perl-hpux1131-PVCO

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

perl-hpux1131-PVCO_04044

Patch

Update ID: UPD705645

Version: PVCO_04044

Platform: Unix

Release date: 2014-09-08

Abstract

This update was migrated from sort.veritas.com. For details (readme, files, etc.), click the 'Update name' link to view the update download page for this update.

Description

OS update support:

SORT ID: 8933

Fixes the following incidents:

3536712, 3003856

Patch ID:

PVCO_04044

                          * * * READ ME * * *
                        * * * Perl 5.1 SP1 * * *
                          * * * P-patch  * * *
                         Patch Date: 2014-08-22


This document provides the following information:

   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * PACKAGES AFFECTED BY THE PATCH
   * BASE PRODUCT VERSIONS FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLATION PRE-REQUISITES
   * INSTALLING THE PATCH
   * REMOVING THE PATCH


PATCH NAME
----------
Perl 5.1 SP1 P-patch 


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
HP-UX 11i v3 (11.31)


PACKAGES AFFECTED BY THE PATCH
------------------------------
VRTSperl


BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
   * Veritas Cluster Server 5.1 SP1
   * Veritas Dynamic Multi-Pathing 5.1 SP1
   * Veritas Storage Foundation 5.1 SP1
   * Veritas Storage Foundation Cluster File System 5.1 SP1
   * Veritas Storage Foundation for Oracle RAC 5.1 SP1
   * Veritas Storage Foundation HA 5.1 SP1


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: PVCO_04044
* 3003856 (2967125) CVE-2011-3597 Perl Digest improper control of generation of code
* 3536712 (3538394) The bundled OpenSSL version upgrading from 0.9.8g to 0.9.8zb according to 
heartbleed vulnerability.


DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following Symantec incidents:

Patch ID: PVCO_04044

* 3003856 (Tracking ID: 2967125)

SYMPTOM:
Perl Digest improper control of generation of code

DESCRIPTION:
Eval injection vulnerability in the Digest module before 1.17 for Perl allows
context-dependent attackers to execute arbitrary commands via the new constructor.

RESOLUTION:
Source change.

* 3536712 (Tracking ID: 3538394)

SYMPTOM:
OPENSSL CVE-2013-0166
The old OpenSSL components are vulnerable to heartbleed.

DESCRIPTION:
The OpenSSL advisory is released public. OPENSSL CVE-2013-0166 that everyone has 
been asking about is a MiTM attack with a carefully crafted handshake due to 
weak keying material.

RESOLUTION:
Upgrading bundled OpenSSL from 0.9.8g to 0.9.8zb.



INSTALLING THE PATCH
--------------------
swinstall -s    PVCO_04044


REMOVING THE PATCH
------------------
swremove PVCO_04044


SPECIAL INSTRUCTIONS
--------------------
NONE


OTHERS
------
NONE

Applies to the following product releases

Storage Foundation 5.1

Release date: 2009-12-06

End of support life: 2024-12-31

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.