Patch-ID# 118036-06 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security linux rhel2.1 Synopsis: Application Server 7.0 RHEL2.1: Java Mail Runtime Patch Date: May/23/2006 Install Requirements: None Solaris Release: Note: Redhat SunOS Release: Note: RHEL2.1 Unbundled Product: Application Server Unbundled Release: 7.0 Xref: This patch available for Solaris sparc as 116300 and Solaris intel as 116301. Topic: Application Server 7.0 RHEL2.1: Java Mail Runtime Patch Relevant Architectures: i386 BugId's fixed with this patch: 4954711 4994363 5015561 5017695 5021054 5022976 5025894 5033159 5034880 5039545 5043376 5049159 5056917 5057723 5063790 5063854 6067367 6088593 6092475 6092499 6152742 6155154 6155446 6156869 6181948 6193156 6197275 6210327 6217658 6223367 6223368 6230798 6240424 6251775 6264531 6267905 6277733 6285724 6286783 6288472 6308777 6324565 6360036 6361877 6387790 6396045 Changes incorporated in this version: 6230798 6264531 6360036 6361877 6387790 6396045 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: Note: SUNWjmail-7.0.0-09.i386.rpm Problem Description: 6230798 Exception thrown during the closure of a connection by the pool leads to a connection leak 6264531 AS7.x connection pool does not manage failed connections well hence later unable to get connections 6360036 Cannot delete certificate 6361877 On restart, initPool throw IllegalStateException and jdbc pool not initialized (JDBC fails) 6387790 Cross Site Scripting Vulnebility in Application Server 7 Update 8 and 2004Q2 UR4 6396045 NFS support on SUN 's app server (from 118036-05) 6267905 appservd takes up CPU resources when primordial appservd is not present 6277733 On RH3 Linux, appservd crashes in intermittently and caused by LinuxKernelStats (when stats-init on) 6193156 AS7.x crash with CORE3148: failed to wait on signals. (Interrupted system call) 6223367 modification of acl does not add object into server1-obj.conf 6223368 Not able to see the ACL's in admin UI eg "B. Pick an existing ACL". 6285724 HTTP request smmuggling vulnerability["GETorPOST / HTTP/1.x" with content-length and body] 6286783 server has to reject requests with Double 'Content-Length' header 6288472 Unable to change the smux port of subagent 6308777 Servlet container UTF-8 URI mapping vulnerability 6324565 Fixes for 6316387 and 6318003 need to be ported to appserver7 (from 118036-04) 4954711 Missing synchronization in connection pool can cause deadlock 4994363 Security role mapping not updated properly 6210327 Appserver Reverse SSL Proxy plugin is vulnerable to MITM attacks 6217658 "Server-Parsed HTML" can lead to display jsp source with trailing '/' on URI 6240424 cross-site scripting vulnerability in a default error page 6251775 Session Timeout did not appear to be taking into account of the last access time (from 118036-03) 6181948 alleged input validation error. 6197275 cert7.db getting generated in Appserver 7 ur5 (from 118036-02) 5043376 unwanted and conflicting Cache-control headers are generated 5057723 templates of asenv.conf and server.xml have hardcoded location specific to Solaris 5022976 Error while creating auth-realm using sun-appserv-admin 5049159 app svr should reconnect to directory svr if directory svr goes down and then co 5056917 Neither the CNCtxFactory or S1ASCtxFactory can be used to programmatically reconn 6088593 cts testsuite : ContainsHeaderTestServlet test FAILED 6092475 DOC: web server crash when running high load and app server reverse proxy plugin 6092499 REG:GAT resulting LDAP Server crash 6152742 JDBC connection pool does not properly release connections 6155154 client authentication not working with IIS 5.0 sun-passthrough plugin 6155446 Corrupted transaction log files hang appserver 6156869 DOC: No documentation on how to use MQ3.5SP1 with AS7 UR4 (from 118036-01) 5063854 Able to access the last session of SJAS 7.0/7.1 5033159 HttpServletRequest.getCookies() method returns cookies from a totally different 5021054 7 SE : The EJB Classloader doesn't adhere to EJB Spec in terms of loading Java 5015561 JCA will leak physical connections if getMetaData() throws ResourceException 5025894 partial JCA 1.5 functionality requested 5017695 AS7 - cannot deploy .rar without . 5034880 Standalone AppServer UR3 Svr4 patch doesn't install properly 5039545 RN: AppServer-WebContainer sends ABSOLUTE redirects causing problems with extern 5063790 Require a port (and backport) of a web server bug: 4882838 6067367 AppServer 7.0 Ur3 rpms fails sun_patchchk during Patch Installation Instructions: -------------------------------- To install this patch, run the command: rpm -F 'rpmname' This will freshen your existing RPM installation. Note that if this is a relocatable binary RPM and you have installed into a non-default location using the --prefix switch, you must specify the --prefix switch with the non-default location when you install this patch. Consult the rpm(1) man page for more details. Special Install Instructions: ----------------------------- None. README -- Last modified date: Tuesday, May 23, 2006