 |
≫ |
|
|
|
パッチ名: PHCO_36759
パッチ摘要: s700_800 11.23 libpam_unix累積パッチ
作成日: 07/07/02
公開日: 07/08/20
ハードウェアプラットフォームおよびOSリリース:
s700: 11.23
s800: 11.23
現象:
PHCO_36759:
(SR:8606490020 CR:JAGag42501)
PAMアプリケーションでのメモリーリーク。
問題点の説明:
PHCO_36759:
(SR:8606490020 CR:JAGag42501)
pam_authenticate(3)インタフェースを使用するマルチスレッドアプリケーシ
ョンで、メモリーリークが起きることがありました。
解決方法:
メモリーリークが起きないようにlibpam_unixライブラリを修正しました。
-----------------------------------------------------------------------------
Patch Name: PHCO_36759
Patch Description: s700_800 11.23 libpam_unix cumulative patch
Creation Date: 07/07/02
Post Date: 07/08/20
Hardware Platforms - OS Releases:
s700: 11.23
s800: 11.23
Products: N/A
Filesets:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP
Automatic Reboot?: No
Status: General Release
Critical:
Yes
PHCO_36759: MEMORY_LEAK
Category Tags:
defect_repair enhancement general_release critical
memory_leak
Path Name: /hp-ux_patches/s700_800/11.X/PHCO_36759
Symptoms:
PHCO_36759:
( SR:8606490020 CR:JAGag42501 )
Memory leak in a PAM application.
PHCO_35850:
( SR:8606447411 CR:JAGag04752 )
This patch is a member of a set needed to enable the
optional HP-UX Role-Based Access Control (RBAC)
Infrastructure bundle, version B.11.23.04. Upon
installation, the RBAC Infrastructure bundle will install
the full set of patches (including this one) required to
enable the Role-Based Access Control B.11.23.04 features.
If the HP-UX Role-Based Access Control product version
B.11.23.04 is not installed, this patch will have no impact
on your system.
( SR:8606472428 CR:JAGag27306 )
When changing passwords, some passwords that should be
rejected are permitted.
PHCO_35251:
( SR:8606453353 CR:JAGag10094 )
Incorrect last login information.
( SR:8606469755 CR:JAGag24926 )
Inconsistent password authentication in trusted mode.
PHCO_34215:
( SR:8606424559 CR:JAGaf84082 )
Problem with the password policies in trusted mode.
( SR:8606442306 CR:JAGag00101 )
A trusted mode counter was occasionally inaccurate.
PHCO_33488:
( SR:8606399768 CR:JAGaf59724 )
This product update is required to pre-enable the
adjustment of a system configurable limit.
PHCO_32926:
( SR:8606394638 CR:JAGaf54661 )
Account restrictions are not always correctly enforced.
( SR:8606394994 CR:JAGaf55008 )
Changing a password does not recover gracefully from
some error conditions.
PHCO_32147:
( SR:8606372386 CR:JAGaf32792 )
This patch is a member of a set needed to enable the
optional HP-UX Standard Mode Security Extensions feature.
Upon installation, the HP-UX Standard Mode Security
Extensions bundle (StdModSecExt) will install the full set
of patches (including this one) required to enable the
Standard Mode Security Extensions feature.
If the Standard Mode Security Extensions feature is not
enabled, this patch will have no impact on your system.
PHCO_31570:
( SR:8606353934 CR:JAGaf14728 )
The PA-RISC and IPF versions of the security libraries
were different in HP-UX 11.23. The PA-RISC versions were
based on HP-UX 11.11 code, while the IPF versions were
based on HP-UX 11.23 code.
( SR:8606360276 CR:JAGaf20972 )
The password command sometimes does not
behave as expected.
( SR:8606370287 CR:JAGaf30714 )
Some syslog entries for libpam_unix were needlessly
verbose.
Defect Description:
PHCO_36759:
( SR:8606490020 CR:JAGag42501 )
A multi-threaded application can experience a memory
leak when using the pam_authenticate(3) interface.
Resolution:
Fixed a memory leak in the libpam_unix library.
PHCO_35850:
( SR:8606447411 CR:JAGag04752 )
This patch contains enhancements that support the
features included in the HP-UX Role-Based Access Control
product, version B.11.23.04.
Resolution:
When the HP-UX Role-Based Access Control B.11.23.04 product
is installed, this module implements new security features
in PAM.
( SR:8606472428 CR:JAGag27306 )
Passwords that should be rejected by libpam_unix are
incorrectly evaluated as valid.
Resolution:
The problem has been fixed in the libpam_unix library.
PHCO_35251:
( SR:8606453353 CR:JAGag10094 )
Part of the last successful login information may sometimes
be incorrect.
Resolution:
The last successful login information is now correct.
( SR:8606469755 CR:JAGag24926 )
Passwords are inconsistently enforced in trusted mode.
Resolution:
Authentication is now consistent in trusted mode.
PHCO_34215:
( SR:8606424559 CR:JAGaf84082 )
Password policies are not always correctly enforced in
trusted mode.
Resolution:
The policies are now properly enforced.
( SR:8606442306 CR:JAGag00101 )
In rare cases, a trusted mode counter was not properly
maintained.
Resolution:
The counter now functions correctly.
