ID: 3422
Date: 10 October 2007 12:18
Title: 3422 - Sun weekly summary reports
Abstract: Sun(SM) Alert Weekly Summary Reports, newsletters that provides weekly listings of newly released and updated Sun Alert Notifications
Vendors affected:Sun
Availability of fix: Available
Type of fix: Patch
Source: Sun
Reliability of source: Trusted
SUN(SM) ALERT WEEKLY SUMMARY REPORT
Week of 23-Sep-2007 - 29-Sep-2007
Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter that provides you with a weekly listing of newly released and updated Sun Alert Notifications. It is being distributed to inform you about critical hardware and software issues that could impact the availability, security, and data integrity of your computing environment.
==================================================================
ISSUE HIGHLIGHTS
* Newly Released Sun Alert Notifications
* Updated Sun Alert Notifications
* Additional Sun Alert Information
* Changes to Patch Access on SunSolve
==================================================================
-------------------------------------------------------------------
Newly Released Sun Alert Notifications
-------------------------------------------------------------------
(Total Released: 9)
Sun Alert ID: 102883 (RESOLVED)
Synopsis: Security Vulnerability in the Human Interface
Device (HID) Class Driver for Solaris
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 25-Sep-2007
Date Closed: 25-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102883-1
-------------------------------------------------------------------
Sun Alert ID: 102942 (RESOLVED)
Synopsis: Sun Fire X2100 M2/X2200 M2 ELOM is Vulnerable to
Unauthorized Access
Product: Sun Fire X2100 M2 Server, Sun Fire X2200 M2 Server
Category: Security
Date Released: 28-Sep-2007
Date Closed: 28-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102942-1
-------------------------------------------------------------------
Sun Alert ID: 102994
Synopsis: Manipulated TIFF Files or Documents Containing
Manipulated TIFF Files May Lead to Heap Overflows
and Arbitrary Code Execution
Product: StarOffice 7 Office Suite, StarOffice 6.0 Office
Suite, StarOffice 8 Office Suite
Category: Security
Date Released: 24-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1
-------------------------------------------------------------------
Sun Alert ID: 103046
Synopsis: Sun Fire 12K/15K/E20K/E25K Systems Equipped With a
Quad GigaSwift (QGE-X) Card May Panic
Product: Sun Fire 12K Server, Sun Fire E20K Server, Sun Fire
15K Server, Sun Fire E25K Server
Category: Availability
Date Released: 26-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103046-1
(before accessing this Sun Alert document please login to a SunSolve Online Account with a Sun Spectrum Support Contract at http://sunsolve.sun.com -> "Login")
-------------------------------------------------------------------
Sun Alert ID: 103058 (RESOLVED)
Synopsis: Sun Java System Calendar Server - Daylight Saving
Time (DST) Update
Product: Sun Java System Calendar Server 6.3, Sun Java
System Calendar Server 6 2005Q4
Category: Availability
Date Released: 24-Sep-2007
Date Closed: 24-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103058-1
-------------------------------------------------------------------
Sun Alert ID: 103069
Synopsis: Installation of Sun Java System Access Manager 7.1
on Sun Java System Application Server 9.1 or 8.x
May Compromise Application Server Security
Product: Sun Java System Access Manager 7.1
Category: Security
Date Released: 27-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1
-------------------------------------------------------------------
Sun Alert ID: 103076
Synopsis: Ethernet Driver "nxge" for Specific Ethernet Cards
May Cause Data Integrity Issues
Product: Solaris 10 Operating System
Category: Data Loss
Date Released: 25-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103076-1
-------------------------------------------------------------------
Sun Alert ID: 103084 (RESOLVED)
Synopsis: A Security Vulnerability in the Handling of Thread
Contexts in the Solaris Kernel May Allow a Denial
of Service (DoS)
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 26-Sep-2007
Date Closed: 26-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103084-1
-------------------------------------------------------------------
Sun Alert ID: 103091
Synopsis: System Management Services (SMS) Patches 124319-01
or Later and 120648-05 or Later may Cause Multiple
Domains to Dstop
Product: System Management Services 1.5 Software, System
Management Services 1.6 Software
