PROBLEM: (QAR51557) (Patch ID: OSF425-182) ******** A potential audit vulnerability has been discovered, where under certain circumstances, the audit trail of a user may be compromised. DIGITAL has corrected this potential vulnerability. PROBLEM: (MCGM11S2W) (Patch ID: OSF425-405349) ******** This patch resolves a problem with Enhanced Security not handling a voucher correctly from some other security mechanism such as DCE. The scenario to reproduce the problem would be: a user incorrectly enters his username at the first "login:" prompt, but subsequently corrects the login name when prompted again after the first failure. Without this patch, the user upon successfully typing their login/password on the second try would still receive the message "login incorrect". PROBLEM: (CLD BCSM70BPZ, QAR 62413) (Patch ID: OSF425-433) ******** This patch resolves a problem in Enhanced Security where users could be locked out when an expiration interval was set such that it exceeded the maximum calculable date. PROBLEM: (SSRT0588U, SSRT0642U, QAR 74930) (Patch ID: OSF425-524, OSF425-820) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (QAR 68011) (Patch ID: OSF425-725) ******** This patch fixes a problem of libsecurity producing a core file when handling error conditions. PROBLEM: (CLD HPAQ818MR) (Patch ID: OSF425-852) ******** This patch fixes a problem when the superuser tries to change the shell or finger information of another user when C2 Enhanced Security is installed. PROBLEM: (BCGM812G1V) (PATCH ID: OSF425-924) ******** This patch fixes a problem with logins in a DCE/C2 environment. You could encounter an error "Bad priority setting" if there is a u_priority setting used in /etc/auth/system/default file. PROBLEM: (CLD MGO88206A) (Patch ID: OSF425-859) ******** This patch corrects a problem of the rsh command displaying a warning message instead of the rsh command output when C2 security is configured. An example of the warning message displayed is "Your password will expire on ..." PROBLEM: (54550, 79314, ISO100580) (PATCH ID: OSF425-971) ******** This patch fixes a problem when a system is configured with DECnet, C2 and NIS. When invoking edauth(8) , the error: 'Must be on NIS master server to update entry for is returned. PROBLEM: (TKTR60015, 81049) (PATCH ID: OSF425-1005) ******** This patch fixes a problem for Enhanced Security configurations where the Maximum Login Interval (u_max_login_intvl) field was being ignored for account templates.