No results found

Your search did not match any results.

Oracle Solaris Third Party Bulletin - October 2019

 

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.

 

Patch Availability

Please see My Oracle Support Note 1448883.1

 

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 14 January 2020
  • 14 April 2020
  • 14 July 2020
  • 13 October 2020

References

 

Modification History

Date Note
2019-October-15 Rev 1. Initial Release

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 28 new security patches for the Oracle Solaris Operating System.  19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 1: Published on 2019-10-15

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-2774 Oracle Solaris MySQL Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 1
CVE-2017-12652 Oracle Solaris libpng Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2017-12652 Oracle Solaris libpng Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2017-12652 Oracle Solaris libpng Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2019-11068 Oracle Solaris libxslt Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2019-11740 Oracle Solaris Firefox Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 2
CVE-2018-20174 Oracle Solaris rdesktop RDP Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 3
CVE-2019-12795 Oracle Solaris gvfs None No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2019-11739 Oracle Solaris Thunderbird None No 7.8 Local Low Low None Un
changed
High High High 11.4 See
Note 4
CVE-2018-11782 Oracle Solaris Apache Subversion Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 5
CVE-2019-10092 Oracle Solaris Apache HTTP server HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 6
CVE-2019-12293 Oracle Solaris Poppler None No 6.6 Local Low None Required Un
changed
Low Low High 11.4 See
Note 7
CVE-2019-16163 Oracle Solaris Oniguruma Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4 See
Note 8
CVE-2019-2730 Oracle Solaris MySQL Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 9
CVE-2019-14494 Oracle Solaris Poppler Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4 See
Note 10
CVE-2019-7663 Oracle Solaris LibTIFF Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4 See
Note 11
CVE-2019-9511 Oracle Solaris Nghttp2 Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 12
CVE-2019-11358 Oracle Solaris Django Multiple Yes 6.1 Network Low None Required Changed Low Low None 11.4  
CVE-2019-12973 Oracle Solaris OpenJPEG None No 5.5 Local Low None Required Un
changed
None None High 11.4 See
Note 13
CVE-2018-20843 Oracle Solaris libexpat Multiple Yes 5.3 Network Low None None Un
changed
None None Low 11.4  
CVE-2019-12308 Oracle Solaris Django Multiple Yes 5.3 Network Low None None Un
changed
Low None None 11.4 See
Note 14
CVE-2018-20852 Oracle Solaris Python Multiple Yes 5.3 Network Low None None Un
changed
Low None None 11.4  
CVE-2019-14232 Oracle Solaris Django Multiple Yes 5.3 Network Low None None Un
changed
Low None None 11.4 See
Note 15
CVE-2019-16319 Oracle Solaris Wireshark Multiple Yes 5.3 Network Low None None Un
changed
None None Low 11.4  
CVE-2018-17983 Oracle Solaris Mercurial None No 5.1 Local High None None Un
changed
None High None 11.4 See
Note 16
CVE-2018-0494 Oracle Solaris Wget Multiple Yes 4.3 Network Low None Required Un
changed
None Low None 10  
CVE-2018-12900 Oracle Solaris LibTIFF None No 3.3 Local Low None Required Un
changed
None None Low 11.4 See
Note 17
CVE-2019-6128 Oracle Solaris LibTIFF None No 3.3 Local Low None Required Un
changed
None None Low 11.4  

Notes:

1. This patch also addresses CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741 CVE-2019-2757 CVE-2019-2758 CVE-2019-2778 CVE-2019-2791 CVE-2019-2797 CVE-2019-2805 CVE-2019-2819 CVE-2019-3822.

2. This patch also addresses CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812.

3. This patch also addresses CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800.

4. This patch also addresses CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-9812.

5. This patch also addresses CVE-2019-0203.

6. This patch also addresses CVE-2019-10081 CVE-2019-10082 CVE-2019-10097 CVE-2019-10098 CVE-2019-9517.

7. This patch also addresses CVE-2019-11026 CVE-2019-14494.

8. This patch also addresses CVE-2019-13224 CVE-2019-13225.

9. This patch also addresses CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 CVE-2019-2819.

10. This patch also addresses CVE-2019-9959.

11. This patch also addresses CVE-2018-12900.

12. This patch also addresses CVE-2019-9513.

13. This patch also addresses CVE-2018-5727 CVE-2018-6616.

14. This patch also addresses CVE-2019-11358 CVE-2019-12781.

15. This patch also addresses CVE-2019-14233 CVE-2019-14234 CVE-2019-14235.

16. This patch also addresses CVE-2019-3902.

17. This patch also addresses CVE-2018-19210.