Lucky Thirteen vulnerability in Solaris OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-0166 Cryptographic Issues vulnerability 5.0 OpenSSL
Solaris 10 SPARC: 148071-12, 150383-02 X86: 148072-12
Solaris 11.1 11.1.7.5.0
Solaris 9 SPARC: 117123-11
CVE-2013-0169 Cryptographic Issues vulnerability 5.0

Please note: SPARC: 148071-12 X86: 148072-12 deliver the fix for OpenSSL (SUNWcry and SUNWopenssl-packages). SPARC: 150383-02 and 117123-11 deliver the fix for WAN Boot (SUNWwbsup and SUNWcakr-packages).

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Comments:

This post previously indicated that 148071-11 addressed the vulnerabilities for Solaris 10, but it was changed so it now lists 148071-12. Does 148071-11 still address CVE-2013-0166 and CVE-2013-0169 for OpenSSL in Solaris 10?

Posted by Brian R. on July 19, 2013 at 11:17 AM PDT #

Hi Brian,

148071-11 addresses CVE-2013-0169, please install 148071-12 to fix both CVE-2013-0166 and CVE-2013-0169 for OpenSSL in Solaris 10.

Posted by Ritwik Ghoshal on July 19, 2013 at 11:25 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today