July 2007
SUN(SM) ALERT WEEKLY SUMMARY REPORT - Week of 24-Jun-2007 - 30-Jun-2007
ID: 147
Ref: 92/2007
Date: 03 July 2007:13:52:57
Version: 1
Title: SUN(SM) ALERT WEEKLY SUMMARY REPORT - Week of 24-Jun-2007 - 30-Jun-2007
Abstract: This newsletter provides a weekly listing of newly released and updated Sun Alert Notifications.
Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter that
provides you with a weekly listing of newly released and updated Sun Alert
Notifications. It is being distributed to inform you about critical
hardware and software issues that could impact the availability, security,
and data integrity of your computing environment.
==================================================================
ISSUE HIGHLIGHTS
* Newly Released Sun Alert Notifications
* Updated Sun Alert Notifications
* Additional Sun Alert Information
* Changes to Patch Access on SunSolve
==================================================================
-------------------------------------------------------------------
Newly Released Sun Alert Notifications
-------------------------------------------------------------------
(Total Released: 12)
Sun Alert ID: 102914
Synopsis: A Security Vulnerability in the Implementation of
the RPCSEC_GSS API Affects the Kerberos
Administration Daemon (kadmind(1M))
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 26-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1
-------------------------------------------------------------------
Sun Alert ID: 102918 (RESOLVED)
Synopsis: Security Vulnerabilities in the KSSL Kernel Module
May Lead to a System Panic
Product: Solaris 10 Operating System
Category: Security, Availability
Date Released: 27-Jun-2007
Date Closed: 27-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102918-1
-------------------------------------------------------------------
Sun Alert ID: 102926 (RESOLVED)
Synopsis: Security Vulnerability in the Solaris libsldap
Library May Allow a Denial of Service to nscd(1M)
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 26-Jun-2007
Date Closed: 26-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102926-1
-------------------------------------------------------------------
Sun Alert ID: 102954 (RESOLVED)
Synopsis: dtsession(1X) Contains a Buffer Overflow
Vulnerability
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 27-Jun-2007
Date Closed: 27-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102954-1
-------------------------------------------------------------------
Sun Alert ID: 102957 (RESOLVED)
Synopsis: Security Vulnerability With Java Web Start May
Allow Application to Escalate Privileges
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 28-Jun-2007
Date Closed: 28-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1
-------------------------------------------------------------------
Sun Alert ID: 102958 (RESOLVED)
Synopsis: Cross-site Scripting Vulnerability (XSS) Affecting
Pages Generated with JavaDoc Tool
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 28-Jun-2007
Date Closed: 28-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1
-------------------------------------------------------------------
Sun Alert ID: 102963 (RESOLVED)
Synopsis: A Security Vulnerability in the TCP Loopback/Fusion
Code May Lead to a System Hang Resulting in a
Denial of Service (DoS)
Product: Solaris 10 Operating System
Category: Security
Date Released: 27-Jun-2007
Date Closed: 27-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102963-1
-------------------------------------------------------------------
Sun Alert ID: 102968 (RESOLVED)
Synopsis: The NetBackup 6.0 MP4 Installer for Windows x86
Systems Installs to "C:\Program Files\VERITAS"
Regardless of the Path Specified During
Installation
Product: VERITAS NetBackup 6.0
Category: Availability
Date Released: 27-Jun-2007
Date Closed: 27-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102968-1
(before accessing this Sun Alert document please login to a SunSolve
Online Account with a Sun Spectrum Support Contract at
http://sunsolve.sun.com -> "Login")
-------------------------------------------------------------------
Sun Alert ID: 102971
Synopsis: Multiple Memory Corruption Vulnerabilities in
Mozilla 1.7 for Solaris 8, 9 and 10
Product: Mozilla v1.7, Solaris 9 Operating System, Solaris
10 Operating System, Solaris 8 Operating System
Category: Security
Date Released: 26-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1
-------------------------------------------------------------------
Sun Alert ID: 102985
Synopsis: Security Vulnerability in the Kerberos
Administration Daemon (kadmind(1M)) May Lead to
Arbitrary Code Execution
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 27-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102985-1
-------------------------------------------------------------------
Sun Alert ID: 102986
Synopsis: Sun Fire Midrange Server Time Jumps when SC Uptime
Exceeds 828 Days
Product: Sun Fire 3800 Server, Sun Fire 4800 Server, Sun
Fire 4810 Server, Sun Fire 6800 Server, Sun Fire
E6900 Server, Sun Fire E2900 Server, Sun Fire V1280
Server, Sun Fire E4900 Server, Netra 1290 Server,
Netra 1280 Server
Category: Availability, Availability
Date Released: 28-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102986-1
(before accessing this Sun Alert document please login to a SunSolve
Online Account with a Sun Spectrum Support Contract at
http://sunsolve.sun.com -> "Login")
-------------------------------------------------------------------
Sun Alert ID: 102987
Synopsis: libpng(3) Contains a Denial of Service (DoS)
Vulnerability
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 28-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1
-------------------------------------------------------------------
Updated Sun Alert Notifications
-------------------------------------------------------------------
(Total Updated: 3)
Sun Alert ID: 102934 (RESOLVED)
Synopsis: Security Vulnerabilities in the Java Runtime
Environment Image Parsing Code may Allow a
Untrusted Applet to Elevate Privileges
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 31-May-2007, 29-Jun-2007
Date Closed: 29-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
-------------------------------------------------------------------
Sun Alert ID: 102961 (RESOLVED)
Synopsis: Security Vulnerability in scp(1) May Allow
Execution of Unintended Commands
Product: Solaris 9 Operating System, Solaris 10 Operating
System
Category: Security
Date Released: 08-Jun-2007, 27-Jun-2007
Date Closed: 27-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1
-------------------------------------------------------------------
Sun Alert ID: 102962 (RESOLVED)
Synopsis: Security Vulnerability in the sshd(1M) Protocol
Version 1 Implementation May Allow a Denial of
Service to the Host
Product: Solaris 9 Operating System, Solaris 10 Operating
System
Category: Security
Date Released: 08-Jun-2007, 29-Jun-2007
Date Closed: 29-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1
------------------------------------------------------------------
Additional Sun Alert Information
------------------------------------------------------------------
* Accessing Sun Alert Notifications
Sun Alert Notifications are accessed on http://sun.com/sunsolve under
SunSolve Collections, Advanced Search, Browse Documents or Security Sun
Alerts
* Sun Alert Patch Report
http://sun.com/sunsolve/sunalert_patches.html
This is a comprehensive report of patches mentioned in the Resolution
section of Sun Alert documents and is available from SunSolve on the Patch
Portal page. It is updated daily and organized by product.
