The following potential security vulnerabilities have been identified or
reported in the HP Tru64 UNIX operating system that may result in unauthorized 
Privileged Access or a Denial of Service (DoS). These potential vulnerabilities 
may be in the form of Local and Remote security domain risks.

Severity is (HIGH) on all the potential vulnerabilities that have been
corrected:

    o SSRT2322 Bind resolver exploit in ISC      
    o SSRT2384 TCP exploit denies all RPC service
    o SSRT2341 calloc() potential overflow
    o SSRT2439 xdrmem_getbytes() potential overflow
    o SSRT2412 portmapper hang after port scan with C2 enabled

Note: 
This patchkit is designed to install standalone or over previous ERP patch kit 
104.10 - SSRT2275 - Cumulative Buffer Overflow and contains some but not all of
the fixes included in SSRT2275.  If you require all the fixes in previous ERP 
SSRT2275 you should install the SSRT2275 patch kit prior to installing the patch
kit contained in this ERP.  

See http://h30097.www3.hp.com/unix/security-download.html
for details and location reagarding the previous ERP patch kit.


