HP Tru64 UNIX and TruCluster Server Version 5.1B-6 Patch Summary and Release Notes

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1

111

112

113

114

115

116

117

118

119

120

• Corrects a potential locally exploitable integer overflow vulnerability in the Network Time

Protocol. This potential vulnerability could lead to clients receiving an incorrect date/time

offset, resulting in an incorrect date/time on the client.

SRT4718 - NTP (Severity - High)

• Modifies the ip6_setup script to limit some Mobile IPv6 questions to LAN interfaces only.

• Corrects a problem in which ftpd core dumps when a 1000 or more directories are present.

• Adds support for ifconfig [inet6] delete [abort] for IPv6 connections.

• Fixes a problem in the implementation of the RIPng protocol that prevents IPv6 routes from

being deleted as expected.

• Resolves intermittent core failures in gated.

• Corrects default tape device as /dev/tape/tape0_d1 for dump and restore as per device

naming convention in V5x versions.

Patch 27021.00

OSFCMPLRS540

• Corrects default values for YESEXPR and NOEXPR defined in the localedef command and

libc to get correct return value from nl_langinfo(YESEXPR) and nl_langinfo(NOEXPR)

• Resolves a problem that could cause the rexec() function to hang.

• Fixes the getaddrinfo() routine to work properly when IPv6 is not configured.

• Fixes memory leaks in the libc getipnodebyname routine, which is used by ldapcd. The leaks

caused intermittent SSO SIA authentication failures.

• Fixes an issue with the KZPCC backplane RAID adapter device driver (I2O) that causes its

logical disk drives to be identified as SCSI devices

• Fixes the mountd daemon to prevent it from becoming unresponsive at a few large sites.

• Fixes a problem in SIA by resetting the mechanism's context pkgind on a sucessful return

of (set|end)*ent calls.

• Fixes a POSIX standard violation in the strfmon() function. The preceding and following

spaces will be padded to return value to make equal length between positive and negative

values.

• Fixes a security issue with the C library routine getnameinfo().

• Fixes getnameinfo() to display an IPv4 address instead of an IPv4 mapped IPv6 address

when the BIND mapping does not exist.

• Fixes a POSIX standard violation in the wcstod() function. An incorrect pointer was set to

the endptr parameter of wcstod() for cases where no conversion was made.

• Fixes the swprintf() function to return the correct value if it detects an invalid wide-character.

• Fixes the ypwhich -m command to prevent RPC timeout error messages.

• Corrects a security issue in which rsh and other rcmds incorrectly report ESUCCESS when

the remote side of a connection terminates before fully establishing a connection.

• Allows the auditing of login and su events based in part on the contents of user profiles (for

Enhanced Security), the prevailing auditing characteristics of the originating process, and

the system-wide audit mask. Previously, only the system audit mask was referenced.

• Fixes a problem with floating point data inconsistencies in threaded applications.

• Corrects RPC-based servers' handling of ill-formed TCP connections.

• Prevents segmentation faults when sia_ses_init is passed a malformed argument vector.

• Corrects a potential security vulnerability that may result in a Denial of Service (DoS). This

may be in the form of local and remote security domain risks.

(SSRT2384 rpc — Severity - High)

• Fixes a problem in which the home directory and login shell attributes for a user account

are not suppled to the audit daemon for authentication failures.

112 Tru64 UNIX Patches