You are here

Oracle Critical Patch Update Advisory - July 2013

IDs: 
CB-K13/0470, CVE-2013-3753, CVE-2013-3748, CVE-2013-3750, CVE-2013-3765, CVE-2013-3797, CVE-2013-3787, CVE-2013-3754, CVE-2013-3746, CVE-2013-3754, CVE-2013-3746, CVE-2013-0398, CVE-2013-0398, CVE-2013-0398, CVE-2013-0398, CVE-2013-3745, CVE-2013-3773
Keywords: 
Oracle Critical Patch Update, CPU, Solaris
Description: 

The Oracle Critical Patch Update for July 2013 includes updates for several Oracle products including Solaris.

Airlock is not affected by any of the listened vulnerabilities.

Details:

  • CVE-2013-3753, CVE-2013-3748, CVE-2013-3750, CVE-2013-3765, CVE-2013-3797, CVE-2013-3787
    Affect only Solaris 11. No Airlock release is running on Solaris 11.
  • CVE-2013-3754, CVE-2013-3746, CVE-2013-3754, CVE-2013-3746, CVE-2013-0398, CVE-2013-0398
    Affected components not used by Airlock: NFS, in.rexecd, SCTP, Solaris Cluster
  • CVE-2013-0398, CVE-2013-0398, CVE-2013-3745
    Can only be exploited by having local access (shell) on Airlock. Airlock is not affected by these vulnerabilities because there are no interactive local users other than root on the system.
  • CVE-2013-3773
    Affects the eXtended System Control Facility (XSCF) of  SPARC Enterprise M Series Server running XCP 1114 and prior. This component is related to the hardware and is not part of Airlock. Affected systems can be protected by applying the patch from Oracle. A network firewall can restrict access to the administrative port (this is recommended anyway).
Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required