Oracle Linux Bulletin - January 2017


Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin fixes as soon as possible.


Patch Availability

Please see ULN Advisory http://linux.oracle.com/ol-pad-bulletin


Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 18 April 2017
  • 18 July 2017
  • 17 October 2017
  • 16 January 2018

References


Modification History


2017-March-17 Rev 3. New CVEs added.
2017-February-17 Rev 2. New CVEs added.
2017-January-17 Rev 1. Initial Release

 

Oracle Linux Executive Summary

 

This Oracle Linux Bulletin contains 114 new security fixes for the Oracle Linux.  84 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Linux Risk Matrix


Revision 3: Published on 2017-03-17



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2016-9083 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 7
CVE-2016-9555 Oracle Linux kernel Yes 7.1 Network Medium None None None Complete 6
CVE-2017-6074 Oracle Linux Unbreakable Enterprise kernel No 6.8 Local Low Single Complete Complete Complete 6,7
CVE-2017-5398 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-5400 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-5401 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-5402 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-5404 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-6074 Oracle Linux kernel No 6.8 Local Low Single Complete Complete Complete 5,6,7
CVE-2017-5398 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-5400 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-5401 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-5402 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-5404 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-6074 Oracle Linux Unbreakable Enterprise kernel No 6.8 Local Low Single Complete Complete Complete 5,6
CVE-2016-8655 Oracle Linux kernel No 6.6 Local Medium Single Complete Complete Complete 7
CVE-2016-6816 Oracle Linux tomcat6 Yes 5.8 Network Medium None Partial Partial None 6
CVE-2016-8630 Oracle Linux kernel No 5.2 Adjacent network Medium Single None None Complete 7
CVE-2017-5405 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2017-5410 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2017-5405 Oracle Linux thunderbird Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2017-5410 Oracle Linux thunderbird Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2017-2615 Oracle Linux kvm No 4.9 Adjacent network Medium Single Partial Partial Partial 5
CVE-2017-2620 Oracle Linux kvm No 4.9 Adjacent network Medium Single Partial Partial Partial 5
CVE-2017-2615 Oracle Linux qemu-kvm No 4.9 Adjacent network Medium Single Partial Partial Partial 6,7
CVE-2017-2620 Oracle Linux qemu-kvm No 4.9 Adjacent network Medium Single Partial Partial Partial 7
CVE-2017-2620 Oracle Linux qemu-kvm No 4.9 Adjacent network Medium Single Partial Partial Partial 6
CVE-2017-5407 Oracle Linux firefox Yes 4.3 Network Medium None None Partial None 5,6,7
CVE-2017-5408 Oracle Linux firefox Yes 4.3 Network Medium None None Partial None 5,6,7
CVE-2016-8610 Oracle Linux openssl Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-2857 Oracle Linux qemu-kvm No 4.3 Adjacent network Medium None Partial None Partial 6
CVE-2017-5407 Oracle Linux thunderbird Yes 4.3 Network Medium None None Partial None 6,7
CVE-2017-5408 Oracle Linux thunderbird Yes 4.3 Network Medium None None Partial None 6,7
CVE-2016-8745 Oracle Linux tomcat6 Yes 4.3 Network Medium None Partial None None 6
CVE-2016-6136 Oracle Linux kernel No 3.3 Local Medium None Partial None Partial 6
CVE-2016-9084 Oracle Linux kernel No 3.3 Local Medium None None Partial Partial 7
CVE-2017-2590 Oracle Linux ipa Yes 0.0 Network Undefined None None None None 7
CVE-2017-2634 Oracle Linux kernel Yes 0.0 Network Undefined None None None None 5
CVE-2017-3731 Oracle Linux openssl Yes 0.0 Network Undefined None None None None 6,7
 

 

