 |
≫ |
|
|
|
パッチ名: PHCO_36742
パッチ摘要: s700_800 11.23 libpam_hpsec累積パッチ
作成日: 07/06/29
公開日: 07/08/20
ハードウェアプラットフォームおよびOSリリース:
s700: 11.23
s800: 11.23
現象:
PHCO_36742:
1.(SR:8606490023 CR:JAGag42504)
PAMアプリケーションでのメモリーリーク。
2.(SR:8606470472 CR:JAGag25559)
ユーザー名が定義されていないと、pam_authenticate(3)がPAM_USER_UNKNOWN
を返します。
3.(SR:8606490232 CR:JAGag42692)
ログインの成功時に、ログイン情報が正しく表示されないことがあります。
問題点の説明:
PHCO_36742:
1.(SR:8606490023 CR:JAGag42504)
pam_open_session(3)インタフェースを使用するマルチスレッドアプリケーシ
ョンで、メモリーリークが起きることがありました。
解決方法:
メモリーリークが起きないようにlibpam_hpsecライブラリを修正しました。
2.(SR:8606470472 CR:JAGag25559)
ユーザー名が未定義の場合、pam_authenticate(3)インタフェースは、ユーザ
ー名の入力を促すプロンプトを表示することになっています。ところが、不正
に、PAM_USER_UNKNOWNが返されていました。
解決方法:
ユーザー名が未定義の場合は、pam_authenticate(3)がユーザー名の入力を促
すプロンプトを表示するようにlibpam_hpsecライブラリを修正しました。
3.(SR:8606490232 CR:JAGag42692)
security(4)のDISPLAY_LAST_LOGIN属性は、ログインの成功時に前回のログイ
ン情報を表示するかどうかをコントロールします。ところが、この情報が正し
く表示されないことがありました。
解決方法:
ログイン情報を正しく表示するようにlibpam_hpsecライブラリを修正しました。
-----------------------------------------------------------------------------
Patch Name: PHCO_36742
Patch Description: s700_800 11.23 libpam_hpsec cumulative patch
Creation Date: 07/06/29
Post Date: 07/08/20
Hardware Platforms - OS Releases:
s700: 11.23
s800: 11.23
Products: N/A
Filesets:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.CORE-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.UX-FRE-I-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.UX-FRE-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.UX-GER-I-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.UX-GER-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.UX-JPN-E-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.UX-JPN-S-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.UX-JPN-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP
Automatic Reboot?: No
Status: General Release
Critical:
Yes
PHCO_36742: MEMORY_LEAK
Category Tags:
defect_repair enhancement general_release critical
memory_leak
Path Name: /hp-ux_patches/s700_800/11.X/PHCO_36742
Symptoms:
PHCO_36742:
( SR:8606490023 CR:JAGag42504 )
Memory leak in a PAM application.
( SR:8606470472 CR:JAGag25559 )
pam_authenticate(3) returns PAM_USER_UNKNOWN if
no username is defined.
( SR:8606490232 CR:JAGag42692 )
A successful login may display login information
incorrectly.
PHCO_33487:
( SR:8606399768 CR:JAGaf59724 )
This product update is required to pre-enable the
adjustment of a system configurable limit.
PHCO_32148:
( SR:8606372386 CR:JAGaf32792 )
This patch is a member of a set needed to enable the
optional HP-UX Standard Mode Security Extensions feature.
Upon installation, the HP-UX Standard Mode Security
Extensions bundle (StdModSecExt) will install the full set
of patches (including this one) required to enable the
Standard Mode Security Extensions feature.
If the Standard Mode Security Extensions feature is not
enabled, this patch will have no impact on your system.
PHCO_31590:
( SR:8606353934 CR:JAGaf14728 )
The PA-RISC and IPF versions of the security libraries
were different in HP-UX 11.23. The PA-RISC versions were
based on HP-UX 11.11 code, while the IPF versions were
based on HP-UX 11.23 code.
( SR:8606348574 CR:JAGaf09395 )
This product update is a member of a set needed to
enable auditing without converting to a trusted system.
Defect Description:
PHCO_36742:
( SR:8606490023 CR:JAGag42504 )
A multi-threaded application can experience a memory
leak when using the pam_open_session(3) interface.
Resolution:
Fixed a memory leak in the libpam_hpsec library.
