RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://www.oracle.com/security-alerts/bulletinapr2025.html below:

Oracle Solaris Third Party Bulletin

Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.

Patch Availability

Please see My Oracle Support Note 1448883.1

Third Party Bulletin Schedule

Third Party Bulletins are released on the third Tuesday of January, April, July, and October. The next four dates are:

15 July 2025
21 October 2025
20 January 2026
21 April 2026

References

Modification History Date Note 2025-June-18 Rev 3. Added CVEs fixed in Solaris 11.4 SRU 82 2025-May-20 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 81 2025-April-15 Rev 1. Initial Release with all CVEs fixed in Solaris 11.4 SRU 80 and Solaris 11.3 ESU 36.34 Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 61 new security patches for the Oracle Solaris Operating System. 37 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Oracle Solaris Third Party Bulletin Risk Matrix Revision 3: Published on 2025-06-18 CVE ID Product Third
Party
component Protocol Remote
Exploit
without
Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected Notes Base
Score Attack
Vector Attack
Complexity Privs
Req'd User
Interact Scope Confid-
entiality Inte-
grity Avail-
ability CVE-2025-23165 Oracle Solaris Node.js Multiple Yes 6.5 Network Low None None Un-
changed Low Low None 11.4 See
Note 1 CVE-2025-47273 Oracle Solaris Python Packaging Authority Multiple No 6.5 Network Low Low None Un-
changed None High None 11.4 CVE-2025-32873 Oracle Solaris Django Multiple Yes 5.3 Network Low None None Un-
changed None None Low 11.4 Revision 2: Published on 2025-05-20 CVE ID Product Third
Party
component Protocol Remote
Exploit
without
Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected Notes Base
Score Attack
Vector Attack
Complexity Privs
Req'd User
Interact Scope Confid-
entiality Inte-
grity Avail-
ability CVE-2024-11053 Oracle Solaris MySQL None Yes 9.1 Network Low None None Un-
changed High High None 11.4 See
Note 2 CVE-2024-40896 Oracle Solaris libxml2 Multiple Yes 9.1 Network Low None None Un-
changed None High High 11.4 CVE-2024-47538 Oracle Solaris GStreamer Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 See
Note 3 CVE-2024-47606 Oracle Solaris GStreamer Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 CVE-2025-1244 Oracle Solaris GNU Emacs Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 CVE-2025-3028 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 See
Note 4 CVE-2025-3028 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 See
Note 5 CVE-2024-47537 Oracle Solaris GStreamer None No 8.4 Local Low None None Un-
changed High High High 11.4 See
Note 6 CVE-2025-27830 Oracle Solaris Ghostscript None No 8.4 Local Low None None Un-
changed High High High 11.4 See
Note 7 CVE-2020-10713 Oracle Solaris Grub Boot Loader None No 8.2 Local Low High None Changed High High High 11.4 See
Note 8 CVE-2022-2601 Oracle Solaris Grub Boot Loader None No 8.2 Local Low High None Changed High High High 11.4 See
Note 9 CVE-2024-56171 Oracle Solaris libxml2 None No 7.8 Local High None None Changed High High None 11.4 See
Note 10 CVE-2025-26594 Oracle Solaris X.Org None No 7.8 Local Low Low None Un-
changed High High High 11.4 See
Note 11 CVE-2023-40547 Oracle Solaris First Stage Bootloader For Secure Boot Multiple No 7.5 Adjacent
Network High None None Un-
changed High High High 11.4 See
Note 12 CVE-2024-53580 Oracle Solaris iPerf Multiple Yes 7.5 Network Low None None Un-
changed None None High 11.4 CVE-2024-55605 Oracle Solaris Suricata Multiple Yes 7.5 Network Low None None Un-
changed None None High 11.4 See
Note 13 CVE-2022-48622 Oracle Solaris Pidgin None No 7.3 Local Low Low Required Un-
changed High High High 11.4 CVE-2022-28737 Oracle Solaris First Stage Bootloader For Secure Boot None No 6.5 Local Low High Required Un-
changed High High High 11.4 CVE-2023-45322 Oracle Solaris libxml2 Multiple Yes 6.5 Network Low None Required Un-
changed None None High 11.4 CVE-2025-1938 Oracle Solaris Network Security Services Multiple Yes 6.5 Network Low None Required Un-
changed None None High 11.4 See
Note 14 CVE-2025-25186 Oracle Solaris Ruby Multiple Yes 6.5 Network Low None Required Un-
changed None None High 11.4 CVE-2017-10176 Oracle Solaris Network Security Services Multiple Yes 5.9 Network High None None Un-
