OK. Maybe that title is a bit much, but it really is true, and it means good things for you. Oracle Solaris wasn’t listed in our Critical Patch Update this quarter.
We released Oracle Solaris 11.3 SRU 25 right on time just like the other 24 SRUs and CPUs before it. If you want to know what is new in Oracle Solaris, you can read Joost’s blog about it here.
However, I wanted to address why Oracle Solaris wasn’t listed in the CPU list. The answer is really quite simple, the number of security vulnerabilities in Oracle owned software in Oracle Solaris was 0. Yes, that’s correct! In the last quarter there have been 0 security vulnerabilities fixed on the Oracle Solaris kernel or Oracle software that ships inside Oracle Solaris.
Now, that doesn’t mean that there are not security fixes in Oracle Solaris 11.3.25.3.0 (11.3 SRU 25). For example, there is a new version of Samba that addresses several CVEs (CVE-2017-12150, CVE-2017-12151, and CVE-2017-12163). So, we’re definitely doing what we need to do to give you the latest patched and updated software.
You definitely want to install the latest SRU to keep your systems secure.
That said, not seeing “Oracle Solaris” on the CPU list this quarter is really great news!