HP Tru64 UNIX and TruCluster Server Version 5.1B-6 Patch Summary and Release Notes

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1B

121

122

123

124

125

126

127

128

129

130

• Corrects a problem in which the /usr/bin/mailauth -ini command does not create a usable

database.

• Corrects a potential security vulnerability in BIND 8 code that could result in a local or

remotely exploited Denial of Service (DoS).

SSRT3653 - BIND v8 — Severity - High

• Adds support for IEEE 802.1Q (VLAN).

• Makes start-up scripts in /sbin/init.d world readable.

• Fixes client login, su, rshd, edauth, and sshd2 hangs and long delays under Enhanced

Security, as well as some intermittent errors or failures seen with prpasswdd or

rpc.yppasswdd.

• Corrects potential BIND security vulnerabilities that may result in buffer overflows,

unauthorized access, or denial of service (DoS). These may be in the form of local and remote

security domain risks.

SRT2408 BIND — Severity - High

SSRT2410 BIND — Severity - High

SSRT2411 BIND — Severity - High

• Fixes the mkcdsl command and updates the NIS start-up script to correctly start NIS on the

cluster alias.

• Corrects several potential security vulnerabilities where, under certain circumstances, system

integrity may be compromised. These may be in the form of improper file or privilege

management.

• Fixes a problem in tcpdump that causes it to not filter UDP traffic properly.

• Corrects a potential problem in screend.

• Corrects a problem in which logins in TruCluster environments using Enhanced Security

can hang on any member other than the one serving /var to CFS.

• Corrects a problem on systems running Enhanced Security in which the command edauth

-R refuses to write user-profile entries to the root partition.

• Corrects a problem that occurs when using C1crypt for password encryption on Enhanced

Security systems in which users are unable to change their passwords and see the passwd

command warning "Password not changed: failed to write protected password entry."

• Changes the use of the configuration file /etc/svc.conf to /etc/nsswitch.conf to allow netgroup

data to be provided from LDAP, rather than only from NIS.

• Adds the retry option to snmp_request.

• Updates Mobile IPv6 code to be compliant with the latest RFC.

• Enables tcpdump to display encapsulated IPv6 packets sent over the IPv6-in-IPv6 tunnel.

• Corrects a problem in which a reverse zone lookup entry is not added to the

/etc/namedb/named.conf file when configuring a cluster node as a DNS server using the

bindconfig application.

• Resolves a problem in which tcpdump can fail with the message “tcpdump: no VLAN

support for data link type 0xa.”

• Corrects several potential security vulnerabilities where, under certain circumstances, system

integrity may be compromised. These may be in the form of improper file or privilege

management or remote code execution.

Patch 27045.00

OSFKTOOLS540

• Enhances the inpcb kdbx extension to display additional PID information.

• Updates the kdbx audit extension to accommodate a new device driver state and optionally

fetch data appropriately.

• Enhances the kdbx netstat extension.

130 Tru64 UNIX Patches