Several potential security vulnerabilities have been identified in
the HP Tru64 UNIX operating system that may allow non-privileged
users to gain unauthorized (root) access. This may be in the form of 
local security domain risks.

The potential security vulnerability in the following commands
have been corrected:


    o SSRT2257 /usr/bin/su (Severity - High)

    o SSRT2190 /usr/bin/chsh (Severity - Medium)

    o SSRT2192 /usr/bin/passwd (Severity - Medium)

    o SSRT2259 /usr/bin/chfn (Severity - Medium)

    o SSRT2262 /usr/tcb/bin/dxchpwd (Severity - Medium)

The previously released patches for potential security vulnerabilities
for SSRTM541 are also included in this patch kit:

    o CDE (Severity - High), potential vulnerability due to buffer 
      overflow condition
        - SSRT0752U /usr/dt/bin/dtaction
        - SSRT0753U /usr/dt/bin/ttsession
        - SSRT0782U /usr/dt/bin/dtspcd 
        - SSRT0757U, SSRT0788U /usr/dt/bin/dtprintinfo

    o Environment Variable LANG and LOCPATH (Severity - High)
        - SSRT0771U libc 
 
    o NIS Network Information Service (Severity - Medium)
        - SSRT0781U ypbind may core during nmap portscan 
  
For more information on the potential vulnerabilities fixed in SSRTM541 
see the HP Tru64 UNIX Security Bulletin:

Titled:   (SSRTM541) Tru64 UNIX CDE, NFS and NIS related Potential 
          Security Vulnerabilities

Located:   http://wwss1pro.compaq.com/support/reference_library/


