INCORRECT PATCH REVISIONS: Re: Sun Security Bulletin #00207

David Foster foster at dim.ucsd.edu
Fri Aug 31 21:53:33 GMT 2001


This recent Sun Security Bulletin included some incorrect
patch revisions (see below) that could easily lead folks
to install outdated patches.

Dave Foster

> 
________________________________________________________________________________
>                     Sun Microsystems, Inc. Security Bulletin
> 
> Bulletin Number:          #00207
> Date:                     August 30, 2001
> Cross-Ref:                CERT Advisory CA-2001-05
> Title:                    snmpXdmid
> 
<snip> 
________________________________________________________________________________
> 
> 1.  Bulletins Topics
> 
>     Sun announces the release of patches for Solaris(tm) 8, 7, and
>     2.6 (SunOS(tm) 5.8, 5.7, and 5.6) which relate to an snmpXdmid
>     vulnerability reported in CERT CA-2001-05.
> 
>     Sun recommends that you install the patches listed in section 4
>     immediately on systems running SunOS 5.8, 5.7, and 5.6 which
>     use snmpXdmid.
> 
<snip>
> 4.  List of Patches
> 
>     The following patches are available in relation to the above problem.
> 
>     OS Version               Patch ID
>     __________               _________
>     SunOS 5.8                108869-07
>     SunOS 5.8_x86            108870-07
>     SunOS 5.7                107709-15
>     SunOS 5.7_x86            107710-15
>     SunOS 5.6                106787-15
>     SunOS 5.6_x86            106872-15
> 

THE CORRECT PATCHES ARE:

     OS Version               Patch ID
     __________               _________
     SunOS 5.8                108869-09	*
     SunOS 5.8_x86            108870-09	*
     SunOS 5.7                107709-15
     SunOS 5.7_x86            107710-15
     SunOS 5.6                106787-16	*
     SunOS 5.6_x86            106872-15
     
<snip>
     
> 
> APPENDICES
> 
> A.  Patches listed in this bulletin are available to all Sun customers at:
> 
>     http://sunsolve.sun.com/securitypatch
> 
> B.  Checksums for the patches listed in this bulletin are available at:
> 
>     ftp://sunsolve.sun.com/pub/patches/CHECKSUMS
> 
> C.  Sun security bulletins are available at:
> 
>     http://sunsolve.sun.com/security
> 
> D.  Sun Security Coordination Team's PGP key is available at:
> 
>     http://sunsolve.sun.com/pgpkey.txt
> 
> E.  To report or inquire about a security problem with Sun software, contact
>     one or more of the following:
> 
>         - Your local Sun answer centers
>         - Your representative computer security response team, such as CERT
>         - Sun Security Coordination Team. Send email to:
> 
>         security-alert at sun.com
> 
> F.  To receive information or subscribe to our CWS (Customer Warning System)
>     mailing list, send email to:
> 
>         security-alert at sun.com
> 
>     with a subject line (not body) containing one of the following commands:
> 
>         Command         Information Returned/Action Taken
>         _______         _________________________________
> 
>         help            An explanation of how to get information
> 
>         key             Sun Security Coordination Team's PGP key
> 
>         list            A list of current security topics
> 
>         query [topic]   The email is treated as an inquiry and is forwarded to
>                         the Security Coordination Team
> 
>         report [topic]  The email is treated as a security report and is
>                         forwarded to the Security Coordination Team. Please
>                         encrypt sensitive mail using Sun Security Coordination
>                         Team's PGP key
> 
>         send topic      A short status summary or bulletin. For example, to
>                         retrieve a Security Bulletin #00138, supply the
>                         following in the subject line (not body):
> 
>                                 send #138
> 
>         subscribe       Sender is added to our mailing list.  To subscribe,
>                         supply the following in the subject line (not body):
> 
>                                 subscribe cws your-email-address
> 
>                         Note that your-email-address should be substituted
>                         by your email address.
> 
>         unsubscribe     Sender is removed from the CWS mailing list.
> 
________________________________________________________________________________
> 
> Copyright 2000 Sun Microsystems, Inc. All rights reserved. Sun,
> Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks
> of Sun Microsystems, Inc. in the United States and other countries. This
> Security Bulletin may be reproduced and distributed, provided that this
> Security Bulletin is not modified in any way and is attributed to
> Sun Microsystems, Inc. and provided that such reproduction and distribution
> is performed for non-commercial purposes.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBO46hQ7dzzzOFBFjJAQGvgwQAtlaSsDmaRwEk7Dww+H0V55DW+8++mWOo
> BqwLaOtlvolLT3OVn+Sh4IbXgMRTSVZayMCMzIhzqFNoJxrx0uJOnJet2vRf+rhW
> xTtZnRyUratLVLyBdby7+J4BMS5zF2fRPWnSac39opd5kA6Jcj0HmsYu+BuvkHLH
> bzCDsv260wY=
> =CoJt
> -----END PGP SIGNATURE-----
> 
> 	To use our one-click unsubscribe facility, select the following URL:
> 	http://hermes.java.sun.com/unsubscribe?-6744347743761108529


   << All opinions expressed are mine, not the University's >>

  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   David Foster    National Center for Microscopy and Imaging Research
    Programmer/Analyst     University of California, San Diego
    dfoster at ucsd.edu       Department of Neuroscience, Mail 0608
    (858) 534-7968         http://ncmir.ucsd.edu/
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   "The reasonable man adapts himself to the world; the unreasonable one
   persists in trying to adapt the world to himself.  Therefore, all progress
   depends on the unreasonable."   -- George Bernard Shaw



More information about the unisog mailing list