The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

  • News
    October 1, 2010

Mapping between CVE numbers and Solaris patches for October 2010 CPU

Guest Author

Hi, this is Eric Maurice.

In a previous blog entry, we invited customers to provide feedback in regards to the content of the Critical Patch Update advisory for Oracle Sun products. Such feedback is very valuable, and continues to drive the definition of Oracle Software Security Assurance policies.

As a result of the feedback received, Oracle has updated its policies to include the mapping of each vulnerability's CVE number to the particular Solaris package patch version (patchid), in all future Solaris CPU Patch Availability Documents. The updated policy will be effective with the October 2010 Critical Patch Update onward.

With the Critical Patch Update, Oracle's objective is to positively influence the security posture of all customers by providing the most effective vulnerability remediation program in the industry. This means not only producing effective, fully tested, security patches on all supported platform and version combinations every quarter, but also providing sufficient information about the newly-fixed vulnerabilities to enable customers to make proper patching decision and effectively manage their security management costs.

For More Information:

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.