Oracle Critical Patch Update Advisory October 2013 - Solaris

The Oracle Critical Patch Update for October 2013 includes updates for several Oracle products including Solaris.

Airlock is not affected by any of the listened vulnerabilities.

Details:

• CVE-2013-5866, CVE-2013-5863, CVE-2013-5865, CVE-2013-5861
  Affect only Solaris 11. No Airlock release is running on Solaris 11.

• CVE-2013-5839, CVE-2013-3842, CVE-2013-3837
  Affected components not used by Airlock: Oracle Java Web Console, Oracle Configuration manager (OCM), Cacao

• CVE-2013-5862, CVE-2013-5864
  Can only be exploited by having local access (shell) on Airlock. Airlock is not affected by these vulnerabilities because there are no interactive local users other than root on the system.

• CVE-2013-3773
  Affects the Integrated Lights Out Manager (ILOM) of SPARC Enterprise T4 Series Servers. This component is related to the hardware and is not part of Airlock. Affected systems can be protected by applying the patch from Oracle. A network firewall can restrict access to the administrative port (this is recommended anyway).

• CVE-2013-5781
  Affects the Sun System Firmware/Hypervisor of SPARC Enterprise T & M Series Servers. This component is related to the hardware and is not part of Airlock. Affected systems can be protected by applying the patch from Oracle.