HP Tru64 UNIX and TruCluster Server Version 5.1B-6 Patch Summary and Release Notes

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1A

101

102

103

104

105

106

107

108

109

110

• Corrects a problem that can occur when the screen saver tries to activate on a system that

has reached the maximum number of processes allowed per user and the following message

is displayed:

An attempt to start a new process on host "hostname" failed

• Corrects a potential security vulnerability in CDE code that may result in unauthorized

privileged access. This may be in the form of local and remote security domain risks.

(SSRT3589 - dtmailpr Severity - High)

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised when a buffer overflow occurs in the CDE online help. Buffer

overflows are sometimes exploited in an attempt to subvert the function of a privileged

program and possibly execute commands at the elevated privileges if the program file has

the setuid privilege.

• Fixes a dtmail problem that occurs while opening a mail attachment on an NFS-mounted

environment.

Patch 27020.00

OSFCLINET540

• Fixes a problem with the niffconfig command whereby certain characters in the interface

name may be ignored.

• Fixes a problem in the /etc/.mrg..inetd.conf merge script that causes customer-specific changes

in the /etc/inetd.conf file to be ignored.

• Fixes a problem with inetd -L in which a cluster loops in shutdown -c or rcinet start.

• Upgrades BIND 8 to BIND 9.

• Fixes a problem that occurs when starting inetd on all RADs in which there are holes between

the RADs.

• Fixes a potential remotely exploitable Denial of Service (DoS) vulnerability in the File Transfer

Protocol server daemon, (ftpd) in which under certain circumstances authorized users could

cause an ftp server to become unresponsive.

• Adds a -n option to the ftpd daemon to prevent login delays and time-outs in an environment

where host name resolution is sluggish.

• Adds a new table in pm.mib for the pmgrd IoRate Statistics feature.

• Adds the file pmAdvfs.MIB to define AdvFS MIB definitions.

• Allows the optional port argument to the ftp open command to accept port numbers between

32768 and 65535.

• Fixes several potential security vulnerabilities where, under certain circumstances, system

integrity may be compromised. These may be in the form of improper file access.

• Corrects a potential security vulnerability that may allow nonprivileged users to gain

unauthorized (root) access. This may be in the form of local and remote security domain

risks.

• Corrects a potential security vulnerability in BIND 8 code that could result in a local or

remotely exploited Denial of Service (DoS).

(SSRT3653 - BIND v8 — Severity - High)

• Corrects a problem in niffd that results in its memory usage growing over time.

• Fixes a problem in the operation of the IPv6 neighbor discovery daemon where IPv6 addresses

are not automatically configured on PPP interfaces.

• Adds support for IEEE 802.1Q (VLAN).

• Fixes a problem that prevents startslip from extracting all the information from the acucap

file.

Summary of Base Operating System Patches 109