Patch-ID# 112644-02

NOTE:
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Keywords: security dtspcd buffer overflow cde port dtaction
Synopsis: Trusted Solaris 8 4/01: CDE library patch
Date: Aug/30/2005


Install Requirements: NA                      
                      
Solaris Release: Trusted_Solaris_8

SunOS Release: N/A

Unbundled Product: 

Unbundled Release: 

Xref: 

Topic: Trusted Solaris 8 4/01: CDE library patch

Relevant Architectures: sparc

BugId's fixed with this patch: 4531945 5098146 6182042

Changes incorporated in this version: 5098146 6182042

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

usr/dt/lib/libDtSvc.so.1
usr/dt/lib/libXm.so.4
usr/dt/lib/sparcv9/libDtSvc.so.1
usr/dt/lib/sparcv9/libXm.so.4

Problem Description:

5098146 Port fix for 5086486, 5086488 libXm security bugs to Trusted Solaris
6182042 Port dtaction-related security fixes to Trusted Solaris, incl 4786448, 5092678, 4917860
 
( 112644-01 )
 
4531945 Buffer overflow in CDE subprocess control service (dtspcd)

Patch Installation Instructions:
-------------------------------- 
Refer to the man pages for instructions on using the
generic 'patchadd' and 'patchrm' scripts.
Any other special or non-generic installation
instructions should be described below as special instructions.

Special Install Instructions:
----------------------------- 
Note:
 
The steps below assume the patch file has been placed
into the ADMIN_LOW subdirectory of /tmp (/tmp is a MLD)
and that the patch file label is configured to ADMIN_LOW.
Create a role that contains the Software Installation profile
(typically the admin role).  The patch file should be owned
by this role.  Keep in mind, after rebooting, contents in the
/tmp directory are removed; if saving the patch tarfile is
desired, select another MLD such as /var/tmp.
 
        1) Login as a user authorized to assume a role that
        contains the Software Installation profile; typically
        the admin role.  Assume that role.
 
        2) cd into /tmp and unzip the patch file.  A patch
        directory will be created by the unzip command.
 
        $ cd /tmp
        $ unzip <123456-01.zip>
 
        3) Install the patch by typing:
 
        $ patchadd /tmp/<patch_dir>
 
Note:  The first time SUNWdtbax is patched, you will see this harmless
warning - it can safely be ignored:
 
 cp: cannot access /var/sadm/pkg/SUNWdtbax/install/tsolinfo
 cp: cannot access /var/sadm/pkg/SUNWdtbax/save/tsolinfo
 
Special Backout Instructions:
-----------------------------
 
        1) Login as a user authorized to assume a role that contains
        the Software Installation profile; typically the admin role.
        Assume that role.
 
        2) Backout patch by typing:
 
        patchrm <patch-id>
 
        where <patch-id> is the patch number.
 
        $ patchrm 123456-01

README -- Last modified date:  Tuesday, August 30, 2005