Oracle Linux Bulletin - July 2018


Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin fixes as soon as possible.


Patch Availability

Please see ULN Advisory http://linux.oracle.com/ol-pad-bulletin


Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 16 October 2018
  • 15 January 2019
  • 16 April 2019
  • 16 July 2019

References


Modification History


2018-September-18 Rev 3. New CVEs added.
2018-August-20 Rev 2. New CVEs added.
2018-July-17 Rev 1. Initial Release

 

Oracle Linux Executive Summary

 

This Oracle Linux Bulletin contains 109 new security fixes for the Oracle Linux.  54 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Linux Risk Matrix


Revision 3: Published on 2018-09-18



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2018-5740 Oracle Linux bind Undefined 6,7
CVE-2017-16541 Oracle Linux firefox Undefined 7
CVE-2018-12376 Oracle Linux firefox Undefined 7
CVE-2018-12377 Oracle Linux firefox Undefined 7
CVE-2018-12378 Oracle Linux firefox Undefined 7
CVE-2018-12379 Oracle Linux firefox Undefined 7
CVE-2018-14354 Oracle Linux mutt Undefined 6,7
CVE-2018-14357 Oracle Linux mutt Undefined 6,7
CVE-2018-14362 Oracle Linux mutt Undefined 6,7
CVE-2018-10915 Oracle Linux postgresql Undefined 7
CVE-2017-18344 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-10675 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-10938 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-14678 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-15594 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-3620 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-5390 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
 

 

Revision 2: Published on 2018-08-20



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2018-2562 Oracle Linux mariadb No 7.5 Network Low Single None Partial Complete 7
CVE-2017-17833 Oracle Linux openslp Yes 7.5 Network Low None Partial Partial Partial 6,7
CVE-2017-13215 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 7
CVE-2018-11806 Oracle Linux qemu-kvm No 7.2 Local Low None Complete Complete Complete 7
CVE-2018-1000004 Oracle Linux kernel Yes 7.1 Network Medium None None None Complete 6
CVE-2017-15265 Oracle Linux kernel No 6.9 Local Medium None Complete Complete Complete 6
CVE-2017-11600 Oracle Linux Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 6
CVE-2018-2622 Oracle Linux mariadb No 6.8 Network Low Single None None Complete 7
CVE-2018-2640 Oracle Linux mariadb No 6.8 Network Low Single None None Complete 7
CVE-2018-2665 Oracle Linux mariadb No 6.8 Network Low Single None None Complete 7
CVE-2018-2668 Oracle Linux mariadb No 6.8 Network Low Single None None Complete 7
CVE-2018-1130 Oracle Linux Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 6
CVE-2018-3646 Oracle Linux Unbreakable Enterprise kernel No 4.7 Local Medium None Complete None None 7
CVE-2018-3646 Oracle Linux kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2018-3693 Oracle Linux kernel No 4.7 Local Medium None Complete None None 6,7
CVE-2017-0861 Oracle Linux kernel No 4.6 Local Low None Partial Partial Partial 6
CVE-2017-3636 Oracle Linux mariadb No 4.6 Local Low None Partial Partial Partial 7
CVE-2018-7550 Oracle Linux qemu-kvm No 4.6 Local Low None Partial Partial Partial 7
CVE-2018-2952 Oracle Linux java-1.7.0-openjdk Yes 4.3 Network Medium None None None Partial 6,7
CVE-2018-2952 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None None None Partial 7
CVE-2018-2952 Oracle Linux java-1.8.0-openjdk Yes 4.3 Network Medium None None None Partial 6
CVE-2018-2761 Oracle Linux mariadb Yes 4.3 Network Medium None None None Partial 7
CVE-2017-10378 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2017-10379 Oracle Linux mariadb No 4.0 Network Low Single Partial None None 7
CVE-2017-10384 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2017-3641 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2017-3651 Oracle Linux mariadb No 4.0 Network Low Single None Partial None 7
CVE-2018-2781 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2018-2813 Oracle Linux mariadb No 4.0 Network Low Single Partial None None 7
CVE-2018-2817 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2018-2819 Oracle Linux mariadb No 4.0 Network Low Single None None Partial 7
CVE-2018-2755 Oracle Linux mariadb No 3.7 Local High None Partial Partial Partial 7
CVE-2017-3653 Oracle Linux mariadb No 3.5 Network Medium Single None Partial None 7
CVE-2018-2767 Oracle Linux mariadb No 3.5 Network Medium Single Partial None None 7
CVE-2018-2771 Oracle Linux mariadb No 3.5 Network Medium Single None None Partial 7
CVE-2015-8575 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 6
CVE-2017-17741 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 6
CVE-2017-7616 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 6
CVE-2018-10087 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None None None Partial 6
CVE-2018-10124 Oracle Linux Unbreakable Enterprise kernel No 2.1 Local Low None None None Partial 6
CVE-2017-10268 Oracle Linux mariadb No 1.5 Local Medium Single Partial None None 7
CVE-2018-3620 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-5390 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-5391 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-10675 Oracle Linux kernel Undefined 7
CVE-2018-10901 Oracle Linux kernel Undefined 6
CVE-2018-3620 Oracle Linux kernel Undefined 6,7
CVE-2018-5390 Oracle Linux kernel Undefined 7
CVE-2018-7566 Oracle Linux kernel Undefined 6,7
CVE-2018-12359 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12360 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12362 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12363 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12364 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12365 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12366 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12372 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12373 Oracle Linux thunderbird Undefined 6,7
CVE-2018-12374 Oracle Linux thunderbird Undefined 6,7
CVE-2018-5188 Oracle Linux thunderbird Undefined 6,7
CVE-2018-10897 Oracle Linux yum-utils Undefined 6,7
CVE-2018-7566 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
 

