No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Oracle Linux Bulletin - January 2020


Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible.


Patch Availability

Please see ULN Advisory https://linux.oracle.com/ol-pad-bulletin


Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 14 April 2020
  • 14 July 2020
  • 20 October 2020
  • 19 January 2021

References


Modification History

Date Note
2020-March-17 Rev 3. New CVEs added.
2020-February-18 Rev 2. New CVEs added.
2020-January-14 Rev 1. Initial Release

Oracle Linux Executive Summary

This Oracle Linux Bulletin contains 101 new security patches for the Oracle Linux.  75 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Linux Risk Matrix

Revision 3: Published on 2020-03-17

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-5482 Oracle Linux curl Yes 9.8 Network Low None None Unchanged High High High 6,7
CVE-2019-15605 Oracle Linux http-parser Yes 9.8 Network Low None None Unchanged High High High 7,8
CVE-2019-17133 Oracle Linux kernel Yes 9.8 Network Low None None Unchanged High High High 6
CVE-2019-15605 Oracle Linux nodejs:10 Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2019-15606 Oracle Linux nodejs:10 Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2019-15605 Oracle Linux nodejs:12 Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2019-15606 Oracle Linux nodejs:12 Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2020-8597 Oracle Linux ppp Yes 9.8 Network Low None None Unchanged High High High 6,7,8
CVE-2020-7039 Oracle Linux qemu-kvm Yes 9.8 Network Low None None Unchanged High High High 6
CVE-2019-14895 Oracle Linux Unbreakable Enterprise kernel Yes 9.8 Network Low None None Unchanged High High High 7
CVE-2019-14901 Oracle Linux Unbreakable Enterprise kernel Yes 9.8 Network Low None None Unchanged High High High 6,7
CVE-2020-8112 Oracle Linux openjpeg2 Yes 8.8 Network Low None Required Unchanged High High High 7,8
CVE-2020-5311 Oracle Linux python-pillow Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2020-5312 Oracle Linux python-pillow Yes 8.8 Network Low None Required Unchanged High High High 7,8
CVE-2019-14378 Oracle Linux qemu-kvm No 8.8 Network Low Low None Unchanged High High High 6
CVE-2020-2604 Oracle Linux java-1.7.0-openjdk Yes 8.1 Network High None None Unchanged High High High 6,7
CVE-2019-16776 Oracle Linux nodejs:10 No 8.1 Network Low Low None Unchanged High High None 8
CVE-2018-1311 Oracle Linux xerces-c Yes 8.1 Network High None None Unchanged High High High 6,7
CVE-2019-18634 Oracle Linux sudo No 7.8 Local Low Low None Unchanged High High High 6,7
CVE-2020-7053 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 7
CVE-2019-15604 Oracle Linux nodejs:10 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2019-15604 Oracle Linux nodejs:12 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2019-16865 Oracle Linux python-pillow Yes 7.5 Network Low None None Unchanged None None High 7,8
CVE-2019-15890 Oracle Linux qemu-kvm Yes 7.5 Network Low None None Unchanged None None High 6
CVE-2020-2601 Oracle Linux java-1.7.0-openjdk Yes 6.8 Network High None None Changed High None None 6,7
CVE-2019-20503 Oracle Linux firefox Yes 6.5 Network Low None Required Unchanged None None High 8
CVE-2019-16775 Oracle Linux nodejs:10 No 6.5 Network Low Low None Unchanged None High None 8
CVE-2019-16777 Oracle Linux nodejs:10 No 6.5 Network Low Low None Unchanged None High None 8
CVE-2019-14615 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low None Required Unchanged High None None 7
CVE-2020-2593 Oracle Linux java-1.7.0-openjdk Yes 4.8 Network High None None Unchanged Low Low None 6,7
CVE-2019-15291 Oracle Linux Unbreakable Enterprise kernel No 4.6 Physical Low None None Unchanged None None High 6,7
CVE-2020-2583 Oracle Linux java-1.7.0-openjdk Yes 3.7 Network High None None Unchanged None None Low 6,7
CVE-2020-2590 Oracle Linux java-1.7.0-openjdk Yes 3.7 Network High None None Unchanged None Low None 6,7
CVE-2020-2654 Oracle Linux java-1.7.0-openjdk Yes 3.7 Network High None None Unchanged None None Low 6,7
CVE-2020-2659 Oracle Linux java-1.7.0-openjdk Yes 3.7 Network High None None Unchanged None None Low 6,7
CVE-2019-17055 Oracle Linux kernel No 3.3 Local Low Low None Unchanged None Low None 6
CVE-2020-6796 Oracle Linux firefox Undefined 7,8
CVE-2020-6798 Oracle Linux firefox Undefined 7,8
CVE-2020-6800 Oracle Linux firefox Undefined 7,8
CVE-2020-6805 Oracle Linux firefox Undefined 8
CVE-2020-6806 Oracle Linux firefox Undefined 8
CVE-2020-6807 Oracle Linux firefox Undefined 8
CVE-2020-6811 Oracle Linux firefox Undefined 8
CVE-2020-6812 Oracle Linux firefox Undefined 8
CVE-2020-6814 Oracle Linux firefox Undefined 8
CVE-2019-14868 Oracle Linux ksh Undefined 6,7,8
CVE-2020-1712 Oracle Linux systemd Undefined 8
CVE-2020-6792 Oracle Linux thunderbird Undefined 7,8
CVE-2020-6793 Oracle Linux thunderbird Undefined 7,8
CVE-2020-6794 Oracle Linux thunderbird Undefined 7,8
CVE-2020-6795 Oracle Linux thunderbird Undefined 7,8
CVE-2020-6798 Oracle Linux thunderbird Undefined 7,8
CVE-2020-6800 Oracle Linux thunderbird Undefined 7,8
CVE-2020-2732 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7

