* * * READ ME * * * * * * Veritas File System Advanced Features 6.0.5 * * * * * * Patch 6.0.5.100 * * * Patch Date: 2014-11-20 This document provides the following information: * PATCH NAME * OPERATING SYSTEMS SUPPORTED BY THE PATCH * PACKAGES AFFECTED BY THE PATCH * BASE PRODUCT VERSIONS FOR THE PATCH * SUMMARY OF INCIDENTS FIXED BY THE PATCH * DETAILS OF INCIDENTS FIXED BY THE PATCH * INSTALLATION PRE-REQUISITES * INSTALLING THE PATCH * REMOVING THE PATCH PATCH NAME ---------- Veritas File System Advanced Features 6.0.5 Patch 6.0.5.100 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- HP-UX 11i v3 (11.31) PACKAGES AFFECTED BY THE PATCH ------------------------------ VRTSfsadv BASE PRODUCT VERSIONS FOR THE PATCH ----------------------------------- * Veritas Storage Foundation 6.0.1 * Veritas Storage Foundation Cluster File System HA 6.0.1 * Veritas Storage Foundation for Oracle RAC 6.0.1 * Veritas Storage Foundation HA 6.0.1 SUMMARY OF INCIDENTS FIXED BY THE PATCH --------------------------------------- Patch ID: PVCO_04045 * 3651859 (3621205) OpenSSL common vulnerability exposure (CVE): POODLE and Heartbleed. Patch ID: PVCO_04033 * 3436393 (3462694) The fsdedupadm(1M) command fails with error code 9 when it tries to mount checkpoints on a cluster. DETAILS OF INCIDENTS FIXED BY THE PATCH --------------------------------------- This patch fixes the following Symantec incidents: Patch ID: PVCO_04045 * 3651859 (Tracking ID: 3621205) SYMPTOM: OpenSSL common vulnerability exposure (CVE): POODLE and Heartbleed. DESCRIPTION: VRTSfsadv package uses old versions of OpenSSL which are vulnerable to POODLE(CVE-2014-3566) and Hearbleed(CVE-2014-0160). By upgrading to OpenSSL 0.9.8zc, many security vulnerabilities have been fixed. RESOLUTION: The VRTSfsadv package is built with OpenSSL 0.9.8zc.. Patch ID: PVCO_04033 * 3436393 (Tracking ID: 3462694) SYMPTOM: The fsdedupadm(1M) command fails with error code 9 when it tries to mount checkpoints on a cluster. DESCRIPTION: While mounting checkpoints, the fsdedupadm(1M) command fails to parse the cluster mount option correctly, resulting in the mount failure. RESOLUTION: The code is modified to parse cluster mount options correctly in the fsdedupadm(1M) operation. INSTALLING THE PATCH -------------------- Run the Installer script to automatically install the patch: ----------------------------------------------------------- To install the patch perform the following steps on at least one node in the cluster: 1. Copy the patch fsadv-hpux1131-6.0.5.100-patches.tar.gz to /tmp 2. Untar fsadv-hpux1131-6.0.5.100-patches.tar.gz to /tmp/hf # mkdir /tmp/hf # cd /tmp/hf # gunzip /tmp/fsadv-hpux1131-6.0.5.100-patches.tar.gz # tar xf /tmp/fsadv-hpux1131-6.0.5.100-patches.tar 3. Install the hotfix # pwd /tmp/hf # ./installFSADV605P1 [ ...] You can also install this patch together with 6.0.1 GA release and 6.0.5 Patch release # ./installFSADV605P1 -base_path [<601 path>] -mr_path [<605 path>] [ ...] where the -mr_path should point to the 6.0.5 image directory, while -base_path to the 6.0.1 image. Install the patch manually: -------------------------- nstall the FSADV 6.0.500.100 patch:a) The FSADV 6.0.1(GA) must be installed before applying this patch.b) To verify the Veritas File System Adv level , execute: # swlist -l product | egrep -i 'VRTSfsadv' VRTSfsadv 6.0.100.000 Veritas File System Advc) All prerequisite/corequisite patches must be installed. The Kernel patch requires a system reboot for both installation and removal.d) To install the patch, execute the following command:# swinstall -x autoreboot=true -s PVCO_04045If the patch is not registered, you can register itusing the following command:# swreg -l depot The is the absolute path where the patch resides. REMOVING THE PATCH ------------------ To remove the FSADV 6.0.500.100 patch:a) Execute the following command:# swremove -x autoreboot=true PVCO_04045 SPECIAL INSTRUCTIONS -------------------- NONE OTHERS ------ NONE