No results found

Your search did not match any results.

We suggest you try the following to help find what you're looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.

 

Trending Questions

Oracle Solaris Third Party Bulletin - October 2017

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin fixes as soon as possible.

Patch Availability

Please see My Oracle Support Note 1448883.1

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 16 January 2018
  • 17 April 2018
  • 17 July 2018
  • 16 October 2018

References

Modification History

2017-December-18 Rev 3. Added all CVEs fixed in Solaris 11.3 SRU 27
2017-November-16 Rev 2. Added all CVEs fixed in Solaris 11.3 SRU 26
2017-October-17 Rev 1. Initial Release with all CVEs fixed in Solaris 11.3 SRU 25

Oracle Solaris Executive Summary

This Third Party Bulletin contains 53 new security fixes for Oracle Solaris. 31 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 3: Published on 2017-12-18

CVE# Product ThirdParty­Component Protocol Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Attack Vector Attack Complexity Privs­Req'd User Interact Scope Confid­entiality Inte­grity Avail­ability
CVE-2016-9534SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2016-9535SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2016-9536SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2016-9537SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2016-9538SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2016-9539SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2016-9540SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2017-5225SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2017-5563SolarisLibTIFFMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2017-7828SolarisFirefoxMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3SeeNote 15
CVE-2017-7828SolarisThunderbirdMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3SeeNote 15
CVE-2017-13704SolarisDNSmasqMultipleYes8.2NetworkLowNoneNoneUnchangedLowNoneHigh11.3SeeNote 14
CVE-2016-9318SolarisLibxml2NoneNo7.8LocalLowNoneRequiredUnchangedHighHighHigh11.3 
CVE-2017-13089SolarisWgetNoneNo7.8LocalLowNoneRequiredUnchangedHighHighHigh11.3, 10SeeNote 17
CVE-2016-9533SolarisLibTIFFMultipleYes7.5NetworkHighNoneRequiredUnchangedHighHighHigh11.3 
CVE-2017-10314SolarisMySQLMultipleYes7.5NetworkLowNoneNoneUnchangedNoneNoneHigh11.3SeeNote 16
CVE-2017-10989SolarisSQLite3MultipleYes7.3NetworkLowNoneNoneUnchangedLowLowLow11.3 
CVE-2016-10092SolarisLibTIFFNoneNo7LocalHighNoneRequiredUnchangedHighHighHigh11.3, 10SeeNote 11
CVE-2015-8870SolarisLibTIFFMultipleYes6.8NetworkHighNoneRequiredUnchangedHighNoneHigh11.3, 10 
CVE-2017-10378SolarisMySQLMultipleNo6.5NetworkLowLowNoneUnchangedHighNoneNone11.3SeeNote 13
CVE-2017-16548SolarisRSYNCMultipleNo6.5NetworkLowLowNoneUnchangedNoneNoneHigh11.3 
CVE-2017-5969SolarisLibxml2NoneNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh11.3 
CVE-2017-9526SolarisLibgcryptNoneNo5.5LocalLowLowNoneUnchangedHighNoneNone11.3SeeNote 12
CVE-2016-3186SolarisLibTIFFMultipleYes5.3NetworkLowNoneNoneUnchangedNoneNoneLow11.3 
CVE-2016-3619SolarisLibTIFFNoneYes5.3NetworkLowNoneNoneUnchangedNoneNoneLow11.3SeeNote 9
CVE-2016-5102SolarisLibTIFFNoneYes5.3NetworkLowNoneNoneUnchangedNoneNoneLow11.3, 10 
CVE-2017-6508SolarisWgetMultipleYes5.3NetworkLowNoneNoneUnchangedNoneLowNone11.3, 10 
CVE-2014-8127SolarisLibTIFFNoneNo3.3LocalLowNoneRequiredUnchangedNoneNoneLow11.3, 10SeeNote 10
CVE-2016-9273SolarisLibTIFFNoneNo3.3LocalLowNoneRequiredUnchangedNoneNoneLow11.3, 10 
CVE-2016-9297SolarisLibTIFFNoneNo3.3LocalLowNoneRequiredUnchangedNoneNoneLow11.3, 10 
CVE-2016-9532SolarisLibTIFFNoneNo3.3LocalLowNoneRequiredUnchangedNoneNoneLow11.3, 10 
CVE-2017-9117SolarisLibTIFFNoneNo3.3LocalLowNoneRequiredUnchangedNoneNoneLow11.3 

