HP Insight Management Agents for Tru64 UNIX

PRODUCT:  HP Insight Management Agents for Tru64 UNIX
SOURCE:     Hewlett-Packard Company

PATCH-KIT SUMMARY:
A shell script-based, compressed tar Patch-kit for HP Insight Management Agents V3.2 on Tru64 UNIX (CPQIM320) that contains solution  to the following problem:

•  A potential security vulnerability has been identified in the HP Tru64 UNIX TLS/SSL code that may result in a local or remote exploit of a Denial of Service (DoS) or unauthorized privileged access.

The Patch-Kit Installation Instructions and the Patch Summary and Release Notes sections provide patch kit installation and removal instructions and a summary of each patch. Please read these sections prior to installing patches on your system.

INSTALLATION NOTES:

• Install the patch components using the shell-script, "im_patch" that is included in this patch-kit.

• By running the im_patch script without any option, the user can get to know the various options supported by the im_patch.

INSTALLATION STEPS:

1. Login as root into the system where the patch needs to be install

2. mkdir -p /tmp/patchkit

3. cd /tmp/patchkit

4. copy the patch-kit CPQIM320.HTTP.01.tar.gz to /tmp/patchkit

5. gunzip CPQIM320.HTTP.01.tar.gz

6. tar -xvf CPQIM320.HTTP.01.tar

7. ./im_patch -i CPQIM320.HTTP.01

INSTALLATION PREREQUISITES:
You must have installed HP Tru64 Insight Management Agents base-kit CPQIM320, prior to installing this Patch-Kit. This patch kit is applicable to Tru64 UNIX version 4.0F and above.

SUPERSEDED PATCH LIST: None.
KNOWN PROBLEMS WITH THE PATCH KIT: None.
 

This document summarizes the contents and special instructions for the Tru64 UNIX Insight Management Agents components contained in this kit. For information about installing or removing patches, and general patch management, execute the im_patch file which is part of the patch-kit.

1) This Patch Kit Distribution contains:

The 'Management HTTP Server' with various SSRT fixes and uses SSL library version: openssl 9.6k

The components in this kit are being released early for general customer use. Components in this kit are installed by running im_patch from the directory in which the kit was untarred.

2) Special Instructions: If this patch kit is being installed on a cluster, it is sufficient to do so on only one of the nodes. But in order for the patch to take effect on the other nodes, the agents have to be manually re-started. On all other nodes run the following commands:

3) Summary of Insight Management patch components contained in this kit:

PatchId             Summary Of Fix
----------------    ------------------------------------------------------
CPQIM320.HTTP.01    libcpqhmmo.so built with openssl library version 9.6k

4) Additional information from Engineering

The 'Management HTTP Server' has various SSRT fixes and uses SSL library version openssl 9.6k. A potential security vulnerability has been identified in the HP Tru64 UNIX TLS/SSL code that could result in a local or remote exploit of a Denial of Service (DoS) or unauthorized privileged access.

HP has corrected the following potential security vulnerability:

SSRT3622 - TLS/SSL (Severity - High)

TLS = Transport Layer Security
SSL = Secure Socket Layer

There might be other fixes too, which are not included here.

5) Affected files: This patch delivers the following files:

/var/shlib/libcpqhmmo.so
/var/opt/CPQIM320/bin/libcpqhmmo.so

Copyright Hewlett-Packard Company 2003.  All Rights reserved