Security update for oracle-update SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0498-1 Final 1 1 2014-07-18T09:38:45Z current 2014-07-18T09:38:45Z 2014-07-18T09:38:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for oracle-update This critical patch update contains 5 security fixes for the Oracle Database Server. One of the vulnerabilities could have been exploited over the network without a valid username and password. Security Issues: * CVE-2013-3751 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3751> * CVE-2013-3774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3774> * CVE-2014-4236 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4236> * CVE-2014-4237 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4237> * CVE-2014-4245 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4245> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleman17sp2-oracle-update Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ Link for SUSE-SU-2015:0498-1 https://lists.suse.com/pipermail/sle-security-updates/2015-March/001287.html E-Mail link for SUSE-SU-2015:0498-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/757762 SUSE Bug 757762 https://bugzilla.suse.com/771994 SUSE Bug 771994 https://bugzilla.suse.com/776005 SUSE Bug 776005 https://bugzilla.suse.com/781730 SUSE Bug 781730 https://bugzilla.suse.com/799056 SUSE Bug 799056 https://bugzilla.suse.com/816221 SUSE Bug 816221 https://bugzilla.suse.com/818773 SUSE Bug 818773 https://bugzilla.suse.com/836732 SUSE Bug 836732 https://bugzilla.suse.com/859033 SUSE Bug 859033 https://bugzilla.suse.com/873982 SUSE Bug 873982 https://bugzilla.suse.com/887569 SUSE Bug 887569 https://bugzilla.suse.com/914702 SUSE Bug 914702 https://bugzilla.suse.com/927281 SUSE Bug 927281 https://www.suse.com/security/cve/CVE-2012-0525/ SUSE CVE CVE-2012-0525 page https://www.suse.com/security/cve/CVE-2012-0526/ SUSE CVE CVE-2012-0526 page https://www.suse.com/security/cve/CVE-2012-0527/ SUSE CVE CVE-2012-0527 page https://www.suse.com/security/cve/CVE-2012-0534/ SUSE CVE CVE-2012-0534 page https://www.suse.com/security/cve/CVE-2012-0552/ SUSE CVE CVE-2012-0552 page https://www.suse.com/security/cve/CVE-2012-1737/ SUSE CVE CVE-2012-1737 page https://www.suse.com/security/cve/CVE-2012-1745/ SUSE CVE CVE-2012-1745 page https://www.suse.com/security/cve/CVE-2012-3134/ SUSE CVE CVE-2012-3134 page https://www.suse.com/security/cve/CVE-2012-3137/ SUSE CVE CVE-2012-3137 page https://www.suse.com/security/cve/CVE-2013-1519/ SUSE CVE CVE-2013-1519 page https://www.suse.com/security/cve/CVE-2013-1534/ SUSE CVE CVE-2013-1534 page https://www.suse.com/security/cve/CVE-2013-1538/ SUSE CVE CVE-2013-1538 page https://www.suse.com/security/cve/CVE-2013-1554/ SUSE CVE CVE-2013-1554 page https://www.suse.com/security/cve/CVE-2013-3751/ SUSE CVE CVE-2013-3751 page https://www.suse.com/security/cve/CVE-2013-3760/ SUSE CVE CVE-2013-3760 page https://www.suse.com/security/cve/CVE-2013-3771/ SUSE CVE CVE-2013-3771 page https://www.suse.com/security/cve/CVE-2013-3774/ SUSE CVE CVE-2013-3774 page https://www.suse.com/security/cve/CVE-2013-3789/ SUSE CVE CVE-2013-3789 page https://www.suse.com/security/cve/CVE-2013-3790/ SUSE CVE CVE-2013-3790 page https://www.suse.com/security/cve/CVE-2013-5764/ SUSE CVE CVE-2013-5764 page https://www.suse.com/security/cve/CVE-2013-5853/ SUSE CVE CVE-2013-5853 page https://www.suse.com/security/cve/CVE-2013-5858/ SUSE CVE CVE-2013-5858 page https://www.suse.com/security/cve/CVE-2014-0377/ SUSE CVE CVE-2014-0377 page https://www.suse.com/security/cve/CVE-2014-0378/ SUSE CVE CVE-2014-0378 page https://www.suse.com/security/cve/CVE-2014-2406/ SUSE CVE CVE-2014-2406 page https://www.suse.com/security/cve/CVE-2014-2408/ SUSE CVE CVE-2014-2408 page https://www.suse.com/security/cve/CVE-2014-4236/ SUSE CVE CVE-2014-4236 page https://www.suse.com/security/cve/CVE-2014-4237/ SUSE CVE CVE-2014-4237 page https://www.suse.com/security/cve/CVE-2014-4245/ SUSE CVE CVE-2014-4245 page https://www.suse.com/security/cve/CVE-2015-0370/ SUSE CVE CVE-2015-0370 page https://www.suse.com/security/cve/CVE-2015-0455/ SUSE CVE CVE-2015-0455 page https://www.suse.com/security/cve/CVE-2015-0457/ SUSE CVE CVE-2015-0457 page https://www.suse.com/security/cve/CVE-2015-0479/ SUSE CVE CVE-2015-0479 page https://www.suse.com/security/cve/CVE-2015-0483/ SUSE CVE CVE-2015-0483 page SUSE Manager 1.7 oracle-update-1.7-0.27.1 oracle-update-1.7-0.27.1 as a component of SUSE Manager 1.7 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management. CVE-2012-0525 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-0525.html CVE-2012-0525 https://bugzilla.suse.com/757762 SUSE Bug 757762 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management, a different vulnerability than CVE-2012-0527. CVE-2012-0526 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-0526.html CVE-2012-0526 https://bugzilla.suse.com/757762 SUSE Bug 757762 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management, a different vulnerability than CVE-2012-0526. CVE-2012-0527 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-0527.html CVE-2012-0527 https://bugzilla.suse.com/757762 SUSE Bug 757762 Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Create Session. CVE-2012-0534 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-0534.html CVE-2012-0534 https://bugzilla.suse.com/757762 SUSE Bug 757762 Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2012-0552 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-0552.html CVE-2012-0552 https://bugzilla.suse.com/757762 SUSE Bug 757762 Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Enterprise Manager Grid Control EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1, and EM Plugin for DB 12.1.0.