Oracle Solaris Third Party Bulletin

home nav

View Accounts

Back Oracle Account

Cloud Account Sign in to Cloud Sign Up for Free Cloud Tier

Contact Sales

No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

Check the spelling of your keyword search.
Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
Try one of the popular searches shown below.
Start a new search.

Oracle Solaris Third Party Bulletin - January 2016

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin fixes as soon as possible.

Patch Availability

Please see My Oracle Support Note 1448883.1

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

19 April 2016
19 July 2016
18 October 2016
17 January 2017

References

Oracle Critical Patch Updates and Security Alerts main page [ Oracle Technology Network ]
Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions [ CPU FAQ ]
Risk Matrix definitions [ Risk Matrix Definitions ]
Use of Common Vulnerability Scoring System (CVSS) by Oracle [ Oracle CVSS Scoring ]

Modification History

2016-April-12	Rev 5. Added multiple Samba CVEs
2016-March-18	Rev 4. Added all CVEs fixed in Solaris 11.3 SRU 6.5
2016-March-15	Rev 3. Added CVE-2016-1285, CVE-2016-1286
2016-February-19	Rev 2. Added all CVEs fixed in Solaris 11.3 SRU 5.6
2016-January-19	Rev 1. Initial Release

Oracle Solaris Executive Summary

This Third Party Bulletin contains 84 new security fixes for the Oracle Solaris. 69 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Oracle Solaris Risk Matrix

Revision 5: Published on 2016-04-12

CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)							Supported Versions Affected	Notes
CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	Base Score	Access Vector	Access Complexity	Authentication	Confidentiality	Integrity	Availability	Supported Versions Affected	Notes
CVE-2016-2118	Solaris	Multiple	Samba	Yes	6.8	Network	Medium	None	Partial+	Partial+	Partial+	11.3. 10
CVE-2016-2115	Solaris	Multiple	Samba	Yes	6.8	Network	Medium	None	Partial+	Partial+	Partial+	11.3. 10
CVE-2016-2111	Solaris	Multiple	Samba	Yes	4.3	Network	Medium	None	Partial+	None	None	11.3. 10
CVE-2016-2112	Solaris	Multiple	Samba	Yes	4.3	Network	Medium	None	None	Partial+	None	11.3, 10
CVE-2016-2110	Solaris	Multiple	Samba	Yes	4.3	Network	Medium	None	None	Partial	None	11.3. 10
CVE-2015-5370	Solaris	Multiple	Samba	Yes	4.3	Network	Medium	None	None	None	Partial+	11.3. 10

