========================================================================== The checksum's (found through sum -r) of the files that you have received (other than this README) are as follows: 46958 9 patchSG0003109 46222 178 patchSG0003109.dev_sw 64305 193 patchSG0003109.eoe_man 52088 2937 patchSG0003109.eoe_sw 48217 18 patchSG0003109.idb ========================================================================== - 1 - 1. Patch_SG0003109_Release_Note This release note describes patch SG0003109 to IRIX 6.3. Patch SG0003109 replaces patches SG0002818, SG0002218, SG0002232. 1.1 Supported_Hardware_Platforms This patch contains bug fixes for all hardware platforms. 1.2 Supported_Software_Platforms This patch contains bug fixes for IRIX 6.3. 1.3 Bugs_Fixed_by_Patch_SG0003109 This patch contains fixes for the following bugs in IRIX 6.3. Bug numbers from Silicon Graphics bug tracking system are included for reference. o Year 2000 software problems(Bug #424625). o At command fails for the year 2000+(Bug #448720). o Modify date command to recognize year 00 as 2000 not 1970(Bug #473523). o Y2K: usr/bin/at doesn't like years >=2000(Bug #507535). o At command fails on when a DST Timezone is defined(Bug #516332). o Irix 6.2 acct not y2k compliant(Bug #540812). o Irix 6.2 bru not y2k compliant(Bug #540843). o Irix 6.2 at not y2k compliant(Bug #542336). o Irix 6.2 'csh' not y2k compliant(Bug #542371). o Irix 6.2 'osview' not y2k compliant(Bug #542851). o Irix 6.2 'passwd' not y2k compliant(Bug #542852). o Irix 6.2 'pmake' not y2k compliant(Bug #542859). o Irix 6.2 'profiler' not y2k compliant(Bug #542866). - 2 - o Irix 6.2 'sat' not y2k compliant(Bug #542882). o Irix 6.2 'sccs' not y2k compliant(Bug #543209). o Irix 6.2 'touch'/'settime' not y2k compliant(Bug #543287). o Irix 6.2 'uname' not y2k compliant(Bug #543289). o Irix 6.2 'wakeupat' not y2k compliant(Bug #543299). o Irix 6.2 'listen' not y2k compliant(Bug #544983). o Irix 6.2 'sar' not y2k compliant(Bug #545050). o Irix 6.5 'sar' not y2k compliant(Bug #546520). o The login/scheme program has a buffer overrun issue which results in an exploitable security vulnerability (Bug #494134). o A security issue has been discovered with the LOCKOUT parameter in /etc/default/login (Bug #491422). This incident resulted in CERT advisory CA-97.15 and AUSCERT advisory AA-97.12. Part of the fix for this problem is a new /etc/default/login option, LOCKOUTEXEMPT. The file /etc/default/login must be updated with the LOCKOUTEXEMPT option from /etc/default/login.N before this feature can be used. Description follows: If LOCKOUT is greater than zero, the users listed as LOCKOUTEXEMPT will NOT be subject to the LOCKOUT option. Usernames are separated by spaces, the list must be terminated by end-of-line, maximum list length is 240 characters. LOCKOUTEXEMPT is ignored unless LOCKOUT is enabled, and the list is not empty. Including privileged accounts (such as root) in the LOCKOUTEXEMPT list is not recommended, as it allows an indefinite number of attacks on the exempt accounts. Also, if LOCKOUTEXEMPT is enabled, the /etc/default/login file should be protected at mode 400 or 600 to prevent unauthorized viewing and/or tampering with the LOCKOUTEXEMPT list. LOCKOUTEXEMPT=oper1 niteop - 3 - o A security issue has been discovered with the LOCKOUT parameter in /etc/default/login (Bug #506487). o login fails with "unable to change directory"/"Connection closed" message when the permission mode of the NFS mounted home directory is 700 (Bug #437585). o The df program has a buffer overrun issue which results in an exploitable security vulnerability (Bug #494131). o The eject program has a buffer overrun issue which results in an exploitable security vulnerability (Bug #494133). o The mediad program has a buffer overrun issue which results in an exploitable security vulnerability (Bug #530697). o The mediad program has an exploitable security violation. (Bug #588005) o Changed mediad's buffer size for number of devices from 10 to 32, to address bug #589379. o The /bin/at program appears to have a buffer overrun issue which results in an exploitable security vulnerability (Bug #498852). o DAT drives other than Archive Python were mis- identified as type "cartridge", rather than DAT (Bug #514461). o DAT drives other than Archive Python were not supported (Bug #518985). o Buffer overrun was detected in the program /usr/lib/iaf/scheme (Bug #530702). o passwd denial of service attack is possible (Bug #526419). o pwd/lofs confused about cwd of users (Bug #439774). 1.4 Subsystems_Included_in_Patch_SG0003109 This patch release includes these subsystems: o patchSG0003109.eoe_sw.unix - 4 - o patchSG0003109.eoe_man 1.5 Installation_Instructions Because you want to install only the patches for problems you have encountered, patch software is not installed by default. After reading the descriptions of the bugs fixed in this patch (see Section 1.3), determine the patches that meet your specific needs. If, after reading Sections 1.1 and 1.2 of these release notes, you are unsure whether your hardware and software meet the requirements for installing a particular patch, run inst. The inst program does not allow you to install patches that are incompatible with your hardware or software. Patch software is installed like any other Silicon Graphics software product. Follow the instructions in your Software Installation Administrator's Guide to bring up the miniroot form of the software installation tools. Follow these steps to select a patch for installation: 1. At the Inst> prompt, type install patchSGxxxxxxx where xxxxxxx is the patch number. 2. Initiate the installation sequence. Type Inst> go 3. You may find that two patches have been marked as incompatible. (The installation tools reject an installation request if an incompatibility is detected.) If this occurs, you must deselect one of the patches. Inst> keep patchSGxxxxxxx where xxxxxxx is the patch number. 4. After completing the installation process, exit the inst program by typing Inst> quit - 5 - 1.6 Patch_Removal_Instructions To remove a patch, use the versions remove command as you would for any other software subsystem. The removal process reinstates the original version of software unless you have specifically removed the patch history from your system. versions remove patchSGxxxxxxx where xxxxxxx is the patch number. To keep a patch but increase your disk space, use the versions removehist command to remove the patch history. versions removehist patchSGxxxxxxx where xxxxxxx is the patch number. 1.7 Known_Problems