ADDITIONAL: Dependency problems with Tru64 patches

From: Iain Barker (ibarker@aastra.com)
Date: Thu May 29 2003 - 09:30:11 EDT

• Next message: Jenny Butler: "Question on T64-v5.1PK3 AdvFS addvol error"
• Previous message: Kjell Andresen: "SUMMARY: kzpac driver in Tru64 unix v5.1b?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Patch duv40fb18-c0065000-12930-e-20020122 was previosly obsoleted.
It was superseded by duv40fb18-c0092600-17205-es-20030305

But I noticed the obsolete patch had been re-released by HP this week.

I and other customers had enquired of HP what the correct application order
should be. For general reference by other Tru64 managers, I post the answer
received from HP here.

I appears 650 is 'back from the dead'. Hope this info is useful to others,
to avoid a potential security exposure.

- Iain

-----Original Message-----
From: Walker, Chris (Tru64 UNIX) [mailto:xxxxx@hp.com]
Sent: Thursday, 29 May, 2003 03:43
Subject: RE: Tru64 UNIX Security Vulnerability SSRT1-41U,SSRT0742U,SSRT0759U

I'm sorry for the confusion on this one. The 65.00 ERP was never fully
superceded by the later 926.00 ERP. This is stated in the internal
associated Engineering Advisory and the public Security Bulletin listed
below.

Excerpt from Engineering Advisory:

These patches can be installed on top of SSRT1-41U, SSRT0742U, and SSRT0759U
or standalone.
However, in order to get the complete set of fixes, SSRT1-41U, SSRT0742U,
and SSRT0759U should be installed before installing SSRT0845U.

OS Version / Base Level Distributed / Intersecting Files
HP Tru64 UNIX 5.0A PK3 (BL17) ./sys/BINARY/vfs.mod
./sys/BINARY/proc.mod
./sys/BINARY/std_kern.mod
./usr/sys/include/sys/fcntl.h
       
HP Tru64 UNIX 4.0G PK3 (BL17) ./sys/BINARY/vfs.mod
./sys/BINARY/proc.mod
./sys/BINARY/std_kern.mod
./usr/sys/include/sys/fcntl.h
       
HP Tru64 UNIX 4.0F PK7 (BL18) ./sys/BINARY/std_kern.mod
./sys/BINARY/proc.mod
       

Security Bulliten (Public)
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?countr
ycode=1000&prodid=117&source=SRB0069W.xml&dt=11&docid=16211

When the SSRT0845U patch kits were posted the earlier patch kits for the
previous SSRT0742U SSRT0759U SSRT1-41U for 5.0A, 4.0F, and 4.0G should not
have been removed from the public web site because they were not fully
superceded by SSRT0845U. The reposting of 4.0F ERP 65.00 was necessary
because a customer required this set of fixes prior to installing the latter
926.00 ERP patch kit.

Hope this helps explain the problem. We are sorry for the confusion this
may have caused.

Chris Walker
HP Tru64 UNIX
Critical Problem/SSRT Manager

• Next message: Jenny Butler: "Question on T64-v5.1PK3 AdvFS addvol error"
• Previous message: Kjell Andresen: "SUMMARY: kzpac driver in Tru64 unix v5.1b?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:20 EDT