Home / mailings SUN ALERT WEEKLY SUMMARY REPORT
Posted on 07 December 2009
Sun AlertsWeek of 29-Nov-2009 to 05-Dec-2009
Welcome to the Sun Alert Weekly Summary Report, the newsletter
that provides you with a weekly listing of newly released and
updated Sun Alert Notifications. It is being distributed
to inform you about critical hardware and software issues that
could impact the availability, security, and data integrity of
your computing environment.
==================================================================
ISSUE HIGHLIGHTS - New http://wikis.sun.com/x/EAF9B
* New and Updated Sun Alerts for 3 Release Phases:
Preliminary, Workaround and Resolved
Note: To read past newsletters go to sunsolve.sun.com,
hit Accept, use Advanced Search with keywords "weekly
summary report newsletter", Sort by Date, and select the
Sun Alert Notifications collection.
=================================================================
New Preliminary Sun Alert Notifications
None
=================================================================
New Workaround Sun Alert Notifications
(Total Workaround: 7)
Sun Alert ID: 273350
Title: Security Vulnerability in the Transport Layer Security
(TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
Involving Handshake Renegotiation Affects Network
Security Services (NSS)
Product: Sun Java Enterprise System 5, Sun Java Enterprise System
2005Q4, Solaris 8 Operating System, Solaris 9 Operating
System, Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 01-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 273551
Title: Two Security Vulnerabilities in GNU tar (see gtar(1))
May Lead to Files Being Overwritten, Execution of
Arbitrary Code, or a Denial of Service (DoS)
Product: Solaris 9 Operating System, Solaris 10 Operating System,
OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 02-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273551-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 273570
Title: Multiple Buffer and Integer Overflow Vulnerabilities in
Python (python(1)) May Lead to a Denial of Service
(DoS) or Allow Execution of Arbitrary Code
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 03-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273570-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 273590
Title: Security Vulnerability in wget(1) Related to Certificate
Parsing may Allow Encrypted HTTP Communication to be
Intercepted Using a Man-in-the-Middle (MITM) Attack
Product: Solaris 9 Operating System, Solaris 10 Operating System,
OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 02-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273590-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 273610
Title: Solaris autopush(1M) Changes (with patches
141444-09/141511-04) May Cause Sun Cluster 3.1 and 3.2
Nodes to Hang During Boot
Product: Sun Cluster 3.1, Sun Cluster 3.2
Category: Availability
Release Phase: Workaround
Workaround Date: 02-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273610-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 273630
Title: Multiple Security Vulnerabilities in the libexpat
Library May Lead to a Denial of Service (DoS) Condition
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 02-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 273670
Title: HIPER - Sun StorageTek Host Software Component (HSC) May
Experience Message "SLS0411I" and the Free Cell Count
for the LSM Will be Set to 0
Product: Sun StorageTek Host Software Component Software
Category: Availability
Release Phase: Workaround
Workaround Date: 02-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273670-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
=================================================================
New Resolved Sun Alert Notifications
(Total Resolved: 5)
Sun Alert ID: 266428
Title: Multiple Security Vulnerabilities in the XML Library
(see libxml2(3)) Bundled With Sun Management Center
(SunMC) May Result in Arbitrary Code Execution or a
Denial of Service (DoS)
Product: Sun Management Center 3.6, Sun Management Center 3.6.1,
Sun Management Center 4.0
Category: Security
Release Phase: Resolved
Resolved Date: 02-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266428-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 268189
Title: Security Vulnerability in the Solaris IP(7p) Kernel
Module May Allow Remote Users to Panic the System,
Resulting in a Denial of Service (DoS)
Product: OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 04-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-268189-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 269368
Title: Cross-Site Scripting (XSS) Vulnerabilities in Sun Java
System Portal Server's Gateway May Lead to Execution of
Arbitrary Code
