No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions
 

Oracle Solaris Third Party Bulletin - October 2020

 

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.

 

Patch Availability

Please see My Oracle Support Note 1448883.1

 

Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 19 January 2021
  • 20 April 2021
  • 20 July 2021
  • 19 October 2021

References

 

Modification History

Date Note
2021-January-06 Rev 4. Added X.Org CVEs fixed in Solaris 11.4 SRU 27
2020-December-18 Rev 3. Added CVEs fixed in Solaris 11.4 SRU 28
2020-November-18 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 27
2020-October-20 Rev 1. Initial Release with all CVEs fixed in Solaris 11.3 LSU 36.23 and Solaris 11.4 SRU 26

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 60 new security patches for the Oracle Solaris Operating System.  42 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 4: Published on 2021-01-06

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-14345 Oracle Solaris X.Org Multiple No 7.8 Local High Low None Changed High High High 11.4  
CVE-2020-14346 Oracle Solaris X.Org Multiple No 7.8 Local High Low None Changed High High High 11.4  
CVE-2020-14361 Oracle Solaris X.Org Multiple No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2020-14362 Oracle Solaris X.Org Multiple No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2020-14363 Oracle Solaris X.Org Multiple No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2020-14344 Oracle Solaris X.Org Multiple No 7.5 Local High Low Required Changed High High High 11.4  
CVE-2020-14347 Oracle Solaris X.Org Multiple No 3.8 Local Low Low None Changed Low None None 11.4  

Revision 3: Published on 2020-12-18

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-15683 Oracle Solaris Firefox Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 1
CVE-2020-15683 Oracle Solaris Thunderbird Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 2
CVE-2020-27347 Oracle Solaris Terminal Multiplexer Multiple No 8.5 Network High Low None Changed High High High 11.4  
CVE-2019-20919 Oracle Solaris Perl Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-15999 Oracle Solaris FreeType Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4, 10  
CVE-2020-16012 Oracle Solaris Firefox Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 3
CVE-2020-16012 Oracle Solaris Thunderbird Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 4
CVE-2020-26575 Oracle Solaris Wireshark FBZERO Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-25613 Oracle Solaris Ruby HTTP Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4  
CVE-2020-26116 Oracle Solaris Python Multiple Yes 7.2 Network Low None None Changed Low Low None 11.4  
CVE-2020-14765 Oracle Solaris MySQL Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 5
CVE-2020-14878 Oracle Solaris MySQL Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 6
CVE-2020-26159 Oracle Solaris Oniguruma Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4  
CVE-2020-7069 Oracle Solaris PHP HTTP Yes 6.5 Network Low None None Un
changed
Low Low None 11.4 See
Note 7
CVE-2020-24659 Oracle Solaris GnuTLS SSL/TLS Yes 5.9 Network High None None Un
changed
None None High 11.4  

Revision 2: Published on 2020-11-18

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-11734 Oracle Solaris Firefox Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 8
CVE-2020-5311 Oracle Solaris Pillow Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 9
CVE-2020-12416 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 10
CVE-2020-15670 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-15670 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2020-15673 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 11
CVE-2020-15673 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 12
CVE-2020-15889 Oracle Solaris Lua Multiple Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 13
CVE-2020-24342 Oracle Solaris Lua None No 7.8 Local Low None Required Un
changed
High High High 11.4  
CVE-2019-3829 Oracle Solaris GnuTLS Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 14
CVE-2019-6706 Oracle Solaris Lua Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-13871 Oracle Solaris SQLite Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 15
CVE-2020-24369 Oracle Solaris Lua Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 16
CVE-2020-24583 Oracle Solaris Django Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 17
CVE-2020-25219 Oracle Solaris libproxy HTTP Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2020-25862 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 18
CVE-2020-11501 Oracle Solaris GnuTLS TLS Yes 7.4 Network High None None Un
changed
High High None 11.4 See
Note 19
CVE-2019-14869 Oracle Solaris Ghostscript Multiple Yes 7.3 Network Low None None Un
changed
Low Low Low 11.4  
CVE-2020-13596 Oracle Solaris Django Multiple Yes 6.5 Network Low None Required Un
changed
High None None 11.4 See
Note 20
CVE-2020-17489 Oracle Solaris GNOME Shell Multiple No 6.5 Network Low Low None Un
changed
High None None 11.4  
CVE-2019-5481 Oracle Solaris libcurl Multiple No 6.3 Adjacent
Network
Low None None Un
changed
Low Low Low 11.4 See
Note 21
CVE-2019-20892 Oracle Solaris Net-SNMP SNMP Yes 5.9 Network High None None Un
changed
None None High 11.4  
CVE-2020-14093 Oracle Solaris Mutt Multiple Yes 5.9 Network High None None Un
changed
High None None 11.4 See
Note 22
CVE-2020-14422 Oracle Solaris Python Multiple Yes 5.9 Network High None None Un
changed
None None High 11.4  
CVE-2020-14928 Oracle Solaris GNOME evolution-data-server Multiple Yes 5.9 Network High None None Un
changed
None High None 11.4  
CVE-2020-12049 Oracle Solaris DBus None No 5.5 Local Low Low None Un
changed
None None High 11.4  
CVE-2020-8177 Oracle Solaris curl Multiple No 5.4 Network High Low Required Un
changed
None High Low 11.4  
CVE-2020-16117 Oracle Solaris GNOME evolution-data-server Multiple Yes 5.3 Network High None Required Un
changed
None None High 11.4  
CVE-2020-15025 Oracle Solaris NTP Multiple No 4.9 Network Low High None Un
changed
None None High , 10  
CVE-2018-20781 Oracle Solaris GNOME Keyring None No 4.2 Local Low High Required Un
changed
High None None 11.4  

