Patch-ID# 106438-04 Keywords: security dtprintinfo core "lp -o" sigsegv Synopsis: CDE 1.2_x86: Print Manager Patch Date: Dec/03/2003 Install Requirements: None Solaris Release: 2.6_x86 SunOS Release: 5.6_x86 Unbundled Product: CDE Unbundled Release: 1.2_x86 Xref: This patch is available for SPARC architecture as patch 106437 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 4007233 4129024 4139394 4191060 4191065 4788209 Changes incorporated in this version: 4788209 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 105670-08 or greater Obsoleted by: Files included with this patch: /usr/dt/bin/dtprintinfo Problem Description: 4788209 /usr/dt/bin/dtprintinfo HOME env overflow (from 106438-03) 4139394 long argument causes SIGSEGV (from 106438-02) 4191060 large HOME causes buffer overflow in dtprintinfo 4007233 Solaris CDE 1.0.2 dtprintinfo security vulnerability 4191065 dtmkdir() potentially has a timing security hole (from 106438-01) 4129024 dtprintinfo dumps core when lp(1) is invoked with -o option. Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- None. README -- Last modified date: Wednesday, December 3, 2003