Category: Availability
Date Released: 27-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103091-1
(before accessing this Sun Alert document please login to a SunSolve Online Account with a Sun Spectrum Support Contract at http://sunsolve.sun.com -> "Login")
-------------------------------------------------------------------
Updated Sun Alert Notifications
-------------------------------------------------------------------
(Total Updated: 3)
Sun Alert ID: 102866 (RESOLVED)
Synopsis: Security Vulnerability in the IP Implementation for
Solaris 8 and 9 May Allow a Denial of Service
Product: Solaris 9 Operating System, Solaris 8 Operating
System
Category: Security
Date Released: 12-Apr-2007, 24-Sep-2007
Date Closed: 24-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102866-1
-------------------------------------------------------------------
Sun Alert ID: 103023 (RESOLVED)
Synopsis: Certain Solaris 8 and Solaris 9 Security Patches
May Cause Lost Connectivity Over UDP or Poor
Network Performance
Product: Solaris 9 Operating System, Solaris 8 Operating
System
Category: Availability, Availability
Date Released: 02-Aug-2007, 24-Sep-2007
Date Closed: 24-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103023-1
-------------------------------------------------------------------
Sun Alert ID: 103032 (RESOLVED)
Synopsis: Sun Java System Directory Server 5.2patch5 Patches
WITHDRAWN
Product: Sun Java System Directory Server 5.2
Category: Availability
Date Released: 03-Aug-2007, 24-Sep-2007
Date Closed: 24-Sep-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103032-1
------------------------------------------------------------------
Additional Sun Alert Information
------------------------------------------------------------------
* Accessing Sun Alert Notifications
Sun Alert Notifications are accessed on http://sun.com/sunsolve under SunSolve Collections, Advanced Search, Browse Documents or Security Sun Alerts
* Sun Alert Patch Report
http://sun.com/sunsolve/sunalert_patches.html
This is a comprehensive report of patches mentioned in the Resolution section of Sun Alert documents and is available from SunSolve on the Patch Portal page. It is updated daily and organized by product.
-------------------------------------------------------------------
*IMPORTANT UPDATE* Changes to Solaris 8 and 9 Patch Access on SunSolve
-------------------------------------------------------------------
Beginning March 31, 2007, Sun is changing the way users will access Solaris 8 and 9 Software Updates (patches) to be consistent with the way users access Solaris 10 Software Updates.
Users will still be required to have a Sun Online Account and accept a Software License Agreement in order to access any Software Updates, but in addition users will be required to purchase a Solaris Subscription or Sun System Service Plan in order to access Solaris 8 and 9 Software Updates.
No Solaris Subscription or Sun System Service Plan will be required for security patches and device drivers, which will remain available without charge.
For more information, go to:
http://sunsolve.sun.com/search/document.do?assetkey=1-9-83061-1
For questions, contact: patchpolicy@sun.com
******************************************************************
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
ALSO ON SUN.COM --------------------------------------------------
My Sun Connection: http://sun.com/mysunconnection
Products & Services: http://sun.com/products
Business & Industry Solutions: http://sun.com/solutions
Support & Training: http://sun.com/supportraining/
Downloads: http://sun.com/download
Documentation: http://sun.com/documentation
Research: http://sun.com/research
News: http://sun.com/news
Sun[sm] Store: http://sun.com/store
Resources for
* Developers: http://sun.com/developers
* System Admins: http://sun.com/bigadmin
* Partners: http://sun.com/partners
* Executives: http://sun.com/executives
* Investors: http://sun.com/investors
------------------------------------------------------------------
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and Sun StorEdge are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
SUN(SM) ALERT WEEKLY SUMMARY REPORT
Week of 30-Sep-2007 - 06-Oct-2007
Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter that provides you with a weekly listing of newly released and updated Sun Alert Notifications. It is being distributed to inform you about critical hardware and software issues that could impact the availability, security, and data integrity of your computing environment.