Revision 1: Published on 2020-10-20

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-9862 Oracle Solaris WebKitGTK Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 23
CVE-2017-5226 Oracle Solaris WebKitGTK Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 24
CVE-2020-15663 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 25
CVE-2020-15663 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 26
CVE-2020-24606 Oracle Solaris Squid Multiple Yes 8.6 Network Low None None Changed None None High 11.4  
CVE-2020-10531 Oracle Solaris Node.js TLS Yes 7.4 Network High None None Un
changed
High High None 11.4 See
Note 27
CVE-2020-12825 Oracle Solaris libcroco Multiple Yes 7.1 Network Low None Required Un
changed
None Low High 11.4  
CVE-2020-12825 Oracle Solaris GNU gettext Multiple Yes 7.1 Network Low None Required Un
changed
None Low High 11.4  

Notes:

1. This patch also addresses CVE-2020-15969.

2. This patch also addresses CVE-2020-15969.

3. This patch also addresses CVE-2020-15999 CVE-2020-26950 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968.

4. This patch also addresses CVE-2020-15999 CVE-2020-26950 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968.

5. This patch also addresses CVE-2020-14672 CVE-2020-14769 CVE-2020-14793 CVE-2020-14812 CVE-2020-14867.

6. This patch also addresses CVE-2020-14672 CVE-2020-14760 CVE-2020-14765 CVE-2020-14769 CVE-2020-14771 CVE-2020-14775 CVE-2020-14776 CVE-2020-14789 CVE-2020-14790 CVE-2020-14793 CVE-2020-14809 CVE-2020-14812 CVE-2020-14814 CVE-2020-14827 CVE-2020-14828 CVE-2020-14829 CVE-2020-14830 CVE-2020-14837 CVE-2020-14839 CVE-2020-14845 CVE-2020-14846 CVE-2020-14852 CVE-2020-14860 CVE-2020-14861 CVE-2020-14866 CVE-2020-14867 CVE-2020-14868 CVE-2020-14869 CVE-2020-14870 CVE-2020-14873 CVE-2020-14891 CVE-2020-14893.

7. This patch also addresses CVE-2020-7070.

8. This patch also addresses CVE-2019-11735 CVE-2019-11736 CVE-2019-11737 CVE-2019-11738 CVE-2019-11741 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11754 CVE-2019-11756 CVE-2019-11765 CVE-2019-17000 CVE-2019-17002 CVE-2019-17013 CVE-2019-17014 CVE-2019-17018 CVE-2019-17019 CVE-2019-17020 CVE-2019-17023 CVE-2019-17025 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-15648 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658.

9. This patch also addresses CVE-2020-10177 CVE-2020-10378 CVE-2020-10379 CVE-2020-10994 CVE-2020-11538.

10. This patch also addresses CVE-2020-12402 CVE-2020-12415 CVE-2020-12423 CVE-2020-12425 CVE-2020-12426 CVE-2020-15648 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658.

11. This patch also addresses CVE-2020-15676 CVE-2020-15677 CVE-2020-15678.

12. This patch also addresses CVE-2020-15676 CVE-2020-15677 CVE-2020-15678.

13. This patch also addresses CVE-2020-15888 CVE-2020-15945.

14. This patch also addresses CVE-2019-3836.

15. This patch also addresses CVE-2020-15358.

16. This patch also addresses CVE-2020-24370 CVE-2020-24371.

17. This patch also addresses CVE-2020-24584.

18. This patch also addresses CVE-2020-25863 CVE-2020-25866.

19. This patch also addresses CVE-2020-13777.

20. This patch also addresses CVE-2020-13254.

21. This patch also addresses CVE-2019-5435 CVE-2019-5436 CVE-2019-5482.

22. This patch also addresses CVE-2020-14154 CVE-2020-14954.

23. This patch also addresses CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925.

24. This patch also addresses CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850.

25. This patch also addresses CVE-2020-15664.

26. This patch also addresses CVE-2020-15664.

27. This patch also addresses CVE-2020-11080 CVE-2020-8172 CVE-2020-8174.