Oracle Linux Bulletin - October 2018


Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin fixes as soon as possible.


Patch Availability

Please see ULN Advisory http://linux.oracle.com/ol-pad-bulletin


Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 15 January 2019
  • 16 April 2019
  • 16 July 2019
  • 15 October 2019

References


Modification History


2018-December-17 Rev 3. New CVEs added.
2018-November-19 Rev 2. New CVEs added.
2018-October-16 Rev 1. Initial Release

 

Oracle Linux Executive Summary

 

This Oracle Linux Bulletin contains 216 new security fixes for the Oracle Linux.  216 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Linux Risk Matrix


Revision 3: Published on 2018-12-17



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2018-15688 Oracle Linux NetworkManager Undefined 7
CVE-2018-16863 Oracle Linux ghostscript Undefined 7
CVE-2018-15908 Oracle Linux ghostscript Undefined 7
CVE-2018-15909 Oracle Linux ghostscript Undefined 7
CVE-2018-16509 Oracle Linux ghostscript Undefined 6
CVE-2018-16511 Oracle Linux ghostscript Undefined 7
CVE-2018-16539 Oracle Linux ghostscript Undefined 7
CVE-2018-14633 Oracle Linux kernel Undefined 7
CVE-2018-14646 Oracle Linux kernel Undefined 7
CVE-2017-10806 Oracle Linux qemu Undefined 7
CVE-2017-11334 Oracle Linux qemu Undefined 7
CVE-2017-12809 Oracle Linux qemu Undefined 7
CVE-2017-1367 Oracle Linux qemu Undefined 7
CVE-2017-13672 Oracle Linux qemu Undefined 7
CVE-2017-13673 Oracle Linux qemu Undefined 7
CVE-2017-13711 Oracle Linux qemu Undefined 7
CVE-2017-14167 Oracle Linux qemu Undefined 7
CVE-2017-15038 Oracle Linux qemu Undefined 7
CVE-2017-15119 Oracle Linux qemu Undefined 7
CVE-2017-15124 Oracle Linux qemu Undefined 7
CVE-2017-15268 Oracle Linux qemu Undefined 7
CVE-2017-15289 Oracle Linux qemu Undefined 7
CVE-2017-16845 Oracle Linux qemu Undefined 7
CVE-2017-17381 Oracle Linux qemu Undefined 7
CVE-2017-18030 Oracle Linux qemu Undefined 7
CVE-2017-18043 Oracle Linux qemu Undefined 7
CVE-2017-2630 Oracle Linux qemu Undefined 7
CVE-2017-2633 Oracle Linux qemu Undefined 7
CVE-2017-5715 Oracle Linux qemu Undefined 7
CVE-2017-5753 Oracle Linux qemu Undefined 7
CVE-2017-5754 Oracle Linux qemu Undefined 7
CVE-2017-7471 Oracle Linux qemu Undefined 7
CVE-2017-7493 Oracle Linux qemu Undefined 7
CVE-2017-8112 Oracle Linux qemu Undefined 7
CVE-2017-8309 Oracle Linux qemu Undefined 7
CVE-2017-8379 Oracle Linux qemu Undefined 7
CVE-2017-8380 Oracle Linux qemu Undefined 7
CVE-2017-9503 Oracle Linux qemu Undefined 7
CVE-2018-10839 Oracle Linux qemu Undefined 7
CVE-2018-11806 Oracle Linux qemu Undefined 7
CVE-2018-12617 Oracle Linux qemu Undefined 7
CVE-2018-15746 Oracle Linux qemu Undefined 7
CVE-2018-17958 Oracle Linux qemu Undefined 7
CVE-2018-17962 Oracle Linux qemu Undefined 7
CVE-2018-17963 Oracle Linux qemu Undefined 7
CVE-2018-3639 Oracle Linux qemu Undefined 7
CVE-2018-5683 Oracle Linux qemu Undefined 7
CVE-2018-7550 Oracle Linux qemu Undefined 7
CVE-2018-7858 Oracle Linux qemu Undefined 7
CVE-2018-16395 Oracle Linux ruby Undefined 7
CVE-2018-14650 Oracle Linux sos-collector Undefined 7
CVE-2017-16541 Oracle Linux thunderbird Undefined 6
CVE-2018-12376 Oracle Linux thunderbird Undefined 6
CVE-2018-12377 Oracle Linux thunderbird Undefined 6
CVE-2018-12378 Oracle Linux thunderbird Undefined 6
CVE-2018-12379 Oracle Linux thunderbird Undefined 6
CVE-2018-12383 Oracle Linux thunderbird Undefined 6
CVE-2018-12385 Oracle Linux thunderbird Undefined 6
CVE-2018-12389 Oracle Linux thunderbird Undefined 6
CVE-2018-12390 Oracle Linux thunderbird Undefined 6
CVE-2018-12392 Oracle Linux thunderbird Undefined 6
CVE-2018-12393 Oracle Linux thunderbird Undefined 6
CVE-2014-7970 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2014-9728 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2016-3713 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2017-17805 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2017-17806 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-1000004 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-1000204 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-10322 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-10902 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-13094 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-18386 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-18690 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-18710 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-5848 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-7566 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-7755 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-8043 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
 

