Patch advisory for Sun Microsystems. Please read for details.
37ec7d8a881415b6fc34673a37a6113fc6d9b7ce35884a001c249748658f5282
SUN MICROSYSTEMS SECURITY BULLETIN: #00114
This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.
Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------
All patches listed are available through your local Sun answer centers
worldwide as well as through anonymous ftp: in the US, ftp to ftp.uu.net
and obtain the patch from the ~ftp/sun-dist directory; in Europe, ftp to
mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory.
Special Note: A syntax error in the README file of patch 100173-07, the
NFS Jumbo Patch, has been corrected. The new checksum of compressed tarfile
100173-07.tar.Z is 58512 210.
Please refer to the BugID and PatchID when requesting patches from Sun
answer centers.
Please refer to the information below for additional information.
--------------------------------------------------------------------------
Sun Bug ID : 1076118
Synopsis : An OpenWindows, version 3, setuid program (loadmodule(8)) can
be exploited to execute a user's program using the effective
UID of root.
Sun Patch ID: 100448-01
Checksum of compressed tarfile 100448-01.tar.Z on ftp.uu.net = 26614 5
Sun advises that you replace the exploitable executable file with the
replacement provided in the patch. Note that 3.0 OpenWindows is only
supported on sun4 and sun4c architectures that use SunOS 4.1.1. The
executable provided works for both the sun4 and sun4c architectures.
Please refer to the patch's README file for more information.
Kenneth L. Pon
Sun Microsystems, Inc.
Software Security Coordinator
SUN MICROSYSTEMS SECURITY BULLETIN: #00114 ADDENDUM
This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.
Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------
All patches listed are available through your local Sun answer centers
worldwide as well as through anonymous ftp: in the US, ftp to ftp.uu.net
and obtain the patch from the ~ftp/sun-dist directory; in Europe, ftp to
mcsun.eu.net and obtain the patch from the ~ftp/sun/fixes directory.
Please refer to the BugID and PatchID when requesting patches from Sun
answer centers.
Please refer to the information below for additional information.
--------------------------------------------------------------------------
Sun Bug ID : 1076118
Synopsis : An OpenWindows, version 3, setuid program (loadmodule(8)) can
be exploited to execute a user's program using the effective
UID of root.
Sun Patch ID: 100448-01
Checksum of compressed tarfile 100448-01.tar.Z on ftp.uu.net = 04354 5
The README file for this patch has been modified since the release of
the original alert of 11 December 91. The new checksum is shown above.
I apologize for any inconvenience or confusion this may have caused.
Sun advises that you replace the exploitable executable file with the
replacement provided in the patch. Note that 3.0 OpenWindows is only
supported on sun4 and sun4c architectures that use SunOS 4.1.1. The
executable provided works for both the sun4 and sun4c architectures.
Please refer to the patch's README file for more information.
Kenneth L. Pon
Sun Microsystems, Inc.
Software Security Coordinator