Product: Sun Java System Portal Server 6.3.1, Sun Java System
Portal Server 7.1, Sun Java System Portal Server 7.2
Category: Security
Release Phase: Resolved
Resolved Date: 01-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269368-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 270669
Title: Multiple Security Vulnerabilities in Adobe Reader for
Solaris 10 May Allow Execution of Arbitrary Code or
Cause Denial of Service (DoS) - Adobe Security Bulletin
APSB09-15
Product: Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 30-Nov-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 272230
Title: Security Vulnerabilities in the Apache 2 "mod_perl2"
Module Components "PerlRun.pm" and "Status.pm" May Lead
to Denial of Service (DoS) or Unauthorized Access to
Data
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 02-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272230-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
=================================================================
Updated Sun Alert Notifications
(Total Updated: 8)
Sun Alert ID: 234461 Previous ID: 201521
Title: Solaris Daylight Saving Time (DST) Update (Aug 2008, Oct
2008, Mar-Apr 2009, Jun 2009, Aug 2009, Sep 2009, Oct
2009, Dec 2009)
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System
Category: Availability
Release Phase: Resolved
Resolved Date: 07-Mar-2008
Last Updated: 02-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-234461-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 264730
Title: A Security Vulnerability in Solaris Sockets Direct
Protocol (SDP) Driver (sdp(7D)) may Allow Users to
Exhaust Kernel Memory
Product: Solaris 10 Operating System, OpenSolaris
Category: Availability, Security
Release Phase: Resolved
Resolved Date: 02-Nov-2009
Last Updated: 03-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264730-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 269870
Title: Security Vulnerability in the Java Web Start Installer
May be Leveraged to Allow Untrusted Java Web Start
Application to Run As Trusted Application
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Nov-2009
Last Updated: 03-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 270474
Title: Buffer and Integer Overflow Vulnerabilities in the Java
Runtime Environment With Processing Audio and Image
Files May Allow Privileges to be Escalated
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Nov-2009
Last Updated: 03-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 270475
Title: A Security Vulnerability in the Java Runtime Environment
With Verifying HMAC Digests may Allow Authentication to
be Bypassed
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Nov-2009
Last Updated: 03-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 270476
Title: Two Security Vulnerabilities in the Java Runtime
Environment With Decoding DER Encoded Data and Parsing
HTTP Headers may Result in a Denial of Service (DoS)
Product: Java Platform, Standard Edition (Java SE)
Category: Security
Release Phase: Resolved
Resolved Date: 03-Nov-2009
Last Updated: 03-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 271519
Title: Solaris 10 Kernel Patches 141444-09 and 141445-09 May
Cause Interface Failure in IP Multipathing (IPMP)
Product: Solaris 10 Operating System
Category: Availability
Release Phase: Workaround
Workaround Date: 03-Nov-2009
Last Updated: 03-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-271519-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
-----------------------------------------------------------------
Sun Alert ID: 273029
Title: Security Vulnerability in the Transport Layer Security
(TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
Involving Handshake Renegotiation Affects OpenSSL
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 19-Nov-2009
Last Updated: 03-Dec-2009
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
If this Sun Alert document is not publicly available, go to the
SunSpectrum Member Support Center at www.sun.com/support and
search for the Sun Alert ID above.
==================================================================
For more information on the Sun Alert program, please visit:
http://wikis.sun.com/x/EAF9B
RSS Feed :
http://www.sun.com/rss/?t=3&pgID=1&trss=Sun%20Alerts%20-%20New&uri=http:
//cds-srv.sun.com:8700/rss/insert/public/sunalert_insert.xml
Sun Alert Patch Report -- TEXT version is available at:
https://supportuploads.sun.com/download?directory=downloads&file=SApatches%2dpub%2etxt
or go to http://supportfiles.sun.com/download and enter the following
file name, SApatches-pub.txt, from the directory named "downloads".
==================================================================
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
sunalert-newsletter@sun.com
