Oracle Linux Bulletin - January 2018

Cloud Account Sign in to Cloud Sign Up for Free Cloud Tier

Oracle Account

Oracle Linux Bulletin - January 2018

Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin fixes as soon as possible.

Patch Availability

Please see ULN Advisory http://linux.oracle.com/ol-pad-bulletin

Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

17 April 2018
17 July 2018
16 October 2018
15 January 2019

References

Oracle Critical Patch Updates and Security Alerts main page [ Oracle Technology Network ]
CVRF XML version of the risk matrix [ Oracle Technology Network ]
Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions [ CPU FAQ ]
Risk Matrix definitions [ Risk Matrix Definitions ]
Use of Common Vulnerability Scoring System (CVSS) by Oracle [ Oracle CVSS Scoring ]

Modification History

2018-March-16	Rev 3. New CVEs added.
2018-February-16	Rev 2. New CVEs added.
2018-January-16	Rev 1. Initial Release

Oracle Linux Executive Summary

This Oracle Linux Bulletin contains 93 new security fixes for the Oracle Linux. 62 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Oracle Linux Risk Matrix

Revision 3: Published on 2018-03-16

CVE#	Product	Component	Remote Exploit without Auth.?	CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)							Supported Versions Affected
CVE#	Product	Component	Remote Exploit without Auth.?	Base Score	Access Vector	Access Complexity	Authentication	Confidentiality	Integrity	Availability	Supported Versions Affected
CVE-2017-10784	Oracle Linux	ruby	Yes	9.3	Network	Medium	None	Complete	Complete	Complete	7
CVE-2017-17405	Oracle Linux	ruby	Yes	9.3	Network	Medium	None	Complete	Complete	Complete	7
CVE-2017-0899	Oracle Linux	ruby	Yes	7.5	Network	Low	None	Partial	Partial	Partial	7
CVE-2017-0903	Oracle Linux	ruby	Yes	7.5	Network	Low	None	Partial	Partial	Partial	7
CVE-2017-14064	Oracle Linux	ruby	Yes	7.5	Network	Low	None	Partial	Partial	Partial	7
CVE-2017-17790	Oracle Linux	ruby	Yes	7.5	Network	Low	None	Partial	Partial	Partial	7
CVE-2017-16525	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6
CVE-2017-16529	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6
CVE-2017-16531	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6
CVE-2017-8824	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6
CVE-2017-12188	Oracle Linux	kernel	No	6.9	Local	Medium	None	Complete	Complete	Complete	7
CVE-2018-5345	Oracle Linux	gcab	Yes	6.8	Network	Medium	None	Partial	Partial	Partial	7
CVE-2017-0902	Oracle Linux	ruby	Yes	6.8	Network	Medium	None	Partial	Partial	Partial	7
CVE-2017-0898	Oracle Linux	ruby	Yes	6.4	Network	Low	None	Partial	None	Partial	7
CVE-2017-0901	Oracle Linux	ruby	Yes	6.4	Network	Low	None	None	Partial	Partial	7
CVE-2018-2599	Oracle Linux	java-1.7.0-openjdk	Yes	5.8	Network	Medium	None	None	Partial	Partial	6,7
CVE-2018-2637	Oracle Linux	java-1.7.0-openjdk	Yes	5.8	Network	Medium	None	Partial	Partial	None	6,7
CVE-2018-2633	Oracle Linux	java-1.7.0-openjdk	Yes	5.1	Network	High	None	Partial	Partial	Partial	6,7
