[oi-dev] Vulnerabilities

G B g_patrickb at yahoo.com
Tue Apr 23 12:17:39 UTC 2013 

Are vulnerabilities like these below fixed by illumos?  I know the "security" page on OI is dead and has never had any markups since it was created, and I am reasonably certain there isn't an OI Security officer to handle matters.  
 
If they are fixed in illumos, then what is the process of having them available via 'pkg image-update' without having to go to the next release e.g., 151a8?
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. 2013-04-17 6.4 CVE-2013-0405
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec. 2013-04-17 4.3 CVE-2013-0406
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers. 2013-04-17 5.0 CVE-2013-0408
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration. 2013-04-17 5.9 CVE-2013-0411
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service. 2013-04-17 4.4 CVE-2013-0413
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. 2013-04-17 4.7 CVE-2013-1494
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498. 2013-04-17 4.9 CVE-2013-1496
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496. 2013-04-17 4.9 CVE-2013-1498
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat. 2013-04-17 2.1 CVE-2012-0568
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. 2013-04-17 2.1 CVE-2012-0570
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility. 2013-04-17 1.9 CVE-2013-0403
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot. 2013-04-17 3.7 CVE-2013-0404
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. 2013-04-17 3.6 CVE-2013-0412
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration. 2013-04-17 1.7 CVE-2013-1499
 
sun -- sunos
 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. 2013-04-17 3.8 CVE-2013-1530
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20130423/d9a38af0/attachment-0004.html>

More information about the oi-dev mailing list