Patch-ID# 109327-16 Keywords: security libresolv poll() bind 8.2.2 in.named resolver authentication Synopsis: SunOS 5.8_x86: libresolv.so.2 and in.named patch Date: Sep/01/2004 Install Requirements: Install in Single User Mode Reboot after installation See Special Install Instructions Solaris Release: 8_x86 SunOS Release: 5.8_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 109326 Topic: SunOS 5.8_x86: libresolv.so.2 and in.named patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 4136555 4253123 4284409 4300887 4324375 4349983 4353836 4365909 4409676 4444745 4451645 4471907 4500573 4500613 4525129 4617431 4646349 4700305 4708913 4777715 4863307 4879704 4879822 4928758 4933407 4941011 Changes incorporated in this version: 4471907 4500613 4617431 4879822 4941011 Patches accumulated and obsoleted by this patch: 110515-01 Patches which conflict with this patch: Patches required with this patch: 108994-27 or greater Obsoleted by: Files included with this patch: /usr/include/arpa/nameser.h /usr/include/arpa/nameser_compat.h /usr/include/netdb.h /usr/include/resolv.h /usr/lib/abi/abi_libresolv.so.2 /usr/lib/dns/cylink.so.1 /usr/lib/dns/dnssafe.so.1 /usr/lib/dns/irs.so.1 /usr/lib/libresolv.so.2 /usr/lib/llib-lresolv /usr/lib/llib-lresolv.ln /usr/lib/nss_dns.so.1 /usr/sbin/dnskeygen /usr/sbin/in.named /usr/sbin/named-bootconf /usr/sbin/named-xfer /usr/sbin/ndc /usr/sbin/nslookup /usr/sbin/nstest /usr/sbin/nsupdate Problem Description: 4879822 in.named core dumps, Solaris 8, Bind v. 8.2.2-P5 4471907 libresolv doesn't init in an ipv6 only environment 4500613 res_npquery (3RESOLV) not available in libresolv.so.2 4617431 mozilla dumps core when using post-4525129 libresolv2 4941011 nslookup 'view' command fails with 'sed: command garbled' (from 109327-15) 4863307 nsupdate fails with more than 14 NS records for Bind 8.2.2 and 8.2.4 4933407 resolvers do not follow referrals (from 109327-14) 4879704 ndc can't switch off tracing with notrace when in.named is under heavy load (from 109327-13) 4928758 Negative Cache Poison Attack (from 109327-12) Respin only due to bad patching of 108993-27 through 108993-30. (from 109327-11) 4353836 if more than 255 file descriptors are already open then gethostbyname fails (from 109327-10) 4777715 Multiple Remote Vulnerabilities in BIND - CERT Advisory CA-2002-31 4700305 nslookup does not follow its 'srchlist' under some circumstances (from 109327-09) 4708913 CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries (from 109327-08) 4525129 DNS over TCP can induce gethostbyX(3NSL) meltdown 4646349 libresolv.so.2 leaks memory in multi-threaded programs (from 109327-07) 4500573 Multithreaded applications block in DNS Name Service switch backend. (from 109327-06) 4451645 Clearcase 4.0 will not work with Solaris 8 4/2001 (from 109327-05) 4324375 rsh to machine with two interfaces on same subnet has problems with firewall. (from 109327-04) 4444745 DNS / BIND 8.2.2p5 in.named core during port scan (from 109327-03) 4409676 CERT Advisory CA-2001-02/Solaris dns (bind) (from 109327-02) This patch revision was generated to accumulate and obsolete the feature changes introduced in feature point patch 110515-01 (from 109327-01) 4284409 libresolv does not protect itself from netscape provided poll routine (from 110515-01) 4349983 Event library expects file modes to apply to AF_UNIX sockets 4365909 in.named crashed and burned in db_freedata 4300887 Solaris in.named compile omits CAN_CHANGE_ID/HAVE_CHROOT 4136555 sccs keyword expansion gives bad VER in in.named Makefile.com 4253123 nslookup displays truncated data if DNS entry has more than 5 long TXT records Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE: To get the complete fix for 4324375 (rsh to machine with two interfaces on same subnet has problems with firewall), one needs to install the following patches: 111328-02 (or newer) /usr/lib/libsocket.so.1 patch 108986-03 (or newer) /usr/sbin/in.rshd patch README -- Last modified date: Wednesday, September 1, 2004