News, tips, partners, and perspectives for the Oracle Solaris operating system

Oracle Solaris 11.3 SRU 25 Released

Last Tuesday, October 17th 2017, Oracle Solaris 11.3 Support Repository Update (SRU) 25 was released and in now available for download on My Oracle Support Doc ID 2045311.1 and detailed information on this release is available at My Oracle Support Doc ID 2316155.1.

As this the October SRU it has the special status of Critical Patch Update (CPU) which is Oracle's quarterly update focused on bringing the optimal stability and security. In other words this is the one in three SRUs that is only intended to have patches and not new features. The CPUs are therefore the ideal version to run in production on systems that need to be conservative and yet up to date with the latest security fixes.

As such the main highlights are about bringing updates to existing packages to address existing issue. Here are some of the most noteworthy updates in this CPU:

  • Apache Tomcat 8 has been updated to 8.5.20.
  • OpenSSH has been updated to 7.5p1.
  • Firefox has been updated to 52.4 ESR, and addresses a security issue.
  • libgcrypt has been updated to 1.7.8.
  • libgpg-error has been updated to 1.27.
  • HMP has been updated to
  • Wireshark has been updated to 2.4.1.
  • Samba has been updated to 4.4.16.
  • harfbuzz library is now available.
  • Updated versions of MySQL:
    • MySQL has been updated to 5.5.57.
    • MySQL has been updated to 5.6.37.
  • Security fixes for the following components:
    • NSS.
    • GNU Emacs.
  • Explorer 8.17.

To understand the full list of which issues (and their bug IDs) and CVE's have been addressed with this release as well as other details like which packages were updated and End Of Feature (EOF) announcements, please go to the My Oracle Support information document linked above.

Join the discussion

Comments ( 2 )
  • Solar Thursday, October 26, 2017
    "In other words this is the one in three SRUs that is only intended to have patches and not new features."

    Please tell us again which security issue harfbuzz is fixing :)
  • Joost Pronk Thursday, October 26, 2017
    To answer your question on harfbuzz, the SRU is actually not releasing a security fix for harfbuzz but rather adding it to Solaris 11.3 to address issues in other dependent applications like Firefox and Pango.

    Not all fixes in this SRU are security related, they could for example also be stability or compatibility related.

    I hope this answers you question.
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.