changed High None None 11.4 See
Note 15 CVE-2024-25062 Oracle Solaris libxml2 Multiple Yes 5.9 Network High None None Un-
changed None None High 11.4 CVE-2024-50602 Oracle Solaris libexpat Multiple Yes 5.9 Network High None None Un-
changed None None High 11.4 CVE-2025-22871 Oracle Solaris Go Programming Language Multiple Yes 5.9 Network High None None Un-
changed None High None 11.4 CVE-2025-27219 Oracle Solaris Ruby Multiple Yes 5.8 Network Low None None Changed None None Low 11.4 See
Note 16 CVE-2024-56826 Oracle Solaris OpenJPEG None No 5.6 Local Low Low Required Un-
changed Low None High 11.4 See
Note 17 CVE-2024-11079 Oracle Solaris Ansible Multiple No 5.5 Network High Low Required Changed Low Low Low 11.4 CVE-2024-34459 Oracle Solaris libxml2 None No 5.5 Local Low None Required Un-
changed None None High 11.4 CVE-2024-50612 Oracle Solaris Libsndfile None No 5.5 Local Low Low None Un-
changed None None High 11.4 CVE-2025-1492 Oracle Solaris Wireshark None No 5.5 Local Low None Required Un-
changed None None High 11.4 CVE-2023-4692 Oracle Solaris Grub Boot Loader None No 5.3 Local High High None Changed High None None 11.4 See
Note 18 CVE-2024-12133 Oracle Solaris GNU Libtasn1 Multiple Yes 5.3 Network Low None None Un-
changed None None Low 11.4 CVE-2024-52615 Oracle Solaris Avahi Multiple Yes 5.3 Network Low None None Un-
changed None Low None 11.4 CVE-2024-52616 Oracle Solaris Avahi Multiple Yes 5.3 Network Low None None Un-
changed None Low None 11.4 CVE-2025-26699 Oracle Solaris Django Multiple No 5 Network Low Low None Changed None None Low 11.4 CVE-2024-56378 Oracle Solaris Poppler None No 4.4 Local Low Low None Un-
changed Low None Low 11.4 CVE-2024-50349 Oracle Solaris Git Multiple Yes 4.3 Network Low None Required Un-
changed None Low None 11.4 See
Note 19 CVE-2024-11053 Oracle Solaris libcurl None No 4 Local Low None None Un-
changed None None Low 11.4 See
Note 20 CVE-2024-57970 Oracle Solaris Libarchive None No 4 Local Low None None Un-
changed None None Low 11.4 CVE-2024-46901 Oracle Solaris Apache Subversion Multiple No 3.1 Network High Low None Un-
changed None None Low 11.4 CVE-2024-57392 Oracle Solaris ProFTPD Multiple No 0 Network Low Low None Un-
changed None None None 11.4 Revision 1: Published on 2025-04-15 CVE ID Product Third
Party
component Protocol Remote
Exploit
without
Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected Notes Base
Score Attack
Vector Attack
Complexity Privs
Req'd User
Interact Scope Confid-
entiality Inte-
grity Avail-
ability CVE-2024-11704 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 See
Note 21 CVE-2024-11704 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 See
Note 22 CVE-2024-43097 Oracle Solaris Firefox Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 See
Note 23 CVE-2024-43097 Oracle Solaris Thunderbird Multiple Yes 8.8 Network Low None Required Un-
changed High High High 11.4 See
Note 24 CVE-2025-24813 Oracle Solaris Apache Tomcat HTTP Yes 8.6 Network Low None None Un-
changed High Low Low 11.4 CVE-2024-11187 Oracle Solaris Bind DNS Yes 7.5 Network Low None None Un-
changed None None High 11.4 See
Note 25 CVE-2025-27516 Oracle Solaris Jinja2 None No 7.3 Local Low Low Required Un-
changed High High High 11.4 CVE-2025-0938 Oracle Solaris Python HTTP Yes 6.8 Network High None None Changed None High None 11.4 CVE-2025-26465 Oracle Solaris OpenSSH SSH Yes 6.8 Network High None Required Un-
changed High High None 11.4, 11.3 CVE-2024-49761 Oracle Solaris Ruby HTTP Yes 6.5 Network Low None Required Un-
changed None None High 11.4 CVE-2025-22870 Oracle Solaris Go Programming Language HTTP Yes 6.5 Network Low None None Un-
changed Low None Low 11.4 CVE-2024-45336 Oracle Solaris Go Programming Language HTTP Yes 5.9 Network High None None Un-
changed High None None 11.4 See
Note 26 CVE-2025-26466 Oracle Solaris OpenSSH SSH Yes 5.9 Network High None None Un-
changed None None High 11.4 CVE-2024-11235 Oracle Solaris PHP HTTP Yes 5.3 Network Low None None Un-
changed Low None None 11.4 See
Note 27 CVE-2024-13176 Oracle Solaris OpenSSL None No 4.7 Local High Low None Un-
changed High None None 11.4, 11.3, 10 CVE-2024-9143 Oracle Solaris OpenSSL TLS Yes 3.7 Network High None None Un-
changed None None Low 11.4, 11.3, 10

