-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                        ESB-2008.0245 -- [Solaris]
          Solaris Daylight Saving Time (DST) Update (March 2008)
                               10 March 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Daylight Saving Time
Publisher:            Sun Microsystems
Operating System:     Solaris
Impact:               Provide Misleading Information

Original Bulletin:  
  http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-234461-1

- --------------------------BEGIN INCLUDED TEXT--------------------

Solution Type: Sun Alert
   Solution  234461 :   Solaris Daylight Saving Time (DST) Update (March
   2008)          
   Previously Published As: 201521

   Bug ID: 6542933, 6597032, 6606060, 6636785, 664589

   Product
Solaris 8 Operating System, Solaris 9 Operating System, Solaris 10 Operating Sy
stem

   Date of Resolved Release: 07-Mar-2008

   SA Document Body
Solaris Daylight Saving Time (DST) Update (March 2008)

1. Impact

   This Sun Alert contains updated patch revision levels to those
   originally listed in Sun Alert 201521 (formerly Sun Alert 103044). The
   original patch IDs have not changed; newer revisions are now
   available.
   Daylight Saving Time (DST) and time zone definition changes occur in
   different countries around the world on a regular basis. This Sun
   Alert will be used to track ongoing daylight saving and timezone
   changes for Solaris.

   As these changes come into effect in each country, failure to
   implement the listed updates may cause inaccurate date and time which
   could lead to unpredictable results, depending upon usage.
   BugID CR 6542933: update zoneinfo timezones to 2007f (Mongolia, New
   Zealand, Indiana, etc)

   February 8, 2007 - Mongolia has chosen not to move to Summer Time
   (Daylight Saving Time) commencing 2007. Previously, each year the
   clock advanced one hour earlier during the summer.

   March 11, 2007 - Pulaski County, Indiana, is switching from CST/CDT to
   EST/EDT which means a 2-hour change on March 11 2007. This requires a
   new Zone: America/Indiana/Winamac.

   April 30, 2007 - New Zealand has decided to extend the daylight
   savings period to 27 weeks. Clocks will go forward an hour a week
   earlier than usual - on the last Sunday in September - and back an
   hour on the first Sunday in April instead of the third Sunday in
   March. Daylight saving for 2007-08 will start at 2a.m. on 30 September
   2007 and end at 3a.m. on 6 April 2008.

   BugID CR 6597032: Update zoneinfo timezones to 2007g (South Australia,
   Indiana, Egypt)

   Egypt has changed the ending date of DST. DST ended on September 7 in
   2007.

   Daviess, Dubous, Knox, Martin, and Pike Counties, Indiana, switch from
   central to eastern time in November. This results in a zone split, and
   a new entry America/Tell_City is created for Perry County, which does
   not switch zones in November.

   South Australia, Tasmania, Victoria, and New South Wales are changing
   their DST rules effective in 2008. DST will end the first Sunday in
   April at 03:00 and start the first Sunday in October at 03:00.  Lord
   Howe Island has a similar change.

   BugID CR 6606060: Update zoneinfo timezones 2007h (Brazil, Egypt,
   Iran, Gaza, Venezuela)

   Brazil observes DST from 2007-10-14 00:00 to 2008-02-17 00:00.

   Iran will resume DST from 2008.

   Venezuela is currently planning to change time zones on January 1
   2008, to 04:30.

   BugID CR 6636785: Update zoneinfo timezones to 2007j (Venezuela, Cuba,
   Syria)

   Venezuela had decided to change their clocks on December 9 at 03:00,
   instead of January 1 at 00:00 as first thought.

   Cuba will end DST one week earlier - on the last Sunday of October.

   Syria winter local time will be observed at midnight on Thursday
   November 1 2007, and the clocks will be put back 1 hour.

   BugID CR 6645893: Update zoneinfo timezones to 2007k (Argentina, Jan
   Mayen)

   Argentina re-adoption of daylight saving time to commence at the start
   of the day Sunday December 30, and finishing at the start of the day
   Sunday March 16.

2. Contributing Factors

   These issues can occur in the following releases:

   SPARC Platform:
     * Solaris 8 without patch 109809-09
     * Solaris 9 without patch 113225-12
     * Solaris 10 without patch 125378-05

   x86 Platform:
     * Solaris 8 without patch 109810-09
     * Solaris 9 without patch 116545-10
     * Solaris 10 without patch 125379-05

3. Symptoms

   Systems will experience incorrect system time or date after timezone
   changes go into effect.

4. Workaround

   There is no easy way to avoid these issues. Attempts to change the TOD
   clock of the system are temporary and will not resolve all the time
   zone issues resolved by the patches listed in the Resolution section.
   It is advised that updated patches are installed to resolve the time
   zone changes and issues.

5. Resolution

   These issues are addressed in the following releases:

   SPARC Platform:
     * Solaris 8 with patch 109809-09 or later
     * Solaris 9 with patch 113225-12 or later
     * Solaris 10 with patch 125378-05 or later

   x86 Platform:
     * Solaris 8 with patch 109810-09 or later
     * Solaris 9 with patch 116545-10 or later
     * Solaris 10 with patch 125379-05 or later

   Note 1: Once these patches are applied, at(1) jobs may not be
   scheduled correctly.

   This will happen if both the following conditions are present:
    1. at(1) jobs have been submitted before patch installation.
    2. Those jobs will be executed during the extended DST periods.

   at(1) jobs which meet these two conditions can be scheduled one hour
   later or earlier. Please run atq(1) to see if jobs are scheduled
   correctly after patch installation.

   If there are discrepancies, remove jobs using atrm(1) and resubmit the
   jobs.

   Note 2: Once these patches are applied and the system rebooted, to
   complete the installation of these changes, systems which are running
   CDE calendar manager [dtcm(1)] or the CDE calendar server daemon
   [rpc.cmsd] will find that some scheduled events in the
   extended/changed DST period are incorrect by one hour.

   This will happen under the following conditions:
    1. Events were created before DST patch installation and reboot.
    2. Those events were created while the CDE calendar manager was using
       a time zone which has been impacted by the changes described by
       this Sun Alert.
    3. Those events were single events scheduled for dates in the
       extended/changed DST periods, or those events were recurring
       events for which the first instance of the event is in the
       extended/changed DST period.

   To address this issue, recreate all single events in the affected time
   period and all recurring events for which the first instance of the
   event is in the affected time period.

   Note 3: Those systems which are not in one of the affected timezones
   and not using any programs which switch to using one of the affected
   timezones will not need these patches.

   Note 4:  Information on previous daylight saving and timezone changes
   for Solaris can be found in Sun Alert 200097 (formerly Sun Alert
   102775):

   http://sunsolve.sun.com/search/document.do?assetkey=1-66-200097-1

   Note 5: Daylight saving and timezone information on other Sun products
   can be found at:

   http://sun.com/dst

   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.
   Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR9SWpyh9+71yA2DNAQJ1XQQAiiNJLdmBXSYdkTdPgVdG79nFuzArUh7U
xLpBaWPohxe16exeSm6HOKuM8GVXksQcScmFMbcH7WJ9TlTUAtvkkFPMKoT1kYRH
kUzibSiUCXEZwfmlqMjjjM+qGaxuvI+iUnVZPY4cAGXp/ORm1zLlkJ9DkWCsE9CF
mFEdssGBafU=
=P8JD
-----END PGP SIGNATURE-----