Patch-ID# 105566-12 Keywords: security anyone segv reminder calendar mismatch file descriptors Synopsis: CDE 1.2: calendar manager patch Date: Apr/01/2002 Solaris Release: 2.6 SunOS Release: 5.6 Unbundled Product: CDE Unbundled Release: 1.2 Xref: This patch is available for x86 architecture as patch 105567 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4056822 4059776 4062516 4068406 4075925 4105033 4108882 4116961 4117156 4117202 4175236 4184188 4203585 4226690 4230754 4236395 4423202 4641721 Changes incorporated in this version: 4203585 4641721 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 105401-28 or greater Obsoleted by: Files included with this patch: /usr/dt/bin/rpc.cmsd /usr/dt/bin/sdtcm_convert /usr/dt/lib/libcsa.so.0 /usr/dt/lib/nls/msg/C/dtcm.cat /usr/dt/bin/dtcm_delete /usr/dt/bin/dtcm_editor /usr/dt/bin/dtcm_insert /usr/dt/bin/dtcm_lookup /usr/dt/bin/dtcm Problem Description: 4641721 rpc.cmsd gets out of file descriptors -> unusable 4203585 Possible denial of service attack against rpc.cmsd per bug 4124715 (reworked) (from 105566-11) 4423202 calendar mismatch between month and week view (from 105566-10) 4236395 dtcm segv trying to pop-up a reminder (from 105566-09) 4117202 security hole-anyone can create a callog file in /var/spool/calendar 4203585 Possible denial of service attack against rpc.cmsd per bug 4124715 (from 105566-08) 4059776 cde1.3 Non-Official date formats do not exhibit consistent behavior. 4175236 Reminder mail sent from calendar is not internationalized. (from 105566-07) 4230754 Possible buffer overflows in rpc.cmsd 4226690 calendar entries show up in monthly view, but not in others (from 105566-06) 4184188 sdtcm_convert has buffer overflow (from 105566-05) 4117156 Users on SunOs 4.1.3 or unable to access calendar located on Solaris 2.6 system. (from 105566-04) 4108882 2.6 rpc.cmsd crashes when SunOS 4.X tries to access a calendar on 2.6 (from 105566-03) 4105033 CDE:Catalan:Dtcm:File/Print/Weekly view: Doesn't display 2 days correctly (from 105566-02) 4056822 Find 'To' date validation non y2000 compliant. (from 105566-01) 4062516 Removed repeated appointments reappear with rpc.cmsd being restarted. 4075925 Some reminders are delivered early. 4068406 SEGV in realloc in log.c. 4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken) Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- None. README -- Last modified date: Monday, April 1, 2002