Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

Oracle Linux Bulletin – July 2023

Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin’s publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible.

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ol-pad-bulletin

References

Oracle Linux Risk Matrix

Revision 1: Published on 2023-07-18

CVE#ProductComponentRemote Exploit without Auth.?CVSS VERSION 3.1 RISK (see Risk Matrix Definitions)Supported Versions Affected
Base
Score		Attack
Vector		Attack
Complex		Privs
Req’d		User
Interact		ScopeConfid-
entiality		Inte-
grity		Avail-
ability
CVE-2023-29402Oracle Linuxgo-toolset and golangYes9.8NetworkLowNoneNoneUnchangedHighHighHigh9
CVE-2023-29404Oracle Linuxgo-toolset and golangYes9.8NetworkLowNoneNoneUnchangedHighHighHigh9
CVE-2023-29405Oracle Linuxgo-toolset and golangYes9.8NetworkLowNoneNoneUnchangedHighHighHigh9
CVE-2023-29402Oracle Linuxgo-toolset:ol8Yes9.8NetworkLowNoneNoneUnchangedHighHighHigh8
CVE-2023-29404Oracle Linuxgo-toolset:ol8Yes9.8NetworkLowNoneNoneUnchangedHighHighHigh8
CVE-2023-29405Oracle Linuxgo-toolset:ol8Yes9.8NetworkLowNoneNoneUnchangedHighHighHigh8
CVE-2023-37201Oracle LinuxfirefoxYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2023-37202Oracle LinuxfirefoxYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2023-37211Oracle LinuxfirefoxYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2021-33621Oracle Linuxruby:2.7No8.8NetworkLowLowNoneUnchangedHighHighHigh8
CVE-2023-37201Oracle LinuxthunderbirdYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2023-37202Oracle LinuxthunderbirdYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2023-37211Oracle LinuxthunderbirdYes8.8NetworkLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2023-33170Oracle Linux.NET 6.0Yes8.1NetworkHighNoneNoneUnchangedHighHighHigh8,9
CVE-2022-34918Oracle LinuxUnbreakable Enterprise kernel-containerNo7.8LocalLowLowNoneUnchangedHighHighHigh7,8
CVE-2023-37208Oracle LinuxfirefoxNo7.8LocalLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2023-29403Oracle Linuxgo-toolset and golangNo7.8LocalLowNoneRequiredUnchangedHighHighHigh9
CVE-2023-29403Oracle Linuxgo-toolset:ol8No7.8LocalLowNoneRequiredUnchangedHighHighHigh8
CVE-2023-32700Oracle LinuxtexliveNo7.8LocalLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2023-37208Oracle LinuxthunderbirdNo7.8LocalLowNoneRequiredUnchangedHighHighHigh8,9
CVE-2022-34918Oracle LinuxUnbreakable Enterprise kernelNo7.8LocalLowLowNoneUnchangedHighHighHigh7,8
CVE-2023-32067Oracle Linuxc-aresYes7.5NetworkLowNoneNoneUnchangedNoneNoneHigh7
CVE-2023-24329Oracle Linuxpython27:2.7Yes7.5NetworkLowNoneNoneUnchangedNoneHighNone8
CVE-2023-24329Oracle Linuxpython38:3.8 and python38-devel:3.8Yes7.5NetworkLowNoneNoneUnchangedNoneHighNone8
CVE-2023-2454Oracle LinuxpostgresqlNo7.2NetworkLowHighNoneUnchangedHighHighHigh9
CVE-2022-39189Oracle LinuxUnbreakable Enterprise kernel-containerNo7.0LocalHighLowNoneUnchangedHighHighHigh7,8
CVE-2022-39189Oracle LinuxUnbreakable Enterprise kernelNo7.0LocalHighLowNoneUnchangedHighHighHigh7,8
CVE-2023-37207Oracle LinuxfirefoxYes6.5NetworkLowNoneRequiredUnchangedNoneHighNone8,9
CVE-2023-37207Oracle LinuxthunderbirdYes6.5NetworkLowNoneRequiredUnchangedNoneHighNone8,9
CVE-2023-2700Oracle LinuxlibvirtNo6.3LocalHighLowNoneUnchangedHighNoneHigh9
CVE-2023-2700Oracle Linuxvirt:ol and virt-devel:rhelNo6.3LocalHighLowNoneUnchangedHighNoneHigh8
CVE-2023-0464Oracle LinuxopensslYes5.9NetworkHighNoneNoneUnchangedNoneNoneHigh9
CVE-2023-2650Oracle LinuxopensslYes5.9NetworkHighNoneNoneUnchangedNoneNoneHigh9
CVE-2022-46663Oracle LinuxlessNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2022-48281Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh8,9
CVE-2023-0795Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0796Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0797Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0798Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0799Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0800Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0801Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0802Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0803Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2023-0804Oracle LinuxlibtiffNo5.5LocalLowNoneRequiredUnchangedNoneNoneHigh9
CVE-2020-24736Oracle LinuxsqliteNo5.5LocalLowLowNoneUnchangedNoneNoneHigh8
CVE-2023-28755Oracle Linuxruby:2.7Yes5.3NetworkLowNoneNoneUnchangedNoneNoneLow8
CVE-2023-28756Oracle Linuxruby:2.7Yes5.3NetworkLowNoneNoneUnchangedNoneNoneLow8
CVE-2023-1255Oracle LinuxopensslNo5.1LocalHighNoneNoneUnchangedNoneNoneHigh9
CVE-2023-2283Oracle LinuxlibsshYes4.8NetworkHighNoneNoneUnchangedLowLowNone8
CVE-2023-1667Oracle LinuxlibsshNo4.3NetworkLowLowNoneUnchangedNoneNoneLow8
CVE-2023-2455Oracle LinuxpostgresqlNo4.2NetworkHighLowNoneUnchangedLowLowNone9
CVE-2023-20867Oracle Linuxopen-vm-toolsNo3.9LocalHighHighNoneChangedLowLowNone7
CVE-2023-20867Oracle Linuxopen-vm-toolsNo3.9LocalHighHighNoneChangedLowLowNone8,9
CVE-2023-0465Oracle LinuxopensslYes3.7NetworkHighNoneNoneUnchangedNoneLowNone9
CVE-2023-0466Oracle LinuxopensslYes3.7NetworkHighNoneNoneUnchangedNoneLowNone9

Source:
https://www.cisa.gov/news-events/alerts/2023/07/18/oracle-releases-security-updates