* * * READ ME * * * * * * Perl 5.1 SP1 * * * * * * P-patch * * * Patch Date: 2014-08-22 This document provides the following information: * PATCH NAME * OPERATING SYSTEMS SUPPORTED BY THE PATCH * PACKAGES AFFECTED BY THE PATCH * BASE PRODUCT VERSIONS FOR THE PATCH * SUMMARY OF INCIDENTS FIXED BY THE PATCH * DETAILS OF INCIDENTS FIXED BY THE PATCH * INSTALLATION PRE-REQUISITES * INSTALLING THE PATCH * REMOVING THE PATCH PATCH NAME ---------- Perl 5.1 SP1 P-patch OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- HP-UX 11i v3 (11.31) PACKAGES AFFECTED BY THE PATCH ------------------------------ VRTSperl BASE PRODUCT VERSIONS FOR THE PATCH ----------------------------------- * Veritas Cluster Server 5.1 SP1 * Veritas Dynamic Multi-Pathing 5.1 SP1 * Veritas Storage Foundation 5.1 SP1 * Veritas Storage Foundation Cluster File System 5.1 SP1 * Veritas Storage Foundation for Oracle RAC 5.1 SP1 * Veritas Storage Foundation HA 5.1 SP1 SUMMARY OF INCIDENTS FIXED BY THE PATCH --------------------------------------- Patch ID: PVCO_04044 * 3003856 (2967125) CVE-2011-3597 Perl Digest improper control of generation of code * 3536712 (3538394) The bundled OpenSSL version upgrading from 0.9.8g to 0.9.8zb according to heartbleed vulnerability. DETAILS OF INCIDENTS FIXED BY THE PATCH --------------------------------------- This patch fixes the following Symantec incidents: Patch ID: PVCO_04044 * 3003856 (Tracking ID: 2967125) SYMPTOM: Perl Digest improper control of generation of code DESCRIPTION: Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. RESOLUTION: Source change. * 3536712 (Tracking ID: 3538394) SYMPTOM: OPENSSL CVE-2013-0166 The old OpenSSL components are vulnerable to heartbleed. DESCRIPTION: The OpenSSL advisory is released public. OPENSSL CVE-2013-0166 that everyone has been asking about is a MiTM attack with a carefully crafted handshake due to weak keying material. RESOLUTION: Upgrading bundled OpenSSL from 0.9.8g to 0.9.8zb. INSTALLING THE PATCH -------------------- swinstall -s PVCO_04044 REMOVING THE PATCH ------------------ swremove PVCO_04044 SPECIAL INSTRUCTIONS -------------------- NONE OTHERS ------ NONE