| Asset ID: |
1-79-2086278.1 |
| Update Date: | 2018-02-14 |
| Keywords: | |
Solution Type
Predictive Self-Healing Sure
Solution
2086278.1
:
SuperCluster Recommended Custom Incorporations, IDRs, and CVEs Addressed
| Related Items |
- Oracle SuperCluster T5-8 Half Rack
- Oracle SuperCluster Specific Software
|
| Related Categories |
- PLA-Support>Eng Systems>Exadata/ODA/SSC>SPARC SuperCluster>DB: SuperCluster_EST
|
List of Recommended SuperClusterCustom Incorporations, IDRs, and the CVEs they address
Applies to:
Oracle SuperCluster Specific Software Oracle SuperCluster T5-8 Half Rack Oracle Solaris on SPARC (64-bit)
Purpose
This document lists the current recommended SuperCluster Custom Incorporations, IDRs, and the CVEs they address. It also outlines how to handle short notice timezone changes.
Scope
This document is intended for customers, partners, and Oracle support personnel involved in the installation and maintenance of SuperCluster systems.
Details
The SuperCluster Custom Incorporation was introduced from the October 2016 QFSDP for SuperCluster. This incorporation comprises both the relevant Solaris SRU, for example Oracle Solaris 11.3 SRU11, and the payloads from any recommended SuperCluster IDRs, for example the SuperCluster specific IDR and IDRs to adddress security vulnerabilities in FOSS such as OpenSSL, BIND, NTP, etc. This is designed to simplify install and maintenance, as only the Custom Incorporation itself need be installed or updated, rather than the underlying SRU and multiple IDRs.
Interim Diagnostics and Relief (IDRs) are a mechanism used to provide preliminary relief to issues in Systems products such as Solaris, Solaris Cluster, ZFSSA, etc.
The Engineered Together, Tested Together nature of Engineered Systems such as SuperCluster makes it much faster to root cause issues and identify relief as our internal test systems are identical to customer systems.
It also increases confidence in the efficacy of the relief and that such relief will not be toxic to other SuperCluster customers.
Once the relief is verified internally and/or by the initial customer(s), this enables us to proactively recommend such IDRs and Custom Incorporations to other SuperCluster customers before they hit an issue. Not every IDR revision will be proactively recommended as some issues are judged to be customer specific and unlikely to be encountered by other customers.
In parallel, the fix for the issue will proceed through the normal bug fix process back into the component product.
We maintain a core SuperCluster specific Solaris 11 IDR for latest two SuperCluster QFSDP releases. To request an issue be addressed in a SuperCluster IDR / Custom Incorporation, raise an SR to have a bug filed under ProductID 10011, Component SSCINFRASW, Sub-Component JIDR detailing the issue to be addressed. Evidence must be provided that the fix is for an issue experienced on a SuperCluster. Content is kept to a minimum. "Nice-to-have" fixes will not be included. Obviously, the issue in question must be root caused and a potential fix identified before it can be included in a SuperCluster IDR / Custom Incorporation.
There may also be one or more Userland IDRs for FOSS components such as BIND, NTP, OpenSSL, etc. These are typically to provide relief for security vulnerabilities. The CVEs for such vulnerabilities are detailed below.
The CVEs addressed in the underlying Solaris version are detailed in the optional solaris-11-cpu package which can be installed if desired. See here for details. See also Doc 1448883.1 for the reference list of CVEs fixed in each release of Solaris 11, Solaris 10, and ZFSSA.
We look to ensure each subsequent SuperCluster release + IDRs is a superset of previous releases + IDRs. This is to avoid regressing fixes when upgrading to a later QFSDP + recommended IDRs.
SuperCluster Quarterly Full Stack Download Patches (QFSDPs) will contain the Custom Incorporation / IDRs which were recommended at the time the QFSDP was built. The table below will specify any updated recommendations since the QFSDP was built. It is important to apply any later recommended Custom Incorporation (or IDRs for QFSDPs and Install Bundles prior to October 2016) specified to address known critical issues and ensure the superset relationship is maintained to what may be currently installed.
