[22486] in bugtraq
INCORRECT PATCH REVISIONS: Re: Sun Security Bulletin #00207
daemon@ATHENA.MIT.EDU (David Foster)
Sat Sep 1 12:34:12 2001
Message-Id: <200108312153.OAA15966@dim.ucsd.edu>
Date: Fri, 31 Aug 2001 14:53:33 -0700 (PDT)
From: David Foster <foster@dim.ucsd.edu>
Reply-To: David Foster <foster@dim.ucsd.edu>
To: dkp@email.arizona.edu, symonds@pilot.msu.edu, unisog@sans.org
Cc: focus-sun@securityfocus.com, bugtraq@securityfocus.com, sun-l@ucsd.edu
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: DJP3fx9YupRxrxeFyaEa9A==
This recent Sun Security Bulletin included some incorrect
patch revisions (see below) that could easily lead folks
to install outdated patches.
Dave Foster
>
________________________________________________________________________________
> Sun Microsystems, Inc. Security Bulletin
>
> Bulletin Number: #00207
> Date: August 30, 2001
> Cross-Ref: CERT Advisory CA-2001-05
> Title: snmpXdmid
>
<snip>
________________________________________________________________________________
>
> 1. Bulletins Topics
>
> Sun announces the release of patches for Solaris(tm) 8, 7, and
> 2.6 (SunOS(tm) 5.8, 5.7, and 5.6) which relate to an snmpXdmid
> vulnerability reported in CERT CA-2001-05.
>
> Sun recommends that you install the patches listed in section 4
> immediately on systems running SunOS 5.8, 5.7, and 5.6 which
> use snmpXdmid.
>
<snip>
> 4. List of Patches
>
> The following patches are available in relation to the above problem.
>
> OS Version Patch ID
> __________ _________
> SunOS 5.8 108869-07
> SunOS 5.8_x86 108870-07
> SunOS 5.7 107709-15
> SunOS 5.7_x86 107710-15
> SunOS 5.6 106787-15
> SunOS 5.6_x86 106872-15
>
THE CORRECT PATCHES ARE:
OS Version Patch ID
__________ _________
SunOS 5.8 108869-09 *
SunOS 5.8_x86 108870-09 *
SunOS 5.7 107709-15
SunOS 5.7_x86 107710-15
SunOS 5.6 106787-16 *
SunOS 5.6_x86 106872-15
<snip>
>
> APPENDICES
>
> A. Patches listed in this bulletin are available to all Sun customers at:
>
> http://sunsolve.sun.com/securitypatch
>
> B. Checksums for the patches listed in this bulletin are available at:
>
> ftp://sunsolve.sun.com/pub/patches/CHECKSUMS
>
> C. Sun security bulletins are available at:
>
> http://sunsolve.sun.com/security
>
> D. Sun Security Coordination Team's PGP key is available at:
>
> http://sunsolve.sun.com/pgpkey.txt
>
> E. To report or inquire about a security problem with Sun software, contact
> one or more of the following:
>
> - Your local Sun answer centers
> - Your representative computer security response team, such as CERT
> - Sun Security Coordination Team. Send email to:
>
> security-alert@sun.com
>
> F. To receive information or subscribe to our CWS (Customer Warning System)
> mailing list, send email to:
>
> security-alert@sun.com
>
> with a subject line (not body) containing one of the following commands:
>
> Command Information Returned/Action Taken
> _______ _________________________________
>
> help An explanation of how to get information
>
> key Sun Security Coordination Team's PGP key
>
> list A list of current security topics
>
> query [topic] The email is treated as an inquiry and is forwarded to
> the Security Coordination Team
>
> report [topic] The email is treated as a security report and is
> forwarded to the Security Coordination Team. Please
> encrypt sensitive mail using Sun Security Coordination
> Team's PGP key
>
> send topic A short status summary or bulletin. For example, to
> retrieve a Security Bulletin #00138, supply the
> following in the subject line (not body):
>
> send #138
>
> subscribe Sender is added to our mailing list. To subscribe,
> supply the following in the subject line (not body):
>
> subscribe cws your-email-address
>
> Note that your-email-address should be substituted
> by your email address.
>
> unsubscribe Sender is removed from the CWS mailing list.
>
________________________________________________________________________________
>
> Copyright 2000 Sun Microsystems, Inc. All rights reserved. Sun,
> Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks
> of Sun Microsystems, Inc. in the United States and other countries. This
> Security Bulletin may be reproduced and distributed, provided that this
> Security Bulletin is not modified in any way and is attributed to
> Sun Microsystems, Inc. and provided that such reproduction and distribution
> is performed for non-commercial purposes.
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBO46hQ7dzzzOFBFjJAQGvgwQAtlaSsDmaRwEk7Dww+H0V55DW+8++mWOo
> BqwLaOtlvolLT3OVn+Sh4IbXgMRTSVZayMCMzIhzqFNoJxrx0uJOnJet2vRf+rhW
> xTtZnRyUratLVLyBdby7+J4BMS5zF2fRPWnSac39opd5kA6Jcj0HmsYu+BuvkHLH
> bzCDsv260wY=
> =CoJt
> -----END PGP SIGNATURE-----
>
> To use our one-click unsubscribe facility, select the following URL:
> http://hermes.java.sun.com/unsubscribe?-6744347743761108529
<< All opinions expressed are mine, not the University's >>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
David Foster National Center for Microscopy and Imaging Research
Programmer/Analyst University of California, San Diego
dfoster@ucsd.edu Department of Neuroscience, Mail 0608
(858) 534-7968 http://ncmir.ucsd.edu/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw
