No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Oracle Solaris Third Party Bulletin - January 2020

 

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.

 

Patch Availability

Please see My Oracle Support Note 1448883.1

 

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 14 April 2020
  • 14 July 2020
  • 20 October 2020
  • 19 January 2021

References

 

Modification History

Date Note
2020-March-16 Rev 3. Added CVEs fixed in Solaris 11.4 SRU 19
2020-February-18 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 18
2020-January-14 Rev 1. Initial Release with all CVEs fixed in Solaris 11.4 SRU 17

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 33 new security patches for the Oracle Solaris Operating System.  22 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 3: Published on 2020-03-16

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-5313 Oracle Solaris Pillow Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 1
CVE-2019-1351 Oracle Solaris Git Multiple Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 2
CVE-2019-11044 Oracle Solaris PHP Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 3
CVE-2019-16201 Oracle Solaris Ruby Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 4
CVE-2019-19269 Oracle Solaris ProFTPD FTP Yes 7.5 Network Low None None Un
changed
None High None 11.4 See
Note 5
CVE-2020-6800 Oracle Solaris Firefox None Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 6
CVE-2020-6800 Oracle Solaris Thunderbird Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 7
CVE-2019-12387 Oracle Solaris Twisted Multiple Yes 7.4 Network High None None Un
changed
High High None 11.4 See
Note 8
CVE-2019-16056 Oracle Solaris Python Multiple Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4 See
Note 9
CVE-2019-18874 Oracle Solaris Python Process And System Utilities None No 7 Local High None Required Un
changed
High High High 11.4  
CVE-2019-16865 Oracle Solaris Pillow None No 5.5 Local Low None Required Un
changed
None None High 11.4  
CVE-2019-19221 Oracle Solaris Libarchive None No 5.5 Local Low None Required Un
changed
None None High 11.4  
CVE-2018-19844 Oracle Solaris Django Multiple No 4.8 Network Low High Required Changed Low Low None 11.4 See
Note 10
CVE-2019-16935 Oracle Solaris Python 3.5 Multiple Yes 4.7 Network Low None Required Changed None Low None 11.4  
CVE-2019-16935 Oracle Solaris Python 3.7 Multiple Yes 4.7 Network Low None Required Changed None Low None 11.4  
CVE-2019-16935 Oracle Solaris Python 3.4 Multiple Yes 4.7 Network Low None Required Changed None Low None 11.4  

Revision 2: Published on 2020-02-18

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-17017 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 11
CVE-2019-17026 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2019-16775 Oracle Solaris Node.js Multiple No 8.1 Network Low Low None Un
changed
High High None 11.4 See
Note 12
CVE-2019-17017 Oracle Solaris Firefox Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 13
CVE-2020-7044 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2019-12418 Oracle Solaris Apache Tomcat None No 7.4 Local High None None Un
changed
High High High 11.4 See
Note 14
CVE-2019-9072 Oracle Solaris GNU Binary Utilities Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4 See
Note 15
CVE-2019-16168 Oracle Solaris SQLite3 Multiple Yes 5.3 Network High None Required Un
changed
None None High 11.4  
CVE-2018-1122 Oracle Solaris Watch None No 4.8 Local Low Low Required Un
changed
Low Low Low 11.4 See
Note 16

Revision 1: Published on 2020-01-14

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-19012 Oracle Solaris Oniguruma Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 17
CVE-2019-17012 Oracle Solaris Firefox Multiple Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 18
CVE-2019-17012 Oracle Solaris Thunderbird Multiple Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 19
CVE-2019-5443 Oracle Solaris MySQL None No 7.8 Local Low Low None Un
changed
High High High 11.4 See
Note 20
CVE-2019-13057 Oracle Solaris OpenLDAP server LDAP Yes 7.4 Network High None None Un
changed
High High None 11.4 See
Note 21
CVE-2019-2911 Oracle Solaris MySQL Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 22
CVE-2018-15861 Oracle Solaris xkbcommon None No 3.3 Local Low None Required Un
changed
None None Low 11.4 See
Note 23
CVE-2019-19553 Oracle Solaris Wireshark None No 2.9 Local High None None Un
changed
None Low None 11.4  

Notes:

1. This patch also addresses CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312.

2. This patch also addresses CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604.

3. This patch also addresses CVE-2019-11044 CVE-2019-11045 CVE-2019-11047 CVE-2019-11049 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060.

4. This patch also addresses CVE-2019-15845 CVE-2019-16254 CVE-2019-16255.

5. This patch also addresses CVE-2019-19270.

6. This patch also addresses CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6800.

7. This patch also addresses CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800.

8. This patch also addresses CVE-2019-12855.

9. This patch also addresses CVE-2019-11340 CVE-2019-16056.

10. This patch also addresses CVE-2019-19844.

11. This patch also addresses CVE-2019-17015 CVE-2019-17016 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026.

12. This patch also addresses CVE-2019-16776 CVE-2019-16777.

13. This patch also addresses CVE-2019-17015 CVE-2019-17016 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024.

14. This patch also addresses CVE-2019-17563.

15. This patch also addresses CVE-2019-17450 CVE-2019-17451 CVE-2019-9073 CVE-2019-9074 CVE-2019-9075 CVE-2019-9076 CVE-2019-9077.

16. This patch also addresses CVE-2018-1124 CVE-2018-1126.

17. This patch also addresses CVE-2019-19012 CVE-2019-19204 CVE-2019-19246.

18. This patch also addresses CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011.

19. This patch also addresses CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011.

20. This patch also addresses CVE-2019-2910 CVE-2019-2911 CVE-2019-2914 CVE-2019-2922 CVE-2019-2923 CVE-2019-2924 CVE-2019-2938 CVE-2019-2946 CVE-2019-2960 CVE-2019-2974 CVE-2019-2993.

21. This patch also addresses CVE-2019-13565.

22. This patch also addresses CVE-2019-2910 CVE-2019-2922 CVE-2019-2923 CVE-2019-2924 CVE-2019-2974.

23. This patch also addresses CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864.