No results found

Your search did not match any results.

We suggest you try the following to help find what you're looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.

 

Trending Questions

Oracle Linux Bulletin - October 2019

 

Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible.

 

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ol-pad-bulletin

 

Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 14 January 2020
  • 14 April 2020
  • 14 July 2020
  • 20 October 2020

References

 

Modification History

Date Note
2019-November-21 Rev 2. New CVEs added
2019-October-15 Rev 1. Initial Release

Oracle Linux Executive Summary

This Oracle Linux Bulletin contains 18 new security patches for the Oracle Linux.  13 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle Linux Risk Matrix

Revision 2: Published on 2019-11-21

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Attack Vector Attack Complexity Privs Req'd User Interact Scope Confiden-
tiality
Integrity Avail-
ability
CVE-2019-11478 Oracle Linux Unbreakable Enterprise kernel Yes 7.5 Network Low None None Unchanged None None High 6
CVE-2019-12749 Oracle Linux dbus No 7.1 Local Low Low None Unchanged High High None 8
CVE-2018-12181 Oracle Linux edk2 Undefined 8
CVE-2015-1593 Oracle Linux kernel Undefined 8
CVE-2018-16884 Oracle Linux kernel Undefined 8
CVE-2018-19985 Oracle Linux kernel Undefined 8
CVE-2018-20169 Oracle Linux kernel Undefined 8
CVE-2019-11833 Oracle Linux kernel Undefined 8
CVE-2019-11884 Oracle Linux kernel Undefined 8
CVE-2019-3459 Oracle Linux kernel Undefined 8
CVE-2019-5489 Oracle Linux kernel Undefined 8
CVE-2019-7222 Oracle Linux kernel Undefined 8
CVE-2019-3877 Oracle Linux mod_auth_mellon Undefined 8

Revision 1: Published on 2019-10-15

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Attack Vector Attack Complexity Privs Req'd User Interact Scope Confiden-
tiality
Integrity Avail-
ability
CVE-2018-11806 Oracle Linux qemu-kvm No 8.2 Local Low High None Changed High High High 6
CVE-2019-6778 Oracle Linux qemu-kvm No 7.8 Local Low Low None Unchanged High High High 6
CVE-2018-17962 Oracle Linux qemu-kvm Yes 7.5 Network Low None None Unchanged None None High 6
CVE-2019-12155 Oracle Linux qemu-kvm Yes 7.5 Network Low None None Unchanged None None High 6
CVE-2018-10839 Oracle Linux qemu-kvm No 6.5 Network Low Low None Unchanged None None High 6