Oracle Linux Bulletin - July 2016


Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin fixes as soon as possible.


Patch Availability

Please see ULN Advisory http://linux.oracle.com/ol-pad-bulletin


Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 18 October 2016
  • 17 January 2017
  • 18 April 2017
  • 18 July 2017

References


Modification History


2016-September-19 Rev 3. New CVEs added.
2016-August-19 Rev 2. New CVEs added.
2016-July-19 Rev 1. Initial Release

 

Oracle Linux Executive Summary

 

This Oracle Linux Bulletin contains 135 new security fixes for the Oracle Linux.  66 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Linux Risk Matrix


Revision 3: Published on 2016-09-19



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2016-4997 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 7
CVE-2016-3606 Oracle Linux java-1.6.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2016-2836 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-3134 Oracle Linux kernel No 6.2 Local High None Complete Complete Complete 7
CVE-2016-1541 Oracle Linux libarchive No 6.0 Network Medium Single Partial Partial Partial 7
CVE-2016-4300 Oracle Linux libarchive No 6.0 Network Medium Single Partial Partial Partial 7
CVE-2016-4302 Oracle Linux libarchive No 6.0 Network Medium Single Partial Partial Partial 7
CVE-2016-5696 Oracle Linux kernel Yes 5.8 Network Medium None None Partial Partial 6
CVE-2016-0723 Oracle Linux Unbreakable Enterprise kernel No 5.6 Local Low None Partial None Complete 6
CVE-2016-4998 Oracle Linux kernel No 5.6 Local Low None Partial None Complete 7
CVE-2015-8787 Oracle Linux Unbreakable Enterprise kernel Yes 5.4 Network High None None None Complete 6
CVE-2015-8816 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 6
CVE-2016-2847 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 6
CVE-2016-4951 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 6
CVE-2016-4581 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None None None Complete 6
CVE-2016-5418 Oracle Linux libarchive No 4.6 Network High Single Partial Partial Partial 6,7
CVE-2016-3458 Oracle Linux java-1.6.0-openjdk Yes 4.3 Network Medium None None Partial None 5,6,7
CVE-2016-3500 Oracle Linux java-1.6.0-openjdk Yes 4.3 Network Medium None None None Partial 5,6,7
CVE-2016-3508 Oracle Linux java-1.6.0-openjdk Yes 4.3 Network Medium None None None Partial 5,6,7
CVE-2016-3550 Oracle Linux java-1.6.0-openjdk Yes 4.3 Network Medium None Partial None None 5,6,7
CVE-2016-6250 Oracle Linux libarchive No 4.3 Network High Multiple Partial Partial Partial 7
CVE-2013-5211 Oracle Linux ntp Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-5404 Oracle Linux ipa No 4.0 Network Low Single None None Partial 6,7
CVE-2016-2069 Oracle Linux Unbreakable Enterprise kernel No 3.7 Local High None Partial Partial Partial 6
CVE-2015-8916 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 7
CVE-2015-8917 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 7
CVE-2015-8919 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 7
CVE-2015-8920 Oracle Linux libarchive No 3.5 Network Medium Single Partial None None 6,7
CVE-2015-8921 Oracle Linux libarchive No 3.5 Network Medium Single Partial None None 6,7
CVE-2015-8922 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 7
CVE-2015-8923 Oracle Linux libarchive No 3.5 Network Medium Single Partial None None 7
CVE-2015-8924 Oracle Linux libarchive No 3.5 Network Medium Single Partial None None 7
CVE-2015-8925 Oracle Linux libarchive No 3.5 Network Medium Single Partial None None 7
CVE-2015-8926 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 7
CVE-2015-8928 Oracle Linux libarchive No 3.5 Network Medium Single Partial None None 7
CVE-2015-8930 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 7
CVE-2015-8931 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 7
CVE-2015-8932 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 6,7
CVE-2015-8934 Oracle Linux libarchive No 3.5 Network Medium Single Partial None None 7
CVE-2016-4809 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 6,7
CVE-2016-5844 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 6,7
CVE-2016-7166 Oracle Linux libarchive No 3.5 Network Medium Single None None Partial 6,7
CVE-2015-8785 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None None None Partial 6
CVE-2016-4913 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 6
CVE-2016-4805 Oracle Linux Unbreakable Enterprise kernel No 1.9 Local Medium None None None Partial 6
CVE-2016-3156 Oracle Linux Unbreakable Enterprise kernel No 1.7 Local Low Single None None Partial 6
 