Revision 2: Published on 2017-02-17



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2016-7117 Oracle Linux kernel Yes 7.6 Network High None Complete Complete Complete 7
CVE-2016-9083 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2016-9555 Oracle Linux kernel Yes 7.1 Network Medium None None None Complete 7
CVE-2016-6662 Oracle Linux mysql No 7.1 Network High Single Complete Complete Complete 6
CVE-2017-5373 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-5375 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-5376 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-3241 Oracle Linux java-1.7.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-3272 Oracle Linux java-1.7.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-3289 Oracle Linux java-1.7.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2017-3241 Oracle Linux java-1.8.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-3272 Oracle Linux java-1.8.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-3289 Oracle Linux java-1.8.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-5373 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-5375 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2017-5376 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-9576 Oracle Linux Unbreakable Enterprise kernel No 6.2 Local High None Complete Complete Complete 6,7
CVE-2016-9577 Oracle Linux spice No 6.0 Network Medium Single Partial Partial Partial 7
CVE-2016-9577 Oracle Linux spice-server No 6.0 Network Medium Single Partial Partial Partial 6
CVE-2015-8870 Oracle Linux libtiff Yes 5.8 Network Medium None Partial None Partial 6,7
CVE-2016-9310 Oracle Linux ntp Yes 5.8 Network Medium None Partial None Partial 6,7
CVE-2016-8630 Oracle Linux Unbreakable Enterprise kernel No 5.2 Adjacent network Medium Single None None Complete 6,7
CVE-2017-5380 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2017-5386 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2017-5390 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2017-5396 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2016-5652 Oracle Linux libtiff Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-9533 Oracle Linux libtiff Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-9534 Oracle Linux libtiff Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-9535 Oracle Linux libtiff Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-9536 Oracle Linux libtiff Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-9537 Oracle Linux libtiff Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-9540 Oracle Linux libtiff Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2017-5380 Oracle Linux thunderbird Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2017-5390 Oracle Linux thunderbird Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2017-5396 Oracle Linux thunderbird Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-5546 Oracle Linux java-1.7.0-openjdk Yes 5.0 Network Low None None Partial None 5,6,7
CVE-2016-5547 Oracle Linux java-1.7.0-openjdk Yes 5.0 Network Low None None None Partial 5,6,7
CVE-2016-5552 Oracle Linux java-1.7.0-openjdk Yes 5.0 Network Low None None Partial None 5,6,7
CVE-2017-3253 Oracle Linux java-1.7.0-openjdk Yes 5.0 Network Low None None None Partial 5,6,7
