Re: [pca] Solaris 10 1/13 preinstalled patches

2013-02-13 Thread Don O'Malley 

  
  
Thanks for the further investigation Martin! I'll follow up.

There is nothing to prevent those patches being added to a system
installed with s10u11, so it would seem prudent to add the Security
fixes indicated below in the case where the patch pkgs are installed
systems. (I've provided details of the pkgs delivered in the 2
patches that you've pointed out below for ease of reference.)

As a general rule of thumb, it is always advisable to apply the
latest Recommended Patchset after installing/upgrading to the latest
Solaris Update to get any fixes relesed after the Solaris Update (or
in this case not delivered as part of the update itself).

Best,
-Don

On 02/13/13 07:12, Martin Paul wrote:
Hi
  Don,
  
  
  Am 12.02.2013 20:00, schrieb Don O'Malley:
  
  I'll take a look into this one and get
back to you.

  
  
  Thanks for the information you already provided. Apart from that,
  it might be worth to at least take a look at these two patches:
  
  
  
Patch  IR   CR RSB Age Synopsis
  
  -- -- - -- --- ---
  ---
  
  119213 26  27 RS- 369 NSS_NSPR_JSS 3.13.1: NSPR 4.8.9 /
  NSS 3.13.1 / JSS 4.3.2
  
  149453 --  02 RS- 133 SunOS 5.10: CCR Update
  

  
  
  Both of them are "S"ecurity patches, and both of them contain
  actual security fixes (which Oracle nowadays often paraphrases as
  "problem with X"):
  
  
  -- 119213-27:
  
  
  13341290 DIS-TRUST DIGINOTAR ROOT CERTIFICATE
  
  13341314 (CVE-2011-3389) RIZZO/DUONG CHOSEN PLAINTEXT ATTACK
  (BEAST) ON SSL/TLS 1.0
  

PKG=SUNWjss
ARCH=sparc
VERSION=4.0,REV=2004.11.05.02.31

PKG=SUNWpr
ARCH=sparc
VERSION=4.5.1,REV=2004.11.05.02.30

PKG=SUNWprd
ARCH=sparc
VERSION=4.5.1,REV=2004.11.05.02.30

PKG=SUNWtls
ARCH=sparc
VERSION=3.9.5,REV=2005.01.14.17.27

PKG=SUNWtlsd
ARCH=sparc
VERSION=3.9.5,REV=2005.01.14.17.27

PKG=SUNWtlsu
ARCH=sparc
VERSION=3.9.5,REV=2005.01.14.17.27


  
  -- 149453-02
  
  
  7194816 problem with smpatch / updatemanager
  
  6914463 problem with smpatch / updatemanager
  

PKG=SUNWr
ARCH=sparc
VERSION=001.000.000


  
  It's kind of strange to get a Solaris release in Feb 2013 with
  existing security fixes from up to a year ago not being fixed out
  of the box.
  
  
  Martin.
  
  


-- 

  Don O'Malley
  
Manager, Software Maintenance Engineering
Revenue Product Engineering | Solaris | Hardware 
Block C, East Point Business Park, Dublin 3, Ireland
Phone: +353 1 8033883 
Team Alias: rpe_sme_ww_...@oracle.com

Re: [pca] Solaris 10 1/13 preinstalled patches

2013-02-12 Thread Martin Paul 

Hi Don,

Am 12.02.2013 20:00, schrieb Don O'Malley:

I'll take a look into this one and get back to you.


Thanks for the information you already provided. Apart from that, it 
might be worth to at least take a look at these two patches:



Patch  IR   CR RSB Age Synopsis
-- -- - -- --- --- ---
119213 26  27 RS- 369 NSS_NSPR_JSS 3.13.1: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.2
149453 --  02 RS- 133 SunOS 5.10: CCR Update


Both of them are Security patches, and both of them contain actual 
security fixes (which Oracle nowadays often paraphrases as problem with 
X):


-- 119213-27:

13341290 DIS-TRUST DIGINOTAR ROOT CERTIFICATE
13341314 (CVE-2011-3389) RIZZO/DUONG CHOSEN PLAINTEXT ATTACK (BEAST) ON 
SSL/TLS 1.0


-- 149453-02

7194816 problem with smpatch / updatemanager
6914463 problem with smpatch / updatemanager

It's kind of strange to get a Solaris release in Feb 2013 with existing 
security fixes from up to a year ago not being fixed out of the box.


Martin.