Home / mailings SUN(SM) ALERT WEEKLY SUMMARY REPORT
Posted on 04 June 2007
Sun AlertsWeek of 27-May-2007 - 02-Jun-2007
Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter
that provides you with a weekly listing of newly released and
updated Sun Alert Notifications. It is being distributed
to inform you about critical hardware and software issues that
could impact the availability, security, and data integrity of
your computing environment.
==================================================================
ISSUE HIGHLIGHTS
* Newly Released Sun Alert Notifications
* Updated Sun Alert Notifications
* Additional Sun Alert Information
* Changes to Patch Access on SunSolve
==================================================================
-------------------------------------------------------------------
Newly Released Sun Alert Notifications
-------------------------------------------------------------------
(Total Released: 8)
Sun Alert ID: 102745 (RESOLVED)
Synopsis: A Security Vulnerability in the in.iked(1M) Service
May Lead To a Denial of Service (DoS)
Product: Solaris 9 Operating System
Category: Security
Date Released: 29-May-2007
Date Closed: 29-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1
-------------------------------------------------------------------
Sun Alert ID: 102920
Synopsis: Initial Activation of Auto Service Request (ASR)
with Sun StorageTek Common Array Manager (CAM) Does
Not Properly Set Up the Activation
Product: Sun StorageTek Common Array Manager Software 5.1
Category: Availability
Date Released: 30-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102920-1
(before accessing this Sun Alert document please login to a
SunSolve Online Account with a Sun Spectrum Support Contract
at http://sunsolve.sun.com -> "Login")
-------------------------------------------------------------------
Sun Alert ID: 102921 (RESOLVED)
Synopsis: A Security Vulnerability in the Solaris 10
inetd(1M) Service May Lead to a Denial of Service
(DoS) Condition
Product: Solaris 10 Operating System
Category: Security
Date Released: 29-May-2007
Date Closed: 29-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102921-1
-------------------------------------------------------------------
Sun Alert ID: 102930
Synopsis: Security Vulnerability in the Kerberos kadm5
Library May Allow Execution of Arbitrary Code
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 29-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1
-------------------------------------------------------------------
Sun Alert ID: 102932 (RESOLVED)
Synopsis: Security Vulnerability in Adobe Flash Player May
Allow Unauthorized Header Injection into HTTP
Requests
Product: Solaris 10 Operating System
Category: Security
Date Released: 30-May-2007
Date Closed: 30-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1
-------------------------------------------------------------------
Sun Alert ID: 102934
Synopsis: Security Vulnerabilities in the Java Runtime
Environment Image Parsing Code may Allow a
Untrusted Applet to Elevate Privileges
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 31-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
-------------------------------------------------------------------
Sun Alert ID: 102936 (RESOLVED)
Synopsis: On NAS OS 4.20, File Systems may Become OFFLINE
After Disabling Checkpoint
Product: Sun StorageTek NAS OS v4.21
Category: Availability
Date Released: 30-May-2007
Date Closed: 30-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102936-1
-------------------------------------------------------------------
Sun Alert ID: 102944
Synopsis: StorageTek 5210/5220/5310/5320 NAS Tape Library
with Multiple Drives Sharing the Same Target IDs
May Lose Drive Visibility to the NDMP Backup Module
Product: Sun StorageTek 5310 NAS Appliance, Sun StorageTek
5320 NAS Appliance, Sun StorageTek 5220 NAS
Appliance, Sun StorageTek 5210 NAS Appliance
Category: Availability
Date Released: 01-Jun-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102944-1
-------------------------------------------------------------------
Updated Sun Alert Notifications
-------------------------------------------------------------------
(Total Updated: 4)
Sun Alert ID: 102725 (RESOLVED)
Synopsis: A Malformed Packet Received by snmpd(1) via TCP may
Cause a Denial of Service (DoS)
Product: Solaris 10 Operating System
Category: Security
Date Released: 22-Nov-2006, 30-May-2007
Date Closed: 30-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102725-1
-------------------------------------------------------------------
Sun Alert ID: 102803 (RESOLVED)
Synopsis: Multiple Integer Overflow Vulnerabilities in the X
Font Server (xfs(1)) and the X Render and DBE
Extensions
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 13-Feb-2007, 31-May-2007
Date Closed: 31-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
-------------------------------------------------------------------
Sun Alert ID: 102894 (RESOLVED)
Synopsis: Security Vulnerability in PostgreSQL SECURITY
DEFINER Functions May Allow Escalation of
Privileges
Product: Solaris 10 Operating System
Category: Security
Date Released: 26-Apr-2007, 29-May-2007
Date Closed: 29-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1
-------------------------------------------------------------------
Sun Alert ID: 102909 (RESOLVED)
Synopsis: Cross-site Scripting Vulnerability in Sun Java
System Messaging Server
Product: Sun Java System Messaging Server 6.0, Sun Java
System Messaging Server 6.3
Category: Security
Date Released: 23-May-2007, 30-May-2007
Date Closed: 30-May-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102909-1
------------------------------------------------------------------
Additional Sun Alert Information
------------------------------------------------------------------
* Accessing Sun Alert Notifications
Sun Alert Notifications are accessed on http://sun.com/sunsolve
under SunSolve Collections, Advanced Search, Browse Documents or
Security Sun Alerts
* Sun Alert Patch Report
http://sun.com/sunsolve/sunalert_patches.html
This is a comprehensive report of patches mentioned in the Resolution
section of Sun Alert documents and is available from SunSolve on the
Patch Portal page. It is updated daily and organized by product.
-------------------------------------------------------------------
*IMPORTANT UPDATE* Changes to Solaris 8 and 9 Patch Access on SunSolve
-------------------------------------------------------------------
Beginning March 31, 2007, Sun is changing the way users will access
Solaris 8 and 9 Software Updates (patches) to be consistent with the way users access Solaris 10 Software Updates.
Users will still be required to have a Sun Online Account and accept
a Software License Agreement in order to access any Software Updates,
but in addition users will be required to purchase a Solaris Subscription or Sun System Service Plan in order to access Solaris 8
and 9 Software Updates.
No Solaris Subscription or Sun System Service Plan will be required for security patches and device drivers, which will remain available without charge.
For more information, go to:
http://sunsolve.sun.com/search/document.do?assetkey=1-9-83061-1
For questions, contact: patchpolicy@sun.com
******************************************************************
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
ALSO ON SUN.COM --------------------------------------------------
My Sun Connection: http://sun.com/mysunconnection
Products & Services: http://sun.com/products
Business & Industry Solutions: http://sun.com/solutions
Support & Training: http://sun.com/supportraining/
Downloads: http://sun.com/download
Documentation: http://sun.com/documentation
Research: http://sun.com/research
News: http://sun.com/news
Sun[sm] Store: http://sun.com/store
Resources for
* Developers: http://sun.com/developers
* System Admins: http://sun.com/bigadmin
* Partners: http://sun.com/partners
* Executives: http://sun.com/executives
* Investors: http://sun.com/investors
------------------------------------------------------------------
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and
Sun StorEdge are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States and other countries. All
SPARC trademarks are used under license and are trademarks or
registered trademarks of SPARC International, Inc. in the United
States and other countries. Products bearing SPARC trademarks are
based upon an architecture developed by Sun Microsystems, Inc.