ECO NUMBER: MOTDU_E01032F ----------- PRODUCT: Digital UNIX Operating System -------- UPDATED PRODUCT: Digital UNIX Operating System 3.2F ---------------- APPRX BLCK SIZE: 363 ---------------- DIGITAL Cover Letter for DECwindows Motif Toolkit for Digital UNIX ECO Kit #01, V3.2F ECO Kit #01 Description ------------------- The Motif Toolkit for Digital UNIX V3.2F Release Notes contain a complete explanation of this release. Below is a brief description: ECO # Description/Symptoms ===== ==================== ECO 01 DECwindows Session Manager (dxsession) A potential security vulnerability has been discovered, where dxsession writes to /tmp directory, which under certain circumstances, system integrity may be compromised. Digital has corrected potential vulnerability (CLD SSRT0432U). An ungraceful exit can be made through the window manager's 'Close' button, whose behavior is inconsistent with that of dxsession's 'End Session' button (CLD HPAQ210HY). Installation Overview --------------------- Install this kit using the PATCH script found in the compressed tar file motdu_e01032f.tar.Z . To unpack the kit, create an empty directory and extract the contents of motdu_e01032f.tar.Z into that directory. NOTE: If this ECO is received on tape media, it will already be in an uncompressed .tar, motdu_e01032f.tar, format. Copyright Digital Equipment Corporation 1996. All Rights reserved. This software is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from Digital or an authorized sublicensor. This ECO has not been through an exhaustive field test process. Due to the experimental stage of this ECO/workaround, Digital makes no representations regarding its use or performance. The customer shall have the sole responsibility for adequate protection and back-up data used in conjunction with this ECO/workaround.