Solaris updates since Oracle

Essentially Solaris can only be updated directly from Oracle with people with a contract with Oracle. Any "free" copies of Solaris are not allowed to be used in production, only for testing. It is possible to buy support for Solaris including for machines which weren't bought from Oracle/Sun.

Unix Support will no longer be maintaining its patching support for Solaris.

The remainder of this page remains unaltered for the moment, but the information can be considered largely out of date

Solaris 10 and above

We provide a local Sun Update Connection Proxy server which provides access to all Solaris updates including contract patches and restricted access software installations.

To make use of it, simply execute the following command on your Solaris 10 boxes:

smpatch set patchpro.patch.source=http://sun-updates.csx.cam.ac.uk:3816/

And then you can use smpatch as usual and it will use our server for updates. Note, there is no username or password that you need to specify, just our server, as we distribute patches annonymously.

So for example to see available updates you would use:

smpatch analyze

And to install the available updates you would use:

smpatch update

And to install some software package that requires special access credentials you would use:

smpatch update -i <patchnumber>

You will need to find the <patchnumber> on Google and/or the Sun website...

Solaris 10 and earlier

All of Sun's recommended and security patches are made public by Sun; no support contract is needed to access them. Unix Support mirrors these public patches on our NFS server, nfs-uxsup.csx.cam.ac.uk, in the directory /public_patches/SUN. To access these on a typical Solaris system, change directory to /net/nfs-uxsup.csx.cam.ac.uk/public_patches/SUN/. However, this provides only a partial solution; you still need to know which of these patches you should apply.

There are two stages to keeping a Solaris system up to date with respect to Sun's recommended patch lists. The first involves applying a patch bundle which should be done immediately after installing the system or as soon as possible thereafter. The second is the routine maintenance of the system, involving adding any new patches that have come out since the patch bundle was applied. These notes treat the two stages separately.

Please note that if you have replaced any of Sun's files with your own then these may be overwritten by Sun's patched versions. If you have replaced a binary that is going to be patched with a symbolic link to a binary of your own then the link is replaced by Sun's new binary and your binary that was the target of the old link is left alone. You will need to replace Sun's binary with the symbolic link again.

The two system binaries that are most commonly caught out by this are sendmail (typically replaced by exim) and named (typically replaced by a more modern version). There may be others; only you can tell.

Applying the recommended patch bundle to a Solaris system

Sun provide a convenient "bundle" of their recommended patches for each supported version of Solaris complete with an install script. The set of recommended patches typically contains all the security patches, so this provides a convenient way of applying most of Sun's patches.

Checking a Solaris system against available patches

A tool to compare an existing system's set of patches against Sun's set of recommended and security patches. This provides an easy way to perform routine maintainance on a system's set of patches.