Home / mailings SUN ALERT WEEKLY SUMMARY REPORT
Posted on 10 August 2009
Sun AlertsWeek of 02-Aug-2009 to 08-Aug-2009
Welcome to the Sun Alert Weekly Summary Report, the newsletter
that provides you with a weekly listing of newly released and
updated Sun Alert Notifications. It is being distributed
to inform you about critical hardware and software issues that
could impact the availability, security, and data integrity of
your computing environment.
==================================================================
ISSUE HIGHLIGHTS - New http://wikis.sun.com/x/EAF9B
* New and Updated Sun Alerts for 3 Release Phases:
Preliminary, Workaround and Resolved
Note: To read past newsletters go to sunsolve.sun.com,
hit Accept, use Advanced Search with keywords "weekly
summary report newsletter", Sort by Date, and select the
Sun Alert Notifications collection.
=================================================================
New Preliminary Sun Alert Notifications
None
=================================================================
New Workaround Sun Alert Notifications
(Total Workaround: 1)
Sun Alert ID: 265030
Title: Multiple Security Vulnerabilities in libtiff(3) Handling
of CODE_CLEAR Code
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 03-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265030-1
=================================================================
New Resolved Sun Alert Notifications
(Total Resolved: 17)
Sun Alert ID: 255968
Title: Security Vulnerability in Sun Java System Access Manager
May Provide Security Information to the Wrong Client
Product: Sun Java System Access Manager 7.1, Sun Java System
Access Manager 7 2005Q4 (7.0)
Category: Security
Release Phase: Resolved
Resolved Date: 05-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1
-----------------------------------------------------------------
Sun Alert ID: 256668
Title: A Security Vulnerability in Sun Java System Access
Manager May Disclose Confidential Information
Product: Sun Java System Access Manager 6 2005Q1, Sun Java System
Access Manager 7 2005Q4, Sun Java System Access Manager
7.1, OpenSSO Enterprise 8.0
Category: Security
Release Phase: Resolved
Resolved Date: 05-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1
-----------------------------------------------------------------
Sun Alert ID: 256728
Title: Multiple Security Vulnerabilities in the Solaris
Kerberos 'Mech' Libraries May Lead To Execution of
Arbitrary Code, Unauthorized Access to Data or a Denial
of Service (DoS) Condition
Product: Sun Enterprise Authentication Mechanism 1.0.1, Solaris 9
Operating System, Solaris 10 Operating System,
OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 03-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256728-1
-----------------------------------------------------------------
Sun Alert ID: 258928
Title: A Security Vulnerability May Allow Popup Windows to
Appear Through the Solaris XScreenSaver Program on
Xorg(1) Servers
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 05-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-258928-1
-----------------------------------------------------------------
Sun Alert ID: 261688
Title: A Security Vulnerability in OpenSSO Enterprise and Sun
Java System Access Manager May Cause Denial of Service
(DoS)
Product: OpenSSO Enterprise 8.0, Sun Java System Access Manager
7.1, Sun Java System Access Manager 7 2005Q4, Sun Java
System Access Manager 6 2005Q1
Category: Security
Release Phase: Resolved
Resolved Date: 05-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
-----------------------------------------------------------------
Sun Alert ID: 263408
Title: A Security Vulnerability in the Java Runtime Environment
Audio System may Allow System Properties to be Accessed
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 04-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
-----------------------------------------------------------------
Sun Alert ID: 263409
Title: Security Vulnerabilities With the Proxy Mechanism
Implementation in the Java Runtime Environment (JRE)
may Lead to Escalation of Privileges
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 04-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
-----------------------------------------------------------------
Sun Alert ID: 263428
Title: Integer Overflow Vulnerability in the Java Runtime
Environment When Parsing JPEG Images
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 04-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1
-----------------------------------------------------------------
Sun Alert ID: 263429
Title: A Security Vulnerability With Verifying HMAC-based XML
Digital Signatures in the XML Digital Signature
Implementation Included With the Java Runtime
Environment (JRE) may Allow Authentication to be
Bypassed
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 04-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1
-----------------------------------------------------------------
Sun Alert ID: 263488
Title: Integer Overflow Vulnerability in the Java Runtime
Environment (JRE) "Unpack200" JAR Unpacking Utility May
Lead to Escalation of Privileges
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 04-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1
-----------------------------------------------------------------
Sun Alert ID: 263489
Title: A Security Vulnerability in the Java Runtime Environment
(JRE) With Parsing XML Data May Allow a Remote Client
to Create a Denial of Service (DoS) Condition
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 05-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1
-----------------------------------------------------------------
Sun Alert ID: 263490
Title: JDK and JRE Blacklist Entry for JNLPAppletLauncher
Vulnerability
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 04-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263490-1
-----------------------------------------------------------------
Sun Alert ID: 264648
Title: Security Vulnerability in the Active Template Library in
Various Releases of Microsoft Visual Studio Used by the
Java Web Start ActiveX Control May Be Leveraged to
Execute Arbitrary Code
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 04-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1
-----------------------------------------------------------------
Sun Alert ID: 264828
Title: A Security Vulnerability in Solaris BIND named(1M) Due
to Insufficient Input Validation of Dynamic Update
Requests Can Lead to Denial of Service (DoS)
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 05-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264828-1
-----------------------------------------------------------------
Sun Alert ID: 265068
Title: Multiple Security Vulnerabilities in Firefox Versions
Prior to 3.5 May Allow Execution of Arbitrary Code or
Access to Unauthorized Data
Product: OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 04-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265068-1
-----------------------------------------------------------------
Sun Alert ID: 265268
Title: Security Vulnerability in Sun VirtualBox May Lead to
Denial of Service (DoS)
Product: Sun VirtualBox 3.0
Category: Security
Release Phase: Resolved
Resolved Date: 05-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1
-----------------------------------------------------------------
Sun Alert ID: 265329
Title: Security Vulnerabilities in Sun Java System Access
Manager Policy Agent 2.2 (Web Agents) May Cause Denial
of Service (DoS)
Product: Sun Java System Access Manager Policy Agents 2.2
Category: Security
Release Phase: Resolved
Resolved Date: 07-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
=================================================================
Updated Sun Alert Notifications
(Total Updated: 2)
Sun Alert ID: 234461 Previous ID: 201521
Title: Solaris Daylight Saving Time (DST) Update (Aug 2008, Oct
2008, Mar-Apr 2009, Jun 2009, Aug 2009)
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System
Category: Availability
Release Phase: Resolved
Resolved Date: 07-Mar-2008
Last Updated: 05-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-234461-1
-----------------------------------------------------------------
Sun Alert ID: 257329
Title: A Security Vulnerability in Certain System Board
Firmware Revisions of Sun Fire V215 Servers with
XVR-100 Graphic Cards may Allow an Unprivileged User to
Panic the System
Product: Sun Fire V215 Server
Category: Security
Release Phase: Resolved
Resolved Date: 13-Jul-2009
Last Updated: 06-Aug-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257329-1
==================================================================
For more information on the Sun Alert program, please visit:
http://wikis.sun.com/x/EAF9B
RSS Feed :
http://www.sun.com/rss/?t=3&pgID=1&trss=Sun%20Alerts%20-%20New&uri=http:
//cds-srv.sun.com:8700/rss/insert/public/sunalert_insert.xml
Sun Alert Patch Report -- TEXT version is available at:
https://supportuploads.sun.com/download?directory=downloads&file=SApatches%2dpub%2etxt
or go to http://supportfiles.sun.com/download and enter the following
file name, SApatches-pub.txt, from the directory named "downloads".
==================================================================
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
sunalert-newsletter@sun.com