CVE-2016-5546 Oracle Linux java-1.8.0-openjdk Yes 5.0 Network Low None None Partial None 6,7
CVE-2016-5547 Oracle Linux java-1.8.0-openjdk Yes 5.0 Network Low None None None Partial 6,7
CVE-2016-5552 Oracle Linux java-1.8.0-openjdk Yes 5.0 Network Low None None Partial None 6,7
CVE-2017-3253 Oracle Linux java-1.8.0-openjdk Yes 5.0 Network Low None None None Partial 6,7
CVE-2016-9578 Oracle Linux spice Yes 5.0 Network Low None None None Partial 7
CVE-2016-9578 Oracle Linux spice-server Yes 5.0 Network Low None None None Partial 6
CVE-2016-8646 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None None None Complete 6,7
CVE-2016-8646 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None None None Complete 5,6
CVE-2013-7446 Oracle Linux Unbreakable Enterprise kernel No 4.6 Local Low None Partial Partial Partial 5,6
CVE-2017-3135 Oracle Linux bind Yes 4.3 Network Medium None None None Partial 7
CVE-2017-5378 Oracle Linux firefox Yes 4.3 Network Medium None Partial None None 5,6,7
CVE-2017-5383 Oracle Linux firefox Yes 4.3 Network Medium None None Partial None 5,6,7
CVE-2016-5548 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None Partial None None 5,6,7
CVE-2017-3231 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None Partial None None 5,6,7
CVE-2017-3261 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None Partial None None 5,6,7
CVE-2016-5548 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2017-3231 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2017-3261 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2016-7426 Oracle Linux ntp Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-9311 Oracle Linux ntp Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-2857 Oracle Linux qemu-kvm No 4.3 Adjacent network Medium None Partial None Partial 7
CVE-2016-10002 Oracle Linux squid Yes 4.3 Network Medium None Partial None None 7
CVE-2016-10002 Oracle Linux squid34 Yes 4.3 Network Medium None Partial None None 6
CVE-2017-5378 Oracle Linux thunderbird Yes 4.3 Network Medium None Partial None None 6,7
CVE-2017-5383 Oracle Linux thunderbird Yes 4.3 Network Medium None None Partial None 6,7
CVE-2016-6828 Oracle Linux kernel No 3.6 Local Low None None Partial Partial 7
CVE-2016-5616 Oracle Linux mysql No 3.5 Local High Single Partial Partial Partial 6
CVE-2016-6663 Oracle Linux mysql No 3.5 Local High Single Partial Partial Partial 6
CVE-2016-9084 Oracle Linux Unbreakable Enterprise kernel No 3.3 Local Medium None None Partial Partial 6,7
CVE-2016-7429 Oracle Linux ntp Yes 2.6 Network High None None None Partial 6,7
CVE-2015-1420 Oracle Linux Unbreakable Enterprise kernel No 2.6 Local High None Partial Partial None 5,6
CVE-2016-4482 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 6,7
CVE-2016-4485 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 6,7
CVE-2017-3252 Oracle Linux java-1.7.0-openjdk No 2.1 Network High Single None Partial None 5,6,7
CVE-2017-3252 Oracle Linux java-1.8.0-openjdk No 2.1 Network High Single None Partial None 6,7
CVE-2016-4482 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 5,6
CVE-2016-4485 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 5,6
CVE-2016-7433 Oracle Linux ntp No 1.2 Local High None None None Partial 6,7
 

