Showing content from http://www.oracle.com/security-alerts/bulletinjul2022.html below:
Oracle Solaris Third Party Bulletin
Description
The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.
Patch Availability
Please see My Oracle Support Note 1448883.1
Third Party Bulletin Schedule
Third Party Bulletins are released on the third Tuesday of January, April, July, and October. The next four dates are:
- 18 October 2022
- 17 January 2023
- 18 April 2023
- 18 July 2023
References
Modification History Date Note 2022-September-20 Rev 3. Added CVEs fixed in Solaris 11.4 SRU 49 2022-August-16 Rev 2. Added CVEs fixed in Solaris 11.4 SRU 48 2022-July-19 Rev 1. Initial Release with all CVEs fixed in Solaris 11.4 SRU 47 Oracle Solaris Executive Summary
This Oracle Solaris Bulletin contains 35 new security patches for the Oracle Solaris Operating System. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Oracle Solaris Third Party Bulletin Risk Matrix Revision 3: Published on 2022-09-20 CVE# Product Third
Party
component Protocol Remote
Exploit
without
Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected Notes Base
Score Attack
Vector Attack
Complexity Privs
Req'd User
Interact Scope Confid-
entiality Inte-
grity Avail-
ability CVE-2022-34265 Oracle Solaris Django HTTP Yes 9.8 Network Low None None Un
changed High High High 11.4 CVE-2022-1587 Oracle Solaris PCRE HTTP Yes 9.1 Network Low None None Un
changed High None High 11.4 See
Note 1 CVE-2022-26691 Oracle Solaris Common Unix Printing System None No 8.1 Local High None None Changed High High Low 11.4 CVE-2022-32213 Oracle Solaris Node.js HTTP Yes 8.1 Network High None None Un
changed High High High 11.4 See
Note 2 CVE-2022-2319 Oracle Solaris X.Org None No 7.8 Local Low Low None Un
changed High High High 11.4 See
Note 3 CVE-2022-28739 Oracle Solaris Ruby None No 6.2 Local Low None None Un
changed None High None 11.4 CVE-2022-30595 Oracle Solaris Python Imaging Library None No 6.2 Local Low None None Un
changed None None High 11.4 Revision 2: Published on 2022-08-16 CVE# Product Third
Party
component Protocol Remote
Exploit
without
Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected Notes Base
Score Attack
Vector Attack
Complexity Privs
Req'd User
Interact Scope Confid-
entiality Inte-
grity Avail-
ability CVE-2022-1292 Oracle Solaris OpenSSL Multiple Yes 9.8 Network Low None None Un
changed High High High 11.4, 10 CVE-2022-34169 Oracle Solaris JDK 7 Multiple Yes 9.8 Network Low None None Un
changed High High High 11.4 See
Note 4 CVE-2022-34169 Oracle Solaris JDK 8 Multiple Yes 9.8 Network Low None None Un
changed High High High 11.4 See
Note 5 CVE-2022-0943 Oracle Solaris Vim None No 7.8 Local Low None Required Un
changed High High High 11.4 See
Note 6 CVE-2022-1927 Oracle Solaris Vim None No 7.8 Local Low None Required Un
changed High High High 11.4 See
Note 7 CVE-2021-4219 Oracle Solaris ImageMagick HTTP Yes 7.5 Network Low None None Un
changed None None High 11.4 CVE-2022-0778 Oracle Solaris MySQL Multiple Yes 7.5 Network Low None None Un
changed None None High 11.4 See
Note 8 CVE-2022-1328 Oracle Solaris Mutt HTTP Yes 7.5 Network Low None None Un
changed None None High 11.4 CVE-2022-1473 Oracle Solaris OpenSSL TLS Yes 7.5 Network Low None None Un
changed None None High 11.4 See
Note 9 CVE-2022-30333 Oracle Solaris UnRAR Multiple Yes 7.5 Network Low None None Un
changed None High None 11.4 CVE-2022-27779 Oracle Solaris libcurl HTTP No 6.8 Network Low Low Required Changed None None High 11.4 See
Note 10 CVE-2022-24765 Oracle Solaris Git None No 6.7 Local High None None Un
