ID: 3499
Date: 21/11/2007
Title: 3499 - SUN(SM) ALERT WEEKLY SUMMARY REPORT Week of 11-Nov-2007 - 17-Nov-2007
Platform level affected:Operating System
Hardware components affected:Other
Specific operating systems components affected: Unix
Net-enabled software: Other
Security software:Other
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Sun
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Imminent
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Patch
Source: Sun
Reliability of source: Trusted
Source URL: http://sun.com/sunsolve/sunalert_patches.html
Abstract: Sun(SM) Alert Weekly Summary Reports, newsletters that provides weekly listings of newly released and updated Sun Alert Notifications
SUN(SM) ALERT WEEKLY SUMMARY REPORT
Week of 11-Nov-2007 - 17-Nov-2007
Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter that provides you with a weekly listing of newly released and updated Sun Alert Notifications. It is being distributed to inform you about critical hardware and software issues that could impact the availability, security, and data integrity of your computing environment.
==================================================================
ISSUE HIGHLIGHTS
* Newly Released Sun Alert Notifications
* Updated Sun Alert Notifications
* Additional Sun Alert Information
* Changes to Patch Access on SunSolve
==================================================================
-------------------------------------------------------------------
Newly Released Sun Alert Notifications
-------------------------------------------------------------------
(Total Released: 3)
Sun Alert ID: 103144 (RESOLVED)
Synopsis: VERITAS File System (VxFS) Versions 4.1 and 5.0
Running on Solaris 9 and Solaris 10 May Experience
Degraded I/O Performance While Synchronizing to
Disk
Product: VERITAS Storage Foundation 4.1 Software, VERITAS
Storage Foundation 5.0 Software
Category: Availability
Date Released: 14-Nov-2007
Date Closed: 14-Nov-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103144-1
-------------------------------------------------------------------
Sun Alert ID: 103150
Synopsis: A Security Vulnerability in unzip(1L) May Set
Unintended Permissions on Extracted Files
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 14-Nov-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103150-1
-------------------------------------------------------------------
Sun Alert ID: 103151
Synopsis: SPARC Enterprise Mx000 Servers with SAS DVD/DAT May
Panic on Reboot if Patch 125081-10 is Installed
Product: Solaris 10 Operating System
Category: Availability
Date Released: 15-Nov-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103151-1
-------------------------------------------------------------------
Updated Sun Alert Notifications
-------------------------------------------------------------------
(Total Updated: 4)
Sun Alert ID: 101429 (former 57476) (RESOLVED)
Synopsis: Security Vulnerability in SunForum Involving the
H.323 Protocol
Product: SunForum
Category: Security
Date Released: 15-Jan-2004, 16-Jan-2004, 12-Nov-2007
Date Closed: 12-Nov-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101429-1
-------------------------------------------------------------------
Sun Alert ID: 101656 (former 57744) (RESOLVED)
Synopsis: Using the Reset Button on A Main System Controller
May Cause Domain Outage
Product: Sun Fire 3800 Server, Sun Fire 4800 Server, Sun
Fire 4810 Server, Sun Fire 6800 Server, Sun Fire
E6900 Server, Sun Fire E4900 Server
Category: Availability
Date Released: 21-Apr-2005, 12-Nov-2007
Date Closed: 12-Nov-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101656-1
-------------------------------------------------------------------
Sun Alert ID: 102791 (RESOLVED)
Synopsis: Sun Products and Daylight Saving Time (DST) Change
Issues, March 2007
Product: Sun Preventive Services
Category: Availability
Date Released: 31-Jan-2007, 16-Nov-2007
Date Closed: 16-Nov-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102791-1
-------------------------------------------------------------------
Sun Alert ID: 103042 (RESOLVED)
Synopsis: False Uncorrectable Memory Errors May be Generated
if "Power Now" is Enabled on Sun Fire
X4100M2/X4200M2 Servers
Product: Sun Fire X4100 M2 Server, Sun Fire X4200 M2 Server
Category: Availability
Date Released: 16-Aug-2007, 12-Nov-2007
Date Closed: 12-Nov-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103042-1
------------------------------------------------------------------
Additional Sun Alert Information
------------------------------------------------------------------
* Accessing Sun Alert Notifications
Sun Alert Notifications are accessed on http://sun.com/sunsolve under SunSolve Collections, Advanced Search, Browse Documents or Security Sun Alerts
* Sun Alert Patch Report
http://sun.com/sunsolve/sunalert_patches.html
This is a comprehensive report of patches mentioned in the Resolution section of Sun Alert documents and is available from SunSolve on the Patch Portal page. It is updated daily and organized by product.
-------------------------------------------------------------------
*IMPORTANT UPDATE* Changes to Solaris 8 and 9 Patch Access on SunSolve
-------------------------------------------------------------------
Beginning March 31, 2007, Sun is changing the way users will access Solaris 8 and 9 Software Updates (patches) to be consistent with the way users access Solaris 10 Software Updates.
Users will still be required to have a Sun Online Account and accept a Software License Agreement in order to access any Software Updates, but in addition users will be required to purchase a Solaris Subscription or Sun System Service Plan in order to access Solaris 8 and 9 Software Updates.
No Solaris Subscription or Sun System Service Plan will be required for security patches and device drivers, which will remain available without charge.
For more information, go to:
http://sunsolve.sun.com/search/document.do?assetkey=1-9-83061-1
For questions, contact: patchpolicy@sun.com
******************************************************************
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
ALSO ON SUN.COM --------------------------------------------------
My Sun Connection: http://sun.com/mysunconnection
Products & Services: http://sun.com/products
Business & Industry Solutions: http://sun.com/solutions
Support & Training: http://sun.com/supportraining/
Downloads: http://sun.com/download
Documentation: http://sun.com/documentation
Research: http://sun.com/research
News: http://sun.com/news
Sun[sm] Store: http://sun.com/store
Resources for
* Developers: http://sun.com/developers
* System Admins: http://sun.com/bigadmin
* Partners: http://sun.com/partners
* Executives: http://sun.com/executives
* Investors: http://sun.com/investors
------------------------------------------------------------------
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and Sun StorEdge are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Wed, 21 Nov 2007 00:00:00 GMT
Domain affected: Technical