Oracle Ships Solaris 11.4 SRU18 - Finally Mitigates The SWAPGS Vulnerability
There still doesn't appear to be anything active past Solaris 11.4 but Oracle does continue providing routine maintenance updates for Oracle Solaris customers. Solaris 11.4 has been out for a year and a half and is now to its eighteenth stable release update.
Most notable with Solaris 11.4 SRU18 is the Intel SWAPGS vulnerability has finally been mitigated by this operating system. Intel disclosed the SWAPGS vulnerability last August. Linux patches were out that day and Microsoft Windows was quietly mitigated since the previous month, but now a half-year later Solaris 11.4 is finally protected from this vulnerability related to Spectre Variant One.
SWAPGS/CVE-2019-1125 affects Intel CPUs with the SWAPGS and WRGSBASE instructions, principally from Ivy Bridge through pre-Cascadelake processors. The SWAPGS issue was also referred to as the Grand Schemozzle by developers. While affecting a wide range of Intel CPUs from over the years and other operating systems were mitigated timely, finally with this new Solaris 11.4 SRU18 release is the Oracle protection.
Oracle Solaris 11.4 SRU18 also has various bug fixes, updates to common packages like Firefox ESR, Binutils 2.33.1, Bison 3.4.2, Node.js 8.17, SQLite 3.29, and others.
The SRU18 highlights can be found on the Oracle blog.