Revision 4: Published on 2016-03-18

CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)							Supported Versions Affected	Notes
CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	Base Score	Access Vector	Access Complexity	Authentication	Confidentiality	Integrity	Availability	Supported Versions Affected	Notes
CVE-2016-0799	Solaris	SSL/TLS	OpenSSL	Yes	10.0	Network	Low	None	Complete	Complete	Complete	10
CVE-2015-3280	Solaris	Multiple	OpenStack Compute (Nova)	No	6.8	Network	Low	Single	None	None	Complete	11.3
CVE-2015-5174	Solaris	Multiple	Apache Tomcat	Yes	6.8	Network	Medium	None	Partial	Partial	Partial	11.3, 10	See Note 2
CVE-2014-3636	Solaris	None	DBus	No	6.6	Local	Medium	Single	Complete	Complete	Complete	11.3	See Note 10
CVE-2015-7705	Solaris	Multiple	NTP	Yes	6.4	Network	Low	None	None	Partial	Partial	11.3, 10	See Note 3
CVE-2015-5252	Solaris	Multiple	Samba	Yes	5.0	Network	Low	None	None	Partial	None	11.3, 10
CVE-2016-0797	Solaris	SSL/TLS	OpenSSL	Yes	5.0	Network	Low	None	None	None	Partial	10
CVE-2015-5146	Solaris	Multiple	NTP	No	4.9	Adjacent Network	Medium	Single	Partial	Partial	Partial	11.3
CVE-2015-5299	Solaris	None	Samba	No	4.6	Local	Low	Single	Complete	None	None	11.3, 10
CVE-2015-5346	Solaris	None	Apache Tomcat	No	4.4	Local	Medium	None	Partial	Partial	Partial	11.3	See Note 8
CVE-2014-3566	Solaris	HTTP	Apache HTTP Server	Yes	4.3	Network	Medium	None	Partial	None	None	10
CVE-2015-3197	Solaris	SSL/TLS	OpenSSL	Yes	4.3	Network	Medium	None	Partial	None	None	10
CVE-2015-4000	Solaris	SSL/TLS	OpenSSL	Yes	4.3	Network	Medium	None	None	Partial	None	10
CVE-2015-3197	Solaris	SSL/TLS	Wanboot	Yes	4.3	Network	Medium	None	Partial	None	None	10
CVE-2016-0800	Solaris	SSL/TLS	OpenSSL	Yes	4.3	Network	Medium	None	Partial	None	None	10
CVE-2016-0703	Solaris	SSL/TLS	OpenSSL	Yes	4.3	Network	Medium	None	Partial	None	None	10
CVE-2016-0704	Solaris	SSL/TLS	OpenSSL	Yes	4.3	Network	Medium	None	Partial	None	None	10
CVE-2015-5296	Solaris	None	Samba	No	3.0	Local	Medium	Single	Partial+	Partial+	None	11.3, 10
CVE-2015-5300	Solaris	Multiple	NTP	Yes	2.6	Network	High	None	None	Partial	None	11.3, 10
CVE-2014-3533	Solaris	None	DBus	No	2.1	Local	Low	None	None	None	Partial	11.3	See Note 9
CVE-2016-2533	Solaris	None	Python Imaging Library (PIL)	No	2.1	Local	Low	None	None	None	Partial	11.3
CVE-2014-3532	Solaris	None	DBus	No	1.9	Local	Medium	None	None	None	Partial	11.3	See Note 11

Revision 3: Published on 2016-03-15

CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)							Supported Versions Affected	Notes
CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	Base Score	Access Vector	Access Complexity	Authentication	Confidentiality	Integrity	Availability	Supported Versions Affected	Notes
CVE-2016-1285	Solaris	Bind	Bind	Yes	5.0	Network	Low	None	None	None	Partial+	11.3, 10	See Note 1

