Tuesday Jul 14, 2015

CVE-2014-0119 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-0119 Permissions, Privileges, and Access Control vulnerability 4.3 Apache Tomcat
Solaris 11.1 11.1.21.4.1
Solaris 10 SPARC: 122911-34 X86: 122912-34

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-0099 Numeric Errors vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-0099 Numeric Errors vulnerability 4.3 Apache Tomcat
Solaris 11.1 11.1.21.4.1
Solaris 10 SPARC: 122911-34 X86: 122912-34

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability 4.3 Apache Tomcat
Solaris 11.1 11.1.21.4.1
Solaris 10 SPARC: 122911-34 X86: 122912-34

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-0075 Numeric Errors vulnerability 5.0 Apache Tomcat
Solaris 10 SPARC: 122911-34 X86: 122912-34
Solaris 11.1 11.1.21.4.1

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3544 Input Validation vulnerability 5.0 Apache Tomcat
Solaris 10 SPARC: 122911-34 X86: 122912-34
Solaris 11.1 11.1.19.6.0
CVE-2013-1571 Insufficient Information vulnerability 4.3
CVE-2013-4286 Input Validation vulnerability 5.8
CVE-2013-4322 Input Validation vulnerability 4.3
CVE-2013-4590 Information Disclosure vulnerability 4.3
CVE-2014-0033 Input Validation vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in X.Org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-0209 Numeric Errors vulnerability 4.6 X.Org
Solaris 10 SPARC: 119059-70 125719-55 X86: 125720-66 119060-69
Solaris 11.1 11.1.21.4.1
CVE-2014-0210 Buffer Errors vulnerability 7.5
CVE-2014-0211 Numeric Errors vulnerability 7.5

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Jan 20, 2015

Important announcement about Third Party Bulletin

Dear reader,

Beginning January 20, 2015, bulletins announcing patches in third party software
that are included in Solaris will be published on the Oracle Technology Network.
For more information, please see the Third Party Bulletin.

All bulletins published prior to January 20, 2015 will remain on this blog and
bulletins will also be updated if new Solaris patch or SRU information
becomes available.

Thanks,
-Ritwik Ghoshal
Oracle Security Alerts

Multiple vulnerabilities in NTP

CVE Description CVSSv2 Base Score Component Product Resolution
CVE-2014-9295 Buffer Error vulnerability
CVE-2014-9296 Coding Error vulnerability
7.5 NTP V4 Solaris 11.2 11.2.6.4.0
Solaris 11.1 IDR1583.2
Solaris 10 SPARC: 143725-05 X86: 143726-05
NTP V3 Solaris 10 SPARC: 148881-03 X86: 148882-03

Please log a support request via My Oracle Support to get access to the IDRs.

Latest version of NTP shipped with Solaris 10 and Solaris 11.2 is not impacted by CVE-2014-9293 and CVE-2014-9294.

Please upgrade to Solaris 11.1 SRU 13.6 to install the Solaris 11.1 IDR.

NTP service on Solaris 10 needs to be restarted for the patches to take effect. You can restart the daemon by using
# svcadm restart ntp (for NTPv3) or # svcadm restart ntp4 (for NTPv4)

NTPv3 is not vulnerable to CVE-2014-9296.

Please see http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities for workaround instructions.

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Dec 16, 2014

Multiple vulnerabilities fixed in Firefox 24.7.0 ESR

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
Multiple CVEs Multiple vulnerabilities 10.0 Firefox
Solaris 11.2 11.2.5.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-3707 Information Disclosure vulnerability in Libcurl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3707 Information Disclosure vulnerability 4.3 Libcurl
Solaris 11.2 11.2.5.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Categories
Archives
« September 2015
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today