Leftovers: Solaris workaround, Patch Tuesday

Summary:In response to public disclosure of a code execution hole affecting default installations of Sun Solaris, the company is recommending users turn off the X font server until a patch is ready.

Turn off X font server
Just a few quick updates to news stories from last week:

In response to public disclosure of a code execution hole affecting default installations of Sun Solaris, the company is recommending users turn off the X font server until a patch is ready.

The advice comes from Alan Coopersmith (left), a member of Sun's X Engineering group, who notes that the critical bug only affects Solaris versions up through Solaris 10 6/06 :

Our sustaining teams are producing patches and a Sun Alert covering this issue, but until then, if you don't need the X font server (on Solaris it's really only used for remote desktop sessions from computers without the standard Solaris fonts already installed - unlike some Linux'es, local sessions don't use it), you can easily turn it off in several ways:

  • On all Solaris releases: “/usr/openwin/bin/fsadmin -d”, which will either break the link that inetd uses (Solaris 2.6-Solaris 9) or use inetadm to disable the svc:/application/x11/xfs service (Solaris 10 & later).
  • On Solaris 10 and later, you can do the same thing explicitly with “/usr/sbin/inetadm -d svc:/application/x11/xfs:default”.
  • On Solaris 2.6 through 9, you can do the traditional editing of /etc/inetd.conf to disable it, then “kill -HUP inetd”.
  • If you'll never need it, and want to be sure it's gone, remove the xfs package with “pkgrm SUNWxwfs”.

MICROSOFT PATCH TUESDAY

According to a note from Symantec, Microsoft has pulled one of security bulletins from the batch being released tomorrow (October 9).

Microsoft's advance notice still lists seven bulletins -- four rated critical -- but a note from Symantec's DeepSight service says one has been withdrawn. If this is accurate, it would be the second successive month that Microsoft has yanked security patches at the eleventh hour.

A Microsoft spokesman would only confirm "a minor change to the release schedule" since the advance notice was issued last Thursday. "[There] remains the possibility that a security update could be removed from the release schedule. Generally speaking, a removal could occur because of last minute quality issues," he said.

This batch of patches will cover multiple holes in Windows, Internet Explorer, Microsoft Office, Outlook Express and Vista's Windows Mail.

Topics: Operating Systems, Hardware, Microsoft, Open Source, Servers, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.