README VERSION               : 1.0
README CREATION DATE         : 2015-03-11
PATCH-ID                     : 151240-01
PATCH NAME                   : VRTSperl 5.16.1.27
BASE PACKAGE NAME            : VRTSperl
BASE PACKAGE VERSION         : 5.16.1.27
SUPERSEDED PATCHES           : NONE
REQUIRED PATCHES             : NONE
INCOMPATIBLE PATCHES         : NONE
SUPPORTED PADV               : sol10_sparc
(P-PLATFORM , A-ARCHITECTURE , D-DISTRIBUTION , V-VERSION)
PATCH CATEGORY               : OTHER
PATCH CRITICALITY            : OPTIONAL
HAS KERNEL COMPONENT         : NO
ID                           : NONE
REBOOT REQUIRED              : NO
REQUIRE APPLICATION DOWNTIME : NO

PATCH INSTALLATION INSTRUCTIONS:
--------------------------------
patchadd 151240-01

PATCH UNINSTALLATION INSTRUCTIONS:
----------------------------------
patchrm 151240-01

SPECIAL INSTRUCTIONS:
---------------------
NONE

SUMMARY OF FIXED ISSUES:
-----------------------------------------
 PATCH ID:151240
3674873 (3739179)  The module OpenSSL 1.0.1i in the VRTSperl package has security issues.


SUMMARY OF KNOWN ISSUES:
-----------------------------------------
NONE


KNOWN ISSUES :
--------------
NONE


FIXED INCIDENTS:
----------------


 PATCH ID:5.16.1.27

 * INCIDENT NO:3674873   TRACKING ID:3739179

SYMPTOM:The module OpenSSL 1.0.1i in the VRTSperl package has security issues like "POODLE" (OPENSSL CVE-2014-3566). 

DESCRIPTION: 
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, usesnondeterministic CBC padding. The nondeterministic CBC padding makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-oracle attack, as known as the "POODLE" issue.


RESOLUTION: The code is modified to upgrade bundled OpenSSL from 1.0.1i to 1.0.1l which has fix for "POODLE" and other security issues.


INCIDENTS FROM OLD PATCHES:
---------------------------
NONE