Oracle Linux Bulletin - January 2019


Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin fixes as soon as possible.


Patch Availability

Please see ULN Advisory http://linux.oracle.com/ol-pad-bulletin


Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 16 April 2019
  • 16 July 2019
  • 15 October 2019
  • 14 January 2020

References


Modification History


2019-March-18 Rev 3. New CVEs added.
2019-February-19 Rev 2. New CVEs added.
2019-January-15 Rev 1. Initial Release

 

Oracle Linux Executive Summary

 

This Oracle Linux Bulletin contains 125 new security fixes for the Oracle Linux.  125 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Linux Risk Matrix


Revision 3: Published on 2019-03-18



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2019-3804 Oracle Linux cockpit Undefined 7
CVE-2018-18356 Oracle Linux firefox Undefined 6,7
CVE-2019-5785 Oracle Linux firefox Undefined 6,7
CVE-2019-8308 Oracle Linux flatpak Undefined 7
CVE-2019-2422 Oracle Linux java-1.7.0-openjdk Undefined 6,7
CVE-2019-2422 Oracle Linux java-1.8.0-openjdk Undefined 6,7
CVE-2019-2422 Oracle Linux java-11-openjdk Undefined 7
CVE-2018-10902 Oracle Linux kernel Undefined 6
CVE-2018-17972 Oracle Linux kernel Undefined 7
CVE-2018-18445 Oracle Linux kernel Undefined 7
CVE-2018-9568 Oracle Linux kernel Undefined 7
CVE-2018-5407 Oracle Linux openssl Undefined 7
CVE-2019-6133 Oracle Linux polkit Undefined 6
CVE-2017-10806 Oracle Linux qemu Undefined 7
CVE-2017-11334 Oracle Linux qemu Undefined 7
CVE-2017-12809 Oracle Linux qemu Undefined 7
CVE-2017-13672 Oracle Linux qemu Undefined 7
CVE-2017-13673 Oracle Linux qemu Undefined 7
CVE-2017-13711 Oracle Linux qemu Undefined 7
CVE-2017-14167 Oracle Linux qemu Undefined 7
CVE-2017-15038 Oracle Linux qemu Undefined 7
CVE-2017-15119 Oracle Linux qemu Undefined 7
CVE-2017-15124 Oracle Linux qemu Undefined 7
CVE-2017-15268 Oracle Linux qemu Undefined 7
CVE-2017-15289 Oracle Linux qemu Undefined 7
CVE-2017-16845 Oracle Linux qemu Undefined 7
CVE-2017-17381 Oracle Linux qemu Undefined 7
CVE-2017-18030 Oracle Linux qemu Undefined 7
CVE-2017-18043 Oracle Linux qemu Undefined 7
CVE-2017-2630 Oracle Linux qemu Undefined 7
CVE-2017-2633 Oracle Linux qemu Undefined 7
CVE-2017-5715 Oracle Linux qemu Undefined 7
CVE-2017-5753 Oracle Linux qemu Undefined 7
CVE-2017-5754 Oracle Linux qemu Undefined 7
CVE-2017-7471 Oracle Linux qemu Undefined 7
CVE-2017-7493 Oracle Linux qemu Undefined 7
CVE-2017-8112 Oracle Linux qemu Undefined 7
CVE-2017-8309 Oracle Linux qemu Undefined 7
CVE-2017-8379 Oracle Linux qemu Undefined 7
CVE-2017-8380 Oracle Linux qemu Undefined 7
CVE-2017-9503 Oracle Linux qemu Undefined 7
CVE-2018-10839 Oracle Linux qemu Undefined 7
CVE-2018-11806 Oracle Linux qemu Undefined 7
CVE-2018-12617 Oracle Linux qemu Undefined 7
CVE-2018-15746 Oracle Linux qemu Undefined 7
CVE-2018-16847 Oracle Linux qemu Undefined 7
CVE-2018-16867 Oracle Linux qemu Undefined 7
CVE-2018-16872 Oracle Linux qemu Undefined 7
CVE-2018-17958 Oracle Linux qemu Undefined 7
CVE-2018-17962 Oracle Linux qemu Undefined 7
CVE-2018-17963 Oracle Linux qemu Undefined 7
CVE-2018-18849 Oracle Linux qemu Undefined 7
CVE-2018-19364 Oracle Linux qemu Undefined 7
CVE-2018-19489 Oracle Linux qemu Undefined 7
CVE-2018-20124 Oracle Linux qemu Undefined 7
CVE-2018-20125 Oracle Linux qemu Undefined 7
CVE-2018-20126 Oracle Linux qemu Undefined 7
CVE-2018-20191 Oracle Linux qemu Undefined 7
CVE-2018-20216 Oracle Linux qemu Undefined 7
CVE-2018-3639 Oracle Linux qemu Undefined 7
CVE-2018-5683 Oracle Linux qemu Undefined 7
CVE-2018-7550 Oracle Linux qemu Undefined 7
CVE-2018-7858 Oracle Linux qemu Undefined 7
CVE-2019-6454 Oracle Linux systemd Undefined 7
CVE-2018-11784 Oracle Linux tomcat Undefined 7
CVE-2017-17807 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-1000026 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-10876 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-10877 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-10878 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-13053 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-14609 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-14612 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-16862 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-17972 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-18559 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-9568 Oracle Linux Unbreakable Enterprise kernel Undefined 6
 

