Home / mailings SUN(SM) ALERT WEEKLY SUMMARY REPORT
Posted on 30 October 2007
Sun AlertsWeek of 21-Oct-2007 - 27-Oct-2007
Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter
that provides you with a weekly listing of newly released and
updated Sun Alert Notifications. It is being distributed
to inform you about critical hardware and software issues that
could impact the availability, security, and data integrity of
your computing environment.
==================================================================
ISSUE HIGHLIGHTS
* Newly Released Sun Alert Notifications
* Updated Sun Alert Notifications
* Additional Sun Alert Information
* Changes to Patch Access on SunSolve
==================================================================
-------------------------------------------------------------------
Newly Released Sun Alert Notifications
-------------------------------------------------------------------
(Total Released: 6)
Sun Alert ID: 103101 (RESOLVED)
Synopsis: Security Vulnerability in Solaris 10 SCTP INIT
Processing
Product: Solaris 10 Operating System
Category: Security
Date Released: 26-Oct-2007
Date Closed: 26-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103101-1
-------------------------------------------------------------------
Sun Alert ID: 103112 (RESOLVED)
Synopsis: Vulnerability in Java Runtime Environment Virtual
Machine May Allow Untrusted Application or Applet
to Elevate Privileges
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 22-Oct-2007
Date Closed: 22-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
-------------------------------------------------------------------
Sun Alert ID: 103121
Synopsis: Multiple Memory Corruption Vulnerabilities in
Layout Engine for Mozilla 1.7
Product: Mozilla v1.7
Category: Security
Date Released: 22-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1
-------------------------------------------------------------------
Sun Alert ID: 103125
Synopsis: Multiple Security Vulnerabilities in JavaScript
Engine in Mozilla 1.7 for Solaris 8, 9 and 10
Product: Mozilla v1.7, Solaris 9 Operating System, Solaris
10 Operating System, Solaris 8 Operating System
Category: Security
Date Released: 26-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1
-------------------------------------------------------------------
Sun Alert ID: 103129
Synopsis: Sun StorageTek Common Array Manager (CAM) 6.0
Cannot Complete Product Registration at Install
Product: Sun StorageTek Common Array Manager Software 6.0
Category: Availability
Date Released: 26-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103129-1
(before accessing this Sun Alert document please login to a
SunSolve Online Account with a Sun Spectrum Support Contract
at http://sunsolve.sun.com -> "Login")
-------------------------------------------------------------------
Sun Alert ID: 103130
Synopsis: Security Vulnerability in Solaris 10 OpenSSL
SSL_get_shared_ciphers() Function
Product: Solaris 10 Operating System
Category: Security
Date Released: 25-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1
-------------------------------------------------------------------
Updated Sun Alert Notifications
-------------------------------------------------------------------
(Total Updated: 8)
Sun Alert ID: 101644 (former 57731) (RESOLVED)
Synopsis: Availability and/or Performance Issues With
Dual-Controller Configuration or Replacement on
3510 Array
Product: Sun StorageTek 3510 FC Array
Category: Availability
Date Released: 28-Jan-2005, 26-Oct-2007
Date Closed: 26-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101644-1
-------------------------------------------------------------------
Sun Alert ID: 102964 (RESOLVED)
Synopsis: Multiple Security Vulnerabilities in samba(7) May
Allow Remote Code Execution, Elevation of
Privileges, Remote Shell Command Execution, or
Denial of Service (DoS)
Product: Solaris 9 Operating System, Solaris 10 Operating
System, SAMBA
Category: Security
Date Released: 14-Jun-2007, 24-Oct-2007
Date Closed: 24-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
-------------------------------------------------------------------
Sun Alert ID: 102992 (RESOLVED)
Synopsis: Security Vulnerability in Processing XSLT
Stylesheets Affects Sun Java System Application
Server and Web Server
Product: Sun Java System Application Server Standard Edition
8.2, Sun Java System Application Server Enterprise
Edition 8.2, Sun Java System Application Server
Platform Edition 9.0 Update 1, Sun Java System
Application Server PE 9 , Sun Java System Web
Server 7.0
Category: Security
Date Released: 10-Jul-2007, 26-Oct-2007
Date Closed: 26-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1
-------------------------------------------------------------------
Sun Alert ID: 103000 (RESOLVED)
Synopsis: JSP Source Code Exposure Issue on Windows Platform
Affects Sun Java System Application Server
