OBSOLETE Patch-ID# 109152-03


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security svctcp_create core malloc buffer overflow dbm_open dbminit
Synopsis: Obsoleted by: 111308-06 SunOS 5.8: /usr/4lib/libc.so.x.9 and libdbm patch
Date: Jun/04/2008


Install Requirements: NA

Solaris Release: 8

SunOS Release: 5.8

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 114617

Topic: SunOS 5.8: /usr/4lib/libc.so.x.9 and libdbm patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
412826714959743
449168815075623
466869915104390
665397615452692


Changes incorporated in this version: 4491688 6653976

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by: 111308-06

Files included with this patch:

/usr/4lib/libc.so.1.9
/usr/4lib/libc.so.2.9
/usr/ucblib/libdbm.a
/usr/ucblib/libdbm.so.1
/usr/ucblib/sparcv9/libdbm.so.1

Problem Description:

4491688 inet_network has some sloppy code and needs to be cleaned up
6653976 potential vulnerability in BIND may lead to execution of arbitrary code or DoS [CVE-2008-0122]
 
(from 109152-02)
 
4668699 buffer overflow in dbm_open and dbminit (except the one in libc)
 
(from 109152-01)
 
4128267 using the svctcp_create call compiled under 4.1.4 dumps core when running on Solaris 2.6 and up


Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
NOTE 1: To get the complete security fix for bugid 4668699 (buffer overflow in
        dbm_open) please also install the following patch:
 
        108993-16 (or greater)  LDAP2/libc patch
 
NOTE 2: To get complete fix for bug 4491688 (inet_network has some sloppy code
        and needs to be cleaned up) and 6653976 (potential vulnerability in
        BIND may lead to execution of arbitrary code or DoS [CVE-2008-0122])
        please also install following patches
 
        109326-21 (or greater)  libresolv.so.2 and in.named patch
        111327-06 (or greater)  libsocket patch


README -- Last modified date: Friday, November 9, 2012