You are here

Vulnerabilities fixed by Oracle Critical Patch Update January 2013

CVE-2013-0400, CVE-2013-0399, CVE-2013-0415, CVE-2013-0407, CVE-2012-0599, CB-K13/0047
Oracle Critical Patch Update

The Oracle Critical Patch Update for January 2013 includes updates for several Oracle products, including Solaris.

Of the various vulnerabilities addressed by this Critical Patch Update, only a small number is potentially relevant for Airlock systems. Airlock is not vulnerable to any of these relevant vulnerabilities:

  • CVE-2013-0400: Filesystem/cachefs - The cachefs service is explicitly deactivated on Airlock.
  • CVE-2013-0399: Utility/Umount - There are no interactive local users other than root to use umount.
  • CVE-2013-0415: Bind installscript - Nameserver bind is not included in Airlock.
  • CVE-2013-0407: DTrace DoS - There are no interactive local users other than root. Local users might use much simpler scenarios for DoS, e.g. busy loops.
  • CVE-2012-0599: Install/smpatch - At installation time there is no possibility for influencing the system.

All other Solaris vulnerabilities in the Critical Patch Update are affecting Solaris 11 exclusively.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required