Patch-ID# 112808-11


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security tooltalk ttsession login hangs made ipv6 aware
Synopsis: CDE 1.5: ToolTalk patch
Date: Jul/06/2010


Install Requirements: NA

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product: CDE

Unbundled Release: 1.5

Xref: This patch available for x86 as patch 113797

Topic: CDE 1.5: ToolTalk patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
466870115104393
470718715113035
471344515114555
472212715116761
474118715121962
474428915122920
478489315135305
486532515160460
487109115162096
491556015175094
620642315240342
623525015251817
625722715260980
632857115288741
691889915616831


Changes incorporated in this version: 6918899

Patches accumulated and obsoleted by this patch: 113796-02

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/dt/bin/rpc.ttdbserver
/usr/dt/bin/rpc.ttdbserverd
/usr/dt/lib/nls/msg/C/SUNW_TOOLTALK.cat
/usr/openwin/bin/rpc.ttdbserver
/usr/openwin/bin/rpc.ttdbserverd
/usr/openwin/bin/tt_type_comp
/usr/openwin/bin/ttauth
/usr/openwin/bin/ttcp
/usr/openwin/bin/ttdbck
/usr/openwin/bin/ttmv
/usr/openwin/bin/ttrm
/usr/openwin/bin/ttsession
/usr/openwin/bin/tttar
/usr/openwin/bin/tttrace
/usr/openwin/lib/libtt.so.2
/usr/openwin/lib/sparcv9/libtt.so.2

Problem Description:

6918899 ToolTalk db server RPC remote code issue
 
(from 112808-10)
 
6257227 ttsession grows in heap memory and response times increase
 
(from 112808-09)
 
6328571 inefficient code in while loop
 
(from 112808-08)
 
6235250 ttsession cores with a corrupted .TTauthority file
 
(from 112808-07)
 
6206423 CDE login prevented by illegal DNS queries
 
(from 112808-06)
 
4915560 rpc.ttdbserverd is non-responsive after patching
 
(from 112808-05)
 
4871091 dtmail cannot open attached mail
 
(from 112808-04)
 
4865325 dtmessaging cannot be started on Solaris 9
        (Patches 112808-03 and 113796-02 merged; patch 113796-02 obsoleted.)
 
(from 112808-03)
 
4713445 buffer overflow in the ToolTalk library
 
(from 112808-02)
 
4707187 multiple vulnerabilities in ToolTalk database server
 
(from 112808-01)
 
4668701 64-bit ToolTalk clients cannot connect with ttsession
 
(from 113796-02)
 
4784893 ttsession fails to start on login
4722127 (rework) ToolTalk needs to be made IPv6 aware
4741187 (rework) ttsession fails to connect during CD0/DVD installation for SPARC and Intel
4744289 (rework) can't login with CDE: ttsession hangs
 
(from 113796-01)
 
4722127 ToolTalk needs to be made IPv6 aware
4741187 ttsession fails to connect during CD0/DVD installation for SPARC and Intel
4744289 can't login with CDE: ttsession hangs


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
For bug 4713445: Please be sure to stop the rpc.ttdbserverd deamon prior to
installation and after removal of the patch.


README -- Last modified date: Friday, November 9, 2012