[SunRay-Users] FYI: This Alert Covers CVE-2010-0888 for the Device Services Component of the Sun Ray Server Software Product

Tue, 13 Apr 2010 13:25:33 -0700 

Category: Security
Release Phase: Resolved
Bug Id: 6902328
Product: Sun Ray Server Software 4.0, Sun Ray Server Software 4.1, Sun Ray Server Software 4.2 
Date of Resolved Release: 12-Apr-2010



1. Impact
This Alert covers CVE-2010-0888 for the Device Services component of the Sun Ray Server Software product.
CVE-2010-0888 can be found at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0888
Please see http://www.oracle.com/technology/deploy/security/alerts.htm for more information about Critical Patch Updates and Security Alerts. This publication relates to the CPU for April 2010. 

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
Sun Ray Server Software 4.2 (for Solaris 10) without patch 140993-01
Sun Ray Server Software 4.1 (for Solaris 10) without patch 139548-04
Sun Ray Server Software 4.0 (for Solaris 10) without patch 127553-08

x86 Platform
Sun Ray Server Software 4.2 (for Solaris 10) without patch 140994-01
Sun Ray Server Software 4.1 (for Solaris 10) without patch 139549-04
Sun Ray Server Software 4.0 (for Solaris 10) without patch 127554-08

Linux
Sun Ray Server Software 4.2 (for Solaris 10) without patch 140995-01
Sun Ray Server Software 4.1 (for Solaris 10) without patch 139550-04
Sun Ray Server Software 4.0 (for Solaris 10) without patch 127555-08

Notes:
1. Previous versions of Sun Ray Server Software are not affected by this issue.
2. To determine the version of the Sun Ray Server Software on a Solaris system, the following command can be run: 
$ /usr/bin/pkgparam SUNWuto VERSION
4.2_77,REV=2009.10.19.17.01
3. To determine the version of the Sun Ray Server Software on a Linux system, the following command can be run: 
$ /bin/rpm -q SUNWuto
SUNWuto-4.2-77
4. This issue only affects servers which have the Device Services enabled. To determine if Device Services is enabled on a server, the following can be used: 
$ /opt/SUNWut/sbin/utdevadm

Sun Ray Device Service     Status
------------------------------------------
internal_serial            enabled
internal_smartcard_reader  enabled
usb                        enabled

3. Symptoms


4. Workaround


5. Resolution

This issue is addressed in the following releases:

SPARC Platform
Sun Ray Server Software 4.2 (for Solaris 10) with patch 140993-01 or later
Sun Ray Server Software 4.1 (for Solaris 10) with patch 139548-04 or later
Sun Ray Server Software 4.0 (for Solaris 10) with patch 127553-08 or later

x86 Platform
Sun Ray Server Software 4.2 (for Solaris 10) with patch 140994-01 or later
Sun Ray Server Software 4.1 (for Solaris 10) with patch 139549-04 or later
Sun Ray Server Software 4.0 (for Solaris 10) with patch 127554-08 or later

Linux
Sun Ray Server Software 4.2 (for Solaris 10) with patch 140995-01 or later
Sun Ray Server Software 4.1 (for Solaris 10) with patch 139550-04 or later
Sun Ray Server Software 4.0 (for Solaris 10) with patch 127555-08 or later



document link at sun.com:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274590-1

_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

Reply via email to