No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions
 

Oracle Solaris Third Party Bulletin - October 2021


Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.


Patch Availability

Please see My Oracle Support Note 1448883.1


Third Party Bulletin Schedule

Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 18 January 2022
  • 19 April 2022
  • 19 July 2022
  • 18 October 2022

References


Modification History

Date Note
2021-November-16 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 39
2021-October-19 Rev 1. Initial Release with all CVEs fixed in Solaris 11.4 SRU 38

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 67 new security patches for the Oracle Solaris Operating System.  49 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 2: Published on 2021-11-16

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-26950 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 1
CVE-2021-1817 Oracle Solaris WebKitGTK None Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 2
CVE-2021-30858 Oracle Solaris WebKitGTK Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2021-3518 Oracle Solaris libxml2 Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 3
CVE-2020-25097 Oracle Solaris Squid Multiple Yes 8.6 Network Low None None Changed High None None 11.4  
CVE-2021-3517 Oracle Solaris libxml2 Multiple Yes 8.6 Network Low None None Un
changed
Low Low High 11.4  
CVE-2021-3517 Oracle Solaris JDK 8 Multiple Yes 8.6 Network Low None None Un
changed
Low Low High 11.4 See
Note 4
CVE-2021-22901 Oracle Solaris libcurl Multiple Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 5
CVE-2021-37701 Oracle Solaris Node.js Multiple Yes 8.1 Network Low None Required Un
changed
None High High 11.4 See
Note 6
CVE-2018-19490 Oracle Solaris Gnuplot None No 7.8 Local Low None Required Un
changed
High High High 11.4 See
Note 7
CVE-2021-3497 Oracle Solaris GStreamer None No 7.8 Local Low None Required Un
changed
High High High 11.4 See
Note 8
CVE-2021-3516 Oracle Solaris libxml2 None No 7.8 Local Low None Required Un
changed
High High High 11.4  
CVE-2020-36318 Oracle Solaris Rust Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 9
CVE-2021-22117 Oracle Solaris RabbitMQ Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4 See
Note 10
CVE-2021-22959 Oracle Solaris Node.js Multiple Yes 7.5 Network Low None None Un
changed
None High None 11.4 See
Note 11
CVE-2021-23437 Oracle Solaris Python Imaging Library (PIL) Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-3530 Oracle Solaris GNU binary utilities Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-3580 Oracle Solaris Nettle Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-36690 Oracle Solaris SQLite3 Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-28651 Oracle Solaris Squid Multiple Yes 7.4 Network Low None Required Changed None None High 11.4 See
Note 12
CVE-2021-35940 Oracle Solaris Apache Portable Runtime Multiple No 7.1 Local Low Low None Un
changed
High None High 11.4 See
Note 13
CVE-2021-20254 Oracle Solaris Samba Multiple No 6.8 Network High Low None Un
changed
High High None 11.4  
CVE-2021-28652 Oracle Solaris Squid Multiple No 6.8 Network Low High None Changed None None High 11.4  
CVE-2020-7942 Oracle Solaris Puppet Multiple No 6.5 Network Low Low None Un
changed
High None None 11.4  
CVE-2021-22922 Oracle Solaris libcurl null Yes 6.5 Network Low None Required Un
changed
None High None 11.4 See
Note 14
CVE-2021-28662 Oracle Solaris Squid Multiple Yes 6.5 Network Low None Required Un
changed
None None High 11.4  
CVE-2021-28662 Oracle Solaris Squid Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4 See
Note 15
CVE-2021-30640 Oracle Solaris Apache Tomcat Multiple Yes 6.5 Network High None None Un
changed
Low High None 11.4, 10 See
Note 16
CVE-2021-31807 Oracle Solaris Squid Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4  
CVE-2021-33620 Oracle Solaris Squid Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4  
CVE-2021-33620 Oracle Solaris Squid Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4  
CVE-2021-3541 Oracle Solaris libxml2 Multiple No 6.5 Network Low Low None Un
changed
None None High 11.4  
CVE-2008-2711 Oracle Solaris Fetchmail HTTP No 6.1 Local Low Low None Un
changed
Low None High 11.4 See
Note 17
CVE-2021-22945 Oracle Solaris libcurl Multiple Yes 5.9 Network High None None Un
changed
High None None 11.4 See
Note 18
CVE-2021-3537 Oracle Solaris libxml2 Multiple Yes 5.9 Network High None None Un
changed
None None High 11.4  
CVE-2021-35550 Oracle Solaris JDK 7 Multiple Yes 5.9 Network High None None Un
changed
High None None 11.4 See
Note 19
CVE-2021-40528 Oracle Solaris Libgcrypt Multiple Yes 5.9 Network High None None Un
changed
High None None 11.4  
CVE-2021-35517 Oracle Solaris Apache Ant None No 5.5 Local Low None Required Un
changed
None None High 11.4 See
Note 20
CVE-2021-28116 Oracle Solaris Squid Multiple Yes 5.3 Network Low None None Un
changed
Low None None 11.4  
CVE-2021-32719 Oracle Solaris RabbitMQ Multiple No 4.8 Network Low High Required Changed Low Low None 11.4  

