You are here
Vulnerabilities fixed by Oracle Critical Patch Update January 2013
Submitted on 16. January 2013 - 21:12 by erwin.
Last update on 17. January 2013 - 14:38.
Last update on 17. January 2013 - 14:38.
IDs:
CVE-2013-0400, CVE-2013-0399, CVE-2013-0415, CVE-2013-0407, CVE-2012-0599, CB-K13/0047
Keywords:
Oracle Critical Patch Update
Description:
The Oracle Critical Patch Update for January 2013 includes updates for several Oracle products, including Solaris.
Of the various vulnerabilities addressed by this Critical Patch Update, only a small number is potentially relevant for Airlock systems. Airlock is not vulnerable to any of these relevant vulnerabilities:
- CVE-2013-0400: Filesystem/cachefs - The cachefs service is explicitly deactivated on Airlock.
- CVE-2013-0399: Utility/Umount - There are no interactive local users other than root to use umount.
- CVE-2013-0415: Bind installscript - Nameserver bind is not included in Airlock.
- CVE-2013-0407: DTrace DoS - There are no interactive local users other than root. Local users might use much simpler scenarios for DoS, e.g. busy loops.
- CVE-2012-0599: Install/smpatch - At installation time there is no possibility for influencing the system.
All other Solaris vulnerabilities in the Critical Patch Update are affecting Solaris 11 exclusively.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required