No results found

Your search did not match any results.

We suggest you try the following to help find what you're looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.

 

Trending Questions

Oracle Solaris Third Party Bulletin - October 2019


Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.


Patch Availability

Please see My Oracle Support Note 1448883.1


Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 14 January 2020
  • 14 April 2020
  • 14 July 2020
  • 13 October 2020

References


Modification History

Date Note
2019-November-19 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 15
2019-October-15 Rev 1. Initial Release with all CVEs fixed in Solaris 11.3 LSU 36.15 and Solaris 11.4 SRU 14

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 52 new security patches for the Oracle Solaris Operating System.  37 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 2: Published on 2019-11-19

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2018-14349 Oracle Solaris Mutt Multiple Yes 9.6 Network Low None Required Changed High High High 11.4 See
Note 1
CVE-2017-18266 Oracle Solaris xdg-utils MIME Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2018-1000041 Oracle Solaris librsvg Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2019-15903 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 2
CVE-2019-15903 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 3
CVE-2019-11459 Oracle Solaris Evince None No 7.8 Local Low Low None Un
changed
High High High 11.4 See
Note 4
CVE-2018-1000880 Oracle Solaris libarchive Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 5
CVE-2018-19052 Oracle Solaris lighttpd Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 6
CVE-2019-11596 Oracle Solaris Memcached Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 7
CVE-2019-9518 Oracle Solaris Node.js HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 8
CVE-2019-10216 Oracle Solaris Ghostscript Multiple Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4  
CVE-2019-12525 Oracle Solaris Squid Multiple Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4 See
Note 9
CVE-2019-14811 Oracle Solaris Ghostscript Multiple Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4 See
Note 10
CVE-2016-10166 Oracle Solaris PHP Multiple Yes 6.5 Network Low None None Un
changed
Low None Low 11.4 See
Note 11
CVE-2018-17294 Oracle Solaris Liblouis Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4  
CVE-2019-14287 Oracle Solaris Sudo None No 6.4 Local High High None Un
changed
High High High 11.4  
CVE-2019-13636 Oracle Solaris GNU patch Multiple Yes 5.9 Network High None None Un
changed
None High None 11.4 See
Note 12
CVE-2018-1000858 Oracle Solaris GnuPG HTTP Yes 5.4 Network Low None Required Un
changed
Low None Low 11.4  
CVE-2018-12910 Oracle Solaris libsoup HTTP Yes 5.3 Network Low None None Un
changed
None None Low 11.4  
CVE-2019-1010299 Oracle Solaris Rust Multiple Yes 5.3 Network Low None None Un
changed
Low None None 11.4  
CVE-2019-13627 Oracle Solaris Libgcrypt None No 4.7 Local High Low None Un
changed
High None None 11.4  
CVE-2019-14973 Oracle Solaris LibTIFF None No 4.7 Local High None Required Un
changed
None None High 11.4  
CVE-2017-9778 Oracle Solaris GNU Debugger (GDB) None No 3.3 Local Low None Required Un
changed
None None Low 11.4  
CVE-2018-18074 Oracle Solaris Requests HTTP No 2.6 Adjacent
Network
High None Required Un
changed
Low None None 11.4  

