No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Oracle Solaris Third Party Bulletin - October 2020

 

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.

 

Patch Availability

Please see My Oracle Support Note 1448883.1

 

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 19 January 2021
  • 20 April 2021
  • 20 July 2021
  • 19 October 2021

References

 

Modification History

Date Note
2020-November-18 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 27
2020-October-20 Rev 1. Initial Release with all CVEs fixed in Solaris 11.3 LSU 36.23 and Solaris 11.4 SRU 26

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 38 new security patches for the Oracle Solaris Operating System.  31 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 2: Published on 2020-11-18

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-11734 Oracle Solaris Firefox Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 1
CVE-2020-5311 Oracle Solaris Pillow Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 2
CVE-2020-12416 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 3
CVE-2020-15670 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-15670 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-15673 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 4
CVE-2020-15673 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 5
CVE-2020-15889 Oracle Solaris Lua Multiple Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 6
CVE-2020-24342 Oracle Solaris Lua None No 7.8 Local Low None Required Un
changed
High High High 11.4  
CVE-2019-3829 Oracle Solaris GnuTLS Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 7
CVE-2019-6706 Oracle Solaris Lua Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-13871 Oracle Solaris SQLite Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 8
CVE-2020-24369 Oracle Solaris Lua Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 9
CVE-2020-24583 Oracle Solaris Django Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 10
CVE-2020-25219 Oracle Solaris libproxy HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-25862 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 11
CVE-2020-11501 Oracle Solaris GnuTLS TLS Yes 7.4 Network High None None Un
changed
High High None 11.4 See
Note 12
CVE-2019-14869 Oracle Solaris Ghostscript Multiple Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4  
CVE-2020-13596 Oracle Solaris Django Multiple Yes 6.5 Network Low None Required Un
changed
High None None 11.4 See
Note 13
CVE-2020-17489 Oracle Solaris GNOME Shell Multiple No 6.5 Network Low Low None Un
changed
High None None 11.4  
CVE-2019-5481 Oracle Solaris libcurl Multiple No 6.3 Adjacent
Network
Low None None Un
changed
Low Low Low 11.4 See
Note 14
CVE-2019-20892 Oracle Solaris Net-SNMP SNMP Yes 5.9 Network High None None Un
changed
None None High 11.4  
CVE-2020-14093 Oracle Solaris Mutt Multiple Yes 5.9 Network High None None Un
changed
High None None 11.4 See
Note 15
CVE-2020-14422 Oracle Solaris Python Multiple Yes 5.9 Network High None None Un
changed
None None High 11.4  
CVE-2020-14928 Oracle Solaris GNOME evolution-data-server Multiple Yes 5.9 Network High None None Un
changed
None High None 11.4  
CVE-2020-12049 Oracle Solaris DBus None No 5.5 Local Low Low None Un
changed
None None High 11.4  
CVE-2020-8177 Oracle Solaris curl Multiple No 5.4 Network High Low Required Un
changed
None High Low 11.4  
CVE-2020-16117 Oracle Solaris GNOME evolution-data-server Multiple Yes 5.3 Network High None Required Un
changed
None None High 11.4  
CVE-2020-15025 Oracle Solaris NTP NTP No 4.9 Network Low High None Un
changed
None None High 11.4, 10  
CVE-2018-20781 Oracle Solaris GNOME Keyring None No 4.2 Local Low High Required Un
changed
High None None 11.4  

Revision 1: Published on 2020-10-20

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-9862 Oracle Solaris WebKitGTK Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 16
CVE-2017-5226 Oracle Solaris WebKitGTK Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 17
CVE-2020-15663 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 18
CVE-2020-15663 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 19
CVE-2020-24606 Oracle Solaris Squid Multiple Yes 8.6 Network Low None None Changed None None High 11.4  
CVE-2020-10531 Oracle Solaris Node.js TLS Yes 7.4 Network High None None Un
changed
High High None 11.4 See
Note 20
CVE-2020-12825 Oracle Solaris libcroco Multiple Yes 7.1 Network Low None Required Un
changed
None Low High 11.4  
CVE-2020-12825 Oracle Solaris GNU gettext Multiple Yes 7.1 Network Low None Required Un
changed
None Low High 11.4  

Notes:

1. This patch also addresses CVE-2019-11735 CVE-2019-11736 CVE-2019-11737 CVE-2019-11738 CVE-2019-11741 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11754 CVE-2019-11756 CVE-2019-11765 CVE-2019-17000 CVE-2019-17002 CVE-2019-17013 CVE-2019-17014 CVE-2019-17018 CVE-2019-17019 CVE-2019-17020 CVE-2019-17023 CVE-2019-17025 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-15648 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658.

2. This patch also addresses CVE-2020-10177 CVE-2020-10378 CVE-2020-10379 CVE-2020-10994 CVE-2020-11538.

3. This patch also addresses CVE-2020-12402 CVE-2020-12415 CVE-2020-12423 CVE-2020-12425 CVE-2020-12426 CVE-2020-15648 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658.

4. This patch also addresses CVE-2020-15676 CVE-2020-15677 CVE-2020-15678.

5. This patch also addresses CVE-2020-15676 CVE-2020-15677 CVE-2020-15678.

6. This patch also addresses CVE-2020-15888 CVE-2020-15945.

7. This patch also addresses CVE-2019-3836.

8. This patch also addresses CVE-2020-15358.

9. This patch also addresses CVE-2020-24370 CVE-2020-24371.

10. This patch also addresses CVE-2020-24584.

11. This patch also addresses CVE-2020-25863 CVE-2020-25866.

12. This patch also addresses CVE-2020-13777.

13. This patch also addresses CVE-2020-13254.

14. This patch also addresses CVE-2019-5435 CVE-2019-5436 CVE-2019-5482.

15. This patch also addresses CVE-2020-14154 CVE-2020-14954.

16. This patch also addresses CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925.

17. This patch also addresses CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850.

18. This patch also addresses CVE-2020-15664.

19. This patch also addresses CVE-2020-15664.

20. This patch also addresses CVE-2020-11080 CVE-2020-8172 CVE-2020-8174.