[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CSIRTUK ADVISORY - 3356 - Sun - Week of 12-Aug-2007 - 18-Aug-2007



________________________________________________________________________

CSIRTUK ADVISORY - 3356 dated 23.08.07 time 10:48

Centre for the Protection of National Infrastructure (CPNI) 
________________________________________________________________________

Further details about CPNI, including information about our products can
be  found at www.cpni.gov.uk
________________________________________________________________________

Title
=====
3356 - SUN Weekly Summary

Detail
======
ID: 3356
Date: 23 August 2007 10:48

------------------------------------------------------------------------
--------
Title: 3356 - SUN Weekly Summary
Abstract: The Sun(SM) Alert Weekly Summary Report, a newsletter that
provides a weekly listing of newly released and updated Sun Alert
Notifications Vendors affected:Sun Microsystems, Inc.
Advisory type: Information
Warning Status: Information only
Availability of fix: Available
Type of fix: Patch
Source: Sun
Reliability of source: Trusted

SUN(SM) ALERT WEEKLY SUMMARY REPORT

     Week of 12-Aug-2007 - 18-Aug-2007

Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter that
provides you with a weekly listing of newly released and updated Sun
Alert Notifications.  It is being distributed to inform you about
critical hardware and software issues that could impact the
availability, security, and data integrity of your computing
environment.

==================================================================
ISSUE HIGHLIGHTS

* Newly Released Sun Alert Notifications

* Updated Sun Alert Notifications

* Additional Sun Alert Information

* Changes to Patch Access on SunSolve

==================================================================

-------------------------------------------------------------------
Newly Released Sun Alert Notifications
-------------------------------------------------------------------
(Total Released: 4)

Sun Alert ID:  103024 (RESOLVED)
Synopsis:      Vulnerability in the Java Runtime Environment Font
               Parsing Code may Allow an Untrusted Applet to
               Elevate Privileges
Product:       Java 2 Platform, Standard Edition
Category:      Security
Date Released: 15-Aug-2007
Date Closed:   15-Aug-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1

-------------------------------------------------------------------
Sun Alert ID:  103029 (RESOLVED)
Synopsis:      Two Security Vulnerabilities in Solaris 8 Role
               Based Access Control (rbac(5)) may Allow
               Unauthorized Remote Access
Product:       Solaris 8 Operating System
Category:      Security
Date Released: 16-Aug-2007
Date Closed:   16-Aug-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103029-1

-------------------------------------------------------------------
Sun Alert ID:  103041
Synopsis:      Solaris 10 marvell88sx(7D) Driver May Cause Data
               Integrity Issues
Product:       Solaris 10 Operating System
Category:      Data Loss
Date Released: 17-Aug-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103041-1

-------------------------------------------------------------------
Sun Alert ID:  103042
Synopsis:      False Uncorrectable Memory Errors May be Generated
               if "Power Now" is Enabled on Sun Fire
               X4100M2/X4200M2 Servers
Product:       Sun Fire X4100 M2 Server, Sun Fire X4200 M2 Server
Category:      Availability
Date Released: 16-Aug-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103042-1


-------------------------------------------------------------------
Updated Sun Alert Notifications
-------------------------------------------------------------------
(Total Updated: 4)

Sun Alert ID:  102613 (RESOLVED)
Synopsis:      Solaris 10 Host Running Veritas Storage Foundation
               5.0 Volume Manager: System May Fail to Boot After
               Encapsulating Root Drive
Product:       VERITAS Storage Foundation 5.0 Software
Category:      Data Loss
Date Released: 09-Oct-2006, 17-Aug-2007
Date Closed:   17-Aug-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102613-1

-------------------------------------------------------------------
Sun Alert ID:  102930 (RESOLVED)
Synopsis:      Security Vulnerability in the Kerberos kadm5
               Library May Allow  Execution of Arbitrary Code
Product:       Solaris 9 Operating System, Solaris 10 Operating
               System, Solaris 8 Operating System
Category:      Security
Date Released: 29-May-2007, 13-Aug-2007
Date Closed:   13-Aug-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1