PHCO_33488:
( SR:8606399768 CR:JAGaf59724 )
This product update contains minor enhancements
required to pre-enable the adjustment of a system
configurable limit.
Resolution:
This product is enhanced to address the adjustment in the
system configurable limit.
PHCO_32926:
( SR:8606394638 CR:JAGaf54661 )
Under some circumstances libpam_unix does not properly
enforce account restrictions.
Resolution:
Account restrictions are properly enforced.
( SR:8606394994 CR:JAGaf55008 )
Changing a user password does not work as expected
under some conditions.
Resolution:
Changing a password now works as expected.
PHCO_32147:
( SR:8606372386 CR:JAGaf32792 )
This patch contains enhancements that support the Standard
Mode Security Extensions feature.
Resolution:
When the Standard Mode Security Extensions feature is
installed, this module supports new security features.
PHCO_31570:
( SR:8606353934 CR:JAGaf14728 )
Deliver uniform versions of the security libraries
on PA-RISC and IPF machines.
Resolution:
The PA-RISC and IPF versions of the security libraries
are now functionally equivalent.
( SR:8606360276 CR:JAGaf20972 )
Changing a user password does not work as
expected in some circumstances.
Resolution:
Changing a password now works as expected.
( SR:8606370287 CR:JAGaf30714 )
"warn_user_passwd_will_expire" messages in syslog were not
conditional on relevant debug options.
Resolution:
Syslog entries for above message are now conditional.
Enhancement:
No (superseded patches contained enhancements)
PHCO_35850:
Support added for the HP-UX Role-Based Access
Control (RBAC) product, version B.11.23.04.
PHCO_33488:
Pre-enablement of the adjustment of a system
configurable limit.
PHCO_32147:
Pre-enablement for the Standard Mode Security
Extensions feature.
PHCO_31570:
( SR:8606353934 CR:JAGaf14728 )
Deliver uniform versions of the security libraries
on PA-RISC and IPF machines.
SR:
8606490020 8606447411 8606472428 8606453353 8606469755
8606424559 8606442306 8606399768 8606353934 8606360276
8606370287 8606372386 8606394638 8606394994
Patch Files:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
/usr/share/man/man5.Z/pam_unix.5
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/lib/security/pa20_64/libpam_unix.so.1
/usr/lib/security/hpux64/libpam_unix.so.1
/usr/lib/security/pa20_64/libpam_unix.1
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/lib/security/libpam_unix.so.1
/usr/lib/security/hpux32/libpam_unix.so.1
/usr/lib/security/libpam_unix.1
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/lib/security/pa20_64/libpam_unix.so.1
/usr/lib/security/pa20_64/libpam_unix.1
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/lib/security/libpam_unix.so.1
/usr/lib/security/libpam_unix.1
what(1) Output:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
/usr/share/man/man5.Z/pam_unix.5:
None
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/lib/security/pa20_64/libpam_unix.so.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
/usr/lib/security/hpux64/libpam_unix.so.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
/usr/lib/security/pa20_64/libpam_unix.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/lib/security/libpam_unix.so.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
/usr/lib/security/hpux32/libpam_unix.so.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
/usr/lib/security/libpam_unix.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/lib/security/pa20_64/libpam_unix.so.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
/usr/lib/security/pa20_64/libpam_unix.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/lib/security/libpam_unix.so.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
/usr/lib/security/libpam_unix.1:
$Revision: @(#) hpux R11.23_BL2007_0702_5 PATCH_11.2
3 PHCO_36759
cksum(1) Output:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
1117682724 4297 /usr/share/man/man5.Z/pam_unix.5
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
2231781867 225512 /usr/lib/security/pa20_64/libpam_unix.so.1
1478889830 537784 /usr/lib/security/hpux64/libpam_unix.so.1
2231781867 225512 /usr/lib/security/pa20_64/libpam_unix.1
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
3752577605 221184 /usr/lib/security/libpam_unix.so.1
2710437070 524220 /usr/lib/security/hpux32/libpam_unix.so.1
3752577605 221184 /usr/lib/security/libpam_unix.1
OS-Core.CORE2-64SLIB,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
2231781867 225512 /usr/lib/security/pa20_64/libpam_unix.so.1
2231781867 225512 /usr/lib/security/pa20_64/libpam_unix.1
OS-Core.CORE2-SHLIBS,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
3752577605 221184 /usr/lib/security/libpam_unix.so.1
3752577605 221184 /usr/lib/security/libpam_unix.1
Patch Conflicts: None
Patch Dependencies:
s700: 11.23: PHCO_31554 PHCO_31589 PHCO_31590 PHCO_31616
PHCO_31618 PHCO_31621 PHKL_31500
s800: 11.23: PHCO_31554 PHCO_31589 PHCO_31590 PHCO_31616
PHCO_31618 PHCO_31621 PHKL_31500
Hardware Dependencies: None
Other Dependencies: None
Supersedes:
PHCO_35850 PHCO_35251 PHCO_34215 PHCO_33488 PHCO_32926 PHCO_32147
PHCO_31570
Equivalent Patches:
PHCO_36760:
11.31
Patch Package Size: 830 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHCO_36759
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHCO_36759.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHCO_36759. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHCO_36759.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHCO_36759.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHCO_36759.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions: None
|
