Kit Name: DEC-AXPVMS-VMS732_MP-V0100--4.PCSI Kit Applies To: OpenVMS ALPHA V7.3-2 Approximate Kit Size: 480 blocks Installation Rating: INSTALL_1 Reboot Required: No Superseded Kits: None Mandatory Kit Dependencies: VMS732_UPDATE-V0400 or later VMS732_PCSI-V0300 or later Optional Kit Dependencies: None Checksums: VMS732_MP-V0100.PCSI-DCX_AXPEXE Checksum: 3399870623 DEC-AXPVMS-VMS732_MP-V0100--4.PCSI Checksum: 1710620214 VMS732_MP-V0100.PCSI-DCX_AXPEXE MD5 Checksum: 0225185CD0165B4DA575235B45AEAB35 DEC-AXPVMS-VMS732_MP-V0100--4.PCSI MD5 Checksum: 8