* * * READ ME * * * * * * Symantec Cluster Server 6.2.1 * * * * * * Patch 1100 * * * Patch Date: 2019-08-27 This document provides the following information: * PATCH NAME * OPERATING SYSTEMS SUPPORTED BY THE PATCH * PACKAGES AFFECTED BY THE PATCH * BASE PRODUCT VERSIONS FOR THE PATCH * SUMMARY OF INCIDENTS FIXED BY THE PATCH * DETAILS OF INCIDENTS FIXED BY THE PATCH * INSTALLATION PRE-REQUISITES * INSTALLING THE PATCH * REMOVING THE PATCH PATCH NAME ---------- Symantec Cluster Server 6.2.1 Patch 1100 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- AIX 6.1 AIX 7.1 PACKAGES AFFECTED BY THE PATCH ------------------------------ VRTSvcs BASE PRODUCT VERSIONS FOR THE PATCH ----------------------------------- * Symantec Application HA 6.2 * Symantec Cluster Server 6.2 * Symantec Storage Foundation Cluster File System HA 6.2 * Symantec Storage Foundation for Oracle RAC 6.2 * Symantec Storage Foundation HA 6.2 SUMMARY OF INCIDENTS FIXED BY THE PATCH --------------------------------------- Patch ID: 6.2.1.1100 * 3982203 (3981992) A potentially critical security vulnerability in VCS needs to be addressed. DETAILS OF INCIDENTS FIXED BY THE PATCH --------------------------------------- This patch fixes the following incidents: Patch ID: 6.2.1.1100 * 3982203 (Tracking ID: 3981992) SYMPTOM: A potentially critical security vulnerability in VCS needs to be addressed. DESCRIPTION: A potentially critical security vulnerability in VCS needs to be addressed. RESOLUTION: This hotfix addresses the security vulnerability. For details, refer to the security advisory at: https://www.veritas.com/content/support/en_US/security/VTS19-003.html INSTALLING THE PATCH -------------------- Run the Installer script to automatically install the patch: ----------------------------------------------------------- Please be noted that the installation of this P-Patch will cause downtime. To install the patch perform the following steps on at least one node in the cluster: 1. Copy the patch vcs-aix-Patch-6.2.1.1100.tar.gz to /tmp 2. Untar vcs-aix-Patch-6.2.1.1100.tar.gz to /tmp/hf # mkdir /tmp/hf # cd /tmp/hf # gunzip /tmp/vcs-aix-Patch-6.2.1.1100.tar.gz # tar xf /tmp/vcs-aix-Patch-6.2.1.1100.tar 3. Install the hotfix(Please be noted that the installation of this P-Patch will cause downtime.) # pwd /tmp/hf # ./installVRTSvcs621P11 [ ...] You can also install this patch together with 6.2.1 maintenance release using Install Bundles 1. Download this patch and extract it to a directory 2. Change to the Veritas InfoScale 6.2.1 directory and invoke the installmr script with -patch_path option where -patch_path should point to the patch directory # ./installmr -patch_path [] [ ...] Install the patch manually: -------------------------- Run the following steps on all the nodes in the VCS cluster: Prerequisite: The system should have VRTSvcs 6.2.1-GA installed before the installation of this patch. 1. Save the VCS configuration: # haconf -dump 2. Stop VCS: # hastop -local -force 3. Persistently freeze all the service groups: # haconf -makerw # hagrp -freeze [group] -persistent # haconf -dump -makero 4. Stop the cluster on all nodes. On any node, run the following command to stop the cluster: # hastop -all -force 5. Verify that the cluster is stopped on all nodes: # hasys -state 6. On all nodes, make sure that both the had and hashadow processes are stopped. 7. Stop the VCS CmdServer on all nodes: # /opt/VRTSvcs/bin/CmdServer -stop 8. Copy the /etc/VRTSvcs/conf/config/types.cf file to /etc/VRTSvcs/conf/config/types.cf.orig as a backup. 9. Copy the /etc/VRTSvcs/conf/config/main.cf file to /etc/VRTSvcs/conf/config/main.cf.orig as a backup. 10. Install the patch by using the following command: a. Change to the appropriate directory where patch is present. b. Apply patch as: # installp -a -d VRTSvcs.bff VRTSvcs 11. Verify that the new patch is applied: # lslpp -l VRTSvcs 12. To commit the patch: Note: Once you commit this patch, you cannot remove it. Execute the following command: # installp -c VRTSvcs 13. Start VCS: # hastart 14. Start the VCS CmdServer on all nodes # /opt/VRTSvcs/bin/CmdServer REMOVING THE PATCH ------------------ Run the Uninstaller script to automatically remove the patch: ------------------------------------------------------------ To uninstall the patch perform the following step on at least one node in the cluster: # /opt/VRTS/install/uninstallVRTSvcs621P11 [ ...] Remove the patch manually: ------------------------- Run the following steps on all the nodes in the VCS cluster: 1. Save the VCS configuration: # haconf -dump 2. Stop VCS: # hastop -local -force 3. Stop the VCS CmdServer #/opt/VRTSvcs/bin/CmdServer -stop 4. Uninstall the patch: Note: You can rollback the patch only if it has not been committed. Patch Rollback: # installp -r VRTSvcs 6.2.1.1100 5. Start VCS: # hastart 6. Start the VCS CmdServer on all nodes # /opt/VRTSvcs/bin/CmdServer SPECIAL INSTRUCTIONS -------------------- NONE OTHERS ------ NONE