HP Tru64 UNIX and TruCluster Server Version 5.1.B-4 Patch Summary and Release Notes (13156)
Patch 27086.00
OSFXADMIN540
• Corrects a potential security vulnerability in the XDM (X Display Manager) software. This
potential vulnerability, which may be locally and remotely exploitable, could result in a
denial of service (DOS), unauthorized privileged access, or both.
• Corrects a problem in which host icons overlap in the dxhosts application.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised when a buffer overflow occurs in the dxsysinfo utility. Buffer
overflows are sometimes exploited in an attempt to subvert the function of a privileged
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege.
• Corrects the way the dxkerneltuner application handles memory.
• Fixes several potential security vulnerabilities where, under certain circumstances, system
integrity may be compromised. These may be in the form of improper file access.
• Corrects a problem in which the dxkerneltuner application when invoked with the -power
option does not remove the temporary files in /tmp when the application is closed.
• Corrects a problem in which dxproctuner does not display data in the fr_FR local.
• Corrects a problem in which the dxproctuner application, when invoked, either gives error
message or dumps core and does not work.
• Corrects a problem in which a temporary file is not deleted when dxarchiver is closed.
• Corrects a core dump problem in the dxfileshare application when the /etc/exports file is
not present in the system and a user tries to add a new entry.
• Corrects a problem in which the dxkerneltuner application dumps core when cancel is
selected in the mmsess subsystem.
• Corrects a problem in which the dxpower application shows an error when the Spin Down
Disks option is selected.
• Fixes problem with dxproctuner in which the toggle menu item View Processes for All Users
does not filter the output for non-root users.
Patch 27089.00
OSFXDEMOS540
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised. This may be in the form of improper file access.
Patch 27094.00
OSFXLIBA540
• Corrects a problem, where, under certain circumstances, the XmCvtXmStringToCT() function
does not correctly convert a compound string to a string in compound text format.
• Fixes a problem where a Chinese character whose byte sequence contains 0x9b cannot be
entered with dxhanziim or cut and pasted.
• Modifies XmbTextListToTextProperty() and XmbTextPropertyToTextList() to support 4-byte
length UTF-8 characters in the Compound Text handling.
• Corrects a potential security vulnerability where, under certain circumstances, system
integrity may be compromised. This may be in the form of improper file or privilege
management.
• Prevents application failures when an application specifies very large timeout values to X
Toolkit library (Xt) routines.
• Corrects a potential file permissions vulnerability and a potential buffer overflow in the X
Window System. The potential vulnerabilities are locally exploitable, resulting in
unauthorized privileged access.
142 Tru64 UNIX Patches