Patch-ID# 109326-14
Keywords: security libresolv poll() bind 8.2.2 in.named resolver authentication
Synopsis: SunOS 5.8: libresolv.so.2 and in.named patch
Date: Feb/27/2004


Install Requirements: Install in Single User Mode                      
                      Reboot after installation                      
                      See Special Install Instructions                      
                      
Solaris Release: 8

SunOS Release: 5.8

Unbundled Product: 

Unbundled Release: 

Xref: This patch is available for x86 as patch 109327

Topic: SunOS 5.8: libresolv.so.2 and in.named patch
	NOTE:   Refer to Special Install Instructions section for
                IMPORTANT specific information on this patch.

Relevant Architectures: sparc

BugId's fixed with this patch: 4136555 4253123 4284409 4300887 4324375 4349983 4353836 4365909 4409676 4444745 4451645 4500573 4525129 4646349 4700305 4708913 4777715 4879704 4928758

Changes incorporated in this version: 4879704

Patches accumulated and obsoleted by this patch: 110514-01

Patches which conflict with this patch: 

Patches required with this patch: 108993-27 or greater

Obsoleted by: 

Files included with this patch: 

/usr/include/arpa/nameser.h
/usr/include/arpa/nameser_compat.h
/usr/include/netdb.h
/usr/include/resolv.h
/usr/lib/abi/abi_libresolv.so.2
/usr/lib/abi/sparcv9/abi_libresolv.so.2
/usr/lib/dns/cylink.so.1
/usr/lib/dns/dnssafe.so.1
/usr/lib/dns/irs.so.1
/usr/lib/dns/sparcv9/cylink.so.1
/usr/lib/dns/sparcv9/dnssafe.so.1
/usr/lib/dns/sparcv9/irs.so.1
/usr/lib/libresolv.so.2
/usr/lib/llib-lresolv
/usr/lib/llib-lresolv.ln
/usr/lib/nss_dns.so.1
/usr/lib/sparcv9/libresolv.so.2
/usr/lib/sparcv9/llib-lresolv.ln
/usr/lib/sparcv9/nss_dns.so.1
/usr/sbin/dnskeygen
/usr/sbin/in.named
/usr/sbin/named-bootconf
/usr/sbin/named-xfer
/usr/sbin/ndc
/usr/sbin/nslookup
/usr/sbin/nsupdate

Problem Description:

4879704 ndc can't switch off tracing with notrace when in.named is under heavy load
 
(from 109326-13)
 
4928758 Negative Cache Poison Attack
 
(from 109326-12)
 
	Respin only due to bad patching of 108993-27 through
        108993-30.
 
(from 109326-11)
 
4353836 if more than 255 file descriptors are already open then gethostbyname fails
 
(from 109326-10)
 
4777715 Multiple Remote Vulnerabilities in BIND - CERT Advisory CA-2002-31
4700305 nslookup does not follow its 'srchlist' under some circumstances
 
(from 109326-09)
 
4708913 CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
 
(from 109326-08)
 
4525129 DNS over TCP can induce gethostbyX(3NSL) meltdown
4646349 libresolv.so.2 leaks memory in multi-threaded programs
 
(from 109326-07)
 
4500573 Multithreaded applications block in DNS Name Service switch backend.
 
(from 109326-06)
 
4451645 Clearcase 4.0 will not work with Solaris 8 4/2001
 
(from 109326-05)
 
4324375 rsh to machine with two interfaces on same subnet has problems with firewall.
 
(from 109326-04)
 
4444745 DNS / BIND 8.2.2p5 in.named core during port scan
 
(from 109326-03)
 
4409676 CERT Advisory CA-2001-02/Solaris dns (bind)
 
(from 109326-02)
 
      This patch revision was generated to accumulate and obsolete the
      feature changes introduced in feature point patch 110514-01
 
(from 109326-01)
 
4284409 libresolv does not protect itself from netscape provided poll routine
 
(from 110514-01)
 
4349983 Event library expects file modes to apply to AF_UNIX sockets
4365909 in.named crashed and burned in db_freedata
4300887 Solaris in.named compile omits CAN_CHANGE_ID/HAVE_CHROOT
4136555 sccs keyword expansion gives bad VER in in.named Makefile.com
4253123 nslookup displays truncated data if DNS entry has more than 5 long TXT records

Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
	NOTE:   To get the complete fix for 4324375 (rsh to machine with
                two interfaces on same subnet has problems with firewall),
                one needs to install the following patches:
 
                111327-02 (or newer)    /usr/lib/libsocket.so.1 patch
                108985-03 (or newer)    /usr/sbin/in.rshd patch

README -- Last modified date:  Friday, February 27, 2004