Oracle Solaris Third Party Bulletin - January 2025


Description

The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.


Patch Availability

Please see My Oracle Support Note 1448883.1


Third Party Bulletin Schedule

Third Party Bulletins are released on the third Tuesday of January, April, July, and October. The next four dates are:

  • 15 April 2025
  • 15 July 2025
  • 21 October 2025
  • 20 January 2026

References


Modification History

Date Note
2025-January -21 Rev 1. Initial Release with all CVEs fixed in Solaris 11.4 SRU 77

Oracle Solaris Executive Summary

This Oracle Solaris Bulletin contains 18 new security patches for the Oracle Solaris Operating System.  11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle Solaris Third Party Bulletin Risk Matrix

Revision 1: Published on 2025-01-21

CVE ID Product Third
Party
component
Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported
Versions
Affected
Notes
Base
Score
Attack
Vector
Attack
Complexity
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2024-53899 Oracle Solaris virtualenv HTTP Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 1
CVE-2024-53907 Oracle Solaris Django HTTP Yes 9.8 Network Low None None Un
changed
High High High 11.4 See
Note 2
CVE-2022-24810 Oracle Solaris Net-SNMP None No 8.8 Local Low Low None Changed High High High 11.4 See
Note 3
CVE-2024-11691 Oracle Solaris Firefox HTTP Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 4
CVE-2024-11691 Oracle Solaris Thunderbird HTTP Yes 7.5 Network High None Required Un
changed
High High High 11.4 See
Note 5
CVE-2024-9781 Oracle Solaris Wireshark None No 7 Local High None Required Un
changed
High High High 11.4 See
Note 6
CVE-2024-10524 Oracle Solaris Wget HTTP Yes 6.5 Network High None None Changed Low Low Low 11.4  
CVE-2024-6232 Oracle Solaris Python HTTP Yes 6.5 Network Low None Required Un
changed
None None High 11.4  
CVE-2024-9287 Oracle Solaris Python None No 6.3 Local Low High Required Changed Low High None 11.4  
CVE-2024-9902 Oracle Solaris Ansible None No 6.3 Local High Low Required Un
changed
High High Low 11.4  
CVE-2024-5535 Oracle Solaris MySQL Multiple Yes 5.9 Network High None None Un
changed
None None High 11.4 See
Note 7
CVE-2024-6923 Oracle Solaris Python HTTP No 5.5 Network Low Low Required Un
changed
Low Low Low 11.4  
CVE-2024-8775 Oracle Solaris Ansible None No 5.5 Local Low Low None Un
changed
High None None 11.4  
CVE-2023-27043 Oracle Solaris Python HTTP Yes 5.3 Network Low None None Un
changed
None Low None 11.4  
CVE-2024-5569 Oracle Solaris Python HTTP Yes 5.3 Network High None Required Un
changed
None None High 11.4 See
Note 8
CVE-2024-8929 Oracle Solaris PHP HTTP Yes 5.3 Network Low None None Un
changed
Low None None 11.4 See
Note 9
CVE-2024-7592 Oracle Solaris Python HTTP No 4.8 Network High Low Required Un
changed
None None High 11.4  
CVE-2024-11168 Oracle Solaris Python HTTP Yes 3.7 Network High None None Un
changed
None Low None 11.4  

Notes:

1. This patch also addresses CVE-2024-53899.

2. This patch also addresses CVE-2024-53908.

3. This patch also addresses CVE-2020-15862 CVE-2022-24805.

4. This patch also addresses CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 CVE-2024-11692 CVE-2024-11693 CVE-2024-11694 CVE-2024-11695 CVE-2024-11696 CVE-2024-11697 CVE-2024-11698 CVE-2024-11699.

5. This patch also addresses CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 CVE-2024-11159 CVE-2024-11692 CVE-2024-11693 CVE-2024-11694 CVE-2024-11695 CVE-2024-11696 CVE-2024-11697 CVE-2024-11698 CVE-2024-11699.

6. This patch also addresses CVE-2024-8250.

7. This patch also addresses CVE-2024-21193 CVE-2024-21194 CVE-2024-21196 CVE-2024-21197 CVE-2024-21198 CVE-2024-21199 CVE-2024-21200 CVE-2024-21201 CVE-2024-21203 CVE-2024-21204 CVE-2024-21207 CVE-2024-21209 CVE-2024-21212 CVE-2024-21213 CVE-2024-21218 CVE-2024-21219 CVE-2024-21230 CVE-2024-21231 CVE-2024-21232 CVE-2024-21236 CVE-2024-21237 CVE-2024-21238 CVE-2024-21239 CVE-2024-21241 CVE-2024-21243 CVE-2024-21244 CVE-2024-21247 CVE-2024-7264.

8. This patch also addresses CVE-2024-8088.

9. This patch also addresses CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 CVE-2024-4577 CVE-2024-8925 CVE-2024-8926 CVE-2024-8927 CVE-2024-8932 CVE-2024-9026.