Security update for oracle-update
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2015:0498-2
Final
1
1
2014-07-18T13:49:14Z
current
2014-07-18T13:49:14Z
2014-07-18T13:49:14Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for oracle-update
This critical patch update contains 5 security fixes for the Oracle
Database Server. One of the vulnerabilities could have been exploited over
the network without a valid username and password.
Security Issues:
* CVE-2013-3751
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3751>
* CVE-2013-3774
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3774>
* CVE-2014-4236
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4236>
* CVE-2014-4237
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4237>
* CVE-2014-4245
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4245>
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
sleman21-oracle-update
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
Link for SUSE-SU-2015:0498-2
https://lists.suse.com/pipermail/sle-security-updates/2015-March/001291.html
E-Mail link for SUSE-SU-2015:0498-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/887569
SUSE Bug 887569
https://bugzilla.suse.com/914702
SUSE Bug 914702
https://bugzilla.suse.com/927281
SUSE Bug 927281
https://www.suse.com/security/cve/CVE-2013-3751/
SUSE CVE CVE-2013-3751 page
https://www.suse.com/security/cve/CVE-2013-3774/
SUSE CVE CVE-2013-3774 page
https://www.suse.com/security/cve/CVE-2014-4236/
SUSE CVE CVE-2014-4236 page
https://www.suse.com/security/cve/CVE-2014-4237/
SUSE CVE CVE-2014-4237 page
https://www.suse.com/security/cve/CVE-2014-4245/
SUSE CVE CVE-2014-4245 page
https://www.suse.com/security/cve/CVE-2015-0370/
SUSE CVE CVE-2015-0370 page
https://www.suse.com/security/cve/CVE-2015-0455/
SUSE CVE CVE-2015-0455 page
https://www.suse.com/security/cve/CVE-2015-0457/
SUSE CVE CVE-2015-0457 page
https://www.suse.com/security/cve/CVE-2015-0479/
SUSE CVE CVE-2015-0479 page
https://www.suse.com/security/cve/CVE-2015-0483/
SUSE CVE CVE-2015-0483 page
SUSE Manager 2.1
oracle-update-1.7-0.27.3
oracle-update-1.7-0.27.3 as a component of SUSE Manager 2.1
Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2013-3751
SUSE Manager 2.1:oracle-update-1.7-0.27.3
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2013-3751.html
CVE-2013-3751
https://bugzilla.suse.com/836732
SUSE Bug 836732
https://bugzilla.suse.com/887569
SUSE Bug 887569
Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2013-3774
SUSE Manager 2.1:oracle-update-1.7-0.27.3
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2013-3774.html
CVE-2013-3774
https://bugzilla.suse.com/836732
SUSE Bug 836732
https://bugzilla.suse.com/887569
SUSE Bug 887569
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2014-4236
SUSE Manager 2.1:oracle-update-1.7-0.27.3
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2014-4236.html
CVE-2014-4236
https://bugzilla.suse.com/887569
SUSE Bug 887569
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2014-4237
SUSE Manager 2.1:oracle-update-1.7-0.27.3
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2014-4237.html
CVE-2014-4237
https://bugzilla.suse.com/887569
SUSE Bug 887569
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2014-4245
SUSE Manager 2.1:oracle-update-1.7-0.27.3
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2014-4245.html
CVE-2014-4245
https://bugzilla.suse.com/887569
SUSE Bug 887569
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2013-5858.
CVE-2015-0370
SUSE Manager 2.1:oracle-update-1.7-0.27.3
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2015-0370.html
CVE-2015-0370
https://bugzilla.suse.com/914702
SUSE Bug 914702
Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2015-0455
SUSE Manager 2.1:oracle-update-1.7-0.27.3
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2015-0455.html
CVE-2015-0455
https://bugzilla.suse.com/927281
SUSE Bug 927281
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2629.
CVE-2015-0457
SUSE Manager 2.1:oracle-update-1.7-0.27.3
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2015-0457.html
CVE-2015-0457
https://bugzilla.suse.com/927281
SUSE Bug 927281
Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.
CVE-2015-0479
SUSE Manager 2.1:oracle-update-1.7-0.27.3
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2015-0479.html
CVE-2015-0479
https://bugzilla.suse.com/927281
SUSE Bug 927281
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors.
CVE-2015-0483
SUSE Manager 2.1:oracle-update-1.7-0.27.3
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150498-2/
https://www.suse.com/security/cve/CVE-2015-0483.html
CVE-2015-0483
https://bugzilla.suse.com/927281
SUSE Bug 927281