Home / mailings SUN ALERT WEEKLY SUMMARY REPORT
Posted on 08 December 2008
Sun AlertsWeek of 30-Nov-2008 to 06-Dec-2008
Welcome to the Sun Alert Weekly Summary Report, the newsletter
that provides you with a weekly listing of newly released and
updated Sun Alert Notifications. It is being distributed
to inform you about critical hardware and software issues that
could impact the availability, security, and data integrity of
your computing environment.
==================================================================
ISSUE HIGHLIGHTS
* New and Updated Sun Alerts for 3 Release Phases:
Preliminary, Workaround and Resolved
Note: To read past newsletters go to sunsolve.sun.com,
hit Accept, use Advanced Search with keywords "weekly
summary report newsletter", Sort by Date, and select the
Sun Alert Notifications collection.
=================================================================
New Preliminary Sun Alert Notifications
None
=================================================================
New Workaround Sun Alert Notifications
(Total Workaround: 1)
Sun Alert ID: 247186
Title: A Security Vulnerability in Solaris Secure Shell (SSH)
May Expose Some Plain Text From Encrypted Traffic
Product: Solaris 9 Operating System, Solaris 10 Operating System,
OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 05-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
=================================================================
New Resolved Sun Alert Notifications
(Total Resolved: 23)
Sun Alert ID: 238365
Title: A Security Vulnerability in rpc.ypupdated(1M) May Allow
Execution of Arbitrary Code When Run in Insecure Mode
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238365-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 240365
Title: Security Vulnerability in Sun Ray Server Software May
Compromise the Sun Ray Administration Password
Product: Sun Ray Server Software 3.1, Sun Ray Server Software
3.1.1, Sun Ray Server Software 4.0
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240365-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 240506
Title: Security Vulnerabilities in Sun Ray Server Software and
Sun Ray Windows Connector May Compromise the Sun Ray
Administration Password
Product: Sun Ray Server Software 3.x, Sun Ray Server Software
4.0, Sun Ray Windows Connector 1.1, Sun Ray Windows
Connector 2.0
Category: Security
Release Phase: Resolved
Resolved Date: 05-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240506-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 242426
Title: The "zpool create" Command May Dump Core When Used on
Systems Running Sun Cluster 3.2
Product: Solaris Cluster 3.2
Category: Availability
Release Phase: Resolved
Resolved Date: 01-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-242426-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 243786
Title: Security Vulnerability in the Sun Java Web Console May
Allow Unauthorized Redirection
Product: Sun Java Web Console 3.0.2, Sun Java Web Console 3.0.3,
Sun Java Web Console 3.0.4, Sun Java Web Console 3.0.5,
Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 02-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-243786-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 243886
Title: Security Vulnerability Related to Sun Java System Portal
Server May Allow Information Disclosure
Product: Sun Java System Portal Server 7.1, Sun Java System
Portal Server 7.2
Category: Security
Release Phase: Resolved
Resolved Date: 05-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-243886-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 244986
Title: The Java Runtime Environment Creates Temporary Files
That Have "Guessable" File Names
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244986-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 244987
Title: Java Runtime Environment (JRE) Buffer Overflow
Vulnerabilities in Processing Image Files and Fonts May
Allow Applets or Java Web Start Applications to Elevate
Their Privileges
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 244988
Title: Multiple Security Vulnerabilities in Java Web Start and
Java Plug-in May Allow Privilege Escalation
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 244989
Title: The Java Runtime Environment (JRE) "Java Update"
Mechanism Does Not Check the Digital Signature of the
JRE that it Downloads
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 244990
Title: A Buffer Overflow Vulnerability in the Java Runtime
Environment (JRE) May Allow Privileges to be Escalated
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244990-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 244991
Title: A Security Vulnerability in the Java Runtime Environment
(JRE) Related to Deserializing Calendar Objects May
Allow Privileges to be Escalated
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 244992
Title: A Buffer Overflow Vulnerability in the Java Runtime
Environment (JRE) "Unpack200" JAR Unpacking Utility May
Lead to Escalation of Privileges
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 245246
Title: The Java Runtime Environment UTF-8 Decoder May Allow
Multiple Representations of UTF-8 Input
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-245246-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246206
Title: Solaris 10 Kernel Patches 137137-09/137138-09 May Cause
Boot Failure For An MPxIO Enabled SVM encapsulated Root
Filesystem
Product: Solaris 10 Operating System
Category: Availability
Release Phase: Resolved
Resolved Date: 01-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246206-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246266
Title: Security Vulnerability in Java Runtime Environment May
Allow Applets to List the Contents of the Current
User's Home Directory
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246266-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246286
Title: Security Vulnerability in the Java Runtime Environment
With Processing RSA Public Keys
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246346
Title: A Security Vulnerability in Java Runtime Environment
(JRE) With Authenticating Users Through Kerberos May
Lead to a Denial of Service (DoS)
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246346-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246366
Title: Security Vulnerabilities in the Java Runtime Environment
(JRE) JAX-WS and JAXB Packages may Allow Privileges to
be Escalated
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246366-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246386
Title: A Security Vulnerability in Java Runtime Environment
(JRE) With Parsing of Zip Files May Allow Reading of
Arbitrary Memory Locations
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246386-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246387
Title: A Security Vulnerability in the Java Runtime Environment
may Allow Code Loaded From the Local Filesystem to
Access LocalHost
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246846
Title: A Security Vulnerability in the OpenSSL PKCS#11 Engine
May Result in Denial of Service (DoS) Due to a
Corrupted Session Cache
Product: Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 03-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246846-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 246946
Title: Sun Fire V215 and V245 Servers may Experience an
Erroneous "Overtemp" Alarm Causing the System to Power
Off
Product: Sun Fire V215 Server, Sun Fire V245 Server
Category: Availability
Release Phase: Resolved
Resolved Date: 05-Dec-2008
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246946-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
=================================================================
Updated Sun Alert Notifications
None
==================================================================
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
sunalert-newsletter@sun.com