Revision 1: Published on 2021-10-19

CVE# Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2021-3781 Oracle Solaris Ghostscript Multiple Yes 9.8 Network Low None None Un
changed
High High High 11.4  
CVE-2021-3246 Oracle Solaris Libsndfile Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4  
CVE-2021-29970 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 21
CVE-2021-29970 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un
changed
High High High 11.4 See
Note 22
CVE-2019-17543 Oracle Solaris MySQL Multiple Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 23
CVE-2021-32803 Oracle Solaris Node.js Multiple Yes 8.1 Network Low None Required Un
changed
None High High 11.4  
CVE-2021-32803 Oracle Solaris Node.js Multiple Yes 8.1 Network Low None Required Un
changed
None High High 11.4 See
Note 24
CVE-2021-3711 Oracle Solaris OpenSSL SSL/TLS Yes 8.1 Network High None None Un
changed
High High High 11.4  
CVE-2021-37701 Oracle Solaris Node.js Multiple Yes 8.1 Network Low None Required Un
changed
None High High 11.4 See
Note 25
CVE-2021-42013 Oracle Solaris Apache HTTP server Multiple Yes 8.1 Network High None None Un
changed
High High High 11.4 See
Note 26
CVE-2021-22921 Oracle Solaris Node.js Multiple No 7.8 Local Low None Required Un
changed
High High High 11.4 See
Note 27
CVE-2021-36770 Oracle Solaris Perl None No 7.8 Local Low Low None Un
changed
High High High 11.4  
CVE-2020-10931 Oracle Solaris Memcached Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-22930 Oracle Solaris Node.js Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4  
CVE-2021-22235 Oracle Solaris Wireshark Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-36222 Oracle Solaris Kerberos Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2016-20011 Oracle Solaris Grilo HTTP Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 28
CVE-2021-40145 Oracle Solaris GD2 Graphics Draw Library Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-38492 Oracle Solaris Firefox Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 29
CVE-2021-38492 Oracle Solaris Thunderbird Multiple Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 30
CVE-2021-39275 Oracle Solaris Apache HTTP server Multiple Yes 7.5 Network Low None None Un
changed
None High None 11.4 See
Note 31
CVE-2021-41524 Oracle Solaris Apache HTTP server Multiple Yes 7.5 Network Low None None Un
changed
None None High 11.4  
CVE-2021-42013 Oracle Solaris Apache HTTP server Multiple Yes 7.5 Network Low None None Un
changed
High None None 11.4 See
Note 32
CVE-2021-22930 Oracle Solaris Node.js Multiple Yes 7.4 Network High None None Un
changed
High High None 11.4 See
Note 33
CVE-2021-3711 Oracle Solaris OpenSSL SSL/TLS Yes 6.5 Network Low None None Un
changed
Low None Low 11.4, 10 See
Note 34
CVE-2021-21704 Oracle Solaris PHP HTTP Yes 5.9 Network High None None Un
changed
None None High 11.4 See
Note 35
CVE-2020-8694 Oracle Solaris Kernel None No 5.6 Local High Low None Changed High None None 11  

Notes:

1. This patch also addresses CVE-2020-16042 CVE-2020-26968 CVE-2020-35113 CVE-2021-23960 CVE-2021-23964 CVE-2021-29955 CVE-2021-29967.

2. This patch also addresses CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-30661 CVE-2021-30663 CVE-2021-30665 CVE-2021-30666 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30761 CVE-2021-30762 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799.

3. This patch also addresses CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 CVE-2021-3517 CVE-2021-3537.

4. This patch also addresses CVE-2021-3522 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603.

5. This patch also addresses CVE-2021-22897 CVE-2021-22898.

6. This patch also addresses CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135.

7. This patch also addresses CVE-2018-19491 CVE-2018-19492.

8. This patch also addresses CVE-2021-3498 CVE-2021-3522.

9. This patch also addresses CVE-2020-36317 CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2021-29922.

10. This patch also addresses CVE-2020-5419 CVE-2021-22116.

11. This patch also addresses CVE-2021-22960.

12. This patch also addresses CVE-2021-28116 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620.

13. This patch also addresses CVE-2021-35940.

14. This patch also addresses CVE-2021-22898 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925.

15. This patch also addresses CVE-2021-28652 CVE-2021-31806 CVE-2021-31808.

16. This patch also addresses CVE-2021-33037.

17. This patch also addresses CVE-2020-36386 CVE-2021-36386.

18. This patch also addresses CVE-2021-22946 CVE-2021-22947.

19. This patch also addresses CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603.

20. This patch also addresses CVE-2021-36090 CVE-2021-36373 CVE-2021-36374.

21. This patch also addresses CVE-2021-29976 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 CVE-2021-30547.

22. This patch also addresses CVE-2021-29969 CVE-2021-29976 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 CVE-2021-30547.

23. This patch also addresses CVE-2021-22901 CVE-2021-2342 CVE-2021-2356 CVE-2021-2372 CVE-2021-2385 CVE-2021-2389 CVE-2021-2390.

24. This patch also addresses CVE-2021-32804.

25. This patch also addresses CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135.

26. This patch also addresses CVE-2021-41773.

27. This patch also addresses CVE-2021-22918 CVE-2021-23362 CVE-2021-27290.

28. This patch also addresses CVE-2021-39365.

29. This patch also addresses CVE-2021-38493.

30. This patch also addresses CVE-2021-38493.

31. This patch also addresses CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-40438.

32. This patch also addresses CVE-2021-41773.

33. This patch also addresses CVE-2021-22931 CVE-2021-22939 CVE-2021-22940.

34. This patch also addresses CVE-2021-3712.

35. This patch also addresses CVE-2021-21705.