No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions
 

Oracle Solaris Third Party Bulletin - July 2021


Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.


Patch Availability

Please see My Oracle Support Note 1448883.1


Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 19 October 2021
  • 18 January 2022
  • 19 April 2022
  • 19 July 2022

References


Modification History

Date Note
2021-July-20 Rev 1. Initial Release with all CVEs fixed in Solaris 11.4 SRU 35. Solaris 11.3 ESU 36.26 released as well.

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 19 new security patches for the Oracle Solaris Operating System.  16 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 1: Published on 2021-07-20

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-18032 Oracle Solaris Graphviz HTTP Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2021-3520 Oracle Solaris LZ4 Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2021-32055 Oracle Solaris Mutt HTTP Yes 9.1 Network Low None None Un
changed
High None High 11.4  
CVE-2020-14387 Oracle Solaris rsync HTTP Yes 9.1 Network Low None None Un
changed
High High None 11.4  
CVE-2021-20240 Oracle Solaris GDK-PixBuf HTTP Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2021-29967 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 1
CVE-2021-29967 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 2
CVE-2021-3472 Oracle Solaris X.Org None No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2021-3560 Oracle Solaris Polkit None No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2021-27291 Oracle Solaris Pygments HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-20270 Oracle Solaris Pygments HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-28965 Oracle Solaris Ruby HTTP Yes 7.5 Network Low None None Un
changed
None High None 11.4  
CVE-2021-2307 Oracle Solaris MySQL Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 3
CVE-2021-31618 Oracle Solaris Apache HTTP server HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-3450 Oracle Solaris OpenSSL TLS Yes 7.4 Network High None None Un
changed
High High None 11.4 See
Note 4
CVE-2021-32052 Oracle Solaris Django HTTP Yes 7.4 Network High None None Un
changed
High High None 11.4  
CVE-2021-3449 Oracle Solaris OpenSSL TLS Yes 5.9 Network High None None Un
changed
None None High 11.4  
CVE-2021-33203 Oracle Solaris Django HTTP Yes 5.9 Network High None None Un
changed
None High None 11.4 See
Note 5
CVE-2021-3468 Oracle Solaris Avahi None No 5.5 Local Low Low None Un
changed
None None High 11.4  

Notes:

1. This patch also addresses CVE-2021-29951 CVE-2021-29964.

2. This patch also addresses CVE-2021-29951 CVE-2021-29956 CVE-2021-29957 CVE-2021-29964.

3. This patch also addresses CVE-2021-2146 CVE-2021-2154 CVE-2021-2162 CVE-2021-2166 CVE-2021-2169 CVE-2021-2171 CVE-2021-2174 CVE-2021-2179 CVE-2021-2180 CVE-2021-2194 CVE-2021-2226 CVE-2021-23841 CVE-2021-3449.

4. This patch also addresses CVE-2021-3449.

5. This patch also addresses CVE-2021-33571.