changed High High None 11.4 CVE-2022-31813 Oracle Solaris Apache HTTP server HTTP Yes 6.5 Network High None None Changed Low Low Low 11.4 See
Note 11 CVE-2022-2200 Oracle Solaris Firefox HTTP Yes 6.1 Network Low None Required Changed Low Low None 11.4 See
Note 12 CVE-2022-24303 Oracle Solaris Python Imaging Library HTTP Yes 5.9 Network High None None Un
changed None High None 11.4 CVE-2022-1343 Oracle Solaris OpenSSL TLS Yes 5.3 Network Low None None Un
changed None Low None 11.4 CVE-2018-1000007 Oracle Solaris libcurl HTTP Yes 5 Network High None Required Un
changed Low Low Low 11.4 See
Note 13 CVE-2022-24302 Oracle Solaris Paramiko None No 5 Local Low Low Required Un
changed High None None 11.4 Revision 1: Published on 2022-07-19 CVE# Product Third
Party
component Protocol Remote
Exploit
without
Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected Notes Base
Score Attack
Vector Attack
Complexity Privs
Req'd User
Interact Scope Confid-
entiality Inte-
grity Avail-
ability CVE-2021-21708 Oracle Solaris PHP HTTP Yes 9.8 Network Low None None Un
changed High High High 11.4 CVE-2022-23806 Oracle Solaris GCC Go HTTP Yes 9.1 Network Low None None Un
changed None High High 11.4 See
Note 14 CVE-2022-25762 Oracle Solaris Apache Tomcat HTTP Yes 8.6 Network Low None None Un
changed High Low Low 11.4 CVE-2022-24801 Oracle Solaris Twisted HTTP Yes 8.1 Network High None None Un
changed High High High 11.4 CVE-2022-23772 Oracle Solaris GCC Go HTTP Yes 7.5 Network Low None None Un
changed None None High 11.4 See
Note 15 CVE-2022-31736 Oracle Solaris Firefox Multiple Yes 7.5 Network High None Required Un
changed High High High 11.4 See
Note 16 CVE-2022-1834 Oracle Solaris Thunderbird Multiple Yes 7.5 Network High None Required Un
changed High High High 11.4 See
Note 17 CVE-2022-29824 Oracle Solaris libxml2 HTTP Yes 7.4 Network High None None Un
changed None High High 11.4 CVE-2022-1271 Oracle Solaris Gzip HTTP No 7.1 Network High Low Required Un
changed High High High 11.4 CVE-2022-1271 Oracle Solaris Gzip Multiple No 7.1 Network High Low Required Un
changed High High High 11.4
Notes:
1. This patch also addresses CVE-2022-1586.
2. This patch also addresses CVE-2022-2097 CVE-2022-32212 CVE-2022-32214 CVE-2022-32215 CVE-2022-32222 CVE-2022-32223.
3. This patch also addresses CVE-2022-2320.
4. This patch also addresses CVE-2022-21540 CVE-2022-21541.
5. This patch also addresses CVE-2022-21540 CVE-2022-21541.
6. This patch also addresses CVE-2022-1154.
7. This patch also addresses CVE-2022-1160 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1886 CVE-2022-1898 CVE-2022-1942.
8. This patch also addresses CVE-2022-21417 CVE-2022-21427 CVE-2022-21444 CVE-2022-21451 CVE-2022-21454 CVE-2022-21460.
9. This patch also addresses CVE-2022-1434.
10. This patch also addresses CVE-2022-27778 CVE-2022-27780 CVE-2022-27781 CVE-2022-27782 CVE-2022-30115.
11. This patch also addresses CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556.
12. This patch also addresses CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484.
13. This patch also addresses CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776.
14. This patch also addresses CVE-2021-29923 CVE-2022-23772 CVE-2022-23773.
15. This patch also addresses CVE-2022-23772 CVE-2022-23773 CVE-2022-24675 CVE-2022-28327.
16. This patch also addresses CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747.
17. This patch also addresses CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747.
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4