HP Tru64 UNIX and TruCluster Server Version 5.1B-6 Patch Summary and Release Notes

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1

151

152

153

154

155

156

157

158

159

160

Patch 27110.00

OSFOPENGL540

• Fixes a problem in which the OpenGL glTexCoordPointerEXT() command can cause a

segmentation fault.

• Restores two extensions missing from OpenGL library to the list of GL extensions it supports

for indirect rendering.

Patch 27113.00

OSFSSHBASE540

• Corrects a potential issue with scp2 and sftp2.

• Fixes the cause of memory leaks in sshd.

• Provides protection against a class of potential security vulnerabilities called buffer overflows.

Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged

program and possibly execute commands at the elevated privileges if the program file has

the setuid privilege. This patch allows a system administrator to enable memory management

protections that limit potential buffer overflow vulnerabilities.

• Fixes the error "Xauth data does not match fake data." that can occur when multiple SSH

sessions from the same client are open on different cluster member nodes.

• Modifies the ssh-pubkeymgr script to change the default keyfile name to user-host, and to

simplify the procedure for enabling a key for a remote login.

• Fixes a problem in SSH in which when attempting SSH TCP port forwarding the SSH server

handling the forwarding would die.

• Corrects a problem that occurs when booting a during a file system full situation in which

the ssh-validate-conf utility attempts to write to the files /etc/ssh2/sshd2_config and

/etc/ssh2/ssh2_config, thereby causing them to be zeroed out.

• Corrects a potential security vulnerability.

• Corrects a misspelling in the ssh-hostbased-setup utility message "is not running a compatible

sshd, skipping."

• Corrects a problem in which scp does not check whether the source and destination were

the same file, thereby causing the file to be truncated to zero bytes.

• Corrects a condition in which if a user connects to a cluster, performs two SSH localhost,

and then tries to start an X application, an error message of X connection is broken is

displayed.

• Corrects a problem in which the SSH-hostbased-setup utility does not handle host names

containing a hyphen (-).

• Corrects the handling of chroot users via ssh with Enhanced Security enabled.

• Fixes a problem with scp where, in some cases, the source file could be cleared.

• Fixes an issue with SSH V3.2.3 host-based authentication when using the MapFile

configuration option.

Patch 27114.00

OSFSSOSSL540

• Corrects a potential security vulnerability in SSL.

• Corrects a potential security vulnerability when using the Secure Sockets Layer (SSL). The

potential vulnerability may be remotely exploitable, resulting in a denial of service (DOS).

Summary of Base Operating System Patches 151