HP Tru64 UNIX and TruCluster Server Version 5.1.B-4 Patch Summary and Release Notes (13156)
the setuid privilege. This patch allows a system administrator to enable memory management
protections that limit potential buffer overflow vulnerabilities.
• Corrects a problem in which some networking applications, especially X.25 and X.29, stopped
working as expected because of interactions with security-related fixes and how the fstat()
function behaves on their sockets.
• Corrects a potential security vulnerability that may result in nonprivileged users gaining
unauthorized access to files or privileged access on the system. This may be in the form of
a local and remote security domain risk.
• Fixes a fatal assertion error reported by pixie, hiprof, third spike, cord, uprofile and odump
object file tools for some executable files linked at optimization level 2 (-O2) or greater.
• Corrects a problem in which NIS clients may fail to connect to non-Tru64 UNIX NIS servers
that only support the V2 NIS protocol.
• Fixes a number of regular expression problems in multibyte locales and a possible hang
problem with complex regular expressions.
• Delivers version 3.07.10 of the Tru64 UNIX assembler, which fixes a problem encountered
in version 3.07.09, wherein the assembler incorrectly treats octal constant data as if it were
decimal.
• Fixes a problem with SIA that caused the Internet Express LDAP Authentication module to
be unable to look up default group information for a user at login time.
• Corrects problems with name resolution when an error is encountered during the processing
of the local host files.
• Fixes a yacc stack overflow error in the Tru64 UNIX assembler.
• Fixes a fatal error in /usr/bin/spike.
• Fixes problems such as segmentation faults caused by the strxfrm() function running on the
French locales.
• Changes the use of the configuration file /etc/svc.conf to /etc/nsswitch.conf to allow netgroup
data to be provided from LDAP, rather than only from NIS.
• Fixes a performance problem in the libc mktime() routine.
• Corrects a problem in which the rewind() function would fail to reposition to the beginning
of a file.
• Corrects a failure in the safe_open() routine that caused symbolic links given by a relative
path from the current working directory sometimes to give ENOENT errors incorrectly.
• Corrects an odd, unexpected error message that may be printed by rsh or rlogin commands.
• Corrects a problem where the telnet command causes unnecessary delays when an IP address
is supplied as a command-line argument.
• Corrects a problem in which a DNS resolver routines never time out if interrupted by signals.
• Provides an RFC3542 compliant implementation of IPv6 Advanced API.
• Fixes a nonconcurrency issue for multithreaded applications calling popen() and certain
"FILE *" routines such as fread().
• Fixes a deadlock condition in multithreaded applications that call fork() and other libc
callback routines such as exit handlers, __fini_* routines.
• Corrects a condition in which multiple "Sorry" messages are issued by the su command
when multiple SIA mechanisms are in use (as when LDAP is configured for user accounts).
• Improves the performance of times(3).
• Enhances the fuser command to provide a cluster-wide query capability. A revised fuser(8)
reference page describes this enhancement.
• Fixes a problem with glob() returning an incorrect match when directory permissions issues
exist.
3.4 Summary of Base Operating System Patches 111