Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2008 > 3553 - SUN(SM) ALERT WEEKLY SUMMARY REPORT Week of 13-Jan-2008 - 19-Jan-2008

January 2008

3553 - SUN(SM) ALERT WEEKLY SUMMARY REPORT Week of 13-Jan-2008 - 19-Jan-2008

ID: 3553
Date: 22/01/2008
Title: 3553 - SUN(SM) ALERT WEEKLY SUMMARY REPORT Week of 13-Jan-2008 - 19-Jan-2008
Platform level affected:Operating System
Hardware components affected:Other
Specific operating systems components affected: Unix
Net-enabled software: Other
Security software:Other
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Sun
Applications affected:Solaris 8, Solaris 9, Solaris 10 Operating System, Sun Blade X6220 Server Module, Sun Fire T2000, Sun Fire T1000, Netra T2000 Server, Sun Java System Identity Manager 6.0, 7.0, 7.1
Adversity source: Unknown
Attack Vector: DoS
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Patch
Source: Sun
Reliability of source: Trusted
Source URL: http://www.sun.com/
CVE: CVE-2008-0006, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2007-5760, CVE-2007-6284, CVE-2007-5958
Abstract: Sun(SM) Alert Weekly Summary Reports, newsletters that provides weekly listings of newly released and updated Sun Alert Notifications

SUN(SM) ALERT WEEKLY SUMMARY REPORT

Week of 13-Jan-2008 - 19-Jan-2008

Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter that provides you with a weekly listing of newly released and updated Sun Alert Notifications. It is being distributed to inform you about critical hardware and software issues that could impact the availability, security, and data integrity of your computing environment.

==================================================================

ISSUE HIGHLIGHTS

* Newly Released Sun Alert Notifications

* Updated Sun Alert Notifications

 

==================================================================

-------------------------------------------------------------------

Newly Released Sun Alert Notifications

-------------------------------------------------------------------

(Total Released: 6)

Sun Alert ID: 103192

Synopsis: A Security Vulnerability in the Solaris X Window

System (X(5)) PCF Font Handler May Lead to

Execution of Arbitrary Code or a Denial of Service

(DoS) Condition

Product: Solaris 9 Operating System, Solaris 10 Operating

System, Solaris 8 Operating System

Category: Security

Date Released: 17-Jan-2008

To view this Sun Alert document please go to the following URL:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1

-------------------------------------------------------------------

Sun Alert ID: 103200

Synopsis: Multiple Security Vulnerabilities in the Solaris X

Server Extensions May Lead to a Denial of Service

(DoS) Condition or Allow Execution of Arbitrary

Code

Product: Solaris 9 Operating System, Solaris 10 Operating

System, Solaris 8 Operating System

Category: Security

Date Released: 17-Jan-2008

To view this Sun Alert document please go to the following URL:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1

-------------------------------------------------------------------

Sun Alert ID: 103201

Synopsis: Security Vulnerability in the libxml2 Library may

Lead to a Denial of Service (DoS).

Product: Solaris 9 Operating System, Solaris 10 Operating

System

Category: Security

Date Released: 14-Jan-2008

To view this Sun Alert document please go to the following URL:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1

-------------------------------------------------------------------

Sun Alert ID: 103202

Synopsis: Upgrading the X6220 Server Module to SW1.1 Causes

Device Paths to be Reenumerated

Product: Sun Blade X6220 Server Module

Category: Availability

Date Released: 15-Jan-2008

To view this Sun Alert document please go to the following URL:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103202-1

-------------------------------------------------------------------

Sun Alert ID: 103203

Synopsis: Sun Fire T1000/T2000 and Netra T2000 With Firmware

6.5.11 May Experience Continuous Console EFT

Errors

Product: Sun Fire T2000 Server, Sun Fire T1000 Server, Netra

T2000 Server

Category: Availability

Date Released: 16-Jan-2008

To view this Sun Alert document please go to the following URL:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103203-1

-------------------------------------------------------------------

Sun Alert ID: 103205

Synopsis: Security Vulnerability in the Solaris X Server May

Lead to Unauthorized Disclosure of Information on

Access Restricted Files and Directories

Product: Solaris 9 Operating System, Solaris 10 Operating

System, Solaris 8 Operating System

Category: Security

Date Released: 17-Jan-2008

To view this Sun Alert document please go to the following URL:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1

 

-------------------------------------------------------------------

Updated Sun Alert Notifications

-------------------------------------------------------------------

(Total Updated: 1)

Sun Alert ID: 103180 (RESOLVED)

Synopsis: Multiple Security Vulnerabilities in the Sun Java

System Identity Manager May Allow HTML Injection,

Cross-Site Scripting Exploits or Unauthorized

Redirection

Product: Sun Java System Identity Manager 7.0, Sun Java

System Identity Manager 6.0, Sun Java System

Identity Manager 7.1

Category: Security

Date Released: 09-Jan-2008, 14-Jan-2008

Date Closed: 14-Jan-2008

To view this Sun Alert document please go to the following URL:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1

 

 

******************************************************************

Thanks for tuning in to the Sun Alert Weekly Summary Report!

Best regards,

Sun Alert Program Office

Sun Microsystems, Inc.

sunalert-newsletter@sun.com

 

 

ALSO ON SUN.COM --------------------------------------------------

My Sun Connection: http://sun.com/mysunconnection

Products & Services: http://sun.com/products

Business & Industry Solutions: http://sun.com/solutions

Support & Training: http://sun.com/supportraining/

Downloads: http://sun.com/download

Documentation: http://sun.com/documentation

Research: http://sun.com/research

News: http://sun.com/news

Sun[sm] Store: http://sun.com/store

Resources for

* Developers: http://sun.com/developers

* System Admins: http://sun.com/bigadmin

* Partners: http://sun.com/partners

* Executives: http://sun.com/executives

* Investors: http://sun.com/investors

------------------------------------------------------------------

Copyright 2008 Sun Microsystems, Inc. All rights reserved.

Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and Sun StorEdge are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Tue, 22 Jan 2008 09:00:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |