) | No | 2.1 | Local | Low | None | None | None | Partial | 11.3 | |
CVE-2014-3532 | Solaris | None | DBus | No | 1.9 | Local | Medium | None | None | None | Partial | 11.3 | See Note 11 |
CVE# | Product | Protocol | Third Party component | Remote Exploit without Auth.? | CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability | |||||||
CVE-2016-1285 | Solaris | Bind | Bind | Yes | 5.0 | Network | Low | None | None | None | Partial+ | 11.3, 10 | See Note 1 |
CVE# | Product | Protocol | Third Party component | Remote Exploit without Auth.? | CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability | |||||||
CVE-2015-3217 | Solaris | Multiple | PCRE | Yes | 9.3 | Network | Medium | None | Complete | Complete | Complete | 11.3 | See Note 4 |
CVE-2012-2814 | Solaris | Multiple | LibEXIF | Yes | 7.5 | Network | Low | None | Partial | Partial | Partial | 10 | |
CVE-2015-3144 | Solaris | Multiple | libcurl | Yes | 7.5 | Network | Low | None | Partial | Partial | Partial | 11.3 | |
CVE-2015-3145 | Solaris | Multiple | libcurl | Yes | 7.5 | Network | Low | None | Partial | Partial | Partial | 11.3 | |
CVE-2015-8557 | Solaris | Multiple | Pygments | Yes | 7.5 | Network | Low | None | Partial | Partial | Partial | 11.3 | |
CVE-2004-0548 | Solaris | Multiple | Aspell | No | 7.2 | Local | Low | None | Complete | Complete | Complete | 10 | |
CVE-2015-6564 | Solaris | None | OpenSSH | No | 6.9 | Local | Medium | None | Complete | Complete | Complete | 11.3 | |
CVE-2013-6418 | Solaris | Multiple | PYWBEM | Yes | 5.8 | Network | Medium | None | Partial | Partial | None | 11.3 | See Note 5 |
CVE-2015-8605 | Solaris | Multiple | DHCP Server | No | 5.7 | Adjacent Network | Medium | None | None | None | Complete | 11.3 | |
CVE-2014-3566 | Solaris | Multiple | OpenPegasus CIM Server | Yes | 5.0 | Network | Low | None | Partial | None | None | 11.3 | |
CVE-2014-0015 | Solaris | Multiple | libcurl | Yes | 5.0 | Network | Low | None | None | Partial | None | 11.3 | See Note 6 |
CVE-2015-3148 | Solaris | Multiple | libcurl | Yes | 5.0 | Network | Low | None | None | Partial | None | 11.3 | |
CVE-2015-3153 | Solaris | Multiple | libcurl | Yes | 5.0 | Network | Low | None | Partial | None | None | 11.3 | |
CVE-2015-7995 | Solaris | Multiple | libxslt | Yes | 5.0 | Network | Low | None | None | None | Partial | 11.3 | |
CVE-2015-3195 | Solaris | SSL/TLS | WanBoot | Yes | 5.0 | Network | Low | None | Partial | None | None | 10 | |
CVE-2015-4000 | Solaris | Multiple | Thunderbird | Yes | 4.3 | Network | Medium | None | None | Partial | None | 11.3 | |
CVE-2015-3236 | Solaris | Multiple | libcurl | Yes | 4.3 | Network | Medium | None | Partial | None | None | 11.3 | See Note 7 |
CVE-2015-5352 | Solaris | Multiple | OpenSSH | Yes | 4.3 | Network | Medium | None | None | Partial | None | 11.3 | |
CVE-2015-8733 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8711 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8712 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8713 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8714 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8715 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8716 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8717 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8718 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8719 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8720 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8721 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8722 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8723 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8724 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8725 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | Partial | None | 11.3 | |
CVE-2015-8726 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8727 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8728 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8729 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8730 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8731 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-8732 | Solaris | Multiple | Wireshark | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3 | |
CVE-2015-7942 | Solaris | Multiple | libxml2 | Yes | 2.6 | Network | High | None | None | None | Partial | 11.3 | |
CVE-2015-8241 | Solaris | Multiple | libxml2 | Yes | 2.6 | Network | High | None | None | None | Partial | 11.3 | |
CVE-2015-8242 | Solaris | Multiple | libxml2 | Yes | 2.6 | Network | High | None | None | None | Partial | 11.3 | |
CVE-2015-7498 | Solaris | Multiple | libxml2 | Yes | 2.6 | Network | High | None | Partial | None | None | 11.3 | |
CVE-2015-5312 | Solaris | Multiple | libxml2 | Yes | 2.6 | Network | High | None | None | None | Partial | 11.3 | |
CVE-2015-7499 | Solaris | Multiple | libxml2 | Yes | 2.6 | Network | High | None | None | None | Partial | 11.3 | |
CVE-2015-7500 | Solaris | Multiple | libxml2 | Yes | 2.6 | Network | High | None | None | None | Partial | 11.3 | |
CVE-2015-8317 | Solaris | Multiple | libxml2 | Yes | 2.6 | Network | High | None | None | None | Partial | 11.3 | |
CVE-2015-7497 | Solaris | Multiple | libxml2 | No | 2.1 | Network | High | Single | Partial | None | None | 11.3 | |
CVE-2015-6563 | Solaris | None | OpenSSH | No | 1.9 | Local | Medium | None | None | Partial | None | 11.3 |
CVE# | Product | Protocol | Third Party component | Remote Exploit without Auth.? | CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability | |||||||
CVE-2015-8704 | Solaris | Bind | Bind | No | 6.8 | Network | Low | Single | None | None | Complete | 11.3, 10 | |
CVE-2015-3194 | Solaris | SSL/TLS | OpenSSL | Yes | 5.0 | Network | Low | None | None | None | Partial | 11.3, 10 | |
CVE-2015-3195 | Solaris | SSL/TLS | OpenSSL | Yes | 5.0 | Network | Low | None | Partial | None | None | 11.3, 10 | |
CVE-2015-3196 | Solaris | SSL/TLS | OpenSSL | Yes | 4.3 | Network | Medium | None | None | None | Partial | 11.3, 10 |