No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions
 

Oracle Linux Bulletin - April 2021


Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible.


Patch Availability

Please see ULN Advisory https://linux.oracle.com/ol-pad-bulletin


Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 20 July 2021
  • 19 October 2021
  • 18 January 2022
  • 19 April 2022

References


Modification History

Date Note
2021-April-20 Rev 1. Initial Release

Oracle Linux Executive Summary

This Oracle Linux Bulletin contains 37 new security patches for the Oracle Linux. 

Oracle Linux Risk Matrix

Revision 1: Published on 2021-04-20

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2021-23987 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 7,8
CVE-2021-23987 Oracle Linux thunderbird Yes 8.8 Network Low None Required Unchanged High High High 7,8
CVE-2020-25097 Oracle Linux squid Yes 8.6 Network Low None None Changed High None None 7
CVE-2021-23981 Oracle Linux firefox Yes 8.1 Network Low None Required Unchanged High None High 7,8
CVE-2021-21381 Oracle Linux flatpak No 8.1 Network Low Low None Unchanged High High None 7,8
CVE-2021-20305 Oracle Linux gnutls and nettle Yes 8.1 Network High None None Unchanged High High High 8
CVE-2021-20305 Oracle Linux nettle Yes 8.1 Network High None None Unchanged High High High 7
CVE-2021-23981 Oracle Linux thunderbird Yes 8.1 Network Low None Required Unchanged High None High 7,8
CVE-2021-20179 Oracle Linux pki-core:10.6 No 8.1 Network Low Low None Unchanged High High None 8
CVE-2020-0466 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2021-26708 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2021-26930 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 7
CVE-2021-3347 Oracle Linux kernel No 7.4 Local High None None Unchanged High High High 8
CVE-2021-3450 Oracle Linux openssl Yes 7.4 Network High None None Unchanged High High None 8
CVE-2021-20277 Oracle Linux libldb No 7.1 Network Low Low None Unchanged Low None High 7,8
CVE-2021-27365 Oracle Linux Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 7,8
CVE-2021-3444 Oracle Linux Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 7,8
CVE-2021-27365 Oracle Linux Unbreakable Enterprise kernel-container No 7.0 Local High Low None Unchanged High High High 7,8
CVE-2021-3444 Oracle Linux Unbreakable Enterprise kernel-container No 7.0 Local High Low None Unchanged High High High 7,8
CVE-2021-27365 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 7
CVE-2021-27365 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 8
CVE-2021-3156 Oracle Linux sudo No 7.0 Local High None Required Unchanged High High High 6
CVE-2021-27365 Oracle Linux Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 7
CVE-2021-23982 Oracle Linux firefox Yes 6.5 Network Low None Required Unchanged None High None 7,8
CVE-2021-23984 Oracle Linux firefox Yes 6.5 Network Low None Required Unchanged None High None 7,8
CVE-2020-28374 Oracle Linux kernel No 6.5 Network Low Low None Unchanged None High None 8
CVE-2021-23982 Oracle Linux thunderbird Yes 6.5 Network Low None Required Unchanged None High None 7,8
CVE-2021-23984 Oracle Linux thunderbird Yes 6.5 Network Low None Required Unchanged None High None 7,8
CVE-2021-20295 Oracle Linux virt:ol and virt-devel:rhel No 6.5 Local Low Low None Changed High None None 8
CVE-2021-28038 Oracle Linux Unbreakable Enterprise kernel No 6.5 Local Low Low None Changed None None High 7
CVE-2021-27364 Oracle Linux Unbreakable Enterprise kernel No 6.3 Local High Low None Unchanged High None High 7,8
CVE-2021-27364 Oracle Linux Unbreakable Enterprise kernel-container No 6.3 Local High Low None Unchanged High None High 7,8
CVE-2021-27364 Oracle Linux kernel No 6.3 Local High Low None Unchanged High None High 7
CVE-2021-27364 Oracle Linux kernel No 6.3 Local High Low None Unchanged High None High 8
CVE-2021-27364 Oracle Linux Unbreakable Enterprise kernel No 6.3 Local High Low None Unchanged High None High 7
CVE-2020-11023 Oracle Linux ipa Yes 6.1 Network Low None Required Changed Low Low None 7
CVE-2020-27171 Oracle Linux Unbreakable Enterprise kernel No 6.0 Local Low High None Unchanged High None High 7,8
CVE-2020-27171 Oracle Linux Unbreakable Enterprise kernel-container No 6.0 Local Low High None Unchanged High None High 7,8
CVE-2020-1971 Oracle Linux openssl Yes 5.9 Network High None None Unchanged None None High 6
CVE-2021-3449 Oracle Linux openssl Yes 5.9 Network High None None Unchanged None None High 8
CVE-2021-3177 Oracle Linux python2 Yes 5.9 Network High None None Unchanged None None High 8
CVE-2021-3177 Oracle Linux python36 Yes 5.9 Network High None None Unchanged None None High 8
CVE-2021-3177 Oracle Linux python38 Yes 5.9 Network High None None Unchanged None None High 8
CVE-2021-26931 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 7
CVE-2021-26932 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 7
CVE-2020-35518 Oracle Linux 389-ds:1.4 Yes 5.3 Network Low None None Unchanged Low None None 8
CVE-2020-27152 Oracle Linux kernel No 5.3 Local High High None Changed None None High 8
CVE-2020-27170 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local High Low None Unchanged High None None 7,8
CVE-2020-27170 Oracle Linux Unbreakable Enterprise kernel-container No 4.7 Local High Low None Unchanged High None None 7,8
CVE-2020-25639 Oracle Linux Unbreakable Enterprise kernel No 4.4 Local Low High None Unchanged None None High 7,8
CVE-2020-25639 Oracle Linux Unbreakable Enterprise kernel-container No 4.4 Local Low High None Unchanged None None High 7,8
CVE-2021-23991 Oracle Linux thunderbird Yes 4.3 Network Low None Required Unchanged None None Low 7,8
CVE-2021-23992 Oracle Linux thunderbird Yes 4.3 Network Low None Required Unchanged None None Low 7,8
CVE-2021-23993 Oracle Linux thunderbird Yes 4.3 Network Low None Required Unchanged None None Low 7,8
CVE-2021-27363 Oracle Linux Unbreakable Enterprise kernel No 3.6 Local High Low None Unchanged Low None Low 7,8
CVE-2021-27363 Oracle Linux Unbreakable Enterprise kernel-container No 3.6 Local High Low None Unchanged Low None Low 7,8
CVE-2021-27363 Oracle Linux kernel No 3.6 Local High Low None Unchanged Low None Low 7
CVE-2021-27363 Oracle Linux kernel No 3.6 Local High Low None Unchanged Low None Low 8
CVE-2021-27363 Oracle Linux Unbreakable Enterprise kernel No 3.6 Local High Low None Unchanged Low None Low 7
CVE-2020-28588 Oracle Linux Unbreakable Enterprise kernel No 2.9 Local High None None Unchanged Low None None 7,8
CVE-2020-28588 Oracle Linux Unbreakable Enterprise kernel-container No 2.9 Local High None None Unchanged Low None None 7,8