Revision 2: Published on 2016-02-19

CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)							Supported Versions Affected	Notes
CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	Base Score	Access Vector	Access Complexity	Authentication	Confidentiality	Integrity	Availability	Supported Versions Affected	Notes
CVE-2015-3217	Solaris	Multiple	PCRE	Yes	9.3	Network	Medium	None	Complete	Complete	Complete	11.3	See Note 4
CVE-2012-2814	Solaris	Multiple	LibEXIF	Yes	7.5	Network	Low	None	Partial	Partial	Partial	10
CVE-2015-3144	Solaris	Multiple	libcurl	Yes	7.5	Network	Low	None	Partial	Partial	Partial	11.3
CVE-2015-3145	Solaris	Multiple	libcurl	Yes	7.5	Network	Low	None	Partial	Partial	Partial	11.3
CVE-2015-8557	Solaris	Multiple	Pygments	Yes	7.5	Network	Low	None	Partial	Partial	Partial	11.3
CVE-2004-0548	Solaris	Multiple	Aspell	No	7.2	Local	Low	None	Complete	Complete	Complete	10
CVE-2015-6564	Solaris	None	OpenSSH	No	6.9	Local	Medium	None	Complete	Complete	Complete	11.3
CVE-2013-6418	Solaris	Multiple	PYWBEM	Yes	5.8	Network	Medium	None	Partial	Partial	None	11.3	See Note 5
CVE-2015-8605	Solaris	Multiple	DHCP Server	No	5.7	Adjacent Network	Medium	None	None	None	Complete	11.3
CVE-2014-3566	Solaris	Multiple	OpenPegasus CIM Server	Yes	5.0	Network	Low	None	Partial	None	None	11.3
CVE-2014-0015	Solaris	Multiple	libcurl	Yes	5.0	Network	Low	None	None	Partial	None	11.3	See Note 6
CVE-2015-3148	Solaris	Multiple	libcurl	Yes	5.0	Network	Low	None	None	Partial	None	11.3
CVE-2015-3153	Solaris	Multiple	libcurl	Yes	5.0	Network	Low	None	Partial	None	None	11.3
CVE-2015-7995	Solaris	Multiple	libxslt	Yes	5.0	Network	Low	None	None	None	Partial	11.3
CVE-2015-3195	Solaris	SSL/TLS	WanBoot	Yes	5.0	Network	Low	None	Partial	None	None	10
CVE-2015-4000	Solaris	Multiple	Thunderbird	Yes	4.3	Network	Medium	None	None	Partial	None	11.3
CVE-2015-3236	Solaris	Multiple	libcurl	Yes	4.3	Network	Medium	None	Partial	None	None	11.3	See Note 7
CVE-2015-5352	Solaris	Multiple	OpenSSH	Yes	4.3	Network	Medium	None	None	Partial	None	11.3
CVE-2015-8733	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8711	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8712	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8713	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8714	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8715	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8716	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8717	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8718	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8719	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8720	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8721	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8722	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8723	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8724	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8725	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	Partial	None	11.3
CVE-2015-8726	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8727	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8728	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8729	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8730	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8731	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-8732	Solaris	Multiple	Wireshark	Yes	4.3	Network	Medium	None	None	None	Partial	11.3
CVE-2015-7942	Solaris	Multiple	libxml2	Yes	2.6	Network	High	None	None	None	Partial	11.3
CVE-2015-8241	Solaris	Multiple	libxml2	Yes	2.6	Network	High	None	None	None	Partial	11.3
CVE-2015-8242	Solaris	Multiple	libxml2	Yes	2.6	Network	High	None	None	None	Partial	11.3
CVE-2015-7498	Solaris	Multiple	libxml2	Yes	2.6	Network	High	None	Partial	None	None	11.3
CVE-2015-5312	Solaris	Multiple	libxml2	Yes	2.6	Network	High	None	None	None	Partial	11.3
CVE-2015-7499	Solaris	Multiple	libxml2	Yes	2.6	Network	High	None	None	None	Partial	11.3
CVE-2015-7500	Solaris	Multiple	libxml2	Yes	2.6	Network	High	None	None	None	Partial	11.3
CVE-2015-8317	Solaris	Multiple	libxml2	Yes	2.6	Network	High	None	None	None	Partial	11.3
CVE-2015-7497	Solaris	Multiple	libxml2	No	2.1	Network	High	Single	Partial	None	None	11.3
CVE-2015-6563	Solaris	None	OpenSSH	No	1.9	Local	Medium	None	None	Partial	None	11.3

Revision 1: Published on 2016-01-19

CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)							Supported Versions Affected	Notes
CVE#	Product	Protocol	Third Party component	Remote Exploit without Auth.?	Base Score	Access Vector	Access Complexity	Authentication	Confidentiality	Integrity	Availability	Supported Versions Affected	Notes
CVE-2015-8704	Solaris	Bind	Bind	No	6.8	Network	Low	Single	None	None	Complete	11.3, 10
CVE-2015-3194	Solaris	SSL/TLS	OpenSSL	Yes	5.0	Network	Low	None	None	None	Partial	11.3, 10
CVE-2015-3195	Solaris	SSL/TLS	OpenSSL	Yes	5.0	Network	Low	None	Partial	None	None	11.3, 10
CVE-2015-3196	Solaris	SSL/TLS	OpenSSL	Yes	4.3	Network	Medium	None	None	None	Partial	11.3, 10

Notes:

This fix also addresses CVE-2016-1286.
This fix also addresses CVE-2015-5345 CVE-2016-0706 CVE-2016-0714.
This fix also addresses CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158.
This fix also addresses CVE-2015-3210.
This fix also addresses CVE-2013-6444.
This fix also addresses CVE-2015-3143.
This fix also addresses CVE-2015-3237.
This fix also addresses CVE-2015-5351 CVE-2016-0763.
This fix also addresses CVE-2014-3532 CVE-2014-3635 CVE-2015-0245.
This fix also addresses CVE-2014-3532 CVE-2014-3635 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-7824 CVE-2015-0245.
This fix also addresses CVE-2014-3635 CVE-2015-0245.