The content of each QFSDP, including the Solaris 11 Custom Incorporation / IDR versions included, is listed in Doc 2056975.1.
Some countries occasionally introduce timezone changes at short notice. See Doc 2133640.1. Solaris 11 allows customers to update the timezone package independent of the rest of Solaris. See Doc 21351371. The relevant Solaris 11 timezone package (not the entire SRU!) and the relevant Solaris 10 timezone patch may be applied to SuperCluster as needed. Please note the ZFSSA operates in UTC so is impervious to timezone changes. The relevant Exadata storage cell and Engineered System Database timezone patches may also be applied as required. Such changes will typically be picked up in a subsequent QFSDP.
SuperCluster Recommended Custom Incorporations and IDRs
| |
|
|
|
|
|
|
|
|
|
|
|
|
| Functional Area |
Solaris 11.3 SRU25
(January QFSDP)
|
Solaris 11.3 SRU22
(October QFSDP)
|
Solaris 11.3 SRU19
(July QFSDP)
|
Solaris 11.3 SRU16
(April 2017 QFSDP)
|
Solaris 11.3 SRU14
(Jan 2017 QFSDP)
|
Solaris 11.3 SRU11
(Oct 2016 QFSDP)
|
Solaris 11.3 SRU7
(July 2016 QFSDP)
|
Solaris 11.3 SRU4
(Apr 2016 QFSDP)
Please move to a later QFSDP for continued IDR support
|
Solaris 11.3 SRU1
(Jan 2016 QFSDP and SuperCluster M7 installs)
Please move to a later QFSDP for continued IDR support
|
Solaris 11.2 SRU12.7
(Oct 2015 QFSDP)
Please move to a later QFSDP for continued IDR support
|
Solaris 11.2 SRU5.5
(July 2015 QFSDP)
Please move to a later QFSDP for continued IDR support
|
Solaris 11.1 SRU19.6
(Apr 2015, Jan2015, Oct 2014, July 2014 QFSDPs)
Please move to a later QFSDP for continued IDR and QFSDP support
|
| SuperCluster specific IDR |
Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.25.0.3.0.11032503.10000105
comprising
Solaris 11.3 SRU25
Patch 27547211
|
Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.22.0.3.0.11032203.10000106
comprising
Solaris 11.3 SRU22
Patch 27124481
|
Custom Incorporationsolaris/supercluster-solaris@0.5.11,5.11-0.175.3.19.0.5.0.11031905.10000105
comprising
Solaris 11.3 SRU19 + SuperCluster idr3131.5 + SuperCluster UL 3178.1 addressing CVE-2017-7494
Patch 27002880
|
Custom Incorporation
solaris/supercluster-solaris@0.5.11,5.11-0.175.3.16.0.3.0.11031603.10000106
comprising
Solaris 11.3 SRU16 + SuperCluster idr3004.7 + SuperCluster UL IDR3028 NTP (Userland) idr2916.1 addressing cve-2016-9311 cve-2016-9310 cve-2016-7427 cve-2016-7428 cve-2016-9312 cve-2016-7431 cve-2016-7434 cve-2016-7429 cve-2016-7426 cve-2016-7433 cve-2017-3629 cve-2017-3630 cve-2017-3631 + SuperCluster UL IDR3158.1 addressing CVE-2017-7494
Patch 27002790
supersedes
Custom Incorporation
solaris/supercluster-solaris@0.5.11,5.11-0.175.3.16.0.3.0.11031603.10000105
|
Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.14.0.6.0.11031406.10000116
comprising
Solaris 11.3 SRU14 + SuperCluster idr2797.12 + SuperCluster UL IDR 3028 + BIND (Userland) idr2811.1 addressing CVE-2016-8864 + NTP (Userland) idr2916.1 addressing cve-2016-9311 cve-2016-9310 cve-2016-7427 cve-2016-7428 cve-2016-9312 cve-2016-7431 cve-2016-7434 cve-2016-7429 cve-2016-7426 cve-2016-7433 cve-2017-3629 cve-2017-3630 cve-2017-3631
Patch 26850926
supersedes:
Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.14.0.6.0.11031406.10000115
