HP Tru64 UNIX and TruCluster Server Version 5.1B-6 Patch Summary and Release Notes

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1B

141

142

143

144

145

146

147

148

149

150

program and possibly execute commands at the elevated privileges if the program file has

the setuid privilege.

• Provides protection against a class of potential security vulnerabilities called buffer overflows.

Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged

program and possibly execute commands at the elevated privileges if the program file has

the setuid privilege. This patch allows a system administrator to enable memory management

protections that limit potential buffer overflow vulnerabilities.

Patch 27085.00

OSFX11540

• Corrects a problem that occurs when attempting to open a Java applet on a V1.7 Mozilla

browser displayed from a Redhat Linux RHEL 3 (update 6) to a Tru64 UNIX V5.1B-3 graphics

console. The browser closes and dtwm spins at 99% CPU usage.

• Resolves security vulnerabilities in X PixMap routines used in the Motif library.

• Modifies the online help description for Togglekeys in accessx.

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised when a buffer overflow occurs in the dxterm utility. Buffer

overflows are sometimes exploited in an attempt to subvert the function of a privileged

program and possibly execute commands at the elevated privileges if the program file has

the setuid privilege.

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised. This may be in the form of improper file access.

• Corrects a problem, where, under certain circumstances, the XmCvtXmStringToCT() function

does not correctly convert a compound string to a string in compound text format.

• Fixes a problem where a Chinese character whose byte sequence contains 0x9b cannot be

entered with dxhanziim or cut and pasted.

• Provides an updated keyboard map for the Russian 3R-LKQ48-BT keyboard model.

• Fixes a display width mismatch problem in the zh_CN.GB18030 locale.

• Fixes a problem with xterm while displaying a compound text that is converted by

XmCvtCTToXmString().

• Modifies XmbTextListToTextProperty() and XmbTextPropertyToTextList() to support 4-byte

length UTF-8 characters in the Compound Text handling.

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised. This may be in the form of improper file or privilege

management.

• Fixes various problems with the X font server and with the X server's interaction with X font

servers.

• Prevents application failures when an application specifies very large timeout values to X

Toolkit library (Xt) routines.

• Resolves a drag and drop problem across the screen in multi-head systems.

• Corrects a potential file permissions vulnerability and a potential buffer overflow in the X

Window System. The potential vulnerabilities are locally exploitable, resulting in

unauthorized privileged access.

• Resolves a potential buffer overflow within the X PixMap routines.

Patch 27086.00

OSFXADMIN540

• Corrects a potential security vulnerability in the XDM (X Display Manager) software. This

potential vulnerability, which may be locally and remotely exploitable, could result in a

denial of service (DOS), unauthorized privileged access, or both.

• Corrects a problem in which host icons overlap in the dxhosts application.

Summary of Base Operating System Patches 147