 

Revision 2: Published on 2016-08-19



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2016-4470 Oracle Linux Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 6
CVE-2016-4470 Oracle Linux kernel No 6.9 Local Medium None Complete Complete Complete 7
CVE-2016-4470 Oracle Linux Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 5,6,7
CVE-2016-2836 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2016-5258 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2016-5259 Oracle Linux firefox Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2016-3598 Oracle Linux java-1.7.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2016-3606 Oracle Linux java-1.7.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2016-3610 Oracle Linux java-1.7.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 5,6,7
CVE-2016-3587 Oracle Linux java-1.8.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-3598 Oracle Linux java-1.8.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-3606 Oracle Linux java-1.8.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-3610 Oracle Linux java-1.8.0-openjdk Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2015-7554 Oracle Linux libtiff Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2015-8784 Oracle Linux libtiff Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-3632 Oracle Linux libtiff Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-3945 Oracle Linux libtiff Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-3990 Oracle Linux libtiff Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-3991 Oracle Linux libtiff Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-5320 Oracle Linux libtiff Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-2143 Oracle Linux kernel No 6.2 Local High None Complete Complete Complete 7
CVE-2015-8660 Oracle Linux Unbreakable Enterprise kernel No 6.0 Local High Single Complete Complete Complete 6
CVE-2015-8660 Oracle Linux kernel No 6.0 Local High Single Complete Complete Complete 7
CVE-2016-3477 Oracle Linux mariadb No 6.0 Network Medium Single Partial Partial Partial 7
CVE-2016-5696 Oracle Linux Unbreakable Enterprise kernel Yes 5.8 Network Medium None None Partial Partial 6
CVE-2016-5696 Oracle Linux kernel Yes 5.8 Network Medium None None Partial Partial 7
CVE-2014-9655 Oracle Linux libtiff Yes 5.8 Network Medium None Partial None Partial 6,7
CVE-2015-1547 Oracle Linux libtiff Yes 5.8 Network Medium None None Partial Partial 6,7
CVE-2016-5696 Oracle Linux Unbreakable Enterprise kernel Yes 5.8 Network Medium None None Partial Partial 7
CVE-2016-2119 Oracle Linux samba No 5.4 Adjacent network Medium None Partial Partial Partial 7
CVE-2016-2119 Oracle Linux samba4 No 5.4 Adjacent network Medium None Partial Partial Partial 6
CVE-2016-2837 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2016-2838 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2016-5252 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2016-5254 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2016-5263 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2016-5264 Oracle Linux firefox Yes 5.1 Network High None Partial Partial Partial 5,6,7
CVE-2016-5408 Oracle Linux squid Yes 5.1 Network High None Partial Partial Partial 6
CVE-2016-5386 Oracle Linux golang Yes 5.0 Network Low None None Partial None 7
CVE-2016-5385 Oracle Linux php Yes 5.0 Network Low None None Partial None 7
CVE-2016-5385 Oracle Linux php Yes 5.0 Network Low None None Partial None 6
CVE-2016-1000110 Oracle Linux python Yes 5.0 Network Low None None Partial None 6,7
CVE-2016-0640 Oracle Linux mariadb No 4.9 Network Medium Single None Partial Partial 7
CVE-2016-0641 Oracle Linux mariadb No 4.9 Network Medium Single Partial None Partial 7
CVE-2016-6197 Oracle Linux kernel-uek No 4.7 Local Medium None None None Complete 6
CVE-2016-6198 Oracle Linux kernel-uek No 4.7 Local Medium None None None Complete 6
CVE-2016-2830 Oracle Linux firefox Yes 4.3 Network Medium None Partial None None 5,6,7
CVE-2016-5262 Oracle Linux firefox Yes 4.3 Network Medium None None Partial None 5,6,7
CVE-2016-5265 Oracle Linux firefox Yes 4.3 Network Medium None Partial None None 5,6,7
CVE-2016-3458 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None None Partial None 5,6,7
CVE-2016-3500 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None None None Partial 5,6,7
CVE-2016-3508 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None None None Partial 5,6,7
CVE-2016-3550 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None Partial None None 5,6,7
CVE-2016-3458 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None None Partial None 6,7
CVE-2016-3500 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-3508 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-3550 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None Partial None None 6,7
CVE-2014-9330 Oracle Linux libtiff Yes 4.3 Network Medium None None None Partial 6,7
CVE-2015-8665 Oracle Linux libtiff Yes 4.3 Network Medium None None None Partial 6,7
CVE-2015-8668 Oracle Linux libtiff Yes 4.3 Network Medium None None None Partial 6,7
CVE-2015-8683 Oracle Linux libtiff Yes 4.3 Network Medium None None None Partial 6,7
CVE-2015-8781 Oracle Linux libtiff Yes 4.3 Network Medium None None None Partial 6,7
CVE-2015-8782 Oracle Linux libtiff Yes 4.3 Network Medium None None None Partial 6,7
CVE-2015-8783 Oracle Linux libtiff Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-5126 Oracle Linux qemu-kvm No 4.3 Adjacent network Medium None None Partial Partial 7
CVE-2016-0643 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2016-0644 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2016-0646 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2016-0647 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2016-0648 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2016-0649 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2016-0650 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2016-3521 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2016-5440 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2014-8127 Oracle Linux libtiff No 3.6 Local Low None Partial None Partial 6,7
CVE-2014-8129 Oracle Linux libtiff No 3.6 Local Low None Partial None Partial 6,7
CVE-2016-0666 Oracle Linux mariadb No 3.5 Network Medium Single None None Partial 7
CVE-2016-2117 Oracle Linux kernel-uek Yes 2.6 Network High None Partial None None 6
CVE-2016-3452 Oracle Linux mariadb Yes 2.6 Network High None Partial None None 7
CVE-2016-5444 Oracle Linux mariadb Yes 2.6 Network High None Partial None None 7
CVE-2016-2117 Oracle Linux Unbreakable Enterprise kernel Yes 2.6 Network High None Partial None None 5,6,7
CVE-2016-5403 Oracle Linux qemu-kvm No 2.3 Adjacent network Medium Single None None Partial 6,7
CVE-2014-8130 Oracle Linux libtiff No 2.1 Local Low None None None Partial 6,7
CVE-2016-3615 Oracle Linux mariadb No 2.1 Network High Single None None Partial 7
 

