July 2007

SUN(SM) ALERT WEEKLY SUMMARY REPORT

Week of 08-Jul-2007 - 14-Jul-2007

NOTE: We did not send out a newsletter for the week of July 1, 2007 to July 7,
2007. Apologies for any inconvenience this may have caused.

Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter that
provides you with a weekly listing of newly released and updated Sun Alert
Notifications. It is being distributed to inform you about critical hardware
and software issues that could impact the availability, security, and data
integrity of your computing environment.

==================================================================
ISSUE HIGHLIGHTS

* Newly Released Sun Alert Notifications

* Updated Sun Alert Notifications

* Additional Sun Alert Information

* Changes to Patch Access on SunSolve

==================================================================

-------------------------------------------------------------------
Newly Released Sun Alert Notifications
-------------------------------------------------------------------
(Total Released: 8)

Sun Alert ID: 101918
Synopsis: Security Vulnerability in the Logging Output of Sun
Java System Access Manager
Product: Sun Java System Access Manager 2004Q2, Sun Java
System Access Manager 6 2005Q1, Sun Java System
Identity Server 6.1
Category: Security
Date Released: 10-Jul-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1

-------------------------------------------------------------------
Sun Alert ID: 102978 (RESOLVED)
Synopsis: Security Vulnerability in the rcp(1) Command May
Allow Execution of Unintended Commands
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 10-Jul-2007
Date Closed: 10-Jul-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102978-1

-------------------------------------------------------------------
Sun Alert ID: 102992
Synopsis: Security Vulnerability in Processing XSLT
Stylesheets Affects Sun Java System Application
Server and Web Server
Product: Sun Java System Application Server Standard Edition
8.2, Sun Java System Application Server Enterprise
Edition 8.2, Sun Java System Application Server PE
9 , Sun Java System Web Server 7.0
Category: Security
Date Released: 10-Jul-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1

-------------------------------------------------------------------
Sun Alert ID: 102993 (RESOLVED)
Synopsis: Java Runtime Environment Does Not Securely Process
XSLT Stylesheets Contained in XML Signatures
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 10-Jul-2007
Date Closed: 10-Jul-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1

-------------------------------------------------------------------
Sun Alert ID: 102996 (RESOLVED)
Synopsis: Security Vulnerability in Java Web Start URL
Parsing Code May Allow Untrusted Applications to
Elevate Privileges
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 10-Jul-2007
Date Closed: 10-Jul-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1

-------------------------------------------------------------------
Sun Alert ID: 102997 (RESOLVED)
Synopsis: Java Secure Socket Extension Does Not Correctly
Process SSL/TLS Handshake Requests Resulting in a
Denial of Service (DoS) Condition
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 10-Jul-2007
Date Closed: 10-Jul-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1

-------------------------------------------------------------------
Sun Alert ID: 103005
Synopsis: Entering Array WWPN or WWNN Values as an Initiator
via Sun StorageTek CAM May Cause Loss of Management
and Data Access to the Array
Product: Sun StorageTek 2530 Array, Sun StorageTek 6130
Array, Sun StorageTek 6140 Array, Sun StorageTek
2540 Array, Sun StorageTek Common Array Manager
Software 5.1, Sun StorageTek 6540 Array
Category: Availability
Date Released: 13-Jul-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103005-1
(before accessing this Sun Alert document please login to a SunSolve Online
Account with a Sun Spectrum Support Contract at http://sunsolve.sun.com ->
"Login")

-------------------------------------------------------------------
Sun Alert ID: 103006 (RESOLVED)
Synopsis: Installation of JDK and JRE 6 Update 2 (Build 05)
May Cause Internet Explorer to Exit When
Subsequently Launched
Product: Java Platform, Standard Edition 6
Category: Availability
Date Released: 13-Jul-2007
Date Closed: 13-Jul-2007

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103006-1

-------------------------------------------------------------------
Updated Sun Alert Notifications
-------------------------------------------------------------------
(Total Updated: 0)

------------------------------------------------------------------
Additional Sun Alert Information
------------------------------------------------------------------

* Accessing Sun Alert Notifications

Sun Alert Notifications are accessed on http://sun.com/sunsolve under SunSolve
Collections, Advanced Search, Browse Documents or Security Sun Alerts

* Sun Alert Patch Report

http://sun.com/sunsolve/sunalert_patches.html

This is a comprehensive report of patches mentioned in the Resolution section
of Sun Alert documents and is available from SunSolve on the Patch Portal
page. It is updated daily and organized by product.

-------------------------------------------------------------------
*IMPORTANT UPDATE* Changes to Solaris 8 and 9 Patch Access on SunSolve
-------------------------------------------------------------------

Beginning March 31, 2007, Sun is changing the way users will access Solaris 8
and 9 Software Updates (patches) to be consistent with the way users access
Solaris 10 Software Updates.

Users will still be required to have a Sun Online Account and accept a
Software License Agreement in order to access any Software Updates, but in
addition users will be required to purchase a Solaris Subscription or Sun
System Service Plan in order to access Solaris 8 and 9 Software Updates.

No Solaris Subscription or Sun System Service Plan will be required for
security patches and device drivers, which will remain available without
charge.

For more information, go to:

http://sunsolve.sun.com/search/document.do?assetkey=1-9-83061-1

For questions, contact: patchpolicy@sun.com

******************************************************************

Thanks for tuning in to the Sun Alert Weekly Summary Report!

Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.

ALSO ON SUN.COM --------------------------------------------------
My Sun Connection: http://sun.com/mysunconnection
Products & Services: http://sun.com/products
Business & Industry Solutions: http://sun.com/solutions
Support & Training: http://sun.com/supportraining/
Downloads: http://sun.com/download
Documentation: http://sun.com/documentation
Research: http://sun.com/research
News: http://sun.com/news
Sun[sm] Store: http://sun.com/store

Resources for
* Developers: http://sun.com/developers
* System Admins: http://sun.com/bigadmin
* Partners: http://sun.com/partners
* Executives: http://sun.com/executives
* Investors: http://sun.com/investors
------------------------------------------------------------------

Copyright 2007 Sun Microsystems, Inc. All rights reserved.

Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and Sun
StorEdge are trademarks or registered trademarks of Sun Microsystems, Inc. in
the United States and other countries. All SPARC trademarks are used under
license and are trademarks or registered trademarks of SPARC International,
Inc. in the United States and other countries. Products bearing SPARC
trademarks are based upon an architecture developed by Sun Microsystems, Inc.

:::::::::::::::::::::: We make the net work ::::::::::::::::::::::

PRIVACY STATEMENT:
Sun respects your online time and privacy (http://sun.com/privacy).
You have received this email because our records indicate you requested it
from Sun. If you would prefer not to receive this information, please follow
the steps at the bottom of this message to unsubscribe.
___________________________________________________________________________

CPNI wishes to acknowledge the contributions of Sun Microsystems, Inc.
for the information contained in this advisory.

This advisory contains information released by the original author. Some of
the information may have changed since it was released. If the issue affects
you, it may be prudent to retrieve the advisory from the site of the original
source to ensure that you receive the most current information concerning that
problem.

Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply its
endorsement, recommendation, or favouring by CPNI. The views and opinions of
authors expressed within this notice shall not be used for advertising or
product endorsement purposes.

CPNI shall not accept responsibility for any errors or omissions
contained within this advisory. In particular, they shall not be liable for
any loss or damage whatsoever, arising from or in connection with the usage of
information contained within this advisory.

CPNI is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.