|
Custom incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.11.0.6.0.11031106.10000111
Patch 25676094
Supercedes
Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.11.0.6.0.11031106.10000110
Patch 25547210
Supersedes
Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.11.0.6.0.11031106.10000108, Patch 25510529
Supersedes Patch 25305375: Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.11.0.6.0.11031106.10000107 comprising Solaris 11.3 SRU11 + SuperCluster idr2652.9 + BIND (Userland) idr2810.1 + NTP (Userland) idr2558.1 + OpenSSL (Userland) idr2724.1
Supersedes Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.11.0.6.0.11031106.10000102 comprising Solaris 11.3 SRU11 + SuperCluster idr2652.2 + NTP (Userland) idr2558.1 + OpenSSL (Userland) idr2724.1 (in Oct 2016 QFSDP, patch 24436544)
|
idr2450.12
Patch 25510639
Supersedes idr2450.11, Patch 25305305
Supersedes idr2450.3 (in July 2016 QFSDP, patch 23274227)
|
idr2275.9
Patch 24801018
Supersedes idr2275.3 (in April 2016 QFSDP, patch 22738454)
|
idr2160.12
Patch 24801024
Supersedes idr2160.2
(in Jan 2016 QFSDP, patch 22336131)
|
idr2052.6
Patch 24529573
Supersedes idr2052.2
(in Oct 2015 QFSDP, patch 21814498)
CVE-2015-0448, CVE-2015-2578 fixed in Solaris version
|
idr2000.10
Patch 24529316
Supersedes idr1561.6
(in July 2015 QFSDP, patch 21186703)
Addresses CVE-2015-0448, CVE-2015-2578
|
idr1847.9
Patch 22329645
|
| LDoms IDR (SuperCluster M7 only) |
Fixed in this Solaris version |
Fixed in this Solaris version |
Fixed in this Solaris version |
Fixed in this Solaris version |
Fixed in this Solaris version |
Fixed in this Solaris version |
Fixed in this Solaris version
|
Fixed in this Solaris version
|
idr2132.1
Addresses non-security issue
|
n/a
|
n/a
|
n/a
|
| BIND (Userland) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
BIND (Userland) idr2811.1 addressing CVE-2016-8864, CVSS 7.5 included in SuperCluster Custom Incorporation
solaris/supercluster-solaris@11.3.14.6.0-1.6
(in Jan 2017 QFSDP, patch 24918333) |
n/a (previous vulnerabilities fixed in this Solaris version) |
idr2809.1
Patch 25169113
Additionally addresses CVE-2016-8864, CVE-2016-2776, CVE-2016-2775 and supersedes idr2509.1 (in July 2016 QFSDP, patch 23274227) addressing CVE-2016-1285 and CVE-2016-1286
(CVE-2015-8704 fixed in Solaris 11.3 SRU5. Solaris not impacted by CVE-2015-8705 as issue introduced in BIND 9.9.0.)
|
idr2508.1
Patch 23542911
Supersedes and includes the content of idr2428.1, Patch 23329869, while removing the "pkg.depend.explicit.install" metadata which may make idr2428.1 problematic to install (BugID 23346581).
Both deliver BIND 9.6-ESV-R11-P6
Both address CVE-2016-1285, CVE-2016-1286 and supersedes idr2272.1 (in Apr 2016 QFSDP, patch 22738454) which addresses CVE-2015-8704
Solaris not impacted by CVE-2015-8705 as issue introduced in BIND 9.9.0
CVE-2015-8000 fixed in Solaris version
|
idr2427.2
Patch 23292094
Additionally addresses CVE-2016-1285, CVE-2016-1286 and supersedes idr2252.1,
Patch 22711924, which addresses CVE-2015-8704 (Solaris not impacted by CVE-2015-8705 as issue introduced in BIND 9.9.0) and supersedes idr2193.2 (in Jan 2016 QFSDP, patch 22336131), Patch 22450195, which addresses CVE-2015-8000.