Product: Sun Java System Application Server Platform Edition
8.1 2005Q1, Sun Java System Application Server
Enterprise Edition 8.2, Sun Java System Application
Server Enterprise Edition 8.1 2005Q1, SJS
Application Server PE 8.2
Category: Security
Date Released: 24-Jul-2007, 26-Oct-2007
Date Closed: 26-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1
-------------------------------------------------------------------
Sun Alert ID: 103060 (RESOLVED)
Synopsis: Security Vulnerability in RPCSEC_GSS
(rpcsec_gss(3NSL)) Affects Kerberos Administration
Daemon (kadmind(1M))
Product: Solaris 9 Operating System, Solaris 10 Operating
System, Solaris 8 Operating System
Category: Security
Date Released: 05-Sep-2007, 22-Oct-2007
Date Closed: 22-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1
-------------------------------------------------------------------
Sun Alert ID: 103071 (RESOLVED)
Synopsis: Java Runtime Environment (JRE) May Allow Untrusted
Applets or Applications to Display An Oversized
Window so that the Warning Banner is Not Visible to
User
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 03-Oct-2007, 22-Oct-2007
Date Closed: 22-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1
-------------------------------------------------------------------
Sun Alert ID: 103072 (RESOLVED)
Synopsis: An Untrusted Java Web Start Application or Java
Applet May Move or Copy Arbitrary Files by
Requesting the User to Drag and Drop a File from
Application or Applet Window to a Desktop
Application
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 03-Oct-2007, 22-Oct-2007
Date Closed: 22-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
-------------------------------------------------------------------
Sun Alert ID: 103076 (RESOLVED)
Synopsis: Ethernet Driver "nxge" for Specific Ethernet Cards
May Cause Data Integrity Issues
Product: Solaris 10 Operating System
Category: Data Loss
Date Released: 25-Sep-2007, 24-Oct-2007
Date Closed: 24-Oct-2007
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103076-1
------------------------------------------------------------------
Additional Sun Alert Information
------------------------------------------------------------------
* Accessing Sun Alert Notifications
Sun Alert Notifications are accessed on http://sun.com/sunsolve
under SunSolve Collections, Advanced Search, Browse Documents or
Security Sun Alerts
* Sun Alert Patch Report
http://sun.com/sunsolve/sunalert_patches.html
This is a comprehensive report of patches mentioned in the Resolution
section of Sun Alert documents and is available from SunSolve on the
Patch Portal page. It is updated daily and organized by product.
-------------------------------------------------------------------
*IMPORTANT UPDATE* Changes to Solaris 8 and 9 Patch Access on SunSolve
-------------------------------------------------------------------
Beginning March 31, 2007, Sun is changing the way users will access
Solaris 8 and 9 Software Updates (patches) to be consistent with the way users access Solaris 10 Software Updates.
Users will still be required to have a Sun Online Account and accept
a Software License Agreement in order to access any Software Updates,
but in addition users will be required to purchase a Solaris Subscription or Sun System Service Plan in order to access Solaris 8
and 9 Software Updates.
No Solaris Subscription or Sun System Service Plan will be required for security patches and device drivers, which will remain available without charge.
For more information, go to:
http://sunsolve.sun.com/search/document.do?assetkey=1-9-83061-1
For questions, contact: patchpolicy@sun.com
******************************************************************
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
ALSO ON SUN.COM --------------------------------------------------
My Sun Connection: http://sun.com/mysunconnection
Products & Services: http://sun.com/products
Business & Industry Solutions: http://sun.com/solutions
Support & Training: http://sun.com/supportraining/
Downloads: http://sun.com/download
Documentation: http://sun.com/documentation
Research: http://sun.com/research
News: http://sun.com/news
Sun[sm] Store: http://sun.com/store
Resources for
* Developers: http://sun.com/developers
* System Admins: http://sun.com/bigadmin
* Partners: http://sun.com/partners
* Executives: http://sun.com/executives
* Investors: http://sun.com/investors
------------------------------------------------------------------
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun Logo, My Sun, iForce, Sun Fire, and
Sun StorEdge are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States and other countries. All
SPARC trademarks are used under license and are trademarks or
registered trademarks of SPARC International, Inc. in the United
States and other countries. Products bearing SPARC trademarks are
based upon an architecture developed by Sun Microsystems, Inc.