 

Revision 1: Published on 2017-01-17



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2016-7117 Oracle Linux Unbreakable Enterprise kernel Yes 7.6 Network High None Complete Complete Complete 6,7
CVE-2016-7117 Oracle Linux kernel Yes 7.6 Network High None Complete Complete Complete 5,6
CVE-2016-7117 Oracle Linux Unbreakable Enterprise kernel Yes 7.6 Network High None Complete Complete Complete 5,6
CVE-2016-8666 Oracle Linux Unbreakable Enterprise kernel Yes 7.1 Network Medium None None None Complete 6,7
CVE-2016-9793 Oracle Linux Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 6,7
CVE-2016-9793 Oracle Linux Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 5,6
CVE-2016-9445 Oracle Linux gstreamer-plugins-bad-free Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-9447 Oracle Linux gstreamer-plugins-bad-free Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-9634 Oracle Linux gstreamer-plugins-good Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-9635 Oracle Linux gstreamer-plugins-good Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-9636 Oracle Linux gstreamer-plugins-good Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-9808 Oracle Linux gstreamer-plugins-good Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-9445 Oracle Linux gstreamer1-plugins-bad-free Yes 6.8 Network Medium None Partial Partial Partial 7
CVE-2016-9634 Oracle Linux gstreamer1-plugins-good Yes 6.8 Network Medium None Partial Partial Partial 7
CVE-2016-9635 Oracle Linux gstreamer1-plugins-good Yes 6.8 Network Medium None Partial Partial Partial 7
CVE-2016-9636 Oracle Linux gstreamer1-plugins-good Yes 6.8 Network Medium None Partial Partial Partial 7
CVE-2016-9808 Oracle Linux gstreamer1-plugins-good Yes 6.8 Network Medium None Partial Partial Partial 7
CVE-2016-5582 Oracle Linux java-1.6.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2016-9893 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-9899 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-1248 Oracle Linux vim Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-8655 Oracle Linux Unbreakable Enterprise kernel No 6.6 Local Medium Single Complete Complete Complete 6,7
CVE-2016-9575 Oracle Linux ipa No 6.5 Network Low Single Partial Partial Partial 7
CVE-2016-9637 Oracle Linux xen No 6.5 Adjacent network High Single Complete Complete Complete 5
CVE-2016-9794 Oracle Linux Unbreakable Enterprise kernel No 6.3 Local Medium None None Complete Complete 6,7
CVE-2016-9794 Oracle Linux Unbreakable Enterprise kernel No 6.3 Local Medium None None Complete Complete 5,6
CVE-2016-3157 Oracle Linux Unbreakable Enterprise kernel No 6.0 Network Medium Single Partial Partial Partial 5,6
CVE-2016-4998 Oracle Linux kernel No 5.6 Local Low None Partial None Complete 6
CVE-2016-7978 Oracle Linux ghostscript Yes 5.1 Network High None Partial Partial Partial 7
CVE-2016-7979 Oracle Linux ghostscript Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-8602 Oracle Linux ghostscript Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-5573 Oracle Linux java-1.6.0-openjdk Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2016-9905 Oracle Linux thunderbird Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-9131 Oracle Linux bind Yes 5.0 Network Low None None None Partial 7
CVE-2016-9147 Oracle Linux bind Yes 5.0 Network Low None None None Partial 5,6,7
CVE-2016-9444 Oracle Linux bind Yes 5.0 Network Low None None None Partial 7
CVE-2016-9147 Oracle Linux bind97 Yes 5.0 Network Low None None None Partial 5
CVE-2016-7042 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 6,7
CVE-2016-7042 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 5,6
CVE-2016-9806 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None None None Complete 6,7
CVE-2013-5653 Oracle Linux ghostscript Yes 4.3 Network Medium None Partial None None 6,7
CVE-2016-7977 Oracle Linux ghostscript Yes 4.3 Network Medium None Partial None None 6,7
CVE-2016-9807 Oracle Linux gstreamer-plugins-good Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-9812 Oracle Linux gstreamer1-plugins-bad-free Yes 4.3 Network Medium None None None Partial 7
CVE-2016-9813 Oracle Linux gstreamer1-plugins-bad-free Yes 4.3 Network Medium None None None Partial 7
CVE-2016-9807 Oracle Linux gstreamer1-plugins-good Yes 4.3 Network Medium None None None Partial 7
CVE-2016-7030 Oracle Linux ipa Yes 4.3 Network Medium None None None Partial 7
CVE-2016-5554 Oracle Linux java-1.6.0-openjdk Yes 4.3 Network Medium None None Partial None 5,6,7
CVE-2016-9895 Oracle Linux thunderbird Yes 4.3 Network Medium None None Partial None 6,7
CVE-2016-9900 Oracle Linux thunderbird Yes 4.3 Network Medium None Partial None None 6,7
CVE-2016-9901 Oracle Linux thunderbird Yes 4.3 Network Medium None Partial None None 6,7
CVE-2016-9902 Oracle Linux thunderbird Yes 4.3 Network Medium None Partial None None 6,7
CVE-2016-6828 Oracle Linux Unbreakable Enterprise kernel No 3.6 Local Low None None Partial Partial 6,7
CVE-2016-6828 Oracle Linux kernel No 3.6 Local Low None None Partial Partial 6
CVE-2016-6828 Oracle Linux Unbreakable Enterprise kernel No 3.6 Local Low None None Partial Partial 5,6
CVE-2016-9809 Oracle Linux gstreamer-plugins-bad-free Yes 2.6 Network High None None None Partial 7
CVE-2016-9809 Oracle Linux gstreamer1-plugins-bad-free Yes 2.6 Network High None None None Partial 7
CVE-2016-5542 Oracle Linux java-1.6.0-openjdk Yes 2.6 Network High None None Partial None 5,6,7
CVE-2016-5597 Oracle Linux java-1.6.0-openjdk Yes 2.6 Network High None Partial None None 5,6,7