No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Oracle Solaris Third Party Bulletin - July 2020

 

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.

 

Patch Availability

Please see My Oracle Support Note 1448883.1

 

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 20 October 2020
  • 19 January 2021
  • 20 April 2021
  • 20 July 2021

References

 

Modification History

Date Note
2020-September-15 Rev 3. Added CVEs fixed in Solaris 11.4 SRU 25
2020-August-18 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 24
2020-July-14 Rev 1. Initial Release with all CVEs fixed in Solaris 11.3 LSU 36.21 and Solaris 11.4 SRU 23

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 60 new security patches for the Oracle Solaris Operating System.  47 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 3: Published on 2020-09-15

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-11984 Oracle Solaris Apache HTTP server HTTP Yes 9.8 Network Low None None Un
changed
High High High 11.4, 10 See
Note 1
CVE-2020-12417 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 2
CVE-2020-12417 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 3
CVE-2020-15659 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 4
CVE-2020-15659 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 5
CVE-2019-11048 Oracle Solaris PHP Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2019-20907 Oracle Solaris Python Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-11080 Oracle Solaris Nghttp2 HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-8620 Oracle Solaris BIND Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4, 10  
CVE-2020-11996 Oracle Solaris Apache Tomcat HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-13934 Oracle Solaris Apache Tomcat HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 6
CVE-2020-15466 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-17498 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-1967 Oracle Solaris MySQL 5.6 Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 7
CVE-2020-1967 Oracle Solaris MySQL 5.7 Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 8
CVE-2020-15389 Oracle Solaris OpenJPEG Multiple Yes 7 Network High None None Un
changed
Low Low High 11.4  
CVE-2019-14868 Oracle Solaris KornShell None No 7 Local High Low None Un
changed
High High High 11.4  
CVE-2020-13962 Oracle Solaris Qt Toolkit Multiple Yes 5.3 Network Low None None Un
changed
None None Low 11.4  
CVE-2020-17507 Oracle Solaris Qt Toolkit Multiple Yes 5.3 Network Low None None Un
changed
None None Low 11.4  

Revision 2: Published on 2020-08-18

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-13630 Oracle Solaris SQLite3 Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 9
CVE-2019-11745 Oracle Solaris Netscape Security Services Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 10
CVE-2020-11793 Oracle Solaris WebKitGTK Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-3895 Oracle Solaris WebKitGTK Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 11
CVE-2020-3909 Oracle Solaris libxml2 Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 12
CVE-2019-18634 Oracle Solaris Sudo None No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2019-20044 Oracle Solaris Zsh None No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2019-14855 Oracle Solaris GnuPG None Yes 7.5 Network Low None None Un
changed
High None None 11.4  
CVE-2019-17040 Oracle Solaris Rsyslog Syslog Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 13
CVE-2019-9232 Oracle Solaris Firefox Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 14
CVE-2019-9232 Oracle Solaris Thunderbird Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 15
CVE-2020-11008 Oracle Solaris Git Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 16
CVE-2020-11868 Oracle Solaris ntpd NTP Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 17
CVE-2020-5260 Oracle Solaris Git Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4  
CVE-2020-10108 Oracle Solaris Twisted Web Multiple Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4 See
Note 18
CVE-2020-10663 Oracle Solaris Ruby Multiple Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4 See
Note 19
CVE-2019-18348 Oracle Solaris Python 2.7 Multiple Yes 6.5 Network Low None None Un
changed
Low Low None 11.4, 10 See
Note 20
CVE-2019-18348 Oracle Solaris Python Multiple Yes 6.5 Network Low None None Un
changed
Low Low None 11.4 See
Note 21
CVE-2020-11736 Oracle Solaris GNOME Archive Manager Multiple Yes 6.5 Network Low None Required Un
changed
High None None 11.4  
CVE-2020-2780 Oracle Solaris MySQL 5.6 Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 22
CVE-2020-2780 Oracle Solaris MySQL 5.7 Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 23
CVE-2020-8492 Oracle Solaris Python Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4 See
Note 24
CVE-2019-1010180 Oracle Solaris GNU Debugger (GDB) None No 6.1 Local Low None Required Un
changed
High None Low 11.4  
CVE-2019-11358 Oracle Solaris RabbitMQ Multiple Yes 6.1 Network Low None Required Changed Low Low None 11.4  
CVE-2020-11022 Oracle Solaris JQuery Multiple Yes 6.1 Network Low None Required Changed Low Low None 11.4 See
Note 25
CVE-2020-9366 Oracle Solaris GNU Screen None No 6.1 Local Low None Required Changed Low Low Low 11.4  
CVE-2019-2007 Oracle Solaris Vim None No 6 Local Low High None Un
changed
None High High 11.4 See
Note 26
CVE-2020-1945 Oracle Solaris Apache Ant None No 5.9 Local Low None None Un
changed
Low Low Low 11.4  
CVE-2020-6750 Oracle Solaris GLib Multiple Yes 5.9 Network High None None Un
changed
High None None 11.4  
CVE-2020-8618 Oracle Solaris BIND DNS No 4.9 Network Low High None Un
changed
None None High 11.4, 10 See
Note 27
CVE-2020-13645 Oracle Solaris GLib TLS Yes 4.8 Network High None None Un
changed
Low Low None 11.4  
CVE-2019-5068 Oracle Solaris Mesa None No 4.4 Local Low Low None Un
changed
Low Low None 11.4  
CVE-2019-14834 Oracle Solaris dnsmasq Multiple Yes 3.7 Network High None None Un
changed
None None Low 11.4  
CVE-2019-11291 Oracle Solaris RabbitMQ None No 3.5 Network Low High Required Un
changed
Low Low None 11.4  

