Oracle Linux Bulletin - January 2018


Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin fixes as soon as possible.


Patch Availability

Please see ULN Advisory http://linux.oracle.com/ol-pad-bulletin


Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 17 April 2018
  • 17 July 2018
  • 16 October 2018
  • 15 January 2019

References


Modification History


2018-March-16 Rev 3. New CVEs added.
2018-February-16 Rev 2. New CVEs added.
2018-January-16 Rev 1. Initial Release

 

Oracle Linux Executive Summary

 

This Oracle Linux Bulletin contains 93 new security fixes for the Oracle Linux.  62 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Linux Risk Matrix


Revision 3: Published on 2018-03-16



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2017-10784 Oracle Linux ruby Yes 9.3 Network Medium None Complete Complete Complete 7
CVE-2017-17405 Oracle Linux ruby Yes 9.3 Network Medium None Complete Complete Complete 7
CVE-2017-0899 Oracle Linux ruby Yes 7.5 Network Low None Partial Partial Partial 7
CVE-2017-0903 Oracle Linux ruby Yes 7.5 Network Low None Partial Partial Partial 7
CVE-2017-14064 Oracle Linux ruby Yes 7.5 Network Low None Partial Partial Partial 7
CVE-2017-17790 Oracle Linux ruby Yes 7.5 Network Low None Partial Partial Partial 7
CVE-2017-16525 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-16529 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-16531 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-8824 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-12188 Oracle Linux kernel No 6.9 Local Medium None Complete Complete Complete 7
CVE-2018-5345 Oracle Linux gcab Yes 6.8 Network Medium None Partial Partial Partial 7
CVE-2017-0902 Oracle Linux ruby Yes 6.8 Network Medium None Partial Partial Partial 7
CVE-2017-0898 Oracle Linux ruby Yes 6.4 Network Low None Partial None Partial 7
CVE-2017-0901 Oracle Linux ruby Yes 6.4 Network Low None None Partial Partial 7
CVE-2018-2599 Oracle Linux java-1.7.0-openjdk Yes 5.8 Network Medium None None Partial Partial 6,7
CVE-2018-2637 Oracle Linux java-1.7.0-openjdk Yes 5.8 Network Medium None Partial Partial None 6,7
CVE-2018-2633 Oracle Linux java-1.7.0-openjdk Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2018-2603 Oracle Linux java-1.7.0-openjdk Yes 5.0 Network Low None None None Partial 6,7
CVE-2018-6871 Oracle Linux libreoffice Yes 5.0 Network Low None Partial None None 6,7
CVE-2017-0900 Oracle Linux ruby Yes 5.0 Network Low None None None Partial 7
CVE-2017-14033 Oracle Linux ruby Yes 5.0 Network Low None None None Partial 7
CVE-2017-14106 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 6
CVE-2017-6951 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 6
CVE-2017-15135 Oracle Linux 389-ds-base Yes 4.3 Network Medium None Partial None None 7
CVE-2017-15135 Oracle Linux 389-ds-base Yes 4.3 Network Medium None Partial None None 6
CVE-2018-2579 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2018-2618 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2018-2634 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2018-2663 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2018-2677 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2018-2678 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2018-5950 Oracle Linux mailman Yes 4.3 Network Medium None None Partial None 6,7
CVE-2017-7890 Oracle Linux php Yes 4.3 Network Medium None Partial None None 7
CVE-2018-2588 Oracle Linux java-1.7.0-openjdk No 4.0 Network Low Single Partial None None 6,7
CVE-2018-2602 Oracle Linux java-1.7.0-openjdk No 3.7 Local High None Partial Partial Partial 6,7
CVE-2018-2629 Oracle Linux java-1.7.0-openjdk Yes 2.6 Network High None None Partial None 6,7
CVE-2018-2641 Oracle Linux java-1.7.0-openjdk Yes 2.6 Network High None None Partial None 6,7
CVE-2017-15289 Oracle Linux qemu-kvm No 2.1 Local Low None None None Partial 6
CVE-2018-1054 Oracle Linux 389-ds-base Yes 0.0 Network Undefined None None None None 7
CVE-2018-1054 Oracle Linux 389-ds-base Yes 0.0 Network Undefined None None None None 6
CVE-2018-5732 Oracle Linux dhcp Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5733 Oracle Linux dhcp Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5125 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5127 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5129 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5130 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5131 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5144 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5145 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2017-7518 Oracle Linux kernel Yes 0.0 Network Undefined None None None None 7
CVE-2018-5379 Oracle Linux quagga Yes 0.0 Network Undefined None None None None 7
CVE-2017-7482 Oracle Linux Unbreakable Enterprise kernel Yes 0.0 Network Undefined None None None None 6
 

