OBSOLETE Patch-ID# 143962-04


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: audit_syslog.so.1
Synopsis: Obsoleted by: 143962-05 SunOS 5.10: audit_syslog.so.1 patch
Date: Oct/13/2014


Install Requirements: NA

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 143963

Topic: SunOS 5.10: audit_syslog.so.1 patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
16969774
17000108
18690720
18735226
631461015283255
706543915727572


Changes incorporated in this version: 18690720 18735226

Patches accumulated and obsoleted by this patch: 144455-01

Patches which conflict with this patch:

Patches required with this patch: 118833-36 (or greater)

Obsoleted by:

Files included with this patch:

/usr/lib/security/audit_syslog.so.1

Problem Description:

18690720 audit_syslog(5) doesn't include 'arge' data if 'argv' policy also specified
18735226 audit_syslog needs to interpret return code from cacheauevent() correctly
 
(from 143962-03)
 
16969774 audit_syslog should include argv and arge if present in record
17000108 auditd_syslog plugin leaks memory when uauth token is logged
 
(from 143962-02)
 
7065439 audit_syslog.so generates 'error before token' errors when handling Extended File Attributes
 
(from 143962-01)
 
        This revision accumulates generic Sustaining patch 144455-01
        into Solaris S10U9 update.
 
(from 144455-01)
 
6314610 audit_syslog(5) plugin module logs IP addresses in host byte order


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  Manual page audit_syslog(5) contains a list of tokens logged, such as
         session, by, as, proc_uid and so on. Two new tokens need to be added:
 
         argv <arguments> Listed are the execv(2) system call parameter
                  arguments from the exec_args token.
                  Arguments can be truncated from the right if
                  necessary to fit  them  on  the  line.
                  Truncation   is  indicated  by  trailing
                  ellipsis (...).
 
         arge <arguments> Listed are the execv(2) system call environment
                  arguments from the exec_env token.
                  Arguments can be truncated from the right if
                  necessary to fit them  on  the  line.
                  Truncation   is  indicated  by  trailing
                  ellipsis (...).


README -- Last modified date: Wednesday, October 12, 2016