CVE-2018-2603	Oracle Linux	java-1.7.0-openjdk	Yes	5.0	Network	Low	None	None	None	Partial	6,7
CVE-2018-6871	Oracle Linux	libreoffice	Yes	5.0	Network	Low	None	Partial	None	None	6,7
CVE-2017-0900	Oracle Linux	ruby	Yes	5.0	Network	Low	None	None	None	Partial	7
CVE-2017-14033	Oracle Linux	ruby	Yes	5.0	Network	Low	None	None	None	Partial	7
CVE-2017-14106	Oracle Linux	Unbreakable Enterprise kernel	No	4.9	Local	Low	None	None	None	Complete	6
CVE-2017-6951	Oracle Linux	Unbreakable Enterprise kernel	No	4.9	Local	Low	None	None	None	Complete	6
CVE-2017-15135	Oracle Linux	389-ds-base	Yes	4.3	Network	Medium	None	Partial	None	None	7
CVE-2017-15135	Oracle Linux	389-ds-base	Yes	4.3	Network	Medium	None	Partial	None	None	6
CVE-2018-2579	Oracle Linux	java-1.7.0-openjdk	Yes	4.3	Network	Medium	None	Partial	None	None	6,7
CVE-2018-2618	Oracle Linux	java-1.7.0-openjdk	Yes	4.3	Network	Medium	None	Partial	None	None	6,7
CVE-2018-2634	Oracle Linux	java-1.7.0-openjdk	Yes	4.3	Network	Medium	None	Partial	None	None	6,7
CVE-2018-2663	Oracle Linux	java-1.7.0-openjdk	Yes	4.3	Network	Medium	None	None	None	Partial	6,7
CVE-2018-2677	Oracle Linux	java-1.7.0-openjdk	Yes	4.3	Network	Medium	None	None	None	Partial	6,7
CVE-2018-2678	Oracle Linux	java-1.7.0-openjdk	Yes	4.3	Network	Medium	None	None	None	Partial	6,7
CVE-2018-5950	Oracle Linux	mailman	Yes	4.3	Network	Medium	None	None	Partial	None	6,7
CVE-2017-7890	Oracle Linux	php	Yes	4.3	Network	Medium	None	Partial	None	None	7
CVE-2018-2588	Oracle Linux	java-1.7.0-openjdk	No	4.0	Network	Low	Single	Partial	None	None	6,7
CVE-2018-2602	Oracle Linux	java-1.7.0-openjdk	No	3.7	Local	High	None	Partial	Partial	Partial	6,7
CVE-2018-2629	Oracle Linux	java-1.7.0-openjdk	Yes	2.6	Network	High	None	None	Partial	None	6,7
CVE-2018-2641	Oracle Linux	java-1.7.0-openjdk	Yes	2.6	Network	High	None	None	Partial	None	6,7
CVE-2017-15289	Oracle Linux	qemu-kvm	No	2.1	Local	Low	None	None	None	Partial	6
CVE-2018-1054	Oracle Linux	389-ds-base	Yes	0.0	Network	Undefined	None	None	None	None	7
CVE-2018-1054	Oracle Linux	389-ds-base	Yes	0.0	Network	Undefined	None	None	None	None	6
CVE-2018-5732	Oracle Linux	dhcp	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5733	Oracle Linux	dhcp	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5125	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5127	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5129	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5130	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5131	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5144	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5145	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2017-7518	Oracle Linux	kernel	Yes	0.0	Network	Undefined	None	None	None	None	7
CVE-2018-5379	Oracle Linux	quagga	Yes	0.0	Network	Undefined	None	None	None	None	7
CVE-2017-7482	Oracle Linux	Unbreakable Enterprise kernel	Yes	0.0	Network	Undefined	None	None	None	None	6