 

Revision 2: Published on 2018-02-16



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2017-11176 Oracle Linux kernel Yes 10.0 Network Low None Complete Complete Complete 6
CVE-2017-15115 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-8824 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2015-8539 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 7
CVE-2017-9074 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-17712 Oracle Linux Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 6,7
CVE-2018-2599 Oracle Linux java-1.8.0-openjdk Yes 5.8 Network Medium None None Partial Partial 6,7
CVE-2018-2637 Oracle Linux java-1.8.0-openjdk Yes 5.8 Network Medium None Partial Partial None 6,7
CVE-2018-2633 Oracle Linux java-1.8.0-openjdk Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2018-2603 Oracle Linux java-1.8.0-openjdk Yes 5.0 Network Low None None None Partial 6,7
CVE-2017-12193 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 6,7
CVE-2017-12192 Oracle Linux kernel No 4.9 Local Low None None None Complete 7
CVE-2017-12193 Oracle Linux kernel No 4.9 Local Low None None None Complete 7
CVE-2017-7472 Oracle Linux kernel No 4.9 Local Low None None None Complete 7
CVE-2017-7542 Oracle Linux kernel No 4.9 Local Low None None None Complete 6
CVE-2017-5754 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2017-5715 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None Complete None None 6
CVE-2017-5753 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None Complete None None 6
CVE-2017-5754 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None Complete None None 6
CVE-2017-0861 Oracle Linux Unbreakable Enterprise kernel No 4.6 Local Low None Partial Partial Partial 6,7
CVE-2017-1000407 Oracle Linux Unbreakable Enterprise kernel No 4.6 Adjacent network High None None None Complete 6,7
CVE-2017-15649 Oracle Linux kernel No 4.6 Local Low None Partial Partial Partial 7
CVE-2018-2579 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2018-2618 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2018-2634 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2018-2663 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2018-2677 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2018-2678 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2018-2588 Oracle Linux java-1.8.0-openjdk No 4.0 Network Low Single Partial None None 6,7
CVE-2017-14604 Oracle Linux nautilus No 4.0 Network Low Single None Partial None 7
CVE-2018-2602 Oracle Linux java-1.8.0-openjdk No 3.7 Local High None Partial Partial Partial 6,7
CVE-2018-2629 Oracle Linux java-1.8.0-openjdk Yes 2.6 Network High None None Partial None 6,7
CVE-2018-2641 Oracle Linux java-1.8.0-openjdk Yes 2.6 Network High None None Partial None 6,7
CVE-2017-14140 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 6,7
CVE-2017-15134 Oracle Linux 389-ds-base Yes 0.0 Network Undefined None None None None 7
CVE-2017-3145 Oracle Linux bind Yes 0.0 Network Undefined None None None None 6,7
CVE-2017-3144 Oracle Linux dhcp Yes 0.0 Network Undefined None None None None 7
CVE-2018-5089 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5091 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5095 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5096 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5097 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5098 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5099 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5102 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5103 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5104 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5117 Oracle Linux firefox Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-2582 Oracle Linux java-1.8.0-openjdk Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-1049 Oracle Linux systemd Yes 0.0 Network Undefined None None None None 7
CVE-2018-5089 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5095 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5096 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5097 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5098 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5099 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5102 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5103 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5104 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2018-5117 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
 

 

Revision 1: Published on 2018-01-16



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2017-16525 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-16526 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-16529 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-16530 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-16531 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-16533 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-16535 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-16536 Oracle Linux Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 6,7
CVE-2017-5715 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2017-5753 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2017-5754 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2017-5715 Oracle Linux kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2017-5753 Oracle Linux kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2017-5754 Oracle Linux kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2017-5715 Oracle Linux libvirt No 4.7 Local Medium None Complete None None 6,7
CVE-2017-5715 Oracle Linux qemu-kvm No 4.7 Local Medium None Complete None None 6,7
CVE-2017-7829 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2017-7846 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2017-7847 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7
CVE-2017-7848 Oracle Linux thunderbird Yes 0.0 Network Undefined None None None None 6,7