The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Lucky Thirteen vulnerability in Solaris OpenSSL

Ritwik Ghoshal
Principal Security Analyst
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-0166 Cryptographic Issues vulnerability 5.0 OpenSSL
Solaris 10 SPARC: 148071-12, 150383-02 X86: 148072-12
Solaris 11.1
Solaris 9 SPARC: 117123-11
CVE-2013-0169 Cryptographic Issues vulnerability 5.0

Please note: SPARC: 148071-12 X86: 148072-12 deliver the fix for OpenSSL (SUNWcry and SUNWopenssl-packages). SPARC: 150383-02 and 117123-11 deliver the fix for WAN Boot (SUNWwbsup and SUNWcakr-packages).

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Join the discussion

Comments ( 2 )
  • Brian R. Friday, July 19, 2013

    This post previously indicated that 148071-11 addressed the vulnerabilities for Solaris 10, but it was changed so it now lists 148071-12. Does 148071-11 still address CVE-2013-0166 and CVE-2013-0169 for OpenSSL in Solaris 10?

  • Ritwik Ghoshal Friday, July 19, 2013

    Hi Brian,

    148071-11 addresses CVE-2013-0169, please install 148071-12 to fix both CVE-2013-0166 and CVE-2013-0169 for OpenSSL in Solaris 10.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.