HP Tru64 UNIX and TruCluster Server Version 5.1B-5 Patch Summary and Release Notes (March 2009)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.0

141

142

143

144

145

146

147

148

149

150

Patch 27020.00

OSFCLINET540

• Fixes a problem with the niffconfig command whereby certain characters in the

interface name may be ignored.

• Fixes a problem in the /etc/.mrg..inetd.conf merge script that causes

customer-specific changes in the /etc/inetd.conf file to be ignored.

• Fixes a problem with inetd -L in which a cluster loops in shutdown -c or rcinet

start.

• Upgrades BIND 8 to BIND 9.

• Fixes a problem that occurs when starting inetd on all RADs in which there are

holes between the RADs.

• Fixes a potential remotely exploitable Denial of Service (DoS) vulnerability in the

File Transfer Protocol server daemon, (ftpd) in which under certain circumstances

authorized users could cause an ftp server to become unresponsive.

• Adds a -n option to the ftpd daemon to prevent login delays and time-outs in an

environment where host name resolution is sluggish.

• Adds a new table in pm.mib for the pmgrd IoRate Statistics feature.

• Adds the file pmAdvfs.MIB to define AdvFS MIB definitions.

• Allows the optional port argument to the ftp open command to accept port numbers

between 32768 and 65535.

• Fixes several potential security vulnerabilities where, under certain circumstances,

system integrity may be compromised. These may be in the form of improper file

access.

• Corrects a potential security vulnerability that may allow nonprivileged users to

gain unauthorized (root) access. This may be in the form of local and remote

security domain risks.

• Corrects a potential security vulnerability in BIND 8 code that could result in a

local or remotely exploited Denial of Service (DoS).

(SSRT3653 - BIND v8 — Severity - High)

• Corrects a problem in niffd that results in its memory usage growing over time.

• Fixes a problem in the operation of the IPv6 neighbor discovery daemon where

IPv6 addresses are not automatically configured on PPP interfaces.

• Adds support for IEEE 802.1Q (VLAN).

• Fixes a problem that prevents startslip from extracting all the information from

the acucap file.

• Fixes a problem in the /etc/.mrg..protocols merge script that causes incorrect

permissions on the /etc/protocols file.

• Corrects the netstat and ifconfig commands so that when a MAC address is printed,

it uses 2 digit hex octets with leading zeros.

3.4 Summary of Base Operating System Patches 145