PROBLEM: (SSRT0296U) (Patch ID: OSF410-400189B) ******** A potential security vulnerability has been discovered in BIND (Domain Name Service), where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. DIGITAL has corrected this potential vulnerability. PROBLEM: (TKTBC2528, 46553) (Patch ID: OSF410-400313) ******** This patch corrects a problem where, if the FLAG bit is set in the IP header, screend incorrectly reports: ACCEPT: Not first frag, off 64 PROBLEM: (QAR 56298) (Patch ID: OSF410-400408) ******** There is a problem in the Bind (Domain Name Service) patch which may cause incorrect messages to be reported from certain networking related applications and from certain networking related functions in the C runtime library. It may also cause segmentation violations in existing statically linked applications using the US english message catalog, and in dynamically linked applications using non-english message catalogs. In all cases the problem will only occur if the LANG environment variable is set. PROBLEM: (SSRT0494U) (Patch ID: OSF410-400422) ******** This patch corrects a security vulnerability which might allow unauthorized access to a DIGITAL UNIX system. PROBLEM: (SSRT0546U, SSRT0542U) (Patch ID: OSF410-405403) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Digital has corrected this potential vulnerability. In addressing this issue, a warning message not previously seen may be placed in the daemon.log by named. An example of the message follows: Jan 7 14:03:25 hostname named[316]: owner name "xx_yy.zz.com" IN (secondary) is invalid - proceeding anyway This message has no impact on system operation and will only be seen once for any given node name on a BIND server at startup. It is informing the user that this node name contains non-standard characters. Standard characters are defined as A-Z, a-z, 0-9 and hyphen. Non-standard characters are characters that fall out of the standard set such as underscores. PROBLEM: (QAR 68986) (Patch ID: OSF410-405568) ******** This patch fixes a problem in which a BIND server may find that named will place a warning message in the daemon.log that was not previously seen. This message has no impact on system operation and will only be seen once for any given node on a BIND server at startup. In addressing security releated BIND issues, an area of BIND functionality was altered in a previous BIND patch. A message that informs the user that a node name contains non-standard characters, such as underscores, is placed in the daemon.log file. An example of the message is: Jan 7 14:03:25 host named[316]: owner name "xx_yy.zz.com" IN (secondary) is invalid - proceeding anyway Standard characters are defined as A-Z, a-z, 0-9 and hyphen. PROBLEM: (QAR 69028) (Patch ID: OSF410-405569) ******** This patch fixes a problem in which a BIND server writes files to the /etc/namedb directory instead of the /var/tmp directory. In addressing security related BIND issues, an area of BIND functionality was altered in a previous BIND patch. Files written to the /etc/namedb directory include named.run, named_dump.db, and named.stats.