* * * READ ME * * * * * * Veritas Cluster Server 5.0 MP4 RP1 * * * * * * P-patch 1 * * * Patch Date: 2012-04-24 This document provides the following information: * PATCH NAME * PACKAGES AFFECTED BY THE PATCH * BASE PRODUCT VERSIONS FOR THE PATCH * OPERATING SYSTEMS SUPPORTED BY THE PATCH * INCIDENTS FIXED BY THE PATCH * INSTALLATION PRE-REQUISITES * INSTALLING THE PATCH * REMOVING THE PATCH PATCH NAME ---------- Veritas Cluster Server 5.0 MP4 RP1 P-patch 1 PACKAGES AFFECTED BY THE PATCH ------------------------------ VRTSvxfen BASE PRODUCT VERSIONS FOR THE PATCH ----------------------------------- * Veritas Cluster Server 5.0 MP4 * Veritas Storage Foundation for Oracle RAC 5.0 MP4 * Veritas Storage Foundation Cluster File System 5.0 MP4 * Veritas Storage Foundation High Availability 5.0 MP4 * Veritas Storage Foundation for DB2 5.0 MP4 * Veritas Storage Foundation for Oracle 5.0 MP4 * Veritas Storage Foundation Cluster File System for Oracle RAC 5.0 MP4 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- RHEL5 x86-64 INCIDENTS FIXED BY THE PATCH ---------------------------- This patch fixes the following Symantec incidents: Patch ID: 5.0.41.100 * 2708637 (Tracking ID: 2708619) SYMPTOM: If you set the scsi3_disk_policy attribute to dmp, you cannot enable the Veritas fencing module (VxFEN). DESCRIPTION: When you set the scsi3_disk_policy attribute to dmp, the VxFEN module tries to use the dmp device path to access the coordination disks. The dmp device path refers to a disk partition. A recent kernel security fix prohibits the SCSI ioctl system call to disk partitions. As a result the VxFEN configuration fails. The recent kernel security fix that prohibits system calls to disk partitions is: 752375 - CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl RESOLUTION: Symantec has updated the VxFEN source code to pick up the dmp device path that contains the full disk name instead of a partition/slice. INSTALLING THE PATCH -------------------- Perform the following steps on each cluster node, one node at a time: 1. Stop VCS: # hastop -local 2. Stop vxfen: # /etc/init.d/vxfen stop 3. Apply the patch: # rpm -Uvh VRTSvxfen-5.0.41.100-MP4RP1P1_RHEL5.x86_64.rpm Verify that proper VRTSvxfen is installed: # rpm -qi VRTSvxfen Name : VRTSvxfen Relocations: (not relocatable) Version : 5.0.41.100 Vendor: Symantec Corporation Release : MP4RP1P1_RHEL5 Build Date: Mon 23 Apr 2012 05:05:24 PM PDT Install Date: (not installed) Build Host: mackerel Group : Applications/System Source RPM: VRTSvxfen-5.0.41.100-MP4RP1P1_RHEL5.src.rpm Size : 1292070 License: Symantec Proprietary Signature : (none) Packager : support@veritas.com URL : http://www.support.veritas.com Summary : Veritas I/O Fencing by Symantec Description : Supported kernel(s): 2.6.18-8.el5 Build Stamp : Veritas-5.0.41.100-MP4RP1P1-2012-04-23_23.29.15 4. Start vxfen: # /etc/init.d/vxfen start 5. Start VCS: # hastart REMOVING THE PATCH ------------------ 1. Stop VCS: # hastop -local 2. Stop vxfen: # /etc/init.d/vxfen stop 3. Uninstall VRTSvxfen package: # rpm -ev VRTSvxfen 4. Install previous version of VRTSvxfen package. 5. Start vxfen: # /etc/init.d/vxfen start 6. Start VCS: # hastart SPECIAL INSTRUCTIONS -------------------- NONE OTHERS ------ NONE