Document ID: 279945
http://support.veritas.com/docs/279945
E-Mail this document to a colleague
http://support.veritas.com/docs/279945
E-Mail this document to a colleague
Security fix for VERITAS Cluster Server 3.5 (all versions) on AIX - Symantec Security Advisory SYM05-023
Details:
This patch resolves a buffer overflow vulnerability in VERITAS Cluster Server 3.5 for AIX.
This patch can be applied to P2 only. All other 3.5 versions must first be upgraded to 3.5 P2 before applying this patch. VERITAS Cluster Server 3.5 P2 is part of VERITAS AIX Applications 1.0 Maintenance Pack 3: http://support.veritas.com/docs/272645
All versions of VERITAS Cluster Server 3.5 on AIX are affected and should be upgraded to P2 and this patch applied.
For further information on this vulnerability, refer to http://support.veritas.com/docs/279870 which also contains links to patches for other platforms and versions.
This patch also contains a number of fixes for incidents not related to security (see below).
Refer to the information included in the patch file for installation instructions
Download Now - 19233 K
File Name: AIX_VCS3.5P2+i18n-secfix-e418977a_279945.tar.Z
File Type: Patch
Click Below to Browse the FTP files by Product:
ftp.support.veritas.com/pub/support/products
This patch resolves a buffer overflow vulnerability in VERITAS Cluster Server 3.5 for AIX.
This patch can be applied to P2 only. All other 3.5 versions must first be upgraded to 3.5 P2 before applying this patch. VERITAS Cluster Server 3.5 P2 is part of VERITAS AIX Applications 1.0 Maintenance Pack 3: http://support.veritas.com/docs/272645
All versions of VERITAS Cluster Server 3.5 on AIX are affected and should be upgraded to P2 and this patch applied.
For further information on this vulnerability, refer to http://support.veritas.com/docs/279870 which also contains links to patches for other platforms and versions.
This patch also contains a number of fixes for incidents not related to security (see below).
Refer to the information included in the patch file for installation instructions
Download Now - 19233 K
File Name: AIX_VCS3.5P2+i18n-secfix-e418977a_279945.tar.Z
File Type: Patch
Click Below to Browse the FTP files by Product:
ftp.support.veritas.com/pub/support/products
Supplemental Material:
| System: Ref.# | Description |
| ETrack: 251650 | Reject setting frozen = 1 and tfrozen = 1 at same time. |
| ETrack: 254859 | HAD assert failure when remaining node in 3-node cluster is stuck in LEAVING state. |
| ETrack: 256416 | Maintain AutoStart state across failovers. |
| ETrack: 267994 | HAD core when group is changed from Parallel to Failover. |
| ETrack: 284786 | When server returns ECONREFUSED, localhost should retry before exit. |
| ETrack: 312812 | Modify halog for UTF8 encoding. |
| ETrack: 322217 | Removed unnecessary call from hacf. |
| ETrack: 368367 | Modify ha commands to show output when debug log tag is set. |
| ETrack: 426545 | Add engine check for username password length. |
| ETrack: 426548 | Packaging changes to remove root suid in some binaries. |
Products Applied:
Cluster Server for UNIX 3.5.1 (AIX), 3.5.2 (AIX)
Cluster Server for UNIX 3.5.1 (AIX), 3.5.2 (AIX)
Last Updated: November 08 2005 06:36 PM GMT
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Expires on: 365 days from publish date
Subscribe to receive critical updates about this document
Subjects:
Cluster Server for UNIX
Application: Patches
Cluster Server for UNIX
Application: Patches
Languages:
English (US)
English (US)
Operating Systems:
AIX
AIX
4.3.3, 5.1, 5.2, 5.3
Symantec World Headquarters:
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
20330 Stevens Creek Blvd. Cupertino, CA 95014
World Wide Web: http://www.symantec.com,
Tech Support Web: http://entsupport.symantec.com,
E-Mail Support: http://seer.entsupport.symantec.com/email_forms,
FTP: ftp://ftp.entsupport.symantec.com or http://ftp.entsupport.symantec.com
THE INFORMATION PROVIDED IN THE SYMANTEC SOFTWARE KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SYMANTEC SOFTWARE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SYMANTEC SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,EVEN IF SYMANTEC SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.