Sun Security Blog
Security
|
The Sun Java System Application Server versions 8.1, 9.0 and 9.1 bundle
the Java SE Development Kit (JDK) 1.5.0. Sun has recently published JDK
1.5.0_16, which is an Update to JDK 1.5.0, addressing multiple security vulnerabilities as listed in the following Sun Alerts: All users of Sun Java System Application Server should apply the patches listed in these Sun Alerts or upgrade the JDK to JDK 1.5.0_16 which is available at
http://java.sun.com/javase/downloads/index_jdk5.jsp tags: alert appserver jdk vulnerability Permalink | Comments [1]Interim Security Reliefs (ISR) that fix CVE-2008-1447 (VU#800113) in Solaris 8 and 9 are available from http://sunsolve.sun.com/tpatches for the following releases: SPARC Platform
These ISRs deliver BIND 9 with the fix for CVE-2008-1447. Solaris 8 and 9 use BIND version 8. In that version it is not possible to implement needed fix because of design of this fix. Also, BIND 8 is already end of life (EOL) according ISC. Sun is currently working on a patch to release the fixed BIND version 9 for Solaris 8 and 9 (replacing the EOL BIND 8 there). Changing the release from BIND 8 to BIND 9 is not a trivial task and therefore the patches to address these are still in progress. Users MUST completely re-configure BIND as per instructions in /usr/lib/dns/migration.txt in order to use the new BIND 9 and the fixes that these patches deliver. This migration document is shipped as part of the IDRs at SUNWcsu/reloc/usr/lib/dns/migration.txt Please refer to Sun Alert 239392 "Security Vulnerability in the DNS Protocol may lead to DNS Cache Poisoning", Sun Alert 240048 Update to Sun Alert 239392 and US-CERT Vulnerability Note VU#800113 for more details on this vulnerability. NOTE: Interim Security Relief (ISRs) are designed to address the concerns identified herein. Sun has limited experience with these (ISRs) due to their interim nature. As such, you should only install the ISRs on systems meeting the configurations described above. Sun may release full patches at a later date, however, Sun is under no obligation whatsoever to create, release, or distribute any such patch. tags: alert bind cve-2008-1447 security solaris vu#800113 Permalink | Comments [0]
The Sun Security Coordination Team has published a reference document for security Sun Alerts at:
http://sunsolve.sun.com/search/document.do?assetkey=1-9-91209-1 This document includes information on Preliminary and Workaround Sun Alerts, various sections in the body of a Sun Alert, definitions of frequently used vulnerability related terminology (such as 'local user', 'remote user', 'execution of arbitrary code' and so on) and a brief summary of Sun's response to security vulnerability reports.tags: alert reference sun vulnerability Permalink | Comments [0] |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