Revision 2: Published on 2020-02-18

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-7039 Oracle Linux container-tools:ol8 Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2018-17456 Oracle Linux git Yes 9.8 Network Low None None Unchanged High High High 6
CVE-2019-14895 Oracle Linux kernel Yes 9.8 Network Low None None Unchanged High High High 7,8
CVE-2019-14901 Oracle Linux kernel Yes 9.8 Network Low None None Unchanged High High High 7,8
CVE-2019-17133 Oracle Linux kernel Yes 9.8 Network Low None None Unchanged High High High 7
CVE-2019-5544 Oracle Linux openslp Yes 9.8 Network Low None None Unchanged High High High 6
CVE-2019-17626 Oracle Linux python-reportlab Yes 9.8 Network Low None None Unchanged High High High 6,7,8
CVE-2020-0603 Oracle Linux .NET Core on Red Hat Enterprise Linux Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2019-17017 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2019-17024 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2019-1387 Oracle Linux git Yes 8.8 Network Low None Required Unchanged High High High 7
CVE-2019-14867 Oracle Linux ipa Yes 8.8 Network Low None Required Unchanged High High High 7
CVE-2019-17666 Oracle Linux kernel No 8.8 Adjacent network Low None None Unchanged High High High 8
CVE-2019-14378 Oracle Linux qemu-kvm No 8.8 Network Low Low None Unchanged High High High 7
CVE-2018-10893 Oracle Linux spice-gtk No 8.8 Network Low Low None Unchanged High High High 6
CVE-2019-13734 Oracle Linux sqlite Yes 8.8 Network Low None Required Unchanged High High High 7,8
CVE-2019-17017 Oracle Linux thunderbird Yes 8.8 Network Low None Required Unchanged High High High 7,8
CVE-2019-17024 Oracle Linux thunderbird Yes 8.8 Network Low None Required Unchanged High High High 7,8
CVE-2019-17666 Oracle Linux Unbreakable Enterprise kernel No 8.8 Adjacent network Low None None Unchanged High High High 6,7
CVE-2020-2604 Oracle Linux java-1.8.0-openjdk Yes 8.1 Network High None None Unchanged High High High 6,7,8
CVE-2020-2604 Oracle Linux java-11-openjdk Yes 8.1 Network High None None Unchanged High High High 7,8
CVE-2019-14814 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2019-14815 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2019-14816 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 7,8
CVE-2019-18634 Oracle Linux sudo No 7.8 Local Low Low None Unchanged High High High 8
CVE-2019-15917 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 7
CVE-2020-0602 Oracle Linux .NET Core on Red Hat Enterprise Linux Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2019-16276 Oracle Linux go-toolset:ol8 Yes 7.5 Network Low None None Unchanged None High None 8
CVE-2019-17596 Oracle Linux go-toolset:ol8 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2019-18408 Oracle Linux libarchive Yes 7.5 Network Low None None Unchanged None None High 7,8
CVE-2020-6851 Oracle Linux openjpeg2 Yes 7.5 Network Low None None Unchanged None None High 7,8
CVE-2016-5244 Oracle Linux Unbreakable Enterprise kernel Yes 7.5 Network Low None None Unchanged High None None 7
CVE-2019-15807 Oracle Linux Unbreakable Enterprise kernel Yes 7.5 Network Low None None Unchanged None None High 6
CVE-2019-15916 Oracle Linux Unbreakable Enterprise kernel Yes 7.5 Network Low None None Unchanged None None High 6
CVE-2019-16231 Oracle Linux Unbreakable Enterprise kernel Yes 7.5 Network Low None None Unchanged None None High 7
CVE-2020-2601 Oracle Linux java-1.8.0-openjdk Yes 6.8 Network High None None Changed High None None 6,7,8
CVE-2020-2601 Oracle Linux java-11-openjdk Yes 6.8 Network High None None Changed High None None 7,8
CVE-2019-10195 Oracle Linux ipa No 6.5 Network Low Low None Unchanged High None None 7
CVE-2019-11135 Oracle Linux qemu-kvm No 6.5 Local Low Low None Changed High None None 7
CVE-2019-11135 Oracle Linux virt:ol No 6.5 Local Low Low None Changed High None None 8
CVE-2019-17016 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 8
CVE-2019-17022 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 8
CVE-2019-17016 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2019-17022 Oracle Linux thunderbird Yes 6.1 Network Low None Required Changed Low Low None 7,8
CVE-2019-19332 Oracle Linux Unbreakable Enterprise kernel No 6.1 Local Low Low None Unchanged None Low High 6,7
CVE-2019-14865 Oracle Linux grub2 No 5.5 Local Low Low None Unchanged None None High 8
CVE-2019-0154 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 7
CVE-2019-20054 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 7
CVE-2019-20095 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 7
CVE-2020-2593 Oracle Linux java-1.8.0-openjdk Yes 4.8 Network High None None Unchanged Low Low None 6,7,8
CVE-2020-2593 Oracle Linux java-11-openjdk Yes 4.8 Network High None None Unchanged Low Low None 7,8
CVE-2019-3016 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local High Low None Unchanged High None None 7
CVE-2020-2583 Oracle Linux java-1.8.0-openjdk Yes 3.7 Network High None None Unchanged None None Low 6,7,8
CVE-2020-2590 Oracle Linux java-1.8.0-openjdk Yes 3.7 Network High None None Unchanged None Low None 6,7,8
CVE-2020-2654 Oracle Linux java-1.8.0-openjdk Yes 3.7 Network High None None Unchanged None None Low 6,7,8
CVE-2020-2659 Oracle Linux java-1.8.0-openjdk Yes 3.7 Network High None None Unchanged None None Low 6,7,8
CVE-2020-2583 Oracle Linux java-11-openjdk Yes 3.7 Network High None None Unchanged None None Low 7,8
CVE-2020-2590 Oracle Linux java-11-openjdk Yes 3.7 Network High None None Unchanged None Low None 7,8
CVE-2020-2654 Oracle Linux java-11-openjdk Yes 3.7 Network High None None Unchanged None None Low 7,8
CVE-2019-17026 Oracle Linux firefox Undefined 8
CVE-2020-2655 Oracle Linux java-11-openjdk Undefined 7,8
CVE-2019-14898 Oracle Linux kernel Undefined 7,8
CVE-2019-19338 Oracle Linux kernel Undefined 8
CVE-2019-17026 Oracle Linux thunderbird Undefined 7,8

