Patch-ID# 106437-04 Keywords: security dtprintinfo core "lp -o" sigsegv Synopsis: CDE 1.2: Print Manager Patch Date: Dec/03/2003 Install Requirements: None Solaris Release: 2.6 SunOS Release: 5.6 Unbundled Product: CDE Unbundled Release: 1.2 Xref: This patch is available for x86 architecture as patch 106438 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4129024 4139394 4191060 4191065 4788209 Changes incorporated in this version: 4788209 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 105669-06 or greater Obsoleted by: Files included with this patch: /usr/dt/bin/dtprintinfo Problem Description: 4788209 /usr/dt/bin/dtprintinfo HOME env overflow (from 106437-03) 4139394 long argument causes SIGSEGV (from 106437-02) 4191060 large HOME causes buffer overflow in dtprintinfo 4191065 dtmkdir() potentially has a timing security hole (from 106437-01) 4129024 dtprintinfo dumps core when lp(1) is invoked with -o option. Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- None. README -- Last modified date: Wednesday, December 3, 2003