HP Tru64 UNIX and TruCluster Server Version 5.1.B-4 Patch Summary and Release Notes (13156)
• Corrects several potential security vulnerabilities where, under certain circumstances, system
integrity may be compromised. These may be in the form of improper file or privilege
management.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised when a buffer overflow occurs in the uucp utility. Buffer
overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege.
• Provides protection against a class of potential security vulnerabilities called buffer overflows.
Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege. This patch allows a system administrator to enable memory management
protections that limit potential buffer overflow vulnerabilities.
Patch 27085.00
OSFX11540
• Modifies the online help description for Togglekeys in accessx.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised when a buffer overflow occurs in the dxterm utility. Buffer
overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised. This may be in the form of improper file access.
• Corrects a problem, where, under certain circumstances, the XmCvtXmStringToCT() function
does not correctly convert a compound string to a string in compound text format.
• Fixes a problem where a Chinese character whose byte sequence contains 0x9b cannot be
entered with dxhanziim or cut and pasted.
• Provides an updated keyboard map for the Russian 3R-LKQ48-BT keyboard model.
• Fixes a display width mismatch problem in the zh_CN.GB18030 locale.
• Fixes a problem with xterm while displaying a compound text that is converted by
XmCvtCTToXmString().
• Modifies XmbTextListToTextProperty() and XmbTextPropertyToTextList() to support 4-byte
length UTF-8 characters in the Compound Text handling.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised. This may be in the form of improper file or privilege
management.
• Fixes various problems with the X font server and with the X server's interaction with X font
servers.
• Prevents application failures when an application specifies very large timeout values to X
Toolkit library (Xt) routines.
• Resolves a drag and drop problem across the screen in multi-head systems.
• Corrects a potential file permissions vulnerability and a potential buffer overflow in the X
Window System. The potential vulnerabilities are locally exploitable, resulting in
unauthorized privileged access.
• Resolves a potential buffer overflow within the X PixMap routines.
3.4 Summary of Base Operating System Patches 141