perl-hpux1131-PVCO_04044

 Basic information
Release type: P-patch
Release date: 2014-09-08
OS update support: None
Technote: None
Documentation: None
Popularity: 498 viewed    67 downloaded
Download size: 37.07 MB
Checksum: 2836556340

 Applies to one or more of the following products:
Cluster Server 5.1SP1 On HP-UX 11i v3 (11.31)
Dynamic Multi-Pathing 5.1SP1 On HP-UX 11i v3 (11.31)
Storage Foundation 5.1SP1 On HP-UX 11i v3 (11.31)
Storage Foundation Cluster File System 5.1SP1 On HP-UX 11i v3 (11.31)
Storage Foundation for Oracle RAC 5.1SP1 On HP-UX 11i v3 (11.31)
Storage Foundation HA 5.1SP1 On HP-UX 11i v3 (11.31)

 Obsolete patches, incompatibilities, superseded patches, or other requirements:

This patch supersedes the following patches: Release date
perl-hpux1131-5.1SP1P1 (obsolete) 2012-12-17

 Fixes the following incidents:
3003856, 3536712

 Patch ID:
PVCO_04044

Readme file
                          * * * READ ME * * *
                        * * * Perl 5.1 SP1 * * *
                          * * * P-patch  * * *
                         Patch Date: 2014-08-22


This document provides the following information:

   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * PACKAGES AFFECTED BY THE PATCH
   * BASE PRODUCT VERSIONS FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLATION PRE-REQUISITES
   * INSTALLING THE PATCH
   * REMOVING THE PATCH


PATCH NAME
----------
Perl 5.1 SP1 P-patch 


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
HP-UX 11i v3 (11.31)


PACKAGES AFFECTED BY THE PATCH
------------------------------
VRTSperl


BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
   * Veritas Cluster Server 5.1 SP1
   * Veritas Dynamic Multi-Pathing 5.1 SP1
   * Veritas Storage Foundation 5.1 SP1
   * Veritas Storage Foundation Cluster File System 5.1 SP1
   * Veritas Storage Foundation for Oracle RAC 5.1 SP1
   * Veritas Storage Foundation HA 5.1 SP1


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: PVCO_04044
* 3003856 (2967125) CVE-2011-3597 Perl Digest improper control of generation of code
* 3536712 (3538394) The bundled OpenSSL version upgrading from 0.9.8g to 0.9.8zb according to 
heartbleed vulnerability.


DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following Symantec incidents:

Patch ID: PVCO_04044

* 3003856 (Tracking ID: 2967125)

SYMPTOM:
Perl Digest improper control of generation of code

DESCRIPTION:
Eval injection vulnerability in the Digest module before 1.17 for Perl allows
context-dependent attackers to execute arbitrary commands via the new constructor.

RESOLUTION:
Source change.

* 3536712 (Tracking ID: 3538394)

SYMPTOM:
OPENSSL CVE-2013-0166
The old OpenSSL components are vulnerable to heartbleed.

DESCRIPTION:
The OpenSSL advisory is released public. OPENSSL CVE-2013-0166 that everyone has 
been asking about is a MiTM attack with a carefully crafted handshake due to 
weak keying material.

RESOLUTION:
Upgrading bundled OpenSSL from 0.9.8g to 0.9.8zb.



INSTALLING THE PATCH
--------------------
swinstall -s <patch_directory>   PVCO_04044


REMOVING THE PATCH
------------------
swremove PVCO_04044


SPECIAL INSTRUCTIONS
--------------------
NONE


OTHERS
------
NONE
Read and accept Terms of Service