Revision 1: Published on 2019-10-15

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-2774 Oracle Solaris MySQL Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 13
CVE-2017-12652 Oracle Solaris libpng Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2017-12652 Oracle Solaris libpng Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2017-12652 Oracle Solaris libpng Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2019-11068 Oracle Solaris libxslt Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2019-11740 Oracle Solaris Firefox Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 14
CVE-2018-20174 Oracle Solaris rdesktop RDP Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 15
CVE-2019-12795 Oracle Solaris gvfs None No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2019-11739 Oracle Solaris Thunderbird None No 7.8 Local Low Low None Un
changed
High High High 11.4 See
Note 16
CVE-2018-11782 Oracle Solaris Apache Subversion Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 17
CVE-2019-10092 Oracle Solaris Apache HTTP server HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 18
CVE-2019-12293 Oracle Solaris Poppler None No 6.6 Local Low None Required Un
changed
Low Low High 11.4 See
Note 19
CVE-2019-16163 Oracle Solaris Oniguruma Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4 See
Note 20
CVE-2019-2730 Oracle Solaris MySQL Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 21
CVE-2019-14494 Oracle Solaris Poppler Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4 See
Note 22
CVE-2019-7663 Oracle Solaris LibTIFF Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4 See
Note 23
CVE-2019-9511 Oracle Solaris Nghttp2 Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 24
CVE-2019-11358 Oracle Solaris Django Multiple Yes 6.1 Network Low None Required Changed Low Low None 11.4  
CVE-2019-12973 Oracle Solaris OpenJPEG None No 5.5 Local Low None Required Un
changed
None None High 11.4 See
Note 25
CVE-2018-20843 Oracle Solaris libexpat Multiple Yes 5.3 Network Low None None Un
changed
None None Low 11.4  
CVE-2019-12308 Oracle Solaris Django Multiple Yes 5.3 Network Low None None Un
changed
Low None None 11.4 See
Note 26
CVE-2018-20852 Oracle Solaris Python Multiple Yes 5.3 Network Low None None Un
changed
Low None None 11.4  
CVE-2019-14232 Oracle Solaris Django Multiple Yes 5.3 Network Low None None Un
changed
Low None None 11.4 See
Note 27
CVE-2019-16319 Oracle Solaris Wireshark Multiple Yes 5.3 Network Low None None Un
changed
None None Low 11.4  
CVE-2018-17983 Oracle Solaris Mercurial None No 5.1 Local High None None Un
changed
None High None 11.4 See
Note 28
CVE-2018-0494 Oracle Solaris Wget Multiple Yes 4.3 Network Low None Required Un
changed
None Low None 10  
CVE-2018-12900 Oracle Solaris LibTIFF None No 3.3 Local Low None Required Un
changed
None None Low 11.4 See
Note 29
CVE-2019-6128 Oracle Solaris LibTIFF None No 3.3 Local Low None Required Un
changed
None None Low 11.4  

Notes:

1. This patch also addresses CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362.

2. This patch also addresses CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764.

3. This patch also addresses CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764.

4. This patch also addresses CVE-2017-1000159.

5. This patch also addresses CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408.

6. This patch also addresses CVE-2019-11072.

7. This patch also addresses CVE-2019-15026.

8. This patch also addresses CVE-2019-9511 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517.

9. This patch also addresses CVE-2018-1172 CVE-2019-12527 CVE-2019-12529 CVE-2019-13345.

10. This patch also addresses CVE-2019-14812 CVE-2019-14813 CVE-2019-14817.

11. This patch also addresses CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-13224 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641.

12. This patch also addresses CVE-2018-1000156 CVE-2019-13638.

13. This patch also addresses CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741 CVE-2019-2757 CVE-2019-2758 CVE-2019-2778 CVE-2019-2791 CVE-2019-2797 CVE-2019-2805 CVE-2019-2819 CVE-2019-3822.

14. This patch also addresses CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812.

15. This patch also addresses CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800.

16. This patch also addresses CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-9812.

17. This patch also addresses CVE-2019-0203.

18. This patch also addresses CVE-2019-10081 CVE-2019-10082 CVE-2019-10097 CVE-2019-10098 CVE-2019-9517.

19. This patch also addresses CVE-2019-11026 CVE-2019-14494.

20. This patch also addresses CVE-2019-13224 CVE-2019-13225.

21. This patch also addresses CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 CVE-2019-2819.

22. This patch also addresses CVE-2019-9959.

23. This patch also addresses CVE-2018-12900.

24. This patch also addresses CVE-2019-9513.

25. This patch also addresses CVE-2018-5727 CVE-2018-6616.

26. This patch also addresses CVE-2019-11358 CVE-2019-12781.

27. This patch also addresses CVE-2019-14233 CVE-2019-14234 CVE-2019-14235.

28. This patch also addresses CVE-2019-3902.

29. This patch also addresses CVE-2018-19210.