Revision 2: Published on 2018-02-16

CVE#	Product	Component	Remote Exploit without Auth.?	CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)							Supported Versions Affected
CVE#	Product	Component	Remote Exploit without Auth.?	Base Score	Access Vector	Access Complexity	Authentication	Confidentiality	Integrity	Availability	Supported Versions Affected
CVE-2017-11176	Oracle Linux	kernel	Yes	10.0	Network	Low	None	Complete	Complete	Complete	6
CVE-2017-15115	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-8824	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2015-8539	Oracle Linux	kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	7
CVE-2017-9074	Oracle Linux	kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6
CVE-2017-17712	Oracle Linux	Unbreakable Enterprise kernel	No	6.9	Local	Medium	None	Complete	Complete	Complete	6,7
CVE-2018-2599	Oracle Linux	java-1.8.0-openjdk	Yes	5.8	Network	Medium	None	None	Partial	Partial	6,7
CVE-2018-2637	Oracle Linux	java-1.8.0-openjdk	Yes	5.8	Network	Medium	None	Partial	Partial	None	6,7
CVE-2018-2633	Oracle Linux	java-1.8.0-openjdk	Yes	5.1	Network	High	None	Partial	Partial	Partial	6,7
CVE-2018-2603	Oracle Linux	java-1.8.0-openjdk	Yes	5.0	Network	Low	None	None	None	Partial	6,7
CVE-2017-12193	Oracle Linux	Unbreakable Enterprise kernel	No	4.9	Local	Low	None	None	None	Complete	6,7
CVE-2017-12192	Oracle Linux	kernel	No	4.9	Local	Low	None	None	None	Complete	7
CVE-2017-12193	Oracle Linux	kernel	No	4.9	Local	Low	None	None	None	Complete	7
CVE-2017-7472	Oracle Linux	kernel	No	4.9	Local	Low	None	None	None	Complete	7
CVE-2017-7542	Oracle Linux	kernel	No	4.9	Local	Low	None	None	None	Complete	6
CVE-2017-5754	Oracle Linux	Unbreakable Enterprise kernel	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-5715	Oracle Linux	Unbreakable Enterprise kernel	No	4.7	Local	Medium	None	Complete	None	None	6
CVE-2017-5753	Oracle Linux	Unbreakable Enterprise kernel	No	4.7	Local	Medium	None	Complete	None	None	6
CVE-2017-5754	Oracle Linux	Unbreakable Enterprise kernel	No	4.7	Local	Medium	None	Complete	None	None	6
CVE-2017-0861	Oracle Linux	Unbreakable Enterprise kernel	No	4.6	Local	Low	None	Partial	Partial	Partial	6,7
CVE-2017-1000407	Oracle Linux	Unbreakable Enterprise kernel	No	4.6	Adjacent network	High	None	None	None	Complete	6,7
CVE-2017-15649	Oracle Linux	kernel	No	4.6	Local	Low	None	Partial	Partial	Partial	7
CVE-2018-2579	Oracle Linux	java-1.8.0-openjdk	Yes	4.3	Network	Medium	None	Partial	None	None	6,7
CVE-2018-2618	Oracle Linux	java-1.8.0-openjdk	Yes	4.3	Network	Medium	None	Partial	None	None	6,7
CVE-2018-2634	Oracle Linux	java-1.8.0-openjdk	Yes	4.3	Network	Medium	None	Partial	None	None	6,7
CVE-2018-2663	Oracle Linux	java-1.8.0-openjdk	Yes	4.3	Network	Medium	None	None	None	Partial	6,7
CVE-2018-2677	Oracle Linux	java-1.8.0-openjdk	Yes	4.3	Network	Medium	None	None	None	Partial	6,7
CVE-2018-2678	Oracle Linux	java-1.8.0-openjdk	Yes	4.3	Network	Medium	None	None	None	Partial	6,7
CVE-2018-2588	Oracle Linux	java-1.8.0-openjdk	No	4.0	Network	Low	Single	Partial	None	None	6,7
CVE-2017-14604	Oracle Linux	nautilus	No	4.0	Network	Low	Single	None	Partial	None	7
CVE-2018-2602	Oracle Linux	java-1.8.0-openjdk	No	3.7	Local	High	None	Partial	Partial	Partial	6,7
CVE-2018-2629	Oracle Linux	java-1.8.0-openjdk	Yes	2.6	Network	High	None	None	Partial	None	6,7
CVE-2018-2641	Oracle Linux	java-1.8.0-openjdk	Yes	2.6	Network	High	None	None	Partial	None	6,7
CVE-2017-14140	Oracle Linux	Unbreakable Enterprise kernel	No	2.1	Local	Low	None	Partial	None	None	6,7
CVE-2017-15134	Oracle Linux	389-ds-base	Yes	0.0	Network	Undefined	None	None	None	None	7
CVE-2017-3145	Oracle Linux	bind	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2017-3144	Oracle Linux	dhcp	Yes	0.0	Network	Undefined	None	None	None	None	7
CVE-2018-5089	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5091	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5095	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5096	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5097	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5098	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5099	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5102	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5103	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5104	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5117	Oracle Linux	firefox	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-2582	Oracle Linux	java-1.8.0-openjdk	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-1049	Oracle Linux	systemd	Yes	0.0	Network	Undefined	None	None	None	None	7
CVE-2018-5089	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5095	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5096	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5097	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5098	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5099	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5102	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5103	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5104	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2018-5117	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7

Revision 1: Published on 2018-01-16

CVE#	Product	Component	Remote Exploit without Auth.?	CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)							Supported Versions Affected
CVE#	Product	Component	Remote Exploit without Auth.?	Base Score	Access Vector	Access Complexity	Authentication	Confidentiality	Integrity	Availability	Supported Versions Affected
CVE-2017-16525	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-16526	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-16529	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-16530	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-16531	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-16533	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-16535	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-16536	Oracle Linux	Unbreakable Enterprise kernel	No	7.2	Local	Low	None	Complete	Complete	Complete	6,7
CVE-2017-5715	Oracle Linux	Unbreakable Enterprise kernel	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-5753	Oracle Linux	Unbreakable Enterprise kernel	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-5754	Oracle Linux	Unbreakable Enterprise kernel	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-5715	Oracle Linux	kernel	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-5753	Oracle Linux	kernel	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-5754	Oracle Linux	kernel	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-5715	Oracle Linux	libvirt	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-5715	Oracle Linux	qemu-kvm	No	4.7	Local	Medium	None	Complete	None	None	6,7
CVE-2017-7829	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2017-7846	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2017-7847	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7
CVE-2017-7848	Oracle Linux	thunderbird	Yes	0.0	Network	Undefined	None	None	None	None	6,7