HP Tru64 UNIX and TruCluster Server Version 5.1.B-4 Patch Summary and Release Notes (13156)
• Fixes several potential security vulnerabilities where, under certain circumstances, system
integrity may be compromised. These may be in the form of improper file or privilege
management.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised. This may be in the form of improper file access.
• Corrects a problem in which a core dump occurs when using csh from the Japanese locale.
• Corrects a potential security vulnerability that could result in a Denial of Service (DoS). This
potential vulnerability may be in the form of local and remote security domain risks.
(SSRT2384 rpc — Severity - High)
• Corrects a potential security vulnerability in which the Home Directory and login shell
attributes for a user account are not suppled to the audit daemon for authentication failures.
• Fixes a problem in XTI caused by a blocked mutex lock in which a thread attempting to send
an abortive disconnect hangs.
• Installs DECthreads V3.20-029c.
• Fixes a problem with floating point data inconsistencies in threaded applications.
• Corrects possible dead lock with the ./isl/log and ./usr/sbin/log commands.
• Provides the correct labels for mach events to the audit subsystem.
• Corrects the find -ls command to display the correct number of blocks.
• Provides protection against a class of potential security vulnerabilities called buffer overflows.
Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege. This patch allows a system administrator to enable memory management
protections that limit potential buffer overflow vulnerabilities.
• Corrects the /usr/sbin/dirclean utility from attempting to remove the AdvFS .tags directory
or the quota.group and quota.user files.
• Fixes an extended regular expression problem where the interval expression {m,n} is handled
incorrectly.
• Corrects several potential security vulnerabilities where, under certain circumstances, system
integrity may be compromised. These may be in the form of improper file access.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised when a buffer overflow occurs in the uucp utility. Buffer
overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege.
• Fixes memory leaks caused by certain type of scripts that called an infinite loop.
• Fixes a ksh problem related to cleaning the process when a terminal is abruptly stopped.
• Corrects the behavior of ln -sf to address the issue caused when a symbolic link points to a
nonexisting file.
• Corrects the exit status of sed when the disk is full.
• Corrects a problem in which the return value of unlink() call was not checked when two
threads were trying to move a file to two different destinations. Although one of the threads
could unlink() the source file, no relevant error message was displayed.
• Fixes a problem from pre-Version 5.0 releases in the libc mktime() function's handling of
potentially ambiguous tm struct times; that is, those that fall within a backward clock shift
and that have an initially negative tm_isdst value.
• Fixes a linker error that occurs when the ld -update_registry /dev/null is specified.
• Fixes various problems in the libc functions getdate(), strptime(), callrpc(), strncasecmp()
and fork().
• Fixes a problem in the libnuma function nacreate() and the system header <sgtty.h.
• Causes sh to print the correct message when enhanced core file naming is on.
3.4 Summary of Base Operating System Patches 83