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Performance Advisories/UIs. CVE-2012-1737 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-1737.html CVE-2012-1737 Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. CVE-2012-1745 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-1745.html CVE-2012-1745 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors. CVE-2012-3134 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-3134.html CVE-2012-3134 The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." CVE-2012-3137 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2012-3137.html CVE-2012-3137 https://bugzilla.suse.com/781730 SUSE Bug 781730 https://bugzilla.suse.com/785429 SUSE Bug 785429 Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors. CVE-2013-1519 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-1519.html CVE-2013-1519 https://bugzilla.suse.com/816221 SUSE Bug 816221 Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-1534 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-1534.html CVE-2013-1534 https://bugzilla.suse.com/816221 SUSE Bug 816221 Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. CVE-2013-1538 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-1538.html CVE-2013-1538 https://bugzilla.suse.com/816221 SUSE Bug 816221 Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. CVE-2013-1554 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-1554.html CVE-2013-1554 https://bugzilla.suse.com/816221 SUSE Bug 816221 Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-3751 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-3751.html CVE-2013-3751 https://bugzilla.suse.com/836732 SUSE Bug 836732 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3771. CVE-2013-3760 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-3760.html CVE-2013-3760 https://bugzilla.suse.com/836732 SUSE Bug 836732 Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3760. CVE-2013-3771 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-3771.html CVE-2013-3771 https://bugzilla.suse.com/836732 SUSE Bug 836732 Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-3774 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-3774.html CVE-2013-3774 https://bugzilla.suse.com/836732 SUSE Bug 836732 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-3789 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-3789.html CVE-2013-3789 https://bugzilla.suse.com/836732 SUSE Bug 836732 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Privileged Account. CVE-2013-3790 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-3790.html CVE-2013-3790 https://bugzilla.suse.com/836732 SUSE Bug 836732 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors. CVE-2013-5764 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-5764.html CVE-2013-5764 https://bugzilla.suse.com/859033 SUSE Bug 859033 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors. CVE-2013-5853 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-5853.html CVE-2013-5853 https://bugzilla.suse.com/859033 SUSE Bug 859033 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370. CVE-2013-5858 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2013-5858.html CVE-2013-5858 https://bugzilla.suse.com/859033 SUSE Bug 859033 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables. CVE-2014-0377 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2014-0377.html CVE-2014-0377 https://bugzilla.suse.com/859033 SUSE Bug 859033 Unspecified vulnerability in the Spatial component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2014-0378 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2014-0378.html CVE-2014-0378 https://bugzilla.suse.com/859033 SUSE Bug 859033 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges. CVE-2014-2406 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2014-2406.html CVE-2014-2406 https://bugzilla.suse.com/873982 SUSE Bug 873982 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the "Grant Any Object Privilege." CVE-2014-2408 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 6.6 AV:N/AC:H/Au:S/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2014-2408.html CVE-2014-2408 https://bugzilla.suse.com/873982 SUSE Bug 873982 Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2014-4236 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2014-4236.html CVE-2014-4236 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. CVE-2014-4237 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2014-4237.html CVE-2014-4237 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. CVE-2014-4245 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2014-4245.html CVE-2014-4245 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2013-5858. CVE-2015-0370 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2015-0370.html CVE-2015-0370 https://bugzilla.suse.com/914702 SUSE Bug 914702 Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. CVE-2015-0455 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 6.8 AV:N/AC:L/Au:S/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2015-0455.html CVE-2015-0455 https://bugzilla.suse.com/927281 SUSE Bug 927281 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2629. CVE-2015-0457 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2015-0457.html CVE-2015-0457 https://bugzilla.suse.com/927281 SUSE Bug 927281 Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors. CVE-2015-0479 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2015-0479.html CVE-2015-0479 https://bugzilla.suse.com/927281 SUSE Bug 927281 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. CVE-2015-0483 SUSE Manager 1.7:oracle-update-1.7-0.27.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150498-1/ https://www.suse.com/security/cve/CVE-2015-0483.html CVE-2015-0483 https://bugzilla.suse.com/927281 SUSE Bug 927281