-------------------------------------------------------------------
Sun Alert ID:  102960 (RESOLVED)
Synopsis:      Patches 121688-03, 121689-03, and 124460-02 are
               WITHDRAWN - Certain Sun Fire Systems May Experience
               "consistent dma sync timeout" or System Panic When
               Using "Stop-A"
Product:       Sun Fire 12K Server, Sun Fire E20K Server, Sun Fire
               V880 Server, Sun Fire 15K Server, Sun Fire V490
               Server, Sun Fire V890 Server, Sun Fire V480 Server,
               Sun Fire E25K Server
Category:      Availability
Date Released: 11-Jun-2007, 13-Aug-2007
Date Closed:   13-Aug-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102960-1

-------------------------------------------------------------------
Sun Alert ID:  102985 (RESOLVED)
Synopsis:      Security Vulnerability in the Kerberos
               Administration Daemon (kadmind(1M)) May Lead to
               Arbitrary Code Execution
Product:       Solaris 9 Operating System, Solaris 10 Operating
               System, Solaris 8 Operating System
Category:      Security
Date Released: 27-Jun-2007, 15-Aug-2007
Date Closed:   15-Aug-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102985-1

------------------------------------------------------------------
Additional Sun Alert Information
------------------------------------------------------------------

* Accessing Sun Alert Notifications

Sun Alert Notifications are accessed on http://sun.com/sunsolve under
SunSolve Collections, Advanced Search, Browse Documents or Security Sun
Alerts


* Sun Alert Patch Report

http://sun.com/sunsolve/sunalert_patches.html

This is a comprehensive report of patches mentioned in the Resolution
section of Sun Alert documents and is available from SunSolve on the
Patch Portal page. It is updated daily and organized by product.


-------------------------------------------------------------------
*IMPORTANT UPDATE* Changes to Solaris 8 and 9 Patch Access on SunSolve
-------------------------------------------------------------------

Beginning March 31, 2007, Sun is changing the way users will access
Solaris 8 and 9 Software Updates (patches) to be consistent with the way
users access Solaris 10 Software Updates.

Users will still be required to have a Sun Online Account and accept a
Software License Agreement in order to access any Software Updates, but
in addition users will be required to purchase a Solaris Subscription or
Sun System Service Plan in order to access Solaris 8 and 9 Software
Updates.

No Solaris Subscription or Sun System Service Plan will be required for
security patches and device drivers, which will remain available without
charge.

For more information, go to:

   http://sunsolve.sun.com/search/document.do?assetkey=1-9-83061-1

For questions, contact: patchpolicy@xxxxxxx


******************************************************************

Thanks for tuning in to the Sun Alert Weekly Summary Report!

Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.


ALSO ON SUN.COM --------------------------------------------------
My Sun Connection:             http://sun.com/mysunconnection
Products & Services:           http://sun.com/products
Business & Industry Solutions: http://sun.com/solutions
Support & Training:            http://sun.com/supportraining/
Downloads:                     http://sun.com/download
Documentation:                 http://sun.com/documentation
Research:                      http://sun.com/research
News:                          http://sun.com/news
Sun[sm] Store:                 http://sun.com/store

Resources for
* Developers:                  http://sun.com/developers
* System Admins:               http://sun.com/bigadmin
* Partners:                    http://sun.com/partners
* Executives:                  http://sun.com/executives
* Investors:                   http://sun.com/investors
------------------------------------------------------------------

Copyright 2007 Sun Microsystems, Inc. All rights reserved.

Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and Sun
StorEdge are trademarks or registered trademarks of Sun Microsystems,
Inc. in the United States and other countries. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC
International, Inc. in the United States and other countries. Products
bearing SPARC trademarks are based upon an architecture developed by Sun
Microsystems, Inc.

________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to
you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.

________________________________________________________________________

CSIRTUK wishes to acknowledge the contributions of Sun for the
information contained in this advisory.
________________________________________________________________________

This advisory contains information released by the original author. Some
of the information may have changed since it was released. If the issue
affects you, it may be prudent to retrieve the advisory from the site of
the original source to ensure that you receive the most current
information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by CPNI. The views
and opinions of authors expressed within this notice shall not be used
for advertising or product endorsement purposes.

CPNI shall not accept responsibility for any errors or omissions
contained within this advisory. In particular, they shall not be liable
for any loss or damage whatsoever, arising from or in connection with
the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams
(FIRST)
and has contacts with other international Incident Response Teams (IRTs)
in order to foster cooperation and coordination in incident prevention,
to prompt rapid reaction to incidents, and to promote information
sharing amongst its members and the community at large.
________________________________________________________________________

<End of CPNI Advisory>



The original of this email was scanned for viruses by the Government Secure Intranet Anti-Virus service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2006/04/0007.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.