Patch-ID# 108195-02 Keywords: security dtprintinfo timing HOME large SIGSEGV Synopsis: CDE 1.0.1_x86: dtprintinfo patch Date: Aug/09/00 Solaris Release: 2.4_x86 2.5_x86 SunOS Release: 5.4_x86 5.5_x86 Unbundled Product: CDE Unbundled Release: 1.0.1_x86 Xref: This patch available on CDE 1.0.2 as patch 108196 Relevant Architectures: i386 BugId's fixed with this patch: 4191060 4191065 4007233 4139394 Changes incorporated in this version: 4139394 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 105715-04 (or newer) Files included with this patch: /usr/dt/bin/dtprintinfo Problem Description: 4139394 long argument causes SIGSEGV (from 108195-01) 4191060 large HOME causes buffer overflow in dtprintinfo 4191065 dtmkdir() potentially has a timing security hole 4007233 Solaris CDE 1.0.2 dtprintinfo security vulnerability Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- None.