A while ago Oracle started to integrate the CVE-ID , that patches are fixing, into the Critical Patch Updates (CPU). With this data it's easy to give an answer, if you have applied the patches to mitigate a certain CVE, or if there a patch available to fix such a CVE

For example to check, which CPUs fix the CVE-2015-0387 you can use this command:
pkg search -r :CVE-2015-0397: | tr -s " " | cut -d  " " -f 4  | sort | uniq
With the next command you check, which CVE are fixed by the critical patch update:
pkg search -r info.cve: | grep "cpu@2017.4" | tr -s  " "  | cut -f 3 | sort | uniq -c | sort
To your local system this kind of information only gets in case you are installing the CPU on your system. To install the latest CPU you just have to enter pkg install solaris-11-cpu. Afterwards you can get to the next CPU by just entering pkg update solaris-11-cpu. Without installing this package, any command searching for CVE stuff will yield no results.
Afterward the installation, you can search for the information for the local state of your system. For example to find out if you have applied the patches to fix a certain CVE you can just use:
pkg search -l CVE-* | tr -s  " " | cut -d " " -f 3 | sort
To check the locally installed CPU package just use this command:
root@nfsclient:~# pkg info -l solaris-11-cpu
             Name: support/critical-patch-update/solaris-11-cpu
          Summary: Oracle Solaris Critical Patch Update 2017.4-1
      Description: This package ensures a system remains up to date with the
                   Oracle Critical Patch Updates for Oracle Solaris
            State: Installed
        Publisher: solaris
          Version: 2017.4
    Build Release: 5.11
           Branch: 1
   Packaging Date: Sat Apr 08 03:04:05 2017
Last Install Time: Thu May 04 21:20:09 2017
             Size: 5.46 kB
             FMRI: pkg://solaris/support/critical-patch-update/solaris-11-cpu@2017.4,5.11-1:20170408T030405Z

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.