Patch-ID# 104242-08 Keywords: security y2000 SUNWxwplt Xsun Xserver overflow buffer setuid setgid Synopsis: OpenWindows 3.5_x86: Server (Xsun, libX11, xterm) Patch Date: Oct/22/2001 Solaris Release: 2.5_x86 SunOS Release: 5.5_x86 Unbundled Product: OpenWindows Unbundled Release: 3.5_x86 Xref: This patch available for Sparc as patch 103210 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 1210990 1266793 4006666 4036289 4048352 4077223 4102279 4149801 4184297 4332966 4333070 4483090 Changes incorporated in this version: 4332966 4333070 Patches accumulated and obsoleted by this patch: 105107-01 105108-01 105288-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/openwin/bin/xlock /usr/openwin/bin/xterm /usr/openwin/lib/X11/PostScript.VM /usr/openwin/lib/libX11.a /usr/openwin/lib/libX11.so.4 /usr/openwin/lib/libp/libX11.a /usr/openwin/server/lib/libfont.so.1 /usr/openwin/server/lib/libserverdps.so.1 /usr/openwin/bin/Xsun Problem Description: 4483090 xlock buffer overflow (from 104242-07) 4332966 security: Xsun has a buffer overflow 4333070 X setuid/setgid binary permissions need to be changed (from 104242-06) 4149801 libfont has a possible buffer overflow issue (from 104242-05) 4102279 Xsun crashes after fix of bug 4058716 has been integrated (from 104242-04) 4184297 CDE not sending the correct signals when CDE is killed (XTERM) (from 105288-01) 4048352 xterm y2000 - Incorrect timestamp on Tek COPY (from 105108-01) 4036289 Xlock has security problem (from 104242-03) (from 105107-01) 4077223 Install of patch 104241-03 and above causes regular user not be able to run openwin. (from 104242-02) 1266793 Solaris 2.x libX11 security vulnerability (from 104242-01) 1210990 option "-dpi" of "openwin" command does not work 4006666 Recursive mutex lock in quark routine causes hang Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- None. README -- Last modified date: Monday, October 22, 2001