Home / mailings SUN ALERT WEEKLY SUMMARY REPORT
Posted on 12 May 2008
Sun AlertsWeek of 04-May-2008 to 10-May-2008
Welcome to the Sun Alert Weekly Summary Report, the newsletter
that provides you with a weekly listing of newly released and
updated Sun Alert Notifications. It is being distributed
to inform you about critical hardware and software issues that
could impact the availability, security, and data integrity of
your computing environment.
==================================================================
ISSUE HIGHLIGHTS
* Newly Released Sun Alerts for 3 Release Phases:
Preliminary, Workaround and Resolved
* Updated Sun Alerts
* Additional Information
=================================================================
New Preliminary Sun Alert Notifications
None
=================================================================
New Workaround Sun Alert Notifications
(Total Workaround: 4)
Sun Alert ID: 237444
Title: Security Vulnerability in Solaris SSH May Allow
Unauthorized Access to X11 Sessions
Product: Solaris 9 Operating System, Solaris 10 Operating System
Category: Security
Release Phase: Workaround
Workaround Date: 05-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237444-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 237464
Title: Solaris 10 iscsiadm(1M) may hang in the presence of
other applications that use System V semaphores
Product: Solaris 10 Operating System
Category: Availability
Release Phase: Workaround
Workaround Date: 06-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237464-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 237505
Title: Adding a host to a SVM Metaset deletes the Set Name link
Product: Solaris Volume Manager, Solaris 10 Operating System
Category: Availability
Release Phase: Workaround
Workaround Date: 09-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237505-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 237507
Title: Product Startup and Maintenance Issues on Sun Fire 4150
and 4450 Servers
Product: Sun Fire 4150, Sun Fire 4450
Category: Availability
Release Phase: Workaround
Workaround Date: 07-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237507-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
=================================================================
New Resolved Sun Alert Notifications
(Total Resolved: 10)
Sun Alert ID: 200864
Title: Security Vulnerability in the TCP Implementation of
Solaris Systems May Allow a Denial of Service When
Accepting New Connections While Undergoing a TCP "SYN
Flood" Attack
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 06-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200864-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 201255
Title: JSP Source Code Disclosure Vulnerability Affects Sun
Java System Application Server and Web Server
Product: Sun Java System Application Server Standard Edition 7
2004Q2, Sun Java System Web Server 7.0, Sun Java System
Web Server 6.1, Sun Java System Application Server
Enterprise Edition 7 2004Q2
Category: Security
Release Phase: Resolved
Resolved Date: 06-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201255-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 231467
Title: Cross-Site Scripting Vulnerability in Sun Java System
Web Server Search Module
Product: Sun Java System Web Server 7.0 Update 2, Sun Java System
Web Server 6.1 Service Pack 9
Category: Security
Release Phase: Resolved
Resolved Date: 06-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231467-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 231621
Title: In Solaris Cluster 3.2 the "cl_eventlogd" is Susceptible
to Hanging
Product: Solaris Cluster 3.2
Category: Availability
Release Phase: Resolved
Resolved Date: 07-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231621-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 233623
Title: Cross Site Scripting (XSS) Vulnerabilities in the Apache
1.3 and 2.0 "mod_imap" and "mod_status" Modules
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 05-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 236884
Title: Security Vulnerabilities in Solaris Print Service May
Lead to Denial of Service (DoS) or Execution of
Arbitrary Code
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 09-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-236884-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 236944
Title: A Security Vulnerability in Sun Ray Kiosk Mode 4.0 May
Allow Escalation of Privileges
Product: Sun Ray Server Software 4.0
Category: Security
Release Phase: Resolved
Resolved Date: 06-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 237144
Title: VTL Plus 1.0/2.0 with Software Compression May
Experience Data Integrity Issues
Product: Sun StorageTek Virtual Tape Library Plus (VTL-Plus)
Storage Appliance
Category: Data Loss
Release Phase: Resolved
Resolved Date: 08-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237144-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 237465
Title: Security Vulnerabilities in the Tcl GUI Toolkit Library
may lead to arbitrary code execution or Denial of
Service (DoS)
Product: Solaris 9 Operating System, Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 06-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237465-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 237605
Title: T3B and Sun StorEdge 6120 arrays may go down
unexpectedly and lose host connectivity after 994 days
of continuous operation
Product: Sun StorEdge T3B, Sun StorEdge 6120, Sun StorEdge 6320,
Sun StorEdge 3910, Sun StorEdge 3960, Sun StorEdge
6910, Sun StorEdge 6920, Sun StorEdge 6960
Category: Availability, Data Loss
Release Phase: Resolved
Resolved Date: 08-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237605-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
=================================================================
Updated Sun Alert Notifications
(Total Updated: 2)
Sun Alert ID: 200098 Previous ID: 102733
Title: Security Vulnerability With HTTP Requests in Sun Java
System Server(s)
Product: Sun Java System Web Server 6.0 Service Pack 10, Sun Java
System Application Server Platform Edition 8.1 2005Q1,
Sun ONE Application Server 7, Enterprise Edition, Sun
ONE Application Server 7, Standard Edition, Sun Java
System Application Server Platform Edition 8.1 2005Q1
Update Release 1, Sun Java System Web Proxy Server 4.0,
Sun Java System Web Server 6.1, Sun Java System
Application Server Enterprise Edition 8.1 2005Q1, Sun
Java System Web Proxy Server 3.6
Category: Security
Release Phase: Resolved
Resolved Date: 30-Nov-2006
Last Updated: 09-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200098-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 231526
Title: Security Vulnerability in Sun Java Web Console
Product: Solaris 10 Operating System, Sun Java Web Console 3.0.2,
3.0.3, 3.0.4
Category: Security
Release Phase: Resolved
Resolved Date: 07-Mar-2008
Last Updated: 09-May-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231526-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
==================================================================
Additional Information:
Please see the following sites for recent information on the new
SunSpectrum Member Support Center and changes to SunSolve:
* SunSpectrum Member Support Center wiki
http://wikis.sun.com/display/ssmsc
* New SunSolve wiki
http://wikis.sun.com/display/sunsolve
Changes to the Online Support Center (OSC) :
* New OSC wiki http://wikis.sun.com/display/osc
==================================================================
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
sunalert-newsletter@sun.com
