[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OSF1 : Tru64 UNIX Tru64 UNIX 4.0G PK3 BL17 ECO Summary
*******************************************************************************
* *
* This is a newly released patch... *
* *
* Online links can be found at *
* http://ftp.support.compaq.com/patches/public/unix/v4.0g/t64v40gb17-c0011101-1526
6-es-20020827.README
*******************************************************************************
TITLE: Tru64 UNIX Tru64 UNIX 4.0G PK3 BL17 ECO Summary
New Kit Date: 10-SEP-2002
Modification Date: Not Applicable
Modification Type: NEW KIT
Copyright (c) Hewlett-Packard Company 2002. All rights reserved.
PRODUCT: Tru64 UNIX [R] 4.0G
SOURCE: Hewlett-Packard Company
ECO INFORMATION:
ECO Name: T64V40GB17-C0011101-15266-ES-20020827
ECO Kit Approximate Size: 2MB
Kit Applies To: Tru64 UNIX 4.0G PK3 (BL17)
ECO Kit CHECKSUMS:
/usr/bin/sum results:
20251 1760
/usr/bin/cksum results:
2333995544 1802240
MD5 results:
8b304e61bdb7633ea276dfe5f459b32b
SHA1 results:
c8e24ffd48e610f4231b88b438b5b71d01e63471
ECO KIT SUMMARY:
A dupatch-based, Early Release Patch kit exists for Tru64 UNIX 4.0G that
contains solutions to the following problem(s):
Several potential networking security vulnerabilities have been discovered
in the Tru64 UNIX operating system. These may be in the form of local
and remote security domain risks. The potential security vulnerabilies
in the following areas have been corrected:
TCP/IP (Severity High)
SSRT0719U
Potential vulnerability with the Initial Random TCP Sequence Numbers which
may result in denial of service (DoS). This may be in the form of local
and remote security domain risks. The potential security vulnerability in
TCP/IP has been corrected. More information can be found at:
http://www.cert.org/advisories/CA-2001-09.html
SSRT0756U, SSRT0776U
Under certain circumstances, may result in denial of service (DoS). This
may be in the form of local and remote security domain risks. The potential
security vulnerability in inetd has been corrected.
ARP (Severity High)
SSRT0740U
Under certain circumstances, a remote system may take over packets destined
for another host which may result in denial of service (DoS). This potential
security vulnerability in ARP has been corrected.
FTPD (Severity High)
SSRT0762U
Under certain circumstances, may result in denial of service (DoS). This may
be in the form of local and remote security domain risks. The potential
security vulnerability in ftpd has been corrected.
The Patch Kit Installation Instructions and the Patch Summary and Release
Notes documents provide patch kit installation and removal instructions
and a summary of each patch. Please read these documents prior to
installing patches on your system.
The patches in this ERP kit will also be available in the next mainstream
patch kit - Tru64 UNIX 4.0G Patch Kit 4.
INSTALLATION NOTES:
1) Install this kit with the dupatch utility that is included in the patch
kit. You may need to baseline your system if you have manually changed
system files on your system. The dupatch utility provides the baselining
capability.
2) At this time, this ERP kit does not have any file intersections with
any other available ERPs for this product version.
INSTALLATION PREREQUISITES:
You must have installed Tru64 UNIX 4.0G PK3 (BL17) prior to installing
this Early Release Patch Kit.
KNOWN PROBLEMS WITH THE PATCH KIT:
None.
RELEASE NOTES FOR T64V40GB17-C0011101-15266-ES-20020827:
1 Release Notes
This Early Release Patch Kit Distribution contains:
- fixes that resolve the problem(s) reported in:
o 117-2-547
* for Tru64 UNIX V4.0G T64V40GAS0003-20010613.tar (BL17)
The patches in this kit are being released early for general customer use.
Refer to the Release Notes for a summary of each patch and installation
prerequisites.
Patches in this kit are installed by running dupatch from the directory
in which the kit was untarred. For example, as root on the target system:
> mkdir -p /tmp/CSPkit1
> cd /tmp/CSPkit1
> <copy the kit to /tmp/CSPkit1>
> tar -xpvf DUV40D13-C0044900-1285-20000328.tar
> cd patch_kit
> ./dupatch
2 Special Instructions
There are no special instructions for Tru64 UNIX V4.0G Patch C111.01
3 Summary of CSPatches contained in this kit
Tru64 UNIX V4.0G
PatchId Summary Of Fix
- ----------------------------------------
C111.01 SSRT-547 Network Security Patches
4 Additional information from Engineering
None
5 Affected system files
This patch delivers the following files:
Tru64 UNIX V4.0G
Patch C111.01
./sys/BINARY/ether.mod
CHECKSUM: 61347 129
SUBSET: OSFBIN445
./sys/BINARY/inet.mod
CHECKSUM: 15777 296
SUBSET: OSFBIN445
./usr/sbin/ftpd
CHECKSUM: 33696 128
SUBSET: OSFCLINET445
[R] UNIX is a registered trademark in the United States and other countries
licensed exclusively through X/Open Company Limited.
Copyright Hewlett-Packard Company 2002. All Rights reserved.
This software is proprietary to and embodies the confidential technology
of Hewlett-Packard Company. Possession, use, or copying of this
software and media is authorized only pursuant to a valid written license
from Hewlett-Packard or an authorized sublicensor.
This ECO has not been through an exhaustive field test process.
Due to the experimental stage of this ECO/workaround, Hewlett-Packard
makes no representations regarding its use or performance. The
customer shall have the sole responsibility for adequate protection
and back-up data used in conjunction with this ECO/workaround.
- ---
You are currently subscribed to unix as: iglesias@draco.acs.uci.edu
To unsubscribe send a blank email to leave-unix-3140W@list.support.compaq.com