HP Tru64 UNIX and TruCluster Server Version 5.1B-5 Patch Summary and Release Notes (March 2009)
function of a privileged program and possibly execute commands at the elevated
privileges if the program file has the setuid privilege.
• Fixes several potential security vulnerabilities where, under certain circumstances,
system integrity may be compromised. This may be in the form of improper file
access.
• Corrects a problem that can occur when the screen saver tries to activate on a
system that has reached the maximum number of processes allowed per user and
the following message is displayed:
An attempt to start a new process on host "hostname" failed
• Corrects a problem in which the application builder core dumps when trying to
generate code for menu items with the set-label action type.
Patch 27015.00
OSFCDEDT540
• Corrects several potential security vulnerabilities where, under certain
circumstances, system integrity may be compromised. These may be in the form
of improper file access.
• Fixes the message catalog for the CDE application dtprintinfo.
• Fixes a problem in which dtcreate core dumps while editing the icon image.
• Corrects a problem in which setting the value of screen saver and screen lock in
dtstyle disables both values.
• Corrects a problem that causes dtsession to not work when its norestore option is
enabled.
• Resolves a problem that occurs when displaying the user-specified logo in dtlogin.
• Resolves the incorrect system activity report by the w command with XDMCP.
• Fixes a dtcreate problem that occurs while saving an action file in an NFS-mounted
environment.
• Fixes the dtsetup display.
• Sets defaults for dtlogin.
• Changes the quick setup message.
• Sets the proper text for the front panel help page in dtsetup.
• Corrects a potential security vulnerability in the Common Desktop Environment
(CDE) software. This potential vulnerability, which may be locally and remotely
exploitable, could result in a denial of service (DOS), unauthorized privileged
access, or both.
SSRT4721 - dtlogin - (Severity - High)
• Ensures that the proper error message is set in dtlogin when an unknown display
parameter is read from the Xaccess file.
3.4 Summary of Base Operating System Patches 143