HP Tru64 UNIX and TruCluster Server Version 5.1B-6 Patch Summary and Release Notes
• Corrects a potential security vulnerability in which the Home Directory and login shell
attributes for a user account are not suppled to the audit daemon for authentication failures.
• Fixes a problem in XTI caused by a blocked mutex lock in which a thread attempting to send
an abortive disconnect hangs.
• Installs DECthreads V3.20-029c.
• Fixes a problem with floating point data inconsistencies in threaded applications.
• Corrects possible dead lock with the ./isl/log and ./usr/sbin/log commands.
• Provides the correct labels for mach events to the audit subsystem.
• Corrects the find -ls command to display the correct number of blocks.
• Provides protection against a class of potential security vulnerabilities called buffer overflows.
Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege. This patch allows a system administrator to enable memory management
protections that limit potential buffer overflow vulnerabilities.
• Corrects the /usr/sbin/dirclean utility from attempting to remove the AdvFS . tags directory
or the quota.group and quota.user files.
• Fixes an extended regular expression problem where the interval expression {m,n} is handled
incorrectly.
• Corrects several potential security vulnerabilities where, under certain circumstances, system
integrity may be compromised. These may be in the form of improper file access.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised when a buffer overflow occurs in the uucp utility. Buffer
overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege.
• Fixes memory leaks caused by certain type of scripts that called an infinite loop.
• Fixes a ksh problem related to cleaning the process when a terminal is abruptly stopped.
• Corrects the behavior of ln -sf to address the issue caused when a symbolic link points to a
nonexisting file.
• Corrects the exit status of sed when the disk is full.
• Corrects a problem in which the return value of unlink() call was not checked when two
threads were trying to move a file to two different destinations. Although one of the threads
could unlink() the source file, no relevant error message was displayed.
• Fixes a problem from pre-Version 5.0 releases in the libc mktime() function's handling of
potentially ambiguous tm struct times; that is, those that fall within a backward clock shift
and that have an initially negative tm_isdst value.
• Fixes a linker error that occurs when the ld -update_registry /dev/null is specified.
• Fixes various problems in the libc functions getdate(), strptime(), callrpc(), strncasecmp()
and fork().
• Fixes a problem in the libnuma function nacreate() and the system header <sgtty.h.
• Causes sh to print the correct message when enhanced core file naming is on.
• Fixes a problem in which attempts by the runtime loader (/sbin/loader) to free a null pointer
are in error.
• Corrects the behavior of the more command when nonexisting file and a nonempty file with
a long file name are both specified.
• Causes /usr/opt/ultrix/usr/bin/make to properly check dependencies on archive libraries.
• Fixes various problems in the dbx and object file tools: dbx, ostrip, strip, mcs, dis, cord, file,
and stdump.
• Causes the grep command allow blank lines in the pattern file and to not hang when executed
with the -w and -f options.
• Removes compiler warnings addressing outside of array bounds.
82 Tru64 UNIX Patches