Patch-ID# 103668-08 Keywords: security DNS libresolv.so.2 CERT BIND 4.9.3 in.named nss_dns.so.1 Synopsis: SunOS 5.5_x86: /usr/lib/libresolv.so.1 fix Date: Mar/05/98 Solaris Release: 2.5_x86 SunOS Release: 5.5_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103667 Topic: SunOS 5.5_x86: /usr/lib/libresolv.so.1 fix NOTE: This patch is generated to fix bug 4026266 and to workaround the patch architecture bug 4010430 (installpatch should ignore a required patch when not applicable to the target system). BugId's fixed with this patch: 1238679 1247019 1253600 1264386 1265838 4007986 4008451 4018620 4026266 4037068 4038360 4071167 Changes incorporated in this version: 4071167 Relevant Architectures: i386 Patches accumulated and obsoleted by this patch: 103704-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/include/netdb.h /usr/include/resolv.h /usr/include/arpa/nameser.h /usr/lib/libresolv.so /usr/lib/libresolv.so.1 /usr/lib/libresolv.so.2 /usr/lib/nslookup.help /usr/lib/nss_dns.so.1 /usr/sbin/in.named /usr/sbin/named-xfer /usr/sbin/nslookup /usr/sbin/nstest Problem Description: 4071167 libresolv.so.1 can cause threaded applications to deadlock via nss_dns.so.1 (from 103668-07) 4026266 DNS/sendmail patch 103667/102980 inconsistency on dataless clients 4008451 in.named should have a configurable listen(3N) backlog 4037068 libresolv does not re-read resolv.conf 4038360 apps linked against libresolv.so.1 and running with 103663-05 fail (from 103668-06) 4008451 in.named should have a configurable listen(3N) backlog 4037068 libresolv does not re-read resolv.conf 4038360 apps linked against libresolv.so.1 and running with 103663-05 fail (from 103668-05) 4018620 DNS server cache corruption and lost of root server A records. (from 103668-04) 1265838 nslookup takes too long to fail if /etc/resolv.conf is missing (from 103668-03) 1264386 BIND 4.9.3 integration not complete 4007986 libresolv conflict for libresolv.so.1 apps using DNS via NS switch (from 103668-02) 1247019 nslookup takes 90 seconds if /etc/resolv.conf file is missing (from 103668-01) 1238679 DNS spoofing is possible per Cern ca-96.02 (from 103704-01) 1253600 nss_dns.so.1 source modification and rebuild for BIND 4.9.3 Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- Please refer to the file called BIND_493 that came with this patch. This document will describe the difference between libresolv.so.1 and libresolv.so.2 and it should provide the BIND 4.9.3 man pages. It is recommended to install the following patches: 102981-07 or newer sendmail patch 103280-02 or newer nscd/nscd_nischeck rebuild for BIND 4.9.3 103709-01 or newer rpc.nisd_resolv rebuild for BIND 4.9.3 NOTE: This patch is generated to fix bug 4026266 and to workaround the patch architecture bug 4010430 (installpatch should ignore a required patch when not applicable to the target system).