 

Revision 2: Published on 2018-11-19



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2018-14648 Oracle Linux 389-ds-base Undefined 7
CVE-2018-10372 Oracle Linux binutils Undefined 7
CVE-2018-10373 Oracle Linux binutils Undefined 7
CVE-2018-10534 Oracle Linux binutils Undefined 7
CVE-2018-10535 Oracle Linux binutils Undefined 7
CVE-2018-13033 Oracle Linux binutils Undefined 7
CVE-2018-7208 Oracle Linux binutils Undefined 7
CVE-2018-7568 Oracle Linux binutils Undefined 7
CVE-2018-7569 Oracle Linux binutils Undefined 7
CVE-2018-7642 Oracle Linux binutils Undefined 7
CVE-2018-7643 Oracle Linux binutils Undefined 7
CVE-2018-8945 Oracle Linux binutils Undefined 7
CVE-2018-1000007 Oracle Linux curl and nss-pem Undefined 7
CVE-2018-1000120 Oracle Linux curl and nss-pem Undefined 7
CVE-2018-1000121 Oracle Linux curl and nss-pem Undefined 7
CVE-2018-1000122 Oracle Linux curl and nss-pem Undefined 7
CVE-2018-1000301 Oracle Linux curl and nss-pem Undefined 7
CVE-2018-12389 Oracle Linux firefox Undefined 7
CVE-2018-12390 Oracle Linux firefox Undefined 7
CVE-2018-12392 Oracle Linux firefox Undefined 7
CVE-2018-12393 Oracle Linux firefox Undefined 7
CVE-2018-12395 Oracle Linux firefox Undefined 7
CVE-2018-12396 Oracle Linux firefox Undefined 7
CVE-2018-12397 Oracle Linux firefox Undefined 7
CVE-2017-16541 Oracle Linux firefox Undefined 6
CVE-2018-12376 Oracle Linux firefox Undefined 6
CVE-2018-12377 Oracle Linux firefox Undefined 6
CVE-2018-12378 Oracle Linux firefox Undefined 6
CVE-2018-12379 Oracle Linux firefox Undefined 6
CVE-2018-12386 Oracle Linux firefox Undefined 6
CVE-2018-12387 Oracle Linux firefox Undefined 6
CVE-2018-12389 Oracle Linux firefox Undefined 6
CVE-2018-12390 Oracle Linux firefox Undefined 6
CVE-2018-12392 Oracle Linux firefox Undefined 6
CVE-2018-12393 Oracle Linux firefox Undefined 6
CVE-2018-12395 Oracle Linux firefox Undefined 6
CVE-2018-12396 Oracle Linux firefox Undefined 6
CVE-2018-12397 Oracle Linux firefox Undefined 6
CVE-2018-17456 Oracle Linux git Undefined 7
CVE-2017-16997 Oracle Linux glibc Undefined 7
CVE-2018-11236 Oracle Linux glibc Undefined 7
CVE-2018-11237 Oracle Linux glibc Undefined 7
CVE-2018-6485 Oracle Linux glibc Undefined 7
CVE-2018-10911 Oracle Linux glusterfs Undefined 7
CVE-2018-10844 Oracle Linux gnutls Undefined 7
CVE-2018-10845 Oracle Linux gnutls Undefined 7
CVE-2018-10846 Oracle Linux gnutls Undefined 7
CVE-2016-9396 Oracle Linux jasper Undefined 7
CVE-2017-1000050 Oracle Linux jasper Undefined 7
CVE-2018-3136 Oracle Linux java-1.7.0-openjdk Undefined 6,7
CVE-2018-3139 Oracle Linux java-1.7.0-openjdk Undefined 6,7
CVE-2018-3149 Oracle Linux java-1.7.0-openjdk Undefined 6,7
CVE-2018-3169 Oracle Linux java-1.7.0-openjdk Undefined 6,7
CVE-2018-3180 Oracle Linux java-1.7.0-openjdk Undefined 6,7
CVE-2018-3214 Oracle Linux java-1.7.0-openjdk Undefined 6,7
CVE-2018-3136 Oracle Linux java-1.8.0-openjdk Undefined 6,7
CVE-2018-3139 Oracle Linux java-1.8.0-openjdk Undefined 6,7
CVE-2018-3149 Oracle Linux java-1.8.0-openjdk Undefined 6,7
CVE-2018-3169 Oracle Linux java-1.8.0-openjdk Undefined 6,7
CVE-2018-3180 Oracle Linux java-1.8.0-openjdk Undefined 6,7
CVE-2018-3183 Oracle Linux java-1.8.0-openjdk Undefined 6,7
CVE-2018-3214 Oracle Linux java-1.8.0-openjdk Undefined 6,7
CVE-2018-3136 Oracle Linux java-11-openjdk Undefined 7
CVE-2018-3139 Oracle Linux java-11-openjdk Undefined 7
CVE-2018-3149 Oracle Linux java-11-openjdk Undefined 7
CVE-2018-3150 Oracle Linux java-11-openjdk Undefined 7
CVE-2018-3169 Oracle Linux java-11-openjdk Undefined 7
CVE-2018-3180 Oracle Linux java-11-openjdk Undefined 7
CVE-2018-3183 Oracle Linux java-11-openjdk Undefined 7
CVE-2015-8830 Oracle Linux kernel Undefined 7
CVE-2016-4913 Oracle Linux kernel Undefined 7
CVE-2017-0861 Oracle Linux kernel Undefined 7
CVE-2017-10661 Oracle Linux kernel Undefined 7
CVE-2017-17805 Oracle Linux kernel Undefined 7
CVE-2017-18208 Oracle Linux kernel Undefined 7
CVE-2017-18232 Oracle Linux kernel Undefined 7
CVE-2017-18344 Oracle Linux kernel Undefined 7
CVE-2018-1000026 Oracle Linux kernel Undefined 7
CVE-2018-10322 Oracle Linux kernel Undefined 7