==================================================================
ISSUE HIGHLIGHTS
* Newly Released Sun Alert Notifications
* Updated Sun Alert Notifications
* Additional Sun Alert Information
* Changes to Patch Access on SunSolve
==================================================================
-------------------------------------------------------------------
Newly Released Sun Alert Notifications
-------------------------------------------------------------------
(Total Released: 10)
Sun Alert ID: 103061 (RESOLVED)
Synopsis: Security Vulnerability in Solaris Named Pipes
(pipe(2)) May Allow Unauthorized Data Access
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 02-Oct-2007
Date Closed: 02-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103061-1
-------------------------------------------------------------------
Sun Alert ID: 103071
Synopsis: Java Runtime Environment (JRE) May Allow Untrusted
Applets or Applications to Display An Oversized
Window so that the Warning Banner is Not Visible to
User
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 03-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1
-------------------------------------------------------------------
Sun Alert ID: 103072
Synopsis: An Untrusted Java Web Start Application or Java
Applet May Move or Copy Arbitrary Files by
Requesting the User to Drag and Drop a File from
Application or Applet Window to a Desktop
Application
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 03-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
-------------------------------------------------------------------
Sun Alert ID: 103073 (RESOLVED)
Synopsis: Multiple Security Vulnerabilities in Java Web Start
Relating to Local File Access
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 03-Oct-2007
Date Closed: 03-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1
-------------------------------------------------------------------
Sun Alert ID: 103078
Synopsis: Security Vulnerabilities in Java Runtime
Environment May Allow Network Access Restrictions
to be Circumvented
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 03-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1
-------------------------------------------------------------------
Sun Alert ID: 103079
Synopsis: Security Vulnerability in Java Runtime Environment
With Applet Caching May Allow Network Access
Restrictions to be Circumvented
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 03-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
-------------------------------------------------------------------
Sun Alert ID: 103095 (RESOLVED)
Synopsis: Java SE 6: Update 3 Patches (equivalent to JDK 6
Update 3) WITHDRAWN
Product: Java Platform, Standard Edition 6
Category: Availability
Date Released: 02-Oct-2007
Date Closed: 02-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103095-1
-------------------------------------------------------------------
Sun Alert ID: 103097
Synopsis: On CSM200 Expansion Trays, Multiple Drive Channel
Failure May Occur During Error Recovery of a Single
Drive
Product: Sun StorageTek CSM200 Expansion Tray
Category: Availability
Date Released: 05-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103097-1
(before accessing this Sun Alert document please login to a SunSolve Online Account with a Sun Spectrum Support Contract at http://sunsolve.sun.com -> "Login")
-------------------------------------------------------------------
Sun Alert ID: 103100 (RESOLVED)
Synopsis: Solaris 10 libc(3LIB) Patches May Cause
svc.startd(1M) to Hang
Product: Solaris 10 Operating System
Category: Availability
Date Released: 03-Oct-2007
Date Closed: 03-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103100-1
-------------------------------------------------------------------
Sun Alert ID: 103104
Synopsis: The patchrm(1) Utility May Fail if the Patch Being
Removed was Installed Using a Japanese Locale
Product: Solaris 10 Operating System
Category: Availability
Date Released: 05-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103104-1
-------------------------------------------------------------------
Updated Sun Alert Notifications
-------------------------------------------------------------------
(Total Updated: 1)
Sun Alert ID: 103077 (RESOLVED)
Synopsis: Installing Solaris 10 patches 120272-12/120273-13
Removes Customization Entries From snmpd.conf(4)
Product: Solaris 10 Operating System
Category: Availability
Date Released: 21-Sep-2007, 05-Oct-2007
Date Closed: 05-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103077-1
------------------------------------------------------------------
Additional Sun Alert Information
------------------------------------------------------------------
* Accessing Sun Alert Notifications
Sun Alert Notifications are accessed on http://sun.com/sunsolve under SunSolve Collections, Advanced Search, Browse Documents or Security Sun Alerts
* Sun Alert Patch Report
http://sun.com/sunsolve/sunalert_patches.html
This is a comprehensive report of patches mentioned in the Resolution section of Sun Alert documents and is available from SunSolve on the Patch Portal page. It is updated daily and organized by product.
-------------------------------------------------------------------
*IMPORTANT UPDATE* Changes to Solaris 8 and 9 Patch Access on SunSolve
-------------------------------------------------------------------
Beginning March 31, 2007, Sun is changing the way users will access Solaris 8 and 9 Software Updates (patches) to be consistent with the way users access Solaris 10 Software Updates.
Users will still be required to have a Sun Online Account and accept a Software License Agreement in order to access any Software Updates, but in addition users will be required to purchase a Solaris Subscription or Sun System Service Plan in order to access Solaris 8 and 9 Software Updates.
No Solaris Subscription or Sun System Service Plan will be required for security patches and device drivers, which will remain available without charge.
For more information, go to:
http://sunsolve.sun.com/search/document.do?assetkey=1-9-83061-1
For questions, contact: patchpolicy@sun.com
******************************************************************
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
ALSO ON SUN.COM --------------------------------------------------
My Sun Connection: http://sun.com/mysunconnection
Products & Services: http://sun.com/products
Business & Industry Solutions: http://sun.com/solutions
Support & Training: http://sun.com/supportraining/
Downloads: http://sun.com/download
Documentation: http://sun.com/documentation
Research: http://sun.com/research
News: http://sun.com/news
Sun[sm] Store: http://sun.com/store
Resources for
* Developers: http://sun.com/developers
* System Admins: http://sun.com/bigadmin
* Partners: http://sun.com/partners
* Executives: http://sun.com/executives
* Investors: http://sun.com/investors
------------------------------------------------------------------
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and Sun StorEdge are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.