The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated on the Tuesday closest to the 17th of the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next monthly update.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin fixes as soon as possible.
Please see My Oracle Support Note 1448883.1
Third Party Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:
|2018-December-14||Rev 3. Added all CVEs fixed in Solaris 11.4 SRU 4|
|2018-November-20||Rev 2. Added all CVEs fixed in Solaris 11.4 SRU 3|
|2018-October-16||Rev 1. Initial Release with all CVEs fixed in Solaris 11.3 LSU 36 and Solaris 11.4 SRU 2|
Oracle Solaris Executive Summary
This Oracle Solaris Bulletin contains 33 new security fixes for the Oracle Solaris Operating System. 18 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Oracle Solaris Third Party Bulletin Risk Matrix
Revision 3: Published on 2018-12-14
Revision 2: Published on 2018-11-20
Revision 1: Published on 2018-10-16
Notes:1. This fix also addresses CVE-2016-9843 CVE-2018-2767 CVE-2018-3058 CVE-2018-3066 CVE-2018-3081 CVE-2018-3133 CVE-2018-3143 CVE-2018-3144 CVE-2018-3155 CVE-2018-3156 CVE-2018-3161 CVE-2018-3162 CVE-2018-3171 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3247 CVE-2018-3251 CVE-2018-3276 CVE-2018-3277 CVE-2018-3278 CVE-2018-3282 CVE-2018-3283 CVE-2018-3284.