Patch-ID# 105715-05 Keywords: security SIGBUS libDtSvc 105669-01 remote login fails Buffer Overflow Synopsis: CDE 1.0.1_x86: libDtSvc Patch Date: Dec/06/2001 Solaris Release: 2.4_x86 2.5_x86 SunOS Release: 5.4_x86 5.5_x86 Unbundled Product: CDE Unbundled Release: 1.0.1_x86 Xref: This patch available on SPARC as patch 105714 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 1242841 4057875 4095426 4099389 4101096 4118762 4527363 Changes incorporated in this version: 4527363 Patches accumulated and obsoleted by this patch: 103804-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/lib/libDtSvc.so.1 Problem Description: 4527363 Buffer Overflow in CDE Subprocess Control Service (dtspcd) (from 105715-04) Corrected a patch packaging issue (from 105715-03) 4118762 remote applications die, logging user out and not saving session (from 105715-02) 4099389 Patch 105669-01 breaks CDE. 4101096 Can't login using a host-and-screen-specific session directory. 4095426 Set Home Session in StyleManager causes core dumps. (from 105715-01) 4057875 SIGBUS and security hole if big $HOME. (from 103804-01) 1242841 Action file is rejected if CWD field does not start with /. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- None. README -- Last modified date: Thursday, December 6, 2001