topic Note to security_patch_check users in Operating System - HP-UX

Note to security_patch_check users

Steven E. Protter — Sun, 22 Dec 2002 01:01:17 GMT

security_patch_check currently indicates the need for PHSS_27850 on HP-UX 11.11 64 bit(maybe 32, don't know)

As of last Friday, you will not be able to find that patch. Support indicates that this patch supersedes it.

PHSS_27858

Note that this patch has special installation instructions.

Steve

Re: Note to security_patch_check users

Steven E. Protter — Sun, 22 Dec 2002 01:37:50 GMT

Note, I just finished installing this patch.

I know get a life, find something to do that fun...

I now have a clear security_patch_check run

# Recommended Bull(s) Spec? Reboot? PDep? Description
--------------------------------------------------------------------------------
Security patches are up to date with the security patch catalog used
--------------------------------------------------------------------------------
*** END OF REPORT ***

Which means whatever issue caused the tool to report the non-existant patch may be resolved.

The patch above is not the most widely tested patch in the universe, so use due diligence prior to installation.

Steve

Re: Note to security_patch_check users

eran maor — Sun, 22 Dec 2002 15:59:26 GMT

Hi Steeve

you are rigth , this patch was supersuid with the patch that you needed to install .

you can allway try to find it on a fto site of HP .

i will also give you the full list of patches for securety for hp-ux 11.11 .

PHCO_23083 GR --- s700_800 11.11 newgrp(1) patch
PHCO_23492 GR -R- s700_800 11.11 Kernsymtab Patch
PHCO_23909 GR --- s700_800 11.11 cu(1) patch
PHCO_24402 GR --- s700_800 11.11 libc cumulative header file patch
PHCO_24839 GR C-D s700_800 11.11 libpam_unix cumulative patch
PHCO_25526 GS --- s700_800 11.11 login cumulative patch
PHCO_25887 GS C-- s700_800 11.11 Software Distributor Cumulative Patch
PHCO_26061 GR c-- s700_800 11.11 Kernel configuration commands patch
PHCO_26331 GS c-- s700_800 11.11 mountall(1M) cumulative patch
PHCO_27020 GR --- s700_800 11.11 lpspool subsystem cumulative patch
PHCO_27434 GS C-D s700_800 11.11 libc cumulative patch
PHKL_23335 GR CR- s700_800 11.11 solve inode deadlock with mmap and pagefault
PHKL_23423 GR -R- s700_800 11.11 improper core dump msg
PHKL_25233 GR CRD s700_800 11.11 select(2) and poll(2) hang
PHKL_25729 GR CRD s700_800 11.11 signals,threads enhancement,Psets Enablement
PHKL_27091 GR CRD s700_800 11.11 Core PM, vPar, Psets Cumulative, slpq1 perf
PHKL_27094 GR -R- s700_800 11.11 Psets Enablement Patch, slpq1 perf
PHKL_27096 GR CR- s700_800 11.11 VxVM,EMC,Psets&vPar,slpq1,earlyKRS
PHKL_27179 GR CR- s700_800 11.11 Corrected reference to thread register state
PHKL_27278 GS CR- s700_800 11.11 mmap io,VM-JFS ddlock,thread perf,user limit
PHKL_27294 GS cRD s700_800 11.11 Thread NOSTOP, Abort; Psets; slpq1 perf
PHNE_23275 GR --- s700_800 11.11 Bind 8.1.2 Patch
PHNE_23950 GS --- s700_800 11.11 ftpd(1M) patch
PHNE_24164 GR --- s700_800 11.X CIFS/9000 Server A.01.06 Cumulative Patch
PHNE_24512 GR c-- s700_800 11.11 NTP timeservices upgrade plus utilities
PHNE_25184 GR --- s700_800 11.11 sendmail(1m) 8.9.3 patch
PHNE_26388 GS CRD s700_800 11.11 ONC/NFS General Release/Performance Patch
PHNE_26728 GS CRD s700_800 11.11 Cumulative STREAMS Patch
PHNE_26988 GR CRD s700_800 11.X RFC-NETBIOS cumulative patch Jun2002
PHNE_27063 GS CRD s700_800 11.11 cumulative ARPA Transport patch
PHSS_22678 GR --- s700_800 11.X Continental Clusters A.02.00
PHSS_23067 GR C-- s700_800 11.11 OnlineDiag/Support Tool Manager Patch
PHSS_24638 GS --- s700_800 11.11 HP aC++ -AA runtime libraries (aCC A.03.33)
PHSS_24864 GR --- s700_800 11.X PRM C.01.08.2 Cumulative Patch
PHSS_26138 GS c-- s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch
PHSS_26493 GS --D s700_800 11.11 CDE Applications Periodic Patch
PHSS_26750 GR C-- s700_800 11.X MC/ServiceGuard and SG-OPS Edition A.11.09
PHSS_27258 GR c-D s700_800 11.11 HP DCE/9000 1.8 DCE Client IPv6 patch
PHSS_27259 GR c-D s700_800 11.11 HP DCE/9000 1.8 Server/DevTools cum. patch
PHSS_27333 GR --- s700_800 11.X OV NNM6.2 Consolidated Patch 3
PHSS_27411 GR --D s700_800 11.X ISEE user interface functionality correction
PHSS_27428 GS --- s700_800 11.11 CDE Base Patch
PHSS_27668 GR --- s700_800 11.X OV SIP3.0 SIP3.0
PHSS_27836 GS --D s700_800 11.X OV NNM6.2 ECS, ovsnmp and xnmgraph fixes
PHSS_27850 SS --D s700_800 11.X OV EMANATE14.2 snmpdm - obsolete mib

Re: Note to security_patch_check users

Bill Hassell — Mon, 23 Dec 2002 03:59:32 GMT

Make sure that when you run the security_patch_check with the automatic download of the patch database. Otherwise, manually pull the database before running the checker. The patch database file is often updated daily.

Re: Note to security_patch_check users

Sean OB_1 — Mon, 23 Dec 2002 14:43:49 GMT

Thanks Steve. I was getting 27850 on all my servers and had it on my list to go find out why it was showing up when the patch wasn't available.

Re: Note to security_patch_check users

Steven E. Protter — Mon, 23 Dec 2002 14:57:37 GMT

Thanks Bill, I always run security_patch_check with automatic download, I put the output into a log and the download did succeed. This isn't the first time the tool reported a ghost patch. I brought it to the attention of the senior engineer on that project while I was in Los Angeles in September.