Home / mailings SUN ALERT WEEKLY SUMMARY REPORT
Posted on 19 January 2010
Sun AlertsWeek of 10-Jan-2010 to 16-Jan-2010
Welcome to the Sun Alert Weekly Summary Report, the newsletter
that provides you with a weekly listing of newly released and
updated Sun Alert Notifications. It is being distributed
to inform you about critical hardware and software issues that
could impact the availability, security, and data integrity of
your computing environment.
==================================================================
ISSUE HIGHLIGHTS - New http://wikis.sun.com/x/EAF9B
* New and Updated Sun Alerts for 3 Release Phases:
Preliminary, Workaround and Resolved
Note: To read past newsletters go to sunsolve.sun.com,
hit Accept, use Advanced Search with keywords "weekly
summary report newsletter", Sort by Date, and select the
Sun Alert Notifications collection.
=================================================================
New Preliminary Sun Alert Notifications
None
=================================================================
New Workaround Sun Alert Notifications
(Total Workaround: 2)
Sun Alert ID: 275530
Title: Integer Overflow Security Vulnerability in AES and RC4
Decryption in the Solaris Kerberos Crypto Library May
Lead to Execution of Arbitrary Code or a Denial of
Service (DoS)
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 12-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1
-----------------------------------------------------------------
Sun Alert ID: 275590
Title: A Security Vulnerability in the ntp Daemon (xntpd(1M))
May Lead to a Denial of the Solaris Network Time
Protocol(NTP) Service
Product: Solaris 8 Operating System, Solaris 9 Operating System,
Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 13-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1
=================================================================
New Resolved Sun Alert Notifications
(Total Resolved: 5)
Sun Alert ID: 272489
Title: Security Vulnerability in the OSCAR Protocol Plugin for
pidgin(1) may Lead to a Denial of Service (DoS)
Condition
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 11-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272489-1
-----------------------------------------------------------------
Sun Alert ID: 273570
Title: Multiple Buffer and Integer Overflow Vulnerabilities in
Python (python(1)) May Lead to a Denial of Service
(DoS) or Allow Execution of Arbitrary Code
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 11-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273570-1
-----------------------------------------------------------------
Sun Alert ID: 274390
Title: An Integer Overflow Vulnerability in GIMP(1) May Lead to
Denial of Service (DoS) or Execution of Arbitrary Code
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 11-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274390-1
-----------------------------------------------------------------
Sun Alert ID: 275010
Title: Security Vulnerability in Identity Manager 8.1.0.5 and
8.1.0.6 Configured with Sun Java System Access Manager,
OpenSSO Enterprise 8.0 or IBM Tivoli Access Manager
Product: Sun Identity Manager 8.1
Category: Security
Release Phase: Resolved
Resolved Date: 11-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1
-----------------------------------------------------------------
Sun Alert ID: 275410
Title: A Security Vulnerability in Solaris Trusted Extensions
due to Missing Libraries may Allow Privilege Escalation
Product: Solaris 10 Operating System
Category: Security
Release Phase: Resolved
Resolved Date: 11-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275410-1
=================================================================
Updated Sun Alert Notifications
(Total Updated: 4)
Sun Alert ID: 269808
Title: Improper AC Input Power Supply Redundancy Testing on Sun
SPARC Enterprise M4000/M5000 Servers May Result in
Domain Outages, or Cause Components to be Falsely
Marked as Faulty
Product: Sun SPARC Enterprise M4000 Server, Sun SPARC Enterprise
M5000 Server
Category: Availability
Release Phase: Resolved
Resolved Date: 14-Oct-2009
Last Updated: 12-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269808-1
-----------------------------------------------------------------
Sun Alert ID: 273350
Title: Security Vulnerability in the Transport Layer Security
(TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
Involving Handshake Renegotiation Affects Applications
Utilizing Network Security Services (NSS)
Product: Sun Java Enterprise System 5, Sun Java Enterprise System
2005Q4, Solaris 8 Operating System, Solaris 9 Operating
System, Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Resolved
Resolved Date: 09-Dec-2009
Last Updated: 12-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1
-----------------------------------------------------------------
Sun Alert ID: 274870
Title: Security Vulnerabilities in PostgreSQL Shipped With
Solaris May Allow Escalation of Privileges or
Man-in-the-Middle on SSL Connections
Product: Solaris 10 Operating System, OpenSolaris
Category: Security
Release Phase: Workaround
Workaround Date: 24-Dec-2009
Last Updated: 15-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1
-----------------------------------------------------------------
Sun Alert ID: 274990
Title: Security Vulnerability in the Transport Layer Security
(TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols
Affects Multiple Server Products in the Sun Java
Enterprise System Suite
Product: Sun Java System Web Server 6.1, Sun Java System Web
Server 7.0, Sun Java System Web Proxy Server 4.0, Sun
Java System Application Server Enterprise Edition, Sun
GlassFish Enterprise Server v2.1
Category: Security
Release Phase: Workaround
Workaround Date: 07-Jan-2010
Last Updated: 13-Jan-2010
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
==================================================================
For more information on the Sun Alert program, please visit:
http://wikis.sun.com/x/EAF9B
RSS Feed :
http://www.sun.com/rss/?t=3&pgID=1&trss=Sun%20Alerts%20-%20New&uri=http:
//cds-srv.sun.com:8700/rss/insert/public/sunalert_insert.xml
Sun Alert Patch Report -- TEXT version is available at:
https://supportuploads.sun.com/download?directory=downloads&file=SApatches%2dpub%2etxt
or go to http://supportfiles.sun.com/download and enter the following
file name, SApatches-pub.txt, from the directory named "downloads".
==================================================================
Thanks for tuning in to the Sun Alert Weekly Summary Report!
Best regards,
Sun Alert Program Office
Sun Microsystems, Inc.
sunalert-newsletter@sun.com
