The e-mail announcing SSRT2275 and SSRT2229 states that
"These ERPs supercede ERPs delivered with the release of SSRT2257 HP Tru64
UNIX /usr/bin/su buffer overflow potential exploit August 1, 2002. cross
reference CERT VU#193347"
The earlier patch which was superceded itself superceded an earlier patch,
"Tru64 UNIX has integrated the fixes delivered for SSRTM541 in
t64v40gb17-c0010303-14314-es-20020515.tar into this ERP kit because
both needed to update libc."
There is a libc.a in the latest patch, does this mean it superceds both
earlier ones?
There is no write-up on
http://ftp.support.compaq.com/patches/.new/unix.shtml
to cast light on this.
John Nebel
Received on Sun Sep 01 2002 - 14:21:01 NZST