 

Revision 1: Published on 2016-07-19



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2015-8767 Oracle Linux kernel Yes 7.1 Network Medium None None None Complete 7
CVE-2016-4565 Oracle Linux kernel No 6.9 Local Medium None Complete Complete Complete 6,7
CVE-2016-4444 Oracle Linux setroubleshoot and setroubleshoot-plugins No 6.9 Local Medium None Complete Complete Complete 6,7
CVE-2016-4446 Oracle Linux setroubleshoot and setroubleshoot-plugins No 6.9 Local Medium None Complete Complete Complete 6,7
CVE-2016-4989 Oracle Linux setroubleshoot and setroubleshoot-plugins No 6.9 Local Medium None Complete Complete Complete 6,7
CVE-2016-4565 Oracle Linux Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 5,6
CVE-2016-1834 Oracle Linux libxml2 Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-2818 Oracle Linux thunderbird Yes 6.8 Network Medium None Partial Partial Partial 6,7
CVE-2016-4445 Oracle Linux setroubleshoot and setroubleshoot-plugins No 6.2 Local High None Complete Complete Complete 6
CVE-2016-1840 Oracle Linux libxml2 Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-4448 Oracle Linux libxml2 Yes 5.1 Network High None Partial Partial Partial 6,7
CVE-2016-2105 Oracle Linux openssl Yes 5.1 Network High None Partial Partial Partial 5
CVE-2016-2106 Oracle Linux openssl Yes 5.1 Network High None Partial Partial Partial 5
CVE-2016-5387 Oracle Linux httpd Yes 5.0 Network Low None None Partial None 7
CVE-2016-5387 Oracle Linux httpd Yes 5.0 Network Low None None Partial None 5,6
CVE-2015-8869 Oracle Linux ocaml No 4.4 Local Medium None Partial Partial Partial 7
CVE-2016-1762 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-1833 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-1835 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-1836 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-1837 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-1838 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-1839 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-3627 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-3705 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-4447 Oracle Linux libxml2 Yes 4.3 Network Medium None None None Partial 6,7
CVE-2016-4449 Oracle Linux libxml2 Yes 4.3 Network Medium None None Partial None 6,7
CVE-2016-0799 Oracle Linux openssl Yes 2.6 Network High None None None Partial 5
CVE-2016-2109 Oracle Linux openssl No 1.9 Local Medium None None None Partial 5