HP Tru64 UNIX and TruCluster Server Version 5.1.B-4 Patch Summary and Release Notes (13156)
program and possibly execute commands at the elevated privileges if the program file has
the setuid privilege. This patch allows a system administrator to enable memory management
protections that limit potential buffer overflow vulnerabilities.
• Fixes the error "Xauth data does not match fake data." that can occur when multiple SSH
sessions from the same client are open on different cluster member nodes.
• Modifies the ssh-pubkeymgr script to change the default keyfile name to user-host, and to
simplify the procedure for enabling a key for a remote login.
• Fixes a problem in SSH in which when attempting SSH TCP port forwarding the SSH server
handling the forwarding would die.
• Corrects a problem that occurs when booting a during a file system full situation in which
the ssh-validate-conf utility attempts to write to the files /etc/ssh2/sshd2_config and
/etc/ssh2/ssh2_config, thereby causing them to be zeroed out.
• Corrects a potential security vulnerability.
• Corrects a misspelling in the ssh-hostbased-setup utility message "is not running a compatible
sshd, skipping."
• Corrects a problem in which scp does not check whether the source and destination were
the same file, thereby causing the file to be truncated to zero bytes.
• Corrects a condition in which if a user connects to a cluster, performs two SSH localhost,
and then tries to start an X application, an error message of X connection is broken is
displayed.
• Corrects a problem in which the SSH-hostbased-setup utility does not handle host names
containing a hyphen (-).
• Corrects the handling of chroot users via ssh with Enhanced Security enabled.
• Fixes a problem with scp where, in some cases, the source file could be cleared.
• Fixes an issue with SSH V3.2.3 host-based authentication when using the MapFile
configuration option.
Patch 27114.00
OSFSSOSSL540
• Corrects a potential security vulnerability in SSL.
• Corrects a potential security vulnerability when using the Secure Sockets Layer (SSL). The
potential vulnerability may be remotely exploitable, resulting in a denial of service (DOS).
Patch 27115.00
OSFSSOW2K540
• Corrects an "address already in use" problem with klogin and kshell.
• Fixes a problem that occurs when running a GSSAPI application, where instead of returning
error-specific strings, generic error-strings are returned.
3.4 Summary of Base Operating System Patches 145