 

Revision 1: Published on 2018-07-17



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2017-8890 Oracle Linux kernel Yes 10.0 Network Low None Complete Complete Complete 6
CVE-2017-6001 Oracle Linux kernel Yes 7.6 Network High None Complete Complete Complete 6
CVE-2017-15670 Oracle Linux glibc Yes 7.5 Network Low None Partial Partial Partial 6
CVE-2017-15804 Oracle Linux glibc Yes 7.5 Network Low None Partial Partial Partial 6
CVE-2014-10072 Oracle Linux zsh Yes 7.5 Network Low None Partial Partial Partial 6
CVE-2017-18206 Oracle Linux zsh Yes 7.5 Network Low None Partial Partial Partial 6
CVE-2012-6701 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2015-8830 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-7308 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-7889 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-9075 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-9076 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-9077 Oracle Linux kernel No 7.2 Local Low None Complete Complete Complete 6
CVE-2018-1083 Oracle Linux zsh No 7.2 Local Low None Complete Complete Complete 6
CVE-2018-1100 Oracle Linux zsh No 7.2 Local Low None Complete Complete Complete 6
CVE-2017-11600 Oracle Linux kernel No 6.9 Local Medium None Complete Complete Complete 7
CVE-2018-11235 Oracle Linux git Yes 6.8 Network Medium None Partial Partial Partial 7
CVE-2017-7762 Oracle Linux firefox Yes 5.0 Network Low None None Partial None 7
CVE-2018-12020 Oracle Linux gnupg2 Yes 5.0 Network Low None None Partial None 6,7
CVE-2018-1064 Oracle Linux libvirt Yes 5.0 Network Low None None None Partial 6
CVE-2018-5748 Oracle Linux libvirt Yes 5.0 Network Low None None None Partial 6
CVE-2017-3735 Oracle Linux openssl Yes 5.0 Network Low None None Partial None 6
CVE-2016-2183 Oracle Linux python Yes 5.0 Network Low None Partial None None 7
CVE-2016-8650 Oracle Linux kernel No 4.9 Local Low None None None Complete 6
CVE-2017-12190 Oracle Linux kernel No 4.9 Local Low None None None Complete 6
CVE-2017-15121 Oracle Linux kernel No 4.9 Local Low None None None Complete 6
CVE-2017-2671 Oracle Linux kernel No 4.9 Local Low None None None Complete 6
CVE-2018-1130 Oracle Linux kernel No 4.9 Local Low None None None Complete 6
CVE-2018-3639 Oracle Linux kernel No 4.9 Local Low None Complete None None 6,7
CVE-2018-5803 Oracle Linux kernel No 4.9 Local Low None None None Complete 6
CVE-2018-3639 Oracle Linux libvirt No 4.9 Local Low None Complete None None 7
CVE-2018-3639 Oracle Linux qemu-kvm No 4.9 Local Low None Complete None None 6,7
CVE-2018-3665 Oracle Linux kernel No 4.7 Local Medium None Complete None None 6
CVE-2018-1050 Oracle Linux samba No 2.9 Adjacent network Medium None None None Partial 6
CVE-2018-1050 Oracle Linux samba4 No 2.9 Adjacent network Medium None None None Partial 6
CVE-2017-7616 Oracle Linux kernel No 2.1 Local Low None Partial None None 6
CVE-2017-13672 Oracle Linux qemu-kvm No 2.1 Local Low None None None Partial 6
CVE-2018-5683 Oracle Linux qemu-kvm No 2.1 Local Low None None None Partial 6
CVE-2018-7858 Oracle Linux qemu-kvm No 2.1 Local Low None None None Partial 6
CVE-2017-18203 Oracle Linux kernel No 1.9 Local Medium None None None Partial 6
CVE-2018-12359 Oracle Linux firefox Undefined 7
CVE-2018-12360 Oracle Linux firefox Undefined 7
CVE-2018-12362 Oracle Linux firefox Undefined 7
CVE-2018-12363 Oracle Linux firefox Undefined 7
CVE-2018-12364 Oracle Linux firefox Undefined 7
CVE-2018-12365 Oracle Linux firefox Undefined 7
CVE-2018-12366 Oracle Linux firefox Undefined 7
CVE-2018-5156 Oracle Linux firefox Undefined 7
CVE-2018-5188 Oracle Linux firefox Undefined 7
CVE-2018-6126 Oracle Linux firefox Undefined 7
CVE-2018-10675 Oracle Linux kernel Undefined 6
CVE-2018-10872 Oracle Linux kernel Undefined 6
CVE-2018-1080 Oracle Linux pki-core Undefined 7
CVE-2017-12173 Oracle Linux sssd and ding-libs Undefined 6