* * * READ ME * * * * * * Veritas File System Advanced Features 6.0.5 * * * * * * Patch 6.0.5.100 * * * Patch Date: 2014-11-20 This document provides the following information: * PATCH NAME * OPERATING SYSTEMS SUPPORTED BY THE PATCH * PACKAGES AFFECTED BY THE PATCH * BASE PRODUCT VERSIONS FOR THE PATCH * SUMMARY OF INCIDENTS FIXED BY THE PATCH * DETAILS OF INCIDENTS FIXED BY THE PATCH * INSTALLATION PRE-REQUISITES * INSTALLING THE PATCH * REMOVING THE PATCH PATCH NAME ---------- Veritas File System Advanced Features 6.0.5 Patch 6.0.5.100 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- AIX 6.1 AIX 7.1 PACKAGES AFFECTED BY THE PATCH ------------------------------ VRTSfsadv BASE PRODUCT VERSIONS FOR THE PATCH ----------------------------------- * Veritas Storage Foundation 6.0.1 * Veritas Storage Foundation Cluster File System HA 6.0.1 * Veritas Storage Foundation for Oracle RAC 6.0.1 * Veritas Storage Foundation HA 6.0.1 SUMMARY OF INCIDENTS FIXED BY THE PATCH --------------------------------------- Patch ID: 6.0.500.100 * 3651859 (3621205) OpenSSL common vulnerability exposure (CVE): POODLE and Heartbleed. Patch ID: 6.0.500.000 * 3436393 (3462694) The fsdedupadm(1M) command fails with error code 9 when it tries to mount checkpoints on a cluster. DETAILS OF INCIDENTS FIXED BY THE PATCH --------------------------------------- This patch fixes the following Symantec incidents: Patch ID: 6.0.500.100 * 3651859 (Tracking ID: 3621205) SYMPTOM: OpenSSL common vulnerability exposure (CVE): POODLE and Heartbleed. DESCRIPTION: VRTSfsadv package uses old versions of OpenSSL which are vulnerable to POODLE(CVE-2014-3566) and Hearbleed(CVE-2014-0160). By upgrading to OpenSSL 0.9.8zc, many security vulnerabilities have been fixed. RESOLUTION: The VRTSfsadv package is built with OpenSSL 0.9.8zc.. Patch ID: 6.0.500.000 * 3436393 (Tracking ID: 3462694) SYMPTOM: The fsdedupadm(1M) command fails with error code 9 when it tries to mount checkpoints on a cluster. DESCRIPTION: While mounting checkpoints, the fsdedupadm(1M) command fails to parse the cluster mount option correctly, resulting in the mount failure. RESOLUTION: The code is modified to parse cluster mount options correctly in the fsdedupadm(1M) operation. INSTALLING THE PATCH -------------------- Run the Installer script to automatically install the patch: ----------------------------------------------------------- To install the patch perform the following steps on at least one node in the cluster: 1. Copy the patch fsadv-aix-6.0.5.100-patches.tar.gz to /tmp 2. Untar fsadv-aix-6.0.5.100-patches.tar.gz to /tmp/hf # mkdir /tmp/hf # cd /tmp/hf # gunzip /tmp/fsadv-aix-6.0.5.100-patches.tar.gz # tar xf /tmp/fsadv-aix-6.0.5.100-patches.tar 3. Install the hotfix # pwd /tmp/hf # ./installFSADV605P1 [ ...] You can also install this patch together with 6.0.1 GA release and 6.0.5 Patch release # ./installFSADV605P1 -base_path [<601 path>] -mr_path [<605 path>] [ ...] where the -mr_path should point to the 6.0.5 image directory, while -base_path to the 6.0.1 image. Install the patch manually: -------------------------- If the currently installed VRTSfsadv is below 6.0.500.000, you must upgrade VRTSfsadv to 6.0.500.000 level before installing this patch. AIX maintenance levels and APARs can be downloaded from the IBM Web site: http://techsupport.services.ibm.com Install the VRTSfsadv.bff patch if VRTSfsadv is already installed at fileset level 6.0.500.000 A system reboot is required after installing this patch. To apply the patch, enter these commands: # mount | grep fsadv # cd # installp -aXd VRTSfsadv.bff VRTSfsadv # reboot REMOVING THE PATCH ------------------ If you need to remove the patch, then enter these commands: # mount | grep fsadv # installp -r VRTSfsadv 6.0.500.100 # reboot SPECIAL INSTRUCTIONS -------------------- NONE OTHERS ------ NONE