CVE-2015-5722 fixed in Solaris version
|
idr2202.1
Patch 22450066
Addresses CVE-2015-8000 and is a superset of idr2060.1 (in Oct 2015 QFSDP, patch 21814498) which addresses CVE-2015-5722
|
idr2203.1
Patch 22450130
Addresses CVE-2015-8000
|
idr2200.1
Patch 22450037 (unrestricted)
Addresses CVE-2015-8000
|
| NTP (Userland) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
idr2558.1 (included in Oct 2016 QFSDP patch 24436544 Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.11.0.6.0.11031106.10000102) delivers ntp-4.2.8p8 addressing:
CVE-2016-4957, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-1551, CVE-2016-1549, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-1547, CVE-2016-1548, CVE-2015-7704, CVE-2015-8138, CVE-2016-1550
ntp-4.2.8p7 addresses:
CVE-2016-1551, CVE-2016-1549, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-1547, CVE-2016-1548, CVE-2015-7704, CVE-2015-8138, CVE-2016-1550.
|
idr2558.1 (in July 2016 QFSDP, patch 23274227)
Delivers ntp-4.2.8p8 addressing:
CVE-2016-4957, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-1551, CVE-2016-1549, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-1547, CVE-2016-1548, CVE-2015-7704, CVE-2015-8138, CVE-2016-1550
ntp-4.2.8p7 addresses: CVE-2016-1551, CVE-2016-1549, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-1547, CVE-2016-1548, CVE-2015-7704, CVE-2015-8138, CVE-2016-1550
NTP-4.2.8p6 included in Solaris 11.3 SRU6.
|
idr2557.1
Patch 23761438
Delivers ntp-4.2.8p8 addressing CVE-2016-4957, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-1551, CVE-2016-1549, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-1547, CVE-2016-1548, CVE-2015-7704, CVE-2015-8138, CVE-2016-1550.
Supersedes and includes the content of idr2340.2, Patch 23542973, and idr2266.3 (in Apr 2016 QFSDP, patch 22738454). idr2557.1 and idr2340.2 remove the "pkg.depend.explicit.install" metadata which may make idr2266.3 problematic to install (BugID 23346581).
Both idr2340.2 and idr2266.3 deliver NTP-4.2.8p6 addressing CVE-2015-5146, CVE-2015-8158, CVE-2015-8138, CVE-2015-7979, CVE-2015-7978, CVE-2015-7977, CVE-2015-7976, CVE-2015-7975, CVE-2015-7974, CVE-2015-7973, CVE-2015-8148, CVE-2015-8139, CVE-2015-5300, CVE-2015-7871, CVE-2015-7855, CVE-2015-7854, CVE-2015-7853, CVE-2015-7852, CVE-2015-7851, CVE-2015-7850, CVE-2015-7849, CVE-2015-7848, CVE-2015-7701, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Previous vulnerabilities fixed in this Solaris version
|
idr2339.1 delivers NTP-4.2.8p6
Patch 22925251
Additionally addresses CVE-2015-5146 and 21155469 "NTP should update time at boot and shutdown" & supersedes idr2142.2 and idr2189.1.
idr2142.2 delivering NTP-4.2.8p5
Patch 22711933
Fixes an issue with the ntp.xml file in idr2142.1 which prevents NTP starting correctly on newly installed 11.3 SRU1 systems.