Revision 1: Published on 2020-07-14

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-1747 Oracle Solaris PyYAML Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2020-12762 Oracle Solaris JSON-C None No 7.8 Local Low None Required Un
changed
High High High 11.4  
CVE-2020-12137 Oracle Solaris Mailman Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4  
CVE-2020-12399 Oracle Solaris Firefox Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 28
CVE-2020-12398 Oracle Solaris Thunderbird Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 29
CVE-2018-13796 Oracle Solaris Mailman Multiple Yes 6.5 Network Low None Required Un
changed
None High None 11.4 See
Note 30
CVE-2020-12108 Oracle Solaris Mailman Multiple Yes 6.5 Network Low None Required Un
changed
None High None 11.4  

Notes:

1. This patch also addresses CVE-2020-11985 CVE-2020-11993 CVE-2020-9490.

2. This patch also addresses CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421.

3. This patch also addresses CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421.

4. This patch also addresses CVE-2020-15652 CVE-2020-6463 CVE-2020-6514.

5. This patch also addresses CVE-2020-15652 CVE-2020-6463 CVE-2020-6514.

6. This patch also addresses CVE-2020-13935.

7. This patch also addresses CVE-2020-14539 CVE-2020-14550 CVE-2020-14559.

8. This patch also addresses CVE-2020-14539 CVE-2020-14540 CVE-2020-14547 CVE-2020-14550 CVE-2020-14553 CVE-2020-14559 CVE-2020-14576.

9. This patch also addresses CVE-2020-13434 CVE-2020-13435 CVE-2020-13631 CVE-2020-13632.

10. This patch also addresses CVE-2019-11756.

11. This patch also addresses CVE-2020-3885 CVE-2020-3894 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902.

12. This patch also addresses CVE-2020-3910 CVE-2020-3911.

13. This patch also addresses CVE-2019-17041 CVE-2019-17042.

14. This patch also addresses CVE-2019-9235 CVE-2019-9325 CVE-2019-9371.

15. This patch also addresses CVE-2019-9235 CVE-2019-9325 CVE-2019-9371.

16. This patch also addresses CVE-2020-5260.

17. This patch also addresses CVE-2018-8956 CVE-2020-13817.

18. This patch also addresses CVE-2020-10109.

19. This patch also addresses CVE-2020-10933.

20. This patch also addresses CVE-2016-10739 CVE-2019-9740 CVE-2019-9947.

21. This patch also addresses CVE-2016-10739 CVE-2019-9740 CVE-2019-9947.

22. This patch also addresses CVE-2020-2752 CVE-2020-2763 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2922.

23. This patch also addresses CVE-2020-2572 CVE-2020-2584 CVE-2020-2660 CVE-2020-2760 CVE-2020-2763 CVE-2020-2765 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2922.

24. This patch also addresses CVE-2020-8315.

25. This patch also addresses CVE-2020-11023.

26. This patch also addresses CVE-2019-20079.

27. This patch also addresses CVE-2020-8619.

28. This patch also addresses CVE-2020-12405 CVE-2020-12406 CVE-2020-12410.

29. This patch also addresses CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410.

30. This patch also addresses CVE-2020-12108.