( SR:8606470472 CR:JAGag25559 )
If no username is defined, the pam_authenticate(3)
interface is expected to prompt for a username;
instead it incorrectly returns PAM_USER_UNKNOWN.
Resolution:
Modified the libpam_hpsec library so that
pam_authenticate(3) prompts for a username
when no username is defined.
( SR:8606490232 CR:JAGag42692 )
The security(4) DISPLAY_LAST_LOGIN attribute controls
whether or not a successful login displays information
about previous logins. In some circumstances this
information could be displayed incorrectly.
Resolution:
Modified the libpam_hpsec library to correctly display
login information.
PHCO_33487:
( SR:8606399768 CR:JAGaf59724 )
This product update contains minor enhancements
required to pre-enable the adjustment of a system
configurable limit.
Resolution:
This product is enhanced to address the adjustment in the
system configurable limit.
PHCO_32148:
( SR:8606372386 CR:JAGaf32792 )
This patch contains enhancements that support the Standard
Mode Security Extensions feature.
Resolution:
When the Standard Mode Security Extensions feature is
installed, this module supports new security features.
PHCO_31590:
( SR:8606353934 CR:JAGaf14728 )
Deliver uniform versions of the security libraries
on PA-RISC and IPF machines.
Resolution:
The PA-RISC and IPF versions of the security libraries
are now functionally equivalent.
( SR:8606348574 CR:JAGaf09395 )
This product update contains enhancements required to
enable auditing without converting to a trusted system.
Resolution:
pam_hpsec(5) is supported to handle the per-session
audit information transparently for the applications
which use PAM.
Enhancement:
No (superseded patches contained enhancements)
PHCO_33487:
Pre-enablement of the adjustment of a system
configurable limit.
PHCO_32148:
Pre-enablement for the Standard Mode Security
Extensions feature.
PHCO_31590:
( SR:8606353934 CR:JAGaf14728 )
Deliver uniform versions of the security libraries
on PA-RISC and IPF machines.
( SR:8606348574 CR:JAGaf09395 )
This product update is a member of a set needed to
enable auditing without converting to a trusted system.
SR:
8606490023 8606470472 8606490232 8606399768 8606348574
8606353934 8606372386
Patch Files:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
/usr/share/man/man5.Z/pam_hpsec.5
OS-Core.CORE-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/C/pam_hpsec.cat
OS-Core.UX-FRE-I-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/fr_FR.iso88591/pam_hpsec.cat
/usr/lib/nls/msg/fr_CA.iso88591/pam_hpsec.cat
OS-Core.UX-FRE-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/fr_FR.utf8/pam_hpsec.cat
/usr/lib/nls/msg/fr_CA.utf8/pam_hpsec.cat
OS-Core.UX-GER-I-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/de_DE.iso88591/pam_hpsec.cat
OS-Core.UX-GER-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/de_DE.utf8/pam_hpsec.cat
OS-Core.UX-JPN-E-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/ja_JP.eucJP/pam_hpsec.cat
OS-Core.UX-JPN-S-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/ja_JP.SJIS/pam_hpsec.cat
OS-Core.UX-JPN-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/ja_JP.utf8/pam_hpsec.cat
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/lib/security/pa20_64/libpam_hpsec.so.1
/usr/lib/security/hpux64/libpam_hpsec.so.1
/usr/lib/security/pa20_64/libpam_hpsec.1
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/lib/security/libpam_hpsec.so.1
/usr/lib/security/hpux32/libpam_hpsec.so.1
/usr/lib/security/libpam_hpsec.1
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/lib/security/pa20_64/libpam_hpsec.so.1
/usr/lib/security/pa20_64/libpam_hpsec.1
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/lib/security/libpam_hpsec.so.1
/usr/lib/security/libpam_hpsec.1
what(1) Output:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
/usr/share/man/man5.Z/pam_hpsec.5:
None
OS-Core.CORE-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/C/pam_hpsec.cat:
None
OS-Core.UX-FRE-I-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/fr_FR.iso88591/pam_hpsec.cat:
None
/usr/lib/nls/msg/fr_CA.iso88591/pam_hpsec.cat:
None
OS-Core.UX-FRE-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/fr_FR.utf8/pam_hpsec.cat:
None
/usr/lib/nls/msg/fr_CA.utf8/pam_hpsec.cat:
None
OS-Core.UX-GER-I-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/de_DE.iso88591/pam_hpsec.cat:
None
OS-Core.UX-GER-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/de_DE.utf8/pam_hpsec.cat:
None
OS-Core.UX-JPN-E-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/ja_JP.eucJP/pam_hpsec.cat:
None
OS-Core.UX-JPN-S-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/ja_JP.SJIS/pam_hpsec.cat:
None
OS-Core.UX-JPN-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/lib/nls/msg/ja_JP.utf8/pam_hpsec.cat:
None
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/lib/security/pa20_64/libpam_hpsec.so.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
/usr/lib/security/hpux64/libpam_hpsec.so.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
/usr/lib/security/pa20_64/libpam_hpsec.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/lib/security/libpam_hpsec.so.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
/usr/lib/security/hpux32/libpam_hpsec.so.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
/usr/lib/security/libpam_hpsec.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/lib/security/pa20_64/libpam_hpsec.so.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
/usr/lib/security/pa20_64/libpam_hpsec.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/lib/security/libpam_hpsec.so.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
/usr/lib/security/libpam_hpsec.1:
$Revision: @(#) hpsec R11.23_BL2007_0629_7 PATCH_11.