Addresses the same CVEs and supersedes:
idr2142.1 delivering NTP-4.2.8p5
Addressing CVE-2015-7871, CVE-2015-7855, CVE-2015-7854, CVE-2015-7853, CVE-2015-7852, CVE-2015-7851, CVE-2015-7850, CVE-2015-7849, CVE-2015-7848, CVE-2015-7701, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
|
idr1922.1
Patch 22926596
Addresses 21155469 "NTP should update time at boot and shutdown"
(CVE-2014-9295, CVE-2014-9296 are fixed in this release)
|
idr1893.5
Patch 22926751
Addresses 21155469 "NTP should update time at boot and shutdown" and is a superset of idr1582.2
idr1582.2
Patch 21683463
Addresses CVE-2014-9295, CVE-2014-9296 (Solaris not impacted by CVE-2014-9293, CVE-2014-9294)
idr1893.5 is a superset of idr1582.2 and can be used instead if required
|
idr1583.2
Patch 20351620
Addresses CVE-2014-9295, CVE-2014-9296 (Solaris not impacted by CVE-2014-9293, CVE-2014-9294)
|
| bash (Userland) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
idr1401.3
Patch 19686997
Addresses CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
|
| OpenSSL (Userland) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
idr2724.1 (included in Oct 2016 QFSDP Custom Incorporation solaris/supercluster-solaris@0.5.11,5.11-0.175.3.11.0.6.0.11031106.10000102) updates OpenSSL to 1.0.1.u which addresses:
CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6304, CVE-2016-6306
|
idr2577.2
(in July 2016 QFSDP, patch 23274227)
Addresses CVE-2016-2177, CVE-2016-2178 and supersedes idr2494.1 Patch 23543107 (unrestricted) delivering 1.0.1t which addresses:
CVE-2016-2176, CVE-2016-2109, CVE-2016-2108, CVE-2016-2107, CVE-2016-2106, CVE-2016-2105
and 1.0.1s which addresses: CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
Previous vulnerabilities fixed in this Solaris version
|
idr2578.2
Patch 23708767
Addresses CVE-2016-2177, CVE-2016-2178 and supersedes idr2494.1 (Patch 23543107) delivering OpenSSL 1.0.1t, addressing CVE-2016-2176, CVE-2016-2109, CVE-2016-2108, CVE-2016-2107, CVE-2016-2106, CVE-2016-2105, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
Previous vulnerabilities fixed in this Solaris version
|
idr2238.1 delivers OpenSSL 1.0.1q
Patch 22711958
Addresses CVE-2015-3194, CVE-2015-3195, CVE-2015-3196
Previous vulnerabilities fixed in this Solaris version
|
n/a (previous vulnerabilities fixed in this Solaris version) |
idr1734.1
Patch 21683516
OpenSSL 1.0.1m
Addresses CVE-2015-0204
|
idr1640.1
Patch 20471880
OpenSSL 1.0.0q
Addresses CVE-2015-0204
|
| ksh93 (Userland) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
n/a (previous vulnerabilities fixed in this Solaris version) |
idr2271.2 (in July 2016 QFSDP, patch 23274227)
patch 23597863 (unrestricted), removes the "pkg.depend.explicit.install" metadata which could potentially cause issues installing idr2271.1 and supersedes idr2271.1 (in April 2016 QFSDP).
|
idr2271.1 (in April 2016 QFSDP, patch 22738454)
Addresses non-security issues
ksh IDRs idr2271.1, idr2305.2, and idr2271.2 (patch 23597863) can be considered equivalent to each other. If any of these are already installed on a system, there's no need to replace one with the other as they essentially provide the same set of ksh functional fixes. None of them contain security fixes.
idr2305.2 and idr2271.2 were created to remove the "pkg.depend.explicit-install" metadata in idr2271.1 which has the potential to make idr2271.1 difficult to install.
idr2305.2 is a superset, but didn't auto-supersede idr2271.1, meaning users would have to manually remove idr2271.1 in order to install idr2305.2. The decision was made to revert to idr2271.2 to avoid this. The additional fixes in idr2305.2 are corner case fixes which are not required in a SuperCluster context.
