HP Tru64 UNIX and TruCluster Server Version 5.1.B-4 Patch Summary and Release Notes (13156)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1

141

142

143

144

145

146

147

148

149

150

• Corrects several potential security vulnerabilities where, under certain circumstances, system

integrity may be compromised. These may be in the form of improper file or privilege

management.

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised when a buffer overflow occurs in the uucp utility. Buffer

overflows are sometimes exploited in an attempt to subvert the function of a privileged

program and possibly execute commands at the elevated privileges if the program file has

the setuid privilege.

• Provides protection against a class of potential security vulnerabilities called buffer overflows.

Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged

program and possibly execute commands at the elevated privileges if the program file has

the setuid privilege. This patch allows a system administrator to enable memory management

protections that limit potential buffer overflow vulnerabilities.

Patch 27085.00

OSFX11540

• Modifies the online help description for Togglekeys in accessx.

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised when a buffer overflow occurs in the dxterm utility. Buffer

overflows are sometimes exploited in an attempt to subvert the function of a privileged

program and possibly execute commands at the elevated privileges if the program file has

the setuid privilege.

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised. This may be in the form of improper file access.

• Corrects a problem, where, under certain circumstances, the XmCvtXmStringToCT() function

does not correctly convert a compound string to a string in compound text format.

• Fixes a problem where a Chinese character whose byte sequence contains 0x9b cannot be

entered with dxhanziim or cut and pasted.

• Provides an updated keyboard map for the Russian 3R-LKQ48-BT keyboard model.

• Fixes a display width mismatch problem in the zh_CN.GB18030 locale.

• Fixes a problem with xterm while displaying a compound text that is converted by

XmCvtCTToXmString().

• Modifies XmbTextListToTextProperty() and XmbTextPropertyToTextList() to support 4-byte

length UTF-8 characters in the Compound Text handling.

• Corrects a potential security vulnerability where, under certain circumstances, system

integrity may be compromised. This may be in the form of improper file or privilege

management.

• Fixes various problems with the X font server and with the X server's interaction with X font

servers.

• Prevents application failures when an application specifies very large timeout values to X

Toolkit library (Xt) routines.

• Resolves a drag and drop problem across the screen in multi-head systems.

• Corrects a potential file permissions vulnerability and a potential buffer overflow in the X

Window System. The potential vulnerabilities are locally exploitable, resulting in

unauthorized privileged access.

• Resolves a potential buffer overflow within the X PixMap routines.

3.4 Summary of Base Operating System Patches 141