Security fix for VERITAS Cluster Server 4.0 (all versions) on Solaris

Document ID: 279918
http://support.veritas.com/docs/279918

E-Mail this document to a colleague

Security fix for VERITAS Cluster Server 4.0 (all versions) on Solaris - Symantec Security Advisory SYM05-023

Details:

This patch resolves a buffer overflow vulnerability in VERITAS Cluster Server 4.0 for Solaris.

This patch can be applied to 4.0 MP2 only. All other 4.0 versions must first be upgraded to 4.0 MP2: http://support.veritas.com/docs/277652

All versions of VERITAS Cluster Server 4.0 on Solaris are affected and should be upgraded to MP2 and this patch applied. For further information on this vulnerability, refer to http://support.veritas.com/docs/279870 which also contains links to patches for other platforms and versions.

This patch also contains a number of fixes for incidents not related to security (see below).

Refer to the information included in the patch file for installation instructions

Download Now - 121689 K
File Name: SOL_VCS4.0P2+i18n-secfix-e418977a_279918.tar.Z
File Type: Patch

Click Below to Browse the FTP files by Product:
ftp.support.veritas.com/pub/support/products

Related Documents:

http://support.veritas.com/docs/277652

http://support.veritas.com/docs/279870

Supplemental Material:

System: Ref.#	Description
ETrack: 266438	Modify logging of Vlist in hacli.
ETrack: 284786	When server returns ECONREFUSED, localhost should retry before exit.
ETrack: 296023	Fixed formatting of hastatus -summary output.
ETrack: 312812	Modify halog for UTF8 encoding.
ETrack: 372665	Agent does not stop after hastop -all command.
ETrack: 375940	VCS agent for Oracle not sending alive messages.
ETrack: 414330	Localization changes to VRTSvcs.
ETrack: 415105	When online resource faults, notification not sent.
ETrack: 423031	VCS fails to bring parent group online after child group fails.
ETrack: 424476	Unexpected cancellation of service threads.
ETrack: 426545	Add engine check for username password length.
ETrack: 426548	Packaging changes to remove root suid in some binaries.

Products Applied:
Cluster Server for UNIX 4.0 (Solaris), 4.0 MP1 (Solaris), 4.0 MP2 (Solaris)

Last Updated: November 08 2005 06:48 PM GMT
Expires on: 365 days from publish date

Subscribe to receive critical updates about this document

Subjects:
Cluster Server for UNIX
Application: Patches
Solaris
Application: Patches

Languages:
English (US)

Operating Systems:
Solaris

2.6, 7.0, 8.0, 9.0

Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com

THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.