Hewlett-Packard Co. is recommending that users patch HP-UX to fix a pair of vulnerabilities that could allow remote denial-of-service attacks, local privilege escalation and local denial of service.
The first vulnerability involves the calloc function,
This vulnerability occurs in HP-UX version 11.x -- specifically on HP9000 servers running versions B.11.00, B.11.04 and B.11.11. This same calloc problem has affected many other libraries and applications, including GNU libc 2.2.5, GNU C++ Compiler, GNU Ada Compiler and Microsoft Visual C++.
A less-critical vulnerability could allow a local user to gain unauthorized privileges or cause a denial of service. The HP-UX SharedX function accesses files in an insecure manner, HP says. This vulnerability occurs in HP-UX versions B.11.00, B.11.11 and B.11.22.
The patch can be downloaded from HP's Web site.