Tuesday Jan 18, 2011

January 2011 Oracle Critical Patch Update Advisory is Available

Oracle has released the January 2011 Oracle Critical Patch Update (CPU Jan 2011), which lists a number of critical security vulnerability fixes in Sun products.

Critical Patch Update January 2011 Patch Availability Document for Oracle Sun Products lists the patches and upgrades required to resolve these vulnerabilities.

The above document also provides links to Solaris OS Recommended CPU Patch Clusters for Solaris 9 and 10. These clusters contains all the patches required to resolve the Solaris vulnerabilities mentioned in the CPU and other vulnerabilities in third party components used in Solaris

References:

Thursday Dec 16, 2010

Index of Security Sun Alerts and Mappings for Legacy SunSolve Links

SunSolve support portal http://sunsolve.sun.com was replaced by http://support.oracle.com (My Oracle Support) earlier this week. All Security Sun Alerts are now accessible to customers through support.oracle.com website. Old URLs pointing to sunsolve.sun.com with Sun Alert document IDs do not redirect automatically to their new URLs on support.oracle.com. The Document ID numbers under Oracle support portal are new and different from the document ID numbers published under SunSolve.

To make referring to these Sun Alerts easier, we are providing a mapping of the old Sun Alert IDs to new Oracle IDs and an archive of Sun Alerts at:
http://download.oracle.com/sunalerts

SunSolve itself had transitioned to different knowledge management systems resulting in multiple legacy document IDs for the same Sun Alert. The above mapping also lists any such previously used ID numbers and URLs formats.

New Security Sun Alerts are no longer published as of April 2010. Customers are alerted about Security vulnerabilities using Oracle Security Alert process. Details can be found on the Critical Patch Updates and Security Alerts site.

Tuesday Oct 12, 2010

October 2010 Oracle Critical Patch Update Advisories are Available

Oracle has released the October 2010 Critical Patch Update (CPUOct2010) and a Critical Patch Update for Java SE and Java for Business.

These security advisories list a number of critical security vulnerability fixes in Sun products. There are links to Patch Availability Documents that list the patches and upgrades required to resolve the vulnerabilities.

We are also providing Solaris OS CPU Patch Clusters for Solaris 9 and 10 available for download from SunSolve. These clusters contains all the patches required to resolve the Solaris vulnerabilities mentioned in the October CPU and other vulnerabilities in third party components used in Solaris.

Please refer to:

Friday Oct 01, 2010

Mapping between CVE numbers and Solaris patches for October 2010 CPU

Hi, this is Eric Maurice.

In a previous blog entry, we invited customers to provide feedback in regards to the content of the Critical Patch Update advisory for Oracle Sun products. Such feedback is very valuable, and continues to drive the definition of Oracle Software Security Assurance policies.

As a result of the feedback received, Oracle has updated its policies to include the mapping of each vulnerability's CVE number to the particular Solaris package patch version (patchid), in all future Solaris CPU Patch Availability Documents. The updated policy will be effective with the October 2010 Critical Patch Update onward.

With the Critical Patch Update, Oracle's objective is to positively influence the security posture of all customers by providing the most effective vulnerability remediation program in the industry. This means not only producing effective, fully tested, security patches on all supported platform and version combinations every quarter, but also providing sufficient information about the newly-fixed vulnerabilities to enable customers to make proper patching decision and effectively manage their security management costs.

For More Information:

Thursday Mar 25, 2010

Advance notification of Security Updates for Java SE

On March 30, 2010, Oracle will release the following security updates:
  • JDK and JRE 6 Update 19
  • JDK and JRE 5.0 Update 24
  • SDK and JRE 1.4.2_26
An Oracle Java SE and Java for Business Critical Patch Update advisory will published in place of Sun Alerts. Pre-Release announcements for future security updates will be published at the Oracle Critical Patch Updates and Security Alerts website.

Wednesday Dec 02, 2009

Solaris 10 Security Essentials by Sun Microsystems Security Engineers published in Paperback

Prentice Hall has published the book Solaris 10 Security Essentials which describes the various security technologies contained in the Solaris operating system. This is now available at Amazon.com or Safari

"Solaris™ 10 Security Essentials describes the various security technologies contained in the Solaris operating system. The book describes how to make installations secure and how to configure the OS to the particular needs of your environment, whether your systems are on the edge of the Internet or running a data center. The authors present the material in a straightforward way that makes a seemingly arcane subject accessible to system administrators at all levels.

"The strengths of the Solaris operating system’s security model are its scalability and its adaptability. It can protect a single user with login authentication or multiple users with Internet and intranet configurations requiring user-rights management, authentication, encryption, IP security, key management, and more. This book is written for users who need to secure their laptops, network administrators who must secure an entire company, and everyone in between."

Authors include Glenn Brunette, Hai-May Chao, Martin Englund, Glenn Faden, Mark Fenwick, Valerie Anne Fenwick, Wyllys Ingersoll, Wolfgang Ley, Darren Moffat, Pravas Kumar Panda, Jan Pechanec, Mark Phalan, Darren Reed, Scott Rotondo, Christoph Schuba, Sharon Read Veach, Joep Vesseur, and Paul Wernau.

Solaris 10 Security Essentials; Sun Microsystems Security Engineers; Prentice Hall PTR; November 23, 2009; ISBN 978-0137012336

Thursday Oct 29, 2009

Advance notification of Security Updates for Java SE

On November 3, 2009, Sun will release the following security updates:
  • JDK and JRE 6 Update 17
  • JDK and JRE 5.0 Update 22
  • SDK and JRE 1.4.2_24
  • SDK and JRE 1.3.1_27
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

Friday Jul 31, 2009

Advance notification of Security Updates for Java SE

On August 4, 2009, Sun will release the following security updates:
  • JDK and JRE 6 Update 15
  • JDK and JRE 5.0 Update 20
  • SDK and JRE 1.4.2_22
  • SDK and JRE 1.3.1_26
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

Tuesday Jul 14, 2009

US-CERT Vulnerability Note VU#466161 - XML signature HMAC truncation authentication bypass

US-CERT Vulnerability Note VU#466161 describes a security vulnerability with verifying HMAC-based XML digital signatures.

The XML Digital Signature implementation included with the Java Runtime Environment is affected and may allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures may be vulnerable to this type of attack. This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

This issue can occur in the following Java SE and Java SE for Business releases for Windows, Solaris, and Linux:
  • JDK and JRE 6 Update 14 and earlier
Note: JDK and JRE 5.0, and SDK and JRE 1.4.2 and 1.3.1 are not affected.

This issue will be addressed with our upcoming Java SE security updates which are targeted to be released in late July 2009.

Monday Mar 23, 2009

Advance notification of Security Updates for Java SE

On March 24, 2009, Sun will release the following security updates:
  • JDK and JRE 6 Update 13
  • JDK and JRE 5.0 Update 18
  • SDK and JRE 1.4.2_20
  • SDK and JRE 1.3.1_25
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today