HP Tru64 UNIX and TruCluster Server Version 5.1B-5 Patch Summary and Release Notes (March 2009)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.0

141

142

143

144

145

146

147

148

149

150

function of a privileged program and possibly execute commands at the elevated

privileges if the program file has the setuid privilege.

• Fixes several potential security vulnerabilities where, under certain circumstances,

system integrity may be compromised. This may be in the form of improper file

access.

• Corrects a problem that can occur when the screen saver tries to activate on a

system that has reached the maximum number of processes allowed per user and

the following message is displayed:

An attempt to start a new process on host "hostname" failed

• Corrects a problem in which the application builder core dumps when trying to

generate code for menu items with the set-label action type.

Patch 27015.00

OSFCDEDT540

• Corrects several potential security vulnerabilities where, under certain

circumstances, system integrity may be compromised. These may be in the form

of improper file access.

• Fixes the message catalog for the CDE application dtprintinfo.

• Fixes a problem in which dtcreate core dumps while editing the icon image.

• Corrects a problem in which setting the value of screen saver and screen lock in

dtstyle disables both values.

• Corrects a problem that causes dtsession to not work when its norestore option is

enabled.

• Resolves a problem that occurs when displaying the user-specified logo in dtlogin.

• Resolves the incorrect system activity report by the w command with XDMCP.

• Fixes a dtcreate problem that occurs while saving an action file in an NFS-mounted

environment.

• Fixes the dtsetup display.

• Sets defaults for dtlogin.

• Changes the quick setup message.

• Sets the proper text for the front panel help page in dtsetup.

• Corrects a potential security vulnerability in the Common Desktop Environment

(CDE) software. This potential vulnerability, which may be locally and remotely

exploitable, could result in a denial of service (DOS), unauthorized privileged

access, or both.

SSRT4721 - dtlogin - (Severity - High)

• Ensures that the proper error message is set in dtlogin when an unknown display

parameter is read from the Xaccess file.

3.4 Summary of Base Operating System Patches 143