|
idr2194.1
Patch 22712330
Addresses non-security issues
|
|
|
|
Modification History:
Feb 14, 2017: Updated with Custom Incorporation "1.10" for SuperClusters running Solaris 11.3 sru11
Feb 8, 2017: Added patch numbers for QFSDPs for easy reference
Feb 7, 2017: Updated with Custom Incorporation "108" for SuperClusters running Solaris 11.3 SRU11 and idr2450.12 for SuperClusters running Solaris 11.3 SRU7
Feb 6, 2017: Added details of the SuperCluster Custom Incorporation for SuperClusters running Solaris 11.3 SRU14 included in the Jan 2017 QFSDP
Jan 3, 2017: Highlighted text in bold to apply any later recommended Custom Incorporations or IDRs on top of QFSDPs
Dec 21, 2016: Updated with Custom Incorporation "107" for SuperClusters running Solaris 11.3 SRU11 and idr2450.11 for SuperClusters running Solaris 11.3 SRU7
Nov 29 2016: Updated with BIND (Userland) idr2809.1 for SuperClusters running Solaris 11.3 SRU7
Nov 9 2016: Updated with SuperCluster M7 Custom Incorporation revision "103" for Solaris 11.3 SRU11
Nov 7 2016: Updated with Custom Incorporation and October 2016 QFSDP information.
Oct 24 2016: Updated to document the process for detailing with short notice timezone changes.
Oct 5 2016: Updated to include latest SuperCluster specific IDRs: idr2450.7 for Solaris 11.3 SRU7 (July 2016 QFSDP level); idr2275.9 for 11.3 SRU4 (April 2016 QFSDP level); idr2160.12 for Solaris 11.3 SRU1 (Jan 2016 QFSDP level).
Aug 29, 2016: Updated to include latest available SuperCluster specific IDRs: idr2450.6 for Solaris 11.3 SRU7 (July 2016 QFSDP level); idr2275.7 for Solaris 11.3 SRU4 (Apr 2016 QFSDP level); idr2160.10 for Solaris 11.3 SRU1 (Jan 2016 QFSDP level); idr2052.6 for Solaris 11.2 SRU12 (Oct 2016 QFSDP level); idr2000.10 for Solaris 11.2 SRU5 (July 2015 QFSDP level). Advised users to update to at least Apr 2016 QFSDP level for continued IDR support.
Aug 3, 2016: Updated to include the IDRs in the July 2016 QFSDP (11.3 SRU7) and added verbiage on how to request additions to the SuperCluster IDRs.
July 8, 2016: Updated NTP to idr2557.1 for 11.3 SRU4 to address additional vulnerabilities
July 4, 2016: Removed reference to OpenSSH idr2248.1 (11.3 SRU1) as "network/openssh" not installed or active by default on SuperCluster.
June 28, 2016: Updated OpenSSL to idr2578.2 for 11.3 SRU4 to address additional vulnerabilities
June 23, 2016: Removed reference to SAMBA idr2409.1 (11.3 SRU4) and idr2410.1 (11.3 SRU1) as "service/network/samba" not installed by default on SuperCluster.
June 16, 2016: Clarified that the alternative ksh IDRs for 11.3 SRU4 can be considered functionally equivalent in a SuperCluster context.
June 9, 2016: Removed the updated ksh IDR for 11.3 SRU4 as it doesn't auto-supersede the preceding ksh IDR.
June 8, 2016: Update ksh IDR for 11.3 SRU4. The ksh IDRs do address functional issues, not security vulnerabilities.
June 7, 2016: Updated security IDRs for OpenSSL (idr2494.1), BIND (idr2508.1), NTP (idr2340.2) for 11.3 SRU4 - the latter two to remove "pkg.depend.explicit.install" metadata from previous IDRs which may cause installation issues, for example, for exavm which required a zonemanifest.sh modification to work with the previous BIND IDR (BugID 23346581)
June 3, 2016: Updated SuperCluster IDR for 11.3 SRU1
May 24, 2016: Added recommended IDRs for Solaris 11.3 SRU4 and updated recommended IDRs for Solaris 11.3 SRU1
March 16, 2016: Updated NTP IDRs
Attachments
This solution has no attachment
|
