Patch-ID# 114354-08 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security bind srchlist nslookup gethostbyname getspnam_r Synopsis: SunOS 5.9_x86: libresolv patch Date: Nov/03/2005 Install Requirements: Reboot after installation, an alternative may be in Special Install Instructions Install in Single User Mode Solaris Release: 9_x86 SunOS Release: 5.9_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 112970 Topic: SunOS 5.9_x86: libresolv patch Relevant Architectures: i386 BugId's fixed with this patch: 4353836 4700305 4777715 4793327 4796596 4805812 4810893 4863307 4874895 4928758 6205056 6315143 Changes incorporated in this version: 6315143 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 113719-06 (or greater) Obsoleted by: Files included with this patch: /usr/include/arpa/nameser.h /usr/include/arpa/nameser_compat.h /usr/include/netdb.h /usr/include/resolv.h /usr/lib/abi/abi_libresolv.so.2 /usr/lib/dns/cylink.so.1 /usr/lib/dns/dnssafe.so.1 /usr/lib/dns/irs.so.1 /usr/lib/libresolv.so.2 /usr/lib/llib-lresolv /usr/lib/llib-lresolv.ln /usr/sbin/dig /usr/sbin/dnskeygen /usr/sbin/in.named /usr/sbin/named-xfer /usr/sbin/ndc /usr/sbin/nslookup /usr/sbin/nsupdate Problem Description: 6315143 named could make unnecessary queries for glue if the additional section was full. (from 114354-07) 6205056 res_nint should return true when last interface has only 1 ip address and is deprecated (from 114354-06) 4863307 nsupdate fails with more than 14 NS records for Bind 8.2.2 and 8.2.4 (from 114354-05) 4928758 Negative Cache Poison Attack (from 114354-04) 4874895 S9 x86 patches for 4353836 needs to be respun with correct dependencies (from 114354-03) 4353836 if more than 255 file descriptors are already open then gethostbyname fails (from 114354-02) 4793327 BIND needs to be upgraded to BIND 8.3 to support IPv6 4796596 BIND 8.3.3 server handling of TSIG HMAC-MD5 broken 4805812 in.named version needs to reflect putback of BIND 8.3.3 4810893 UNIX98: *netdb.h* VSU test fails due to violation of X/Open namespace (from 114354-01) 4777715 Multiple Remote Vulnerabilities in BIND - CERT Advisory CA-2002-31 4700305 nslookup does not follow its 'srchlist' under some circumstances Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: To get the complete fix for these bugids, 4353836 (if more than 255 file descriptors are open then gethostbyname fails) 4874895 (S9 x86 patches for 4353836 need to be respun with correct dependencies) please also install the following patches: 113988-07 (or greater) libc patch (must be the 1st patch to be installed) 113719-06 (or greater) libnsl patch (must be the 2nd patch to be installed) 115546-02 (or greater) nss_files patch 115551-02 (or greater) nss_user patch 115543-02 (or greater) nss_compat.so.1 patch README -- Last modified date: Thursday, November 3, 2005