Security update for oracle-update SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0907-1 Final 1 1 2014-07-18T13:49:14Z current 2014-07-18T13:49:14Z 2014-07-18T13:49:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for oracle-update This critical patch update contains 5 security fixes for the Oracle Database Server. One of the vulnerabilities could have been exploited over the network without a valid username and password. Security Issues: * CVE-2013-3751 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3751> * CVE-2013-3774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3774> * CVE-2014-4236 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4236> * CVE-2014-4237 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4237> * CVE-2014-4245 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4245> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleman17sp2-oracle-update,sleman21-oracle-update Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ Link for SUSE-SU-2015:0907-1 https://lists.suse.com/pipermail/sle-security-updates/2015-May/001395.html E-Mail link for SUSE-SU-2015:0907-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/887569 SUSE Bug 887569 https://bugzilla.suse.com/914702 SUSE Bug 914702 https://bugzilla.suse.com/927281 SUSE Bug 927281 https://www.suse.com/security/cve/CVE-2013-3751/ SUSE CVE CVE-2013-3751 page https://www.suse.com/security/cve/CVE-2013-3774/ SUSE CVE CVE-2013-3774 page https://www.suse.com/security/cve/CVE-2014-4236/ SUSE CVE CVE-2014-4236 page https://www.suse.com/security/cve/CVE-2014-4237/ SUSE CVE CVE-2014-4237 page https://www.suse.com/security/cve/CVE-2014-4245/ SUSE CVE CVE-2014-4245 page https://www.suse.com/security/cve/CVE-2015-0370/ SUSE CVE CVE-2015-0370 page https://www.suse.com/security/cve/CVE-2015-0455/ SUSE CVE CVE-2015-0455 page https://www.suse.com/security/cve/CVE-2015-0457/ SUSE CVE CVE-2015-0457 page https://www.suse.com/security/cve/CVE-2015-0479/ SUSE CVE CVE-2015-0479 page https://www.suse.com/security/cve/CVE-2015-0483/ SUSE CVE CVE-2015-0483 page SUSE Manager 1.7 SUSE Manager 2.1 oracle-update-1.7-0.27.1 oracle-update-1.7-0.27.3 oracle-update-1.7-0.27.1 as a component of SUSE Manager 1.7 oracle-update-1.7-0.27.3 as a component of SUSE Manager 2.1 Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-3751 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2013-3751.html CVE-2013-3751 https://bugzilla.suse.com/836732 SUSE Bug 836732 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-3774 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2013-3774.html CVE-2013-3774 https://bugzilla.suse.com/836732 SUSE Bug 836732 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2014-4236 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2014-4236.html CVE-2014-4236 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. CVE-2014-4237 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 low 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2014-4237.html CVE-2014-4237 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. CVE-2014-4245 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 low 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2014-4245.html CVE-2014-4245 https://bugzilla.suse.com/887569 SUSE Bug 887569 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2013-5858. CVE-2015-0370 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2015-0370.html CVE-2015-0370 https://bugzilla.suse.com/914702 SUSE Bug 914702 Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. CVE-2015-0455 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 important 6.8 AV:N/AC:L/Au:S/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2015-0455.html CVE-2015-0455 https://bugzilla.suse.com/927281 SUSE Bug 927281 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2629. CVE-2015-0457 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2015-0457.html CVE-2015-0457 https://bugzilla.suse.com/927281 SUSE Bug 927281 Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors. CVE-2015-0479 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 important 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2015-0479.html CVE-2015-0479 https://bugzilla.suse.com/927281 SUSE Bug 927281 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. CVE-2015-0483 SUSE Manager 1.7:oracle-update-1.7-0.27.1 SUSE Manager 2.1:oracle-update-1.7-0.27.3 important 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150907-1/ https://www.suse.com/security/cve/CVE-2015-0483.html CVE-2015-0483 https://bugzilla.suse.com/927281 SUSE Bug 927281