CVE-2018-10878 Oracle Linux kernel Undefined 7
CVE-2018-10879 Oracle Linux kernel Undefined 7
CVE-2018-10881 Oracle Linux kernel Undefined 7
CVE-2018-10883 Oracle Linux kernel Undefined 7
CVE-2018-10902 Oracle Linux kernel Undefined 7
CVE-2018-1092 Oracle Linux kernel Undefined 7
CVE-2018-1094 Oracle Linux kernel Undefined 7
CVE-2018-10940 Oracle Linux kernel Undefined 7
CVE-2018-1118 Oracle Linux kernel Undefined 7
CVE-2018-1120 Oracle Linux kernel Undefined 7
CVE-2018-1130 Oracle Linux kernel Undefined 7
CVE-2018-13405 Oracle Linux kernel Undefined 7
CVE-2018-5344 Oracle Linux kernel Undefined 7
CVE-2018-5391 Oracle Linux kernel Undefined 7
CVE-2018-5803 Oracle Linux kernel Undefined 7
CVE-2018-5848 Oracle Linux kernel Undefined 7
CVE-2018-7740 Oracle Linux kernel Undefined 7
CVE-2018-7757 Oracle Linux kernel Undefined 7
CVE-2018-8781 Oracle Linux kernel Undefined 7
CVE-2018-5729 Oracle Linux krb5 Undefined 7
CVE-2018-5730 Oracle Linux krb5 Undefined 7
CVE-2017-18198 Oracle Linux libcdio Undefined 7
CVE-2017-18199 Oracle Linux libcdio Undefined 7
CVE-2017-18201 Oracle Linux libcdio Undefined 7
CVE-2018-5800 Oracle Linux libkdcraw Undefined 7
CVE-2018-5801 Oracle Linux libkdcraw Undefined 7
CVE-2018-5802 Oracle Linux libkdcraw Undefined 7
CVE-2018-5805 Oracle Linux libkdcraw Undefined 7
CVE-2018-5806 Oracle Linux libkdcraw Undefined 7
CVE-2018-14679 Oracle Linux libmspack Undefined 7
CVE-2018-14680 Oracle Linux libmspack Undefined 7
CVE-2018-14681 Oracle Linux libmspack Undefined 7
CVE-2018-14682 Oracle Linux libmspack Undefined 7
CVE-2018-6764 Oracle Linux libvirt Undefined 7
CVE-2017-3735 Oracle Linux openssl Undefined 7
CVE-2018-0495 Oracle Linux openssl Undefined 7
CVE-2018-0732 Oracle Linux openssl Undefined 7
CVE-2018-0737 Oracle Linux openssl Undefined 7
CVE-2018-0739 Oracle Linux openssl Undefined 7
CVE-2018-0739 Oracle Linux ovmf Undefined 7
CVE-2018-1060 Oracle Linux python Undefined 7
CVE-2018-1061 Oracle Linux python Undefined 7
CVE-2018-1000805 Oracle Linux python-paramiko Undefined 6,7
CVE-2018-1050 Oracle Linux samba Undefined 7
CVE-2018-10858 Oracle Linux samba Undefined 7
CVE-2018-1139 Oracle Linux samba Undefined 7
CVE-2018-1113 Oracle Linux setup Undefined 7
CVE-2017-7506 Oracle Linux spice-server Undefined 6
CVE-2018-10852 Oracle Linux sssd Undefined 7
CVE-2017-16541 Oracle Linux thunderbird Undefined 7
CVE-2018-12376 Oracle Linux thunderbird Undefined 7
CVE-2018-12377 Oracle Linux thunderbird Undefined 7
CVE-2018-12378 Oracle Linux thunderbird Undefined 7
CVE-2018-12379 Oracle Linux thunderbird Undefined 7
CVE-2018-12383 Oracle Linux thunderbird Undefined 7
CVE-2018-12385 Oracle Linux thunderbird Undefined 7
CVE-2018-12389 Oracle Linux thunderbird Undefined 7
CVE-2018-12390 Oracle Linux thunderbird Undefined 7
CVE-2018-12392 Oracle Linux thunderbird Undefined 7
CVE-2018-12393 Oracle Linux thunderbird Undefined 7
CVE-2018-1336 Oracle Linux tomcat Undefined 7
CVE-2018-0494 Oracle Linux wget Undefined 7
CVE-2018-14526 Oracle Linux wpa_supplicant Undefined 7
CVE-2016-4463 Oracle Linux xerces-c Undefined 7
CVE-2018-14665 Oracle Linux xorg-x11-server Undefined 7
CVE-2014-10071 Oracle Linux zsh Undefined 7
CVE-2014-10072 Oracle Linux zsh Undefined 7
CVE-2017-18205 Oracle Linux zsh Undefined 7
CVE-2017-18206 Oracle Linux zsh Undefined 7
CVE-2018-1071 Oracle Linux zsh Undefined 7
CVE-2018-1083 Oracle Linux zsh Undefined 7
CVE-2018-1100 Oracle Linux zsh Undefined 7
CVE-2018-7549 Oracle Linux zsh Undefined 7
CVE-2018-7725 Oracle Linux zziplib Undefined 7
CVE-2018-7726 Oracle Linux zziplib Undefined 7
CVE-2018-7727 Oracle Linux zziplib Undefined 7
CVE-2017-13168 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-14610 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-14611 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-14734 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-15572 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-17182 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-18021 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-7757 Oracle Linux Unbreakable Enterprise kernel Undefined 6
 

