Earlier today we released Oracle Solaris 11.3 SRU 35. It's available from My Oracle Support Doc ID 2045311.1, or via 'pkg update' from the support repository at https://pkg.oracle.com/solaris/support .
This SRU introduces the following enhancements:
- Compliance Update Check; allows users to verify the system is not using features which are no longer supported in newer releases
- Oracle VM Server for SPARC has been updated to version 3.5.0.3. More details can be found in the Oracle VM Server for SPARC 3.5.0.3 Release Notes.
- The Java 8, Java 7, and Java 6 packages have been updated
- Explorer 18.3 is now available
- libepoxy has been added to Oracle Solaris
- gnu-gettext has been updated to 0.19.8
- bison has been updated to 3.0.4
- at-spi2-atk has been updated to 2.24.0
- at-spi2-core has been updated to 2.24.0
- gtk+3 has been updated to 3.18.0
- Fixed the missing magick/static.h header in ImageMagick manifest
The following components have also been updated to address security issues:
- python has been updated to 3.4.8
- BIND has been updated to 9.10.6-P1
- Apache Tomcat has been updated to 8.5.3
- kerberos 5 has been updated to 1.16.1
- Wireshark has been updated to 2.6.2
- Thunderbird has been updated to 52.9.1
- libvorbis has been updated to 1.3.6
- MySQL has been updated to 5.7.23
- gdk-pixbuf, libtiff, jansson, procmail, libgcrypt, libexif
Full details of this SRU can be found in My Oracle Support Doc 2437228.1. For the list of Service Alerts affecting each Oracle Solaris 11.3 SRU, see Important Oracle Solaris 11.3 SRU Issues (Doc ID 2076753.1).
What is the best practices for update SO?
How do I guarantee that third-party software will not fail when updating SRU?
NTP Stack-based Buffer Overflow vulnerability
CVE ID: CVE-2018-12327