-------------------------------------------------------------------
*IMPORTANT UPDATE* Changes to Solaris 8 and 9 Patch Access on SunSolve
-------------------------------------------------------------------
Beginning March 31, 2007, Sun is changing the way users will access
Solaris 8 and 9 Software Updates (patches) to be consistent with the way
users access Solaris 10 Software Updates.
Users will still be required to have a Sun Online Account and accept a
Software License Agreement in order to access any Software Updates, but in
addition users will be required to purchase a Solaris Subscription or Sun
System Service Plan in order to access Solaris 8 and 9 Software Updates.
No Solaris Subscription or Sun System Service Plan will be required for
security patches and device drivers, which will remain available without
charge.
For more information, go to:
http://sunsolve.sun.com/search/document.do?assetkey=1-9-83061-1
For questions, contact: patchpolicy@sun.com
******************************************************************
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
ALSO ON SUN.COM --------------------------------------------------
My Sun Connection: http://sun.com/mysunconnection
Products & Services: http://sun.com/products
Business & Industry Solutions: http://sun.com/solutions
Support & Training: http://sun.com/supportraining/
Downloads: http://sun.com/download
Documentation: http://sun.com/documentation
Research: http://sun.com/research
News: http://sun.com/news
Sun[sm] Store: http://sun.com/store
Resources for
* Developers: http://sun.com/developers
* System Admins: http://sun.com/bigadmin
* Partners: http://sun.com/partners
* Executives: http://sun.com/executives
* Investors: http://sun.com/investors
------------------------------------------------------------------
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and Sun
StorEdge are trademarks or registered trademarks of Sun Microsystems, Inc.
in the United States and other countries. All SPARC trademarks are used
under license and are trademarks or registered trademarks of SPARC
International, Inc. in the United States and other countries. Products
bearing SPARC trademarks are based upon an architecture developed by Sun
Microsystems, Inc.
:::::::::::::::::::::: We make the net work ::::::::::::::::::::::
PRIVACY STATEMENT:
Sun respects your online time and privacy (http://sun.com/privacy).
You have received this email because our records indicate you requested it
from Sun. If you would prefer not to receive this information, please
follow the steps at the bottom of this message to unsubscribe.
HOW TO CONTACT US:
If you have questions or comments about this newsletter, please reply to
this message or write to us at:
sunalert-newsletter@sun.com
HOW TO SUBSCRIBE OR UNSUBSCRIBE:
To subscribe or unsubscribe to Sun newsletters, visit:
http://sun.com/newsletters/
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Sun Microsystems, Inc.
500 Eldorado Blvd
Mailstop UBRM03-151
Broomfield CO 80021
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
___________________________________________________________________________
CPNI values your feedback.
1. Which of the following most reflects the value of
the advisory to you?
(Place an 'X' next to your choice)
Very useful:__ Useful:__ Not useful:__
2. If you did not find it useful, why not?
3. Any other comments? How could we improve our advisories?
Thank you for your contribution.
________________________________________________________________________
For additional information or assistance, please contact our
help desk by telephone.
You may send Not Protectively Marked information via e-mail
to infosec@cpni.gsi.gov.uk.
Office hours:
Mon - Fri: 09:00 - 16:30 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749
On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts
___________________________________________________________________________
CPNI wishes to acknowledge the contributions of Sun Microsystems, Inc.
for the information contained in this advisory.
___________________________________________________________________________
This advisory contains information released by the original author. Some
of the information may have changed since it was released. If the issue
affects you, it may be prudent to retrieve the advisory from the site of
the original source to ensure that you receive the most current
information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by CPNI. The views and
opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
CPNI shall not accept responsibility for any errors or omissions
contained within this advisory. In particular, they shall not be liable
for any loss or damage whatsoever, arising from or in connection with the
usage of information contained within this advisory.
CPNI is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response Teams
(IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
___________________________________________________________________________
<End of CPNI Advisory>