Notes:

1. This patch also addresses CVE-2025-23166 CVE-2025-23167.

2. This patch also addresses CVE-2025-21490 CVE-2025-21491 CVE-2025-21493 CVE-2025-21497 CVE-2025-21499 CVE-2025-21500 CVE-2025-21501 CVE-2025-21503 CVE-2025-21505 CVE-2025-21518 CVE-2025-21519 CVE-2025-21520 CVE-2025-21522 CVE-2025-21523 CVE-2025-21525 CVE-2025-21529 CVE-2025-21531 CVE-2025-21540 CVE-2025-21543 CVE-2025-21546 CVE-2025-21555 CVE-2025-21559.

3. This patch also addresses CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835.

4. This patch also addresses CVE-2025-3029 CVE-2025-3030.

5. This patch also addresses CVE-2025-3029 CVE-2025-3030.

6. This patch also addresses CVE-2024-47539 CVE-2024-47540 CVE-2024-47543 CVE-2024-47544 CVE-2024-47545 CVE-2024-47546 CVE-2024-47596 CVE-2024-47597 CVE-2024-47598 CVE-2024-47599 CVE-2024-47601 CVE-2024-47602 CVE-2024-47603 CVE-2024-47613 CVE-2024-47774 CVE-2024-47775 CVE-2024-47776 CVE-2024-47777 CVE-2024-47778 CVE-2024-47834.

7. This patch also addresses CVE-2024-46954 CVE-2025-27831 CVE-2025-27832 CVE-2025-27833 CVE-2025-27834 CVE-2025-27835 CVE-2025-27836 CVE-2025-27837 CVE-2025-46646.

8. This patch also addresses CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707.

9. This patch also addresses CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 CVE-2021-3418 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3981 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-3775.

10. This patch also addresses CVE-2025-24928 CVE-2025-27113.

11. This patch also addresses CVE-2025-2659 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601.

12. This patch also addresses CVE-2023-40546 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551.

13. This patch also addresses CVE-2024-55626 CVE-2024-55627 CVE-2024-55628 CVE-2024-55629.

14. This patch also addresses CVE-2024-6609.

15. This patch also addresses CVE-2017-7781.

16. This patch also addresses CVE-2025-27220 CVE-2025-27221.

17. This patch also addresses CVE-2024-56827.

18. This patch also addresses CVE-2023-4693.

19. This patch also addresses CVE-2024-52006.

20. This patch also addresses CVE-2025-0167 CVE-2025-0665 CVE-2025-0725.

21. This patch also addresses CVE-2025-1009 CVE-2025-1010 CVE-2025-1011 CVE-2025-1012 CVE-2025-1013 CVE-2025-1014 CVE-2025-1016 CVE-2025-1017.

22. This patch also addresses CVE-2025-0510 CVE-2025-1009 CVE-2025-1010 CVE-2025-1011 CVE-2025-1012 CVE-2025-1013 CVE-2025-1014 CVE-2025-1015 CVE-2025-1016 CVE-2025-1017.

23. This patch also addresses CVE-2025-1930 CVE-2025-1931 CVE-2025-1932 CVE-2025-1933 CVE-2025-1934 CVE-2025-1935 CVE-2025-1936 CVE-2025-1937 CVE-2025-1938.

24. This patch also addresses CVE-2025-1930 CVE-2025-1931 CVE-2025-1932 CVE-2025-1933 CVE-2025-1934 CVE-2025-1935 CVE-2025-1936 CVE-2025-1937 CVE-2025-1938.

25. This patch also addresses CVE-2024-12705.

26. This patch also addresses CVE-2024-45341.

27. This patch also addresses CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4