Monday Sep 15, 2008

Update JDK in Sun Java System Application Server

The Sun Java System Application Server versions 8.1, 9.0 and 9.1 bundle
the Java SE Development Kit (JDK) 1.5.0. Sun has recently published JDK

1.5.0_16, which is an Update to JDK 1.5.0, addressing multiple security
vulnerabilities as listed in the following Sun Alerts:



Sun Alert 238628 available here

Sun Alert 238905 available here

Sun Alert 238965 available here

Sun Alert 238966 available here

Sun Alert 238967 available here

Sun Alert 238968 available here


All users of Sun Java System Application Server should apply the patches
listed in these Sun Alerts or upgrade the JDK to JDK 1.5.0_16 which is

available at



http://java.sun.com/javase/downloads/index_jdk5.jsp


Monday Jul 28, 2008

ISRs available for BIND DNS vulnerability VU#800113

Interim Security Reliefs (ISR) that fix CVE-2008-1447 (VU#800113) in Solaris 8 and 9 are available from http://sunsolve.sun.com/tpatches for the following releases:

SPARC Platform

  • Solaris 9 IDR138950-02 (MD5 = bdbe15fedd50858fbfbbe457867d731c)
  • Solaris 8 IDR138951-01 (MD5 = aca3c968346c05baabea9cf4bda941a9)
x86 Platform
  • Solaris 8 IDR138959-01 (MD5 = 92679afe992097f0b863b78fd5935cba)
  • Solaris 9 IDR138958-02 (MD5 = c55025147410880848d611d0b2c50754)

These ISRs deliver BIND 9 with the fix for CVE-2008-1447. Solaris 8 and 9 use BIND version 8. In that version it is not possible to implement needed fix because of design of this fix. Also, BIND 8 is already end of life (EOL) according ISC.

Sun is currently working on a patch to release the fixed BIND version 9 for Solaris 8 and 9 (replacing the EOL BIND 8 there). Changing the release from BIND 8 to BIND 9 is not a trivial task and therefore the patches to address these are still in progress.

Users MUST completely re-configure BIND as per instructions in /usr/lib/dns/migration.txt in order to use the new BIND 9 and the fixes that these patches deliver. This migration document is shipped as part of the IDRs at SUNWcsu/reloc/usr/lib/dns/migration.txt

Please refer to Sun Alert 239392 "Security Vulnerability in the DNS Protocol may lead to DNS Cache Poisoning", Sun Alert 240048 Update to Sun Alert 239392 and US-CERT Vulnerability Note VU#800113 for more details on this vulnerability.

NOTE: Interim Security Relief (ISRs) are designed to address the concerns identified herein. Sun has limited experience with these (ISRs) due to their interim nature. As such, you should only install the ISRs on systems meeting the configurations described above. Sun may release full patches at a later date, however, Sun is under no obligation whatsoever to create, release, or distribute any such patch.

Tuesday Nov 06, 2007

Reference document for security Sun Alerts

The Sun Security Coordination Team has published a reference document for security Sun Alerts at:

http://sunsolve.sun.com/search/document.do?assetkey=1-9-91209-1

This document includes information on Preliminary and Workaround Sun Alerts, various sections in the body of a Sun Alert, definitions of frequently used vulnerability related terminology (such as 'local user', 'remote user', 'execution of arbitrary code' and so on) and a brief summary of Sun's response to security vulnerability reports.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today