A security vulnerability related to a race condition in the Solaris kernel may allow a local unprivileged user to panic the system, creating a Denial of Service (DoS) condition.

A security vulnerability in the Java Runtime Environment Swing library may allow an untrusted applet to access data in other applets.

Sun acknowledges, with thanks, Tom Hawtin, for bringing this issue to our attention.

A vulnerability in the Sun Java Enterprise System (JES) may allow remote unprivileged users to construct certificates with forged signatures that go undetected and are accepted as valid signatures. These unprivileged users may be able to operate servers that falsely pose as other servers or generate forged signatures on emails and software downloads without detection.

This issue is also described in the following documents:

CERT VU#845620 at http://www.kb.cert.org/vuls/id/845620

CVE-2006-4339 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Note: The issue described in this Sun Alert is specific to Sun Java Enterprise System (JES). Multiple Sun products are affected by this issue; for more details please see Sun Alert 102648 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

A Security vulnerability in the Nvidia Graphics driver for Solaris 10 and Linux (both pre-install and CD versions) may allow a local or remote unprivileged user to run arbitrary code as root, due to a buffer overflow.

Additional information describing this issue can be found in the following document:

Security Advisory R7-0025 at http://download2.rapid7.com/r7-0025/

Note: Not all versions of the the Nvidia driver prior to those mentioned in the "Resolution" section of this Sun Alert are vulnerable to this issue. Please see the "Contributing Factors" section below for the affected versions.