Oracle Pushes Solaris into Quarterly Updates

Oracle announced this week that it has moved Sun Solaris onto its quarterly security patch schedule, starting with the April 2010 Critical Patch Update slated for Tuesday. This new schedule will now inform Sun Solaris users of upcoming security updates months before the patches are distributed.

Oracle also said the April update will contain 47 new security vulnerability fixes "across hundreds of Oracle products." 16 of those fixes will be applied to the Solaris Products Suite alone, including the Sun Ray Server, Sun Cluster, Sun convergence, and more.

"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products," the company said. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."

Out of the 16 new security fixes lined up for the Solaris Products Suite, 8 vulnerabilities may be remotely exploitable without authentication if left unfixed. Oracle said that the vulnerability may be exploited over a network without the need for a username or password.

  • Emperus
    This is good.. I've always loved the idea of updates being thoroughly tested before released.. A quarterly schedule will give them time for stable releases.. Moreover important from the fact that solaris ( also opensolaris ) is largely non existent for desktop users and even in the server and security market they've stiff competition..
  • buckinbottoms
    last time I worked on anything involving Solaris was 10 years ago in school.
  • JohnnyLucky
    Interesting article. I always thought commercial and IT would be more secure. Now I find out that isn't the case, at least not with Sun.
  • deltatux
    I rather run FreeBSD on my home server. I don't really like Solaris. Probably because I've been using UNIX-like OSes in so long I'm not used to real UNIX OSes. I don't know.

    However, I think software updates should happen immediately instead of every quarter. I don't like the idea of waiting every 3 months for security patches.
  • Yea, but now you have to pay for their mistakes. Oracle doesn't know how to be an OS company.