HP Tru64 UNIX and TruCluster Server Version 5.1B-5 Patch Summary and Release Notes (March 2009)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.0

171

172

173

174

175

176

177

178

179

180

• Corrects the decoding of NFSv3 sattr structure in tcpdump.

• Corrects a problem that occurs during a DNS server configuration using the SysMan

DNS server application in which the user is not informed if the named daemon

fails to start.

• Changes the use of the configuration file /etc/svc.conf to /etc/nsswitch.conf to allow

netgroup data to be provided from LDAP, rather than only from NIS.

• Modifies the prpasswdd and rpc.yppasswdd daemons to properly handle

/var/tcb/files on a file system from different from /var.

• Corrects a problem that can cause the /usr/sbin/pop3d server to generate a

segmentation fault.

• Corrects a problem in which the /usr/bin/mailauth -ini command does not create

a usable database.

• Corrects a potential security vulnerability in BIND 8 code that could result in a

local or remotely exploited Denial of Service (DoS).

SSRT3653 - BIND v8 — Severity - High

• Adds support for IEEE 802.1Q (VLAN).

• Makes start-up scripts in /sbin/init.d world readable.

• Fixes client login, su, rshd, edauth, and sshd2 hangs and long delays under

Enhanced Security, as well as some intermittent errors or failures seen with

prpasswdd or rpc.yppasswdd.

• Corrects potential BIND security vulnerabilities that may result in buffer overflows,

unauthorized access, or denial of service (DoS). These may be in the form of local

and remote security domain risks.

SRT2408 BIND — Severity - High

SSRT2410 BIND — Severity - High

SSRT2411 BIND — Severity - High

• Fixes the mkcdsl command and updates the NIS start-up script to correctly start

NIS on the cluster alias.

• Corrects several potential security vulnerabilities where, under certain

circumstances, system integrity may be compromised. These may be in the form

of improper file or privilege management.

• Fixes a problem in tcpdump that causes it to not filter UDP traffic properly.

• Corrects a potential problem in screend.

• Corrects a problem in which logins in TruCluster environments using Enhanced

Security can hang on any member other than the one serving /var to CFS.

• Corrects a problem on systems running Enhanced Security in which the command

edauth -R refuses to write user-profile entries to the root partition.

• Corrects a problem that occurs when using C1crypt for password encryption on

Enhanced Security systems in which users are unable to change their passwords

3.4 Summary of Base Operating System Patches 173