 

Revision 2: Published on 2019-02-19



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2018-5742 Oracle Linux bind Undefined 7
CVE-2018-18500 Oracle Linux firefox Undefined 6,7
CVE-2018-18501 Oracle Linux firefox Undefined 6,7
CVE-2018-18505 Oracle Linux firefox Undefined 6,7
CVE-2018-16540 Oracle Linux ghostscript Undefined 7
CVE-2018-19475 Oracle Linux ghostscript Undefined 7
CVE-2018-19476 Oracle Linux ghostscript Undefined 7
CVE-2018-19477 Oracle Linux ghostscript Undefined 7
CVE-2019-6116 Oracle Linux ghostscript Undefined 7
CVE-2018-18397 Oracle Linux kernel Undefined 7
CVE-2018-18559 Oracle Linux kernel Undefined 7
CVE-2018-15127 Oracle Linux libvncserver Undefined 7
CVE-2018-18311 Oracle Linux perl Undefined 7
CVE-2019-6133 Oracle Linux polkit Undefined 7
CVE-2018-16872 Oracle Linux qemu Undefined 7
CVE-2018-20124 Oracle Linux qemu Undefined 7
CVE-2018-20125 Oracle Linux qemu Undefined 7
CVE-2018-20126 Oracle Linux qemu Undefined 7
CVE-2018-20191 Oracle Linux qemu Undefined 7
CVE-2018-20216 Oracle Linux qemu Undefined 7
CVE-2019-3813 Oracle Linux spice Undefined 7
CVE-2019-3813 Oracle Linux spice-server Undefined 6
CVE-2019-3815 Oracle Linux systemd Undefined 7
CVE-2016-5824 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12405 Oracle Linux thunderbird Undefined 6,7
CVE-2018-17466 Oracle Linux thunderbird Undefined 6,7
CVE-2018-18492 Oracle Linux thunderbird Undefined 6,7
CVE-2018-18493 Oracle Linux thunderbird Undefined 6,7
CVE-2018-18494 Oracle Linux thunderbird Undefined 6,7
CVE-2018-18498 Oracle Linux thunderbird Undefined 6,7
CVE-2018-18500 Oracle Linux thunderbird Undefined 6,7
CVE-2018-18501 Oracle Linux thunderbird Undefined 6,7
CVE-2018-18505 Oracle Linux thunderbird Undefined 6,7
CVE-2017-12153 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-10322 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-1094 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-13053 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-14609 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-16882 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-17972 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-18397 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-19407 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-19824 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-3639 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-5848 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-7755 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-8043 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2019-5489 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
 

 

Revision 1: Published on 2019-01-15



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2018-12405 Oracle Linux firefox Undefined 6,7
CVE-2018-17466 Oracle Linux firefox Undefined 6,7
CVE-2018-18492 Oracle Linux firefox Undefined 6,7
CVE-2018-18493 Oracle Linux firefox Undefined 6,7
CVE-2018-18494 Oracle Linux firefox Undefined 6,7
CVE-2018-18498 Oracle Linux firefox Undefined 6,7
CVE-2018-15911 Oracle Linux ghostscript Undefined 7
CVE-2018-16541 Oracle Linux ghostscript Undefined 7
CVE-2018-16802 Oracle Linux ghostscript Undefined 7
CVE-2018-17183 Oracle Linux ghostscript Undefined 7
CVE-2018-17961 Oracle Linux ghostscript Undefined 7
CVE-2018-18073 Oracle Linux ghostscript Undefined 7
CVE-2018-18284 Oracle Linux ghostscript Undefined 7
CVE-2018-19134 Oracle Linux ghostscript Undefined 7
CVE-2018-19409 Oracle Linux ghostscript Undefined 7
CVE-2018-19115 Oracle Linux keepalived Undefined 7
CVE-2018-12327 Oracle Linux ntp Undefined 6
CVE-2018-16867 Oracle Linux qemu Undefined 7
CVE-2018-15688 Oracle Linux systemd Undefined 7
CVE-2018-16864 Oracle Linux systemd Undefined 7
CVE-2018-16865 Oracle Linux systemd Undefined 7
CVE-2016-3841 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2017-14051 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2017-17450 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2017-18079 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-1000004 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-1092 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-9516 Oracle Linux Unbreakable Enterprise kernel Undefined 6