Keeping up to date with patches

[Mark Round]

Hi all,

I have a couple of quick questions in order to clarify my thoughts on
Sun security and bug-fix patches.

Firstly, am I right in thinking that if I installed a fresh Solaris
system, and then applied the current "Recommended" patch cluster, I
would be up-to-date on all currently known security patches ? IE:-
does the cluster get updated when a new security patch or critical
bug-fix is released ?

Secondly, what mailing list provides notification of new
security/bug-fix patches being released when they happen ? I subscribe
to the patch club report which comes out once a week, but I'd like to
get this information as soon as possible. I have subscribed to the
"security-alert@sun.com" list which provides "security bulletins" -
however, checking sunsolve for security bulletins reveals a somewhat
short list of articles, the last one being released in 2002 (Bulletin
#00220).

On the same SunSolve site, there are separate "Security Alerts" (the
difference between a 'bulletin' and an 'alert' doesn't seem to be
defined anywhere...), which appear to be what I am interested in - but
I can only find a way to subscribe to this on a weekly basis. Is there
something else I have overlooked ?

Thanks in advance,

-Mark

[Andrzej Popielewicz]

Mark Round wrote:

>
>Firstly, am I right in thinking that if I installed a fresh Solaris
>system, and then applied the current "Recommended" patch cluster, I
>would be up-to-date on all currently known security patches ? IE:-
>
>

I do not think so. I would expect , cluster are always a little bit
delayed. Single patches can be made available faster , just to solve
urgent problem. It is not only common sense. It is confirmed by my
recent experience. Patching with cluster did not solve one of my
problems. After applying cluster, then all other recommended and
security patches the application I was interested in began to work. Most
of the extra patches were already applied by the cluster but some of
them not.

Andrzej

[Mark Round]

> After applying cluster, then all other recommended and

> security patches the application I was interested in began to work. Most
> of the extra patches were already applied by the cluster but some of
> them not.

Thanks for the advice. Where would I find a list of all recommended
and security patches for a given Solaris release ? I know about the
"Recommended and security" cluster, I take it this is not what you
mean... Basically, if I install this cluster, how can I find out what
security patches or bug fixes I may be missing ?

Thanks,

-Mark

[Andrzej Popielewicz]

Uz.ytkownik Mark Round napisa?:

> I take it this is not what you
> mean... Basically, if I install this cluster, how can I find out what
> security patches or bug fixes I may be missing ?
>
> Thanks,
>
> -Mark

Go to
[url]http://www.sun.com/software/download[/url]
and
choose patches .
You will be presented with list of recommended patches on the right
hand side. At the moment , there are three categories of them.
I have meant the first two.

Andrzej

[Alan Coopersmith]

[email]mark.round7@ntlworld.com[/email] (Mark Round) writes in comp.unix.solaris:
|Thanks for the advice. Where would I find a list of all recommended
|and security patches for a given Solaris release ? I know about the
|"Recommended and security" cluster, I take it this is not what you
|mean... Basically, if I install this cluster, how can I find out what
|security patches or bug fixes I may be missing ?

PatchPro or patchdiag can check and report for you.
[url]http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage[/url]

--
__________________________________________________ ______________________
Alan Coopersmith [email]alanc@alum.calberkeley.org[/email]
[url]http://www.CSUA.Berkeley.EDU/~alanc/[/url] aka: [email]Alan.Coopersmith@Sun.COM[/email]
Working for, but definitely not speaking for, Sun Microsystems, Inc.

[Martin Paul]

Alan Coopersmith <alanc@alum.calberkeley.org> wrote:

> [email]mark.round7@ntlworld.com[/email] (Mark Round) writes in comp.unix.solaris:
> |mean... Basically, if I install this cluster, how can I find out what
> |security patches or bug fixes I may be missing ?
>
> PatchPro or patchdiag can check and report for you.
> [url]http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage[/url]

A good time to bring up the previously discussed issue about the
deficiency of Sun's scheme of marking patches as "Recommended" (R)
and "Security" (S) again. One should be aware that it's always
patches being marked as R and/or S, not patch revisions, as it should
be. When e.g. patch 123456-10 is marked "S" this does not tell you
if fixes for security problems were in rev. 10, or 01, or 01 and 10.
If you have 123456-05 installed, it would be vital to know if security
fixes came in after this revision. Once a patch revision is marked
"S" it's your best bet to keep up with all newer revisions of such
patches.

patchcheck (haven't tried the other tools recently) in the above case
would not show 123456-10 in its "UNINSTALLED RECOMMENDED PATCHES" or
"UNINSTALLED SECURITY PATCHES" section. It hides it in the list of
"INSTALLED PATCHES" under a heap of other, non-R/S patches. I've
modified patchk.pl to add a R/S/* column to the list of "INSTALLED
PATCHES", so I can identify them more easily.

Still, the real problem is that the patch database obviously just
doesn't contain the R/S marks on certain revisions. I'd really like
to see that added.

mp.
--
Martin Paul | Systems Administrator
Institute for Software Science | [email]martin@par.univie.ac.at[/email]
University of Vienna, Austria | [url]http://www.par.univie.ac.at/[/url]