AlphaServer SC patch kit: ========================== AlphaServer SC Version: V2.6 SSB Kit Name: C1131.00/T64KIT0025483-V51BB24-20050428 Release Date: 04/28/2005 WFM: 3210414783 Quix: QXCM1000232824 Abstract: Fix inet mbuf leak plus SSRT4696 TCP DoS attack You will have to build and deploy kernels and reboot all nodes to install this patch. Description of Patch: ===================== 1. This patch resolves a problem that may cause CONTROL mbuf resources to not be freed and reused. This problem is evident by mbuf bucket#4 (size 256) utilisation constantly increasing and when the output of "vmstat -M" shows a large number for "Total bytes per type" IOBUF similar to this: IO 0x4160 IO BUF 0xfffffffffffffe00 IORSRC 0x9090 This patch also contains all of the fixes from, and supercedes, the following earlier patches: T64KIT0025003-V51BB24-S-20050225 (C1061.00) All of the changes from Tru64 Unix security patch SSRT4696 (potential TCP DoS attack). A full description of this SSRT can be found on the Tru64 SSRT web site at http://h30097.www3.hp.com/unix/security-download.html T64KIT0024128-V51BB24-20041102 (C939.01) Fix for performance problems with the socket flag MSG_WAITALL. T64KIT0021340-V51BB24-E-20040120 (C407.01) Fix for a problem that caused premature TCP connection terminations to occur while performing backups or large print jobs over the network. Kit location: ============= The patch kit is T64KIT0025483-V51BB24-20050428.tar and is available in ITRC. Prerequisites: ============== Before installing this Patch kit, you should ensure the following: 1) You have all mandatory patches for this release installed Kit checksum: ============= # cksum T64KIT0025483-V51BB24-20050428.tar 2298167639 3829760 T64KIT0025483-V51BB24-20050428.tar Updated files: ============== A list of the files included in this patch is given below along with the cksum values for each file: 2935788266 571033 /sys/BINARY/inet.mod Instructions: ============= This patch is provided as an sc_dupatch installable kit. Unpack it into a directory that is NFS mounted on all domains e.g. /nfs0 and follow the following steps to install it: Patch required on Management Server (if used) : YES Patch required on Domains : YES 1) Verify that it is possible to install the patches as follows: On the Management Server (if used) # /usr/sbin/sc_dupatch -install -kit /nfs0/patch_kit -name -note -noroll -nolevel2 -noauto -precheck_only -patch C1131.00 -deps_only On Domains: # sra command -domains all -member 1 -command '/usr/sbin/sc_dupatch -install -kit /nfs0/patch_kit -name -note -noroll -nolevel2 -noauto -precheck_only -patch C1131.00 -deps_only' 2) Now Run the Patch Installation as follows: On the Management Server (if Used): ----------------------------------- Install the patch using the following commands: # /usr/sbin/sc_dupatch -install -kit /nfs0/patch_kit -name -note -noroll -nolevel2 -noauto -patch C1131.00 -deps_only Rebuild your kernel # doconfig -c HOSTNAME Copy the new kernel to /vmunix Reboot the machine # shutdown -r now On Domains: ----------- Install the patch using the following commands: # sra command -domains all -member 1 -command '/usr/sbin/sc_dupatch -install -kit /nfs0/patch_kit -name -note -noroll -nolevel2 -noauto -patch C1131.00 -deps_only' Now Build and Deploy the Kernels: Make sure all nodes are up so that kernels will be built on all nodes # scrun -d all BuildKernels # scrun -d all DeployKernels Shutdown the Domains: # sra shutdown -domains all And reboot them: # sra boot -domains all Installation is complete at this point. After some time, when you are sure that the system is operating correctly, you should update your generic kernels to include this patch. # scrun -d all DeployKernels -g *******************************************************************************