Re: Solaris 9 patch 116453-01 not in the cluster?...

From: Martin Paul (map_at_par.univie.ac.at)
Date: 07/16/04 

Date: 16 Jul 2004 13:11:19 GMT

In comp.unix.solaris Gabriel <gabriel@acm.org> wrote:
> Does anybody know why Solaris 9 security patch 116453-01 is not in the
> patch cluster?

No idea, as I don't install clusters but single patches, depending on
their Recommended/Security status. But a quick check also showed a
few others missing that seem relevant, e.g.:

  116489-01 SunOS 5.9: ttymux Patch
             Fixes: 4743801 ttymux can be used to leak kernel memory
  116494-01 SunOS 5.9: libdevice Patch
             Fixes: 4783585 USB attachment points are delivered w/ 0666
                    permissions and is a security hole
  112810-06 CDE 1.5: dtmail patch
             Fixes: 5038601 dtmail contains a buffer overflow in the
                    command line interface

The cluster README states:

  These Solaris Recommended patches are considered the most important and
  highly recommended patches that avoid the most critical system, user, or
  security related bugs which have been reported and fixed to date.

So it doesn't say that a cluster would contain *all* security related
fixes. It also says:

  In most cases a Solaris security patch will be included in the recommended
  patch set. It is possible, however, that a security patch may not be
  included in the recommended set if it is determined to be a more obscure
  application specific issue and not generally applicable.

I don't think the above patches fit into this description. So, maybe
someone else can explain why they were left out.

My conclusion would be that after installing a patch cluster you
always should use some other tool to check for missing patches
that are important (ie. fix security issues) and install those, too.

mp. 

-- 
Systems Administrator | Institute for Software Science | Univ. of Vienna

Relevant Pages

  • Re: Solaris 9 patch 116453-01 not in the cluster?...
    ... No idea, as I don't install clusters but single patches, depending on ... their Recommended/Security status. ... 116494-01 SunOS 5.9: libdevice Patch ... The cluster README states: ...
    (comp.unix.solaris)
  • Re: How Often are the Sun Patch Clusters Updated
    ... > look on the updates page, and there are some kernel updates, ksh updates etc ... > arsed to download the recommneded patches cluster, ...
    (comp.unix.solaris)
  • Re: Sorry, but any ideas fo a final-year uni project?
    ... will download all the patches and construct a cluster. ... * Capability to compare a number of such patch groupings, ... of time instead of just downloading the patches on the fly. ...
    (comp.unix.admin)
  • Re: patch set for Sol 9 09/05
    ... So I am going to apply the reccommended patch set. ... Most of those patches are already pre-installed in Solaris 9 9/05. ... All of the patches in the cluster are Recommended patches, ... you could just download and install 113886/113887 manually ...
    (comp.unix.solaris)
  • 9_Recommended error codes (specifically return code 5)
    ... * "return code 2" indicates patches are already installed. ... * "return code 25" means a patches requires another patch that is not yet installed. ... With or without using the save option, the patch installation process ... Installing 114008-01... ...
    (SunManagers)