Revision 1: Published on 2020-01-14

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-19333 Oracle Linux libyang Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2019-19334 Oracle Linux libyang Yes 9.8 Network Low None None Unchanged High High High 8
CVE-2019-17017 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 7
CVE-2019-17024 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 7
CVE-2015-9381 Oracle Linux freetype Yes 8.8 Network Low None Required Unchanged High High High 6
CVE-2019-1387 Oracle Linux git Yes 8.8 Network Low None Required Unchanged High High High 8
CVE-2019-14821 Oracle Linux kernel No 8.8 Local Low Low None Changed High High High 6
CVE-2019-18397 Oracle Linux fribidi No 7.8 Local Low None Required Unchanged High High High 7,8
CVE-2017-18595 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 6
CVE-2019-16884 Oracle Linux container-tools:ol8 Yes 7.5 Network Low None None Unchanged None High None 8
CVE-2019-15807 Oracle Linux Unbreakable Enterprise kernel Yes 7.5 Network Low None None Unchanged None None High 6
CVE-2019-16233 Oracle Linux Unbreakable Enterprise kernel Yes 7.5 Network Low None None Unchanged None None High 6
CVE-2015-9382 Oracle Linux freetype Yes 6.5 Network Low None Required Unchanged None None High 6
CVE-2019-17016 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7
CVE-2019-17022 Oracle Linux firefox Yes 6.1 Network Low None Required Changed Low Low None 7
CVE-2018-20852 Oracle Linux python Yes 5.3 Network Low None None Unchanged Low None None 7
CVE-2019-9512 Oracle Linux container-tools:1.0 Undefined 8
CVE-2019-9514 Oracle Linux container-tools:1.0 Undefined 8
CVE-2019-9512 Oracle Linux container-tools:ol8 Undefined 8
CVE-2019-9514 Oracle Linux container-tools:ol8 Undefined 8
CVE-2019-17026 Oracle Linux firefox Undefined 7
CVE-2019-1348 Oracle Linux git Undefined 8
CVE-2019-1349 Oracle Linux git Undefined 8
CVE-2019-1352 Oracle Linux git Undefined 8