 

Revision 1: Published on 2018-10-16



CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2018-10850 Oracle Linux 389-ds-base Undefined 7
CVE-2018-10935 Oracle Linux 389-ds-base Undefined 7
CVE-2018-14624 Oracle Linux 389-ds-base Undefined 7
CVE-2018-14638 Oracle Linux 389-ds-base Undefined 7
CVE-2018-12383 Oracle Linux firefox Undefined 7
CVE-2018-12385 Oracle Linux firefox Undefined 7
CVE-2018-12386 Oracle Linux firefox Undefined 7
CVE-2018-12387 Oracle Linux firefox Undefined 7
CVE-2018-6560 Oracle Linux flatpak Undefined 7
CVE-2018-10194 Oracle Linux ghostscript Undefined 7
CVE-2018-15910 Oracle Linux ghostscript Undefined 7
CVE-2018-16509 Oracle Linux ghostscript Undefined 7
CVE-2018-16542 Oracle Linux ghostscript Undefined 7
CVE-2018-10911 Oracle Linux glusterfs Undefined 6
CVE-2018-14634 Oracle Linux kernel Undefined 6,7
CVE-2018-5391 Oracle Linux kernel Undefined 6
CVE-2011-2767 Oracle Linux mod_perl Undefined 6
CVE-2018-12384 Oracle Linux nss Undefined 6,7
CVE-2018-0732 Oracle Linux openssl Undefined 6,7
CVE-2018-0737 Oracle Linux openssl Undefined 6,7
CVE-2018-0739 Oracle Linux openssl Undefined 6
CVE-2017-15705 Oracle Linux spamassassin Undefined 7
CVE-2018-11781 Oracle Linux spamassassin Undefined 7
CVE-2018-10873 Oracle Linux spice and spice-gtk Undefined 7
CVE-2018-10873 Oracle Linux spice-gtk and spice-server Undefined 6
CVE-2017-13695 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-12896 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-14634 Oracle Linux Unbreakable Enterprise kernel Undefined 6
CVE-2018-14678 Oracle Linux Unbreakable Enterprise kernel Undefined 7
CVE-2018-16658 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-7492 Oracle Linux Unbreakable Enterprise kernel Undefined 6,7
CVE-2018-7566 Oracle Linux Unbreakable Enterprise kernel Undefined 6