Oracle Releases Security Updates

Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

Oracle Linux Bulletin – July 2023

Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin’s publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible.

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ol-pad-bulletin

References

Oracle Linux Risk Matrix

Revision 1: Published on 2023-07-18

CVE#	Product	Component	Remote Exploit without Auth.?	CVSS VERSION 3.1 RISK (see Risk Matrix Definitions)	Supported Versions Affected
Base Score	Attack Vector	Attack Complex	Privs Req’d	User Interact	Scope	Confid- entiality	Inte- grity	Avail- ability
CVE-2023-29402	Oracle Linux	go-toolset and golang	Yes	9.8	Network	Low	None	None	Unchanged	High	High	High	9
CVE-2023-29404	Oracle Linux	go-toolset and golang	Yes	9.8	Network	Low	None	None	Unchanged	High	High	High	9
CVE-2023-29405	Oracle Linux	go-toolset and golang	Yes	9.8	Network	Low	None	None	Unchanged	High	High	High	9
CVE-2023-29402	Oracle Linux	go-toolset:ol8	Yes	9.8	Network	Low	None	None	Unchanged	High	High	High	8
CVE-2023-29404	Oracle Linux	go-toolset:ol8	Yes	9.8	Network	Low	None	None	Unchanged	High	High	High	8
CVE-2023-29405	Oracle Linux	go-toolset:ol8	Yes	9.8	Network	Low	None	None	Unchanged	High	High	High	8
CVE-2023-37201	Oracle Linux	firefox	Yes	8.8	Network	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2023-37202	Oracle Linux	firefox	Yes	8.8	Network	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2023-37211	Oracle Linux	firefox	Yes	8.8	Network	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2021-33621	Oracle Linux	ruby:2.7	No	8.8	Network	Low	Low	None	Unchanged	High	High	High	8
CVE-2023-37201	Oracle Linux	thunderbird	Yes	8.8	Network	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2023-37202	Oracle Linux	thunderbird	Yes	8.8	Network	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2023-37211	Oracle Linux	thunderbird	Yes	8.8	Network	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2023-33170	Oracle Linux	.NET 6.0	Yes	8.1	Network	High	None	None	Unchanged	High	High	High	8,9
CVE-2022-34918	Oracle Linux	Unbreakable Enterprise kernel-container	No	7.8	Local	Low	Low	None	Unchanged	High	High	High	7,8
CVE-2023-37208	Oracle Linux	firefox	No	7.8	Local	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2023-29403	Oracle Linux	go-toolset and golang	No	7.8	Local	Low	None	Required	Unchanged	High	High	High	9
CVE-2023-29403	Oracle Linux	go-toolset:ol8	No	7.8	Local	Low	None	Required	Unchanged	High	High	High	8
CVE-2023-32700	Oracle Linux	texlive	No	7.8	Local	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2023-37208	Oracle Linux	thunderbird	No	7.8	Local	Low	None	Required	Unchanged	High	High	High	8,9
CVE-2022-34918	Oracle Linux	Unbreakable Enterprise kernel	No	7.8	Local	Low	Low	None	Unchanged	High	High	High	7,8
CVE-2023-32067	Oracle Linux	c-ares	Yes	7.5	Network	Low	None	None	Unchanged	None	None	High	7
CVE-2023-24329	Oracle Linux	python27:2.7	Yes	7.5	Network	Low	None	None	Unchanged	None	High	None	8
CVE-2023-24329	Oracle Linux	python38:3.8 and python38-devel:3.8	Yes	7.5	Network	Low	None	None	Unchanged	None	High	None	8
CVE-2023-2454	Oracle Linux	postgresql	No	7.2	Network	Low	High	None	Unchanged	High	High	High	9
CVE-2022-39189	Oracle Linux	Unbreakable Enterprise kernel-container	No	7.0	Local	High	Low	None	Unchanged	High	High	High	7,8
CVE-2022-39189	Oracle Linux	Unbreakable Enterprise kernel	No	7.0	Local	High	Low	None	Unchanged	High	High	High	7,8
CVE-2023-37207	Oracle Linux	firefox	Yes	6.5	Network	Low	None	Required	Unchanged	None	High	None	8,9
CVE-2023-37207	Oracle Linux	thunderbird	Yes	6.5	Network	Low	None	Required	Unchanged	None	High	None	8,9
CVE-2023-2700	Oracle Linux	libvirt	No	6.3	Local	High	Low	None	Unchanged	High	None	High	9
CVE-2023-2700	Oracle Linux	virt:ol and virt-devel:rhel	No	6.3	Local	High	Low	None	Unchanged	High	None	High	8
CVE-2023-0464	Oracle Linux	openssl	Yes	5.9	Network	High	None	None	Unchanged	None	None	High	9
CVE-2023-2650	Oracle Linux	openssl	Yes	5.9	Network	High	None	None	Unchanged	None	None	High	9
CVE-2022-46663	Oracle Linux	less	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2022-48281	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	8,9
CVE-2023-0795	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0796	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0797	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0798	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0799	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0800	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0801	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0802	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0803	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2023-0804	Oracle Linux	libtiff	No	5.5	Local	Low	None	Required	Unchanged	None	None	High	9
CVE-2020-24736	Oracle Linux	sqlite	No	5.5	Local	Low	Low	None	Unchanged	None	None	High	8
CVE-2023-28755	Oracle Linux	ruby:2.7	Yes	5.3	Network	Low	None	None	Unchanged	None	None	Low	8
CVE-2023-28756	Oracle Linux	ruby:2.7	Yes	5.3	Network	Low	None	None	Unchanged	None	None	Low	8
CVE-2023-1255	Oracle Linux	openssl	No	5.1	Local	High	None	None	Unchanged	None	None	High	9
CVE-2023-2283	Oracle Linux	libssh	Yes	4.8	Network	High	None	None	Unchanged	Low	Low	None	8
CVE-2023-1667	Oracle Linux	libssh	No	4.3	Network	Low	Low	None	Unchanged	None	None	Low	8
CVE-2023-2455	Oracle Linux	postgresql	No	4.2	Network	High	Low	None	Unchanged	Low	Low	None	9
CVE-2023-20867	Oracle Linux	open-vm-tools	No	3.9	Local	High	High	None	Changed	Low	Low	None	7
CVE-2023-20867	Oracle Linux	open-vm-tools	No	3.9	Local	High	High	None	Changed	Low	Low	None	8,9
CVE-2023-0465	Oracle Linux	openssl	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	9
CVE-2023-0466	Oracle Linux	openssl	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	9

Source:
https://www.cisa.gov/news-events/alerts/2023/07/18/oracle-releases-security-updates

Stay connected

Trending News

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Hot Topics

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Trending Slider

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Latest

Popular

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

Advantech WebAccess Node

Fazecast jSerialComm

Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0

JexBoss – JBoss Verify and EXploitation Tool

Categories

Stay connected

Trending News

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Description

Patch Availability

References

Oracle Linux Risk Matrix

Revision 1: Published on 2023-07-18

Related posts

Siemens SCALANCE W1750D

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update E)

CISA Releases Eight Industrial Control Systems Advisories

Schneider Electric EcoStruxure Power Monitoring Expert

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

Mitsubishi Electric GOT and Tension Controller

Hot Topics

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Categories

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Latest

Popular

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

Advantech WebAccess Node

Fazecast jSerialComm

Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0

JexBoss – JBoss Verify and EXploitation Tool