In the July 2010 Critical Patch Update, per policy, Oracle no longer provided the mapping between CVE numbers and individual patches. As a result of customer input, Oracle will provide the CVE to individual patch mapping in the July 2010 Critical Patch Update. Oracle plans to reevaluate this policy in time for the October 2010 Critical Patch Update.

In order to ensure that Oracle's new policy meets the needs of its customers, Oracle is asking assistance from its Solaris customers in formulating the policy pertaining to the CVE to patch mapping disclosures. As such, I request that you contact me at derrick.scholl-AT-oracle-DOT-com, or via secalert_us@oracle.com to help Oracle understand the specific requirements of your organization.

Below is the mapping table between CVE numbers and Solaris patches. This information will also be available in the patch availability document referenced in the Critical Patch Update.

You can find the July 2010 Critical Patch Update here: http://www.oracle.com/technology/dep...pujul2010.html. Again, I would urge you to contact me to ensure that your requirements are met in future security patch distributions.

CVE # Component Solaris 8 Solaris 9 Solaris 10 SPARC X86 SPARC X86 SPARC X86 CVE-2010-0083 ToolTalk 110286-17 110287-17 112808-11 113797-09 143733-01 143734-01 CVE-2008-4247 FTP Server 111606-08 111607-08 114564-15 114565-15 140399-03 140400-03 CVE-2010-0916 rdist 140159-03 140160-03 CVE-2010-2392 ZFS 142900-12 142901-12 CVE-2010-2386 GigaSwift Ethernet Driver 111883-37 112817-33 117714-17 118777-17 118778-15 CVE-2010-2394 TCP/IP 142900-12 142901-12 CVE-2010-2399 Kernel/VM 142900-07 142901-07 CVE-2010-2400 Kernel/Filesystem 122300-50 122301-50 142900-08 142901-08 CVE-2010-2393 Kernel/RPC 144254-01 144255-01 CVE-2010-2376 Solaris Management Console 113749-04 113750-04 114503-17 114504-17 119315-21 119316-21 CVE-2010-2382 Install Software 109318-40 109319-39 113434-38 114196-36 119534-19 119535-19 CVE-2010-2383 NFS 119819-03 119820-03 122300-53 122301-52 144106-01 144107-01 CVE-2010-2384 Solaris Management Console 144323-01 144324-01 144325-02 144326-02 Note: Releases or platforms where there is no patch listed are not vulnerable to corresponding issue.



Read More about [Mapping between CVE numbers and Solaris patches for CPU July 2010...