Patch-ID# 108949-09
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security lsarc cases bad positioning help menus buffer overflow
Synopsis: CDE 1.4: libDtHelp/libDtSvc patch
Date: Apr/06/2005
Install Requirements: NA
Solaris Release: 8
SunOS Release: 5.8
Unbundled Product: CDE
Unbundled Release: 1.4
Xref: This patch is available for x86 as 108950
Topic:
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 4479980 4786448 4917860 5092678
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/usr/dt/lib/libDtSvc.so.1
/usr/dt/lib/sparcv9/libDtHelp.so.1
/usr/dt/lib/sparcv9/libDtSvc.so.1
/usr/dt/lib/libDtHelp.so.1
Problem Description:
4479980 libDtSvc should not follow symlinks to error files
4786448 /usr/dt/bin/dtaction segfaults
4917860 DtSvc:potential buffer overflow hole
5092678 libDtSvc contains a buffer overflow when dealing with DTDATABASESEARCHPATH
(from 108949-08)
4930117 Large DTHELPUSERSEARCHPATH can cause CDE programs to seg fault.
(from 108949-07)
4527363 Buffer Overflow in CDE Subprocess Control Service (dtspcd)
(from 108949-06)
4402567 Bad positioning of headings in help menus
(from 108949-05)
4389935 Feature For LSARC Cases : 2000/105, 2000/106, 2000,107 and 2000/108
(from 108949-04)
1191725 (CMVC#5306) "Args" should quote each arg, like /bin/sh "$@"
(from 108949-03)
4345282 Buffer overflow in dtprintinfo 'Help' in 81
(from 108949-02)
4307660 dthelpview does not display all characters
(from 108949-01)
4298416 Zephyr looptool "Help" button doesn't work on Sol8 -- Core dump
Patch Installation Instructions:
--------------------------------
Refer to the man pages for instructions on using 'patchadd' and 'patchrm'
scripts provided with Solaris. Any other special or non-generic
installation instructions should be described below as special
instructions. The following example installs a patch to a standalone
machine:
example# patchadd /var/spool/patch/104945-02
The following example removes a patch from a standalone system:
example# patchrm 104945-02
For additional examples please see the appropriate man pages.
Special Install Instructions:
-----------------------------
None.
Special Notes:
--------------
NOTE 1:
The bugfix for 1191725 introduces support for a new argument reference keyword
Args_all in the CDE dtactionfile(4) syntax. This keyword behaves exactly like
Args, except if surrounded by quotes when each argument is quoted separately.
The following action definition shows how "Args_all" can be used to
individually quote each argument in an action:
ACTION Compose
{
LABEL Compose
ARG_TYPE *
ARG_COUNT *
TYPE COMMAND
WINDOW_TYPE NO_STDIO
EXEC_STRING dtmail -a "Args_all"
}
README -- Last modified date: Friday, November 9, 2012