23 PHCO_36742
cksum(1) Output:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
1228550975 3764 /usr/share/man/man5.Z/pam_hpsec.5
OS-Core.CORE-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
2359969925 227 /usr/lib/nls/msg/C/pam_hpsec.cat
OS-Core.UX-FRE-I-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
693750205 275 /usr/lib/nls/msg/fr_FR.iso88591/pam_hpsec.cat
693750205 275 /usr/lib/nls/msg/fr_CA.iso88591/pam_hpsec.cat
OS-Core.UX-FRE-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
2939513850 280 /usr/lib/nls/msg/fr_FR.utf8/pam_hpsec.cat
2939513850 280 /usr/lib/nls/msg/fr_CA.utf8/pam_hpsec.cat
OS-Core.UX-GER-I-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
1090650837 243 /usr/lib/nls/msg/de_DE.iso88591/pam_hpsec.cat
OS-Core.UX-GER-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
2556017551 246 /usr/lib/nls/msg/de_DE.utf8/pam_hpsec.cat
OS-Core.UX-JPN-E-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
129248412 231 /usr/lib/nls/msg/ja_JP.eucJP/pam_hpsec.cat
OS-Core.UX-JPN-S-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
2741938228 231 /usr/lib/nls/msg/ja_JP.SJIS/pam_hpsec.cat
OS-Core.UX-JPN-U-MSG,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP:
647088481 299 /usr/lib/nls/msg/ja_JP.utf8/pam_hpsec.cat
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
169854445 59840 /usr/lib/security/pa20_64/libpam_hpsec.so.1
2113025143 106304 /usr/lib/security/hpux64/libpam_hpsec.so.1
169854445 59840 /usr/lib/security/pa20_64/libpam_hpsec.1
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
2826287510 57344 /usr/lib/security/libpam_hpsec.so.1
3335222341 102924 /usr/lib/security/hpux32/libpam_hpsec.so.1
2826287510 57344 /usr/lib/security/libpam_hpsec.1
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
169854445 59840 /usr/lib/security/pa20_64/libpam_hpsec.so.1
169854445 59840 /usr/lib/security/pa20_64/libpam_hpsec.1
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
2826287510 57344 /usr/lib/security/libpam_hpsec.so.1
2826287510 57344 /usr/lib/security/libpam_hpsec.1
Patch Conflicts: None
Patch Dependencies:
s700: 11.23: PHCO_31554 PHCO_31570 PHCO_31589 PHCO_31618
PHCO_31621 PHKL_31500
s800: 11.23: PHCO_31554 PHCO_31570 PHCO_31589 PHCO_31618
PHCO_31621 PHKL_31500
Hardware Dependencies: None
Other Dependencies: None
Supersedes:
PHCO_33487 PHCO_32148 PHCO_31590
Equivalent Patches:
PHCO_36743:
11.31
Patch Package Size: 250 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHCO_36742
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHCO_36742.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHCO_36742. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHCO_36742.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHCO_36742.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHCO_36742.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions: None
|