Revision 2: Published on 2017-11-16

CVE# Product ThirdParty­Component Protocol Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Attack Vector Attack Complexity Privs­Req'd User Interact Scope Confid­entiality Inte­grity Avail­ability
CVE-2017-13026SolarisTCPdumpMultipleYes9.8NetworkLowNoneNoneUnchangedHighHighHigh11.3SeeNote 8
CVE-2017-6257SolarisNVIDIA-GFX Kernel driverNoneNo8.8LocalLowLowNoneChangedHighHighHigh11.3 
CVE-2017-7823SolarisThunderbirdMultipleYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh11.3SeeNote 2
CVE-2017-12617SolarisApache TomcatMultipleYes8.1NetworkHighNoneNoneUnchangedHighHighHigh11.3 
CVE-2017-15191SolarisWiresharkMultipleYes7.5NetworkLowNoneNoneUnchangedNoneNoneHigh11.3SeeNote 7
CVE-2017-
1000083
SolarisEvinceMultipleYes7.1NetworkLowNoneRequiredChangedLowLowLow11.3, 10 
CVE-2017-6266SolarisNVIDIA-GFX Kernel driverNoneNo6.5LocalLowLowNoneChangedNoneNoneHigh11.3 
CVE-2017-6267SolarisNVIDIA-GFX Kernel driverNoneNo6.5LocalLowLowNoneChangedNoneNoneHigh11.3 
CVE-2017-6259SolarisNVIDIA-GFX Kernel driverMultipleYes6.1NetworkHighNoneRequiredChangedNoneNoneHigh11.3 
CVE-2017-3735SolarisOpenSSLSSL/TLSYes5.3NetworkLowNoneNoneUnchangedNoneLowNone11.3, 10 
CVE-2017-14989SolarisImageMagickNoneNo4.4LocalHighLowRequiredUnchangedNoneNoneHigh11.3, 10 

Revision 1: Published on 2017-10-17

CVE# Product ThirdParty­Component Protocol Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Attack Vector Attack Complexity Privs­Req'd User Interact Scope Confid­entiality Inte­grity Avail­ability
CVE-2017-14482SolarisGNU EmacsMultipleYes8.1NetworkHighNoneNoneUnchangedHighHighHigh11.3 
CVE-2017-12151SolarisSambaSMBNo8.1Adjacent­NetworkLowNoneNoneUnchangedHighHighNone11.3, 10See Note 3
CVE-2017-7674SolarisApache TomcatMultipleYes7.5NetworkHighNoneRequiredUnchangedHighHighHigh11.3See Note 1
CVE-2017-13765SolarisWiresharkMultipleYes7.5NetworkLowNoneNoneUnchangedNoneNoneHigh11.3See Note 6
CVE-2017-7823SolarisFirefoxMultipleYes7.5NetworkHighNoneRequiredUnchangedHighHighHigh11.3See Note 2
CVE-2016-6313SolarislibgcryptMultipleNo6.8NetworkLowLowRequiredUnchangedLowHighLow11.3 
CVE-2017-3651SolarisMySQLMultipleNo6.5NetworkLowLowNoneUnchangedNoneNoneHigh11.3See Note 5
CVE-2017-3651SolarisMySQLNoneNo5.3LocalLowLowNoneUnchangedLowLowLow11.3See Note 4
CVE-2017-7526SolarisLibgcryptNoneNo4.6LocalHighHighRequiredUnchangedHighLowNone11.3 
CVE-2015-7511SolarislibgcryptNoneNo2PhysicalHighNoneNoneUnchangedLowNoneNone11.3 

Notes:

  1. This fix also addresses CVE-2017-7675.
  2. This fix also addresses CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7824 CVE-2017-7825.
  3. This fix also addresses CVE-2017-12150 CVE-2017-12163.
  4. This fix also addresses CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3652 CVE-2017-3653, CVE-2016-3492, CVE-2016-5584, CVE-2016-5612, CVE-2016-5616, CVE-2016-5617, CVE-2016-5624, CVE-2016-5629, CVE-2016-6662, CVE-2016-7440, CVE-2016-8283.
  5. This fix also addresses CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3652 CVE-2017-3653 CVE-2017-3732, CVE-2016-8318, CVE-2017-3238, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3265, CVE-2017-3273, CVE-2017-3291, CVE-2017-3312.
  6. This fix also addresses CVE-2017-13766 CVE-2017-13767.
  7. This fix also addresses CVE-2017-15189 CVE-2017-15190 CVE-2017-15192 CVE-2017-15193.
  8. This fix also addresses CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725.
  9. This fix also addresses CVE-2016-3620 CVE-2016-3621 CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625 CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5318 CVE-2016-5319 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5875 CVE-2016-6223.
  10. This fix also addresses CVE-2014-8128 CVE-2014-8129 CVE-2014-8130.
  11. This fix also addresses CVE-2016-10093 CVE-2016-10094 CVE-2016-10095 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602.
  12. This fix also addresses CVE-2017-0379.
  13. This fix also addresses CVE-2017-10268 CVE-2017-10379 CVE-2017-10384 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653.
  14. This fix also addresses CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496.
  15. This fix also addresses CVE-2017-7826 CVE-2017-7830.
  16. This fix also addresses CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-3731.
  17. This fix also addresses CVE-2017-13090.