Patch-ID# 105567-13 Keywords: security rpc.cmsd segv reminder calendar mismatch file descriptors Synopsis: CDE 1.2_x86: calendar manager patch Date: Apr/01/2002 Solaris Release: 2.6_x86 SunOS Release: 5.6_x86 Unbundled Product: CDE Unbundled Release: 1.2_x86 Xref: This patch is available for sparc architecture as patch 105566 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 4056822 4059776 4062516 4068406 4075925 4105033 4108882 4116961 4117156 4117202 4175236 4184188 4203585 4226690 4230754 4236395 4423202 4641721 Changes incorporated in this version: 4203585 4641721 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 105402-28 or greater Obsoleted by: Files included with this patch: /usr/dt/bin/dtcm_delete /usr/dt/bin/dtcm_editor /usr/dt/bin/dtcm_insert /usr/dt/bin/dtcm_lookup /usr/dt/bin/rpc.cmsd /usr/dt/bin/sdtcm_convert /usr/dt/lib/libcsa.so.0 /usr/dt/lib/nls/msg/C/dtcm.cat /usr/dt/bin/dtcm Problem Description: 4641721 rpc.cmsd gets out of file descriptors -> unusable 4203585 Possible denial of service attack against rpc.cmsd per bug 4124715 (reworked) (from 105567-12) 4423202 calendar mismatch between month and week view (from 105567-11) 4236395 dtcm segv trying to pop-up a reminder (from 105567-10) 4117202 security hole-anyone can create a callog file in /var/spool/calendar 4203585 Possible denial of service attack against rpc.cmsd per bug 4124715 (from 105567-09) 4059776 cde1.3 Non-Official date formats do not exhibit consistent behavior. 4175236 Reminder mail sent from calendar is not internationalized. (from 105567-08) 4230754 Possible buffer overflows in rpc.cmsd 4226690 calendar entries show up in monthly view, but not in others (from 105567-07) 4184188 sdtcm_convert has buffer overflow (from 105567-06) 4117156 Users on SunOs 4.1.3 or unable to access calendar located on Solaris 2.6 system. (from 105567-05) 4108882 2.6 rpc.cmsd crashes when SunOS 4.X tries to access a calendar on 2.6 (from 105567-04) 4105033 CDE:Catalan:Dtcm:File/Print/Weekly view: Doesn't display 2 days correctly (from 105567-03) resolved patch packaging problems (from 105567-02) 4056822 Find 'To' date validation non y2000 compliant. (from 105567-01) 4062516 Removed repeated appointments reappear with rpc.cmsd being restarted. 4075925 Some reminders are delivered early. 4068406 SEGV in realloc in log.c. 4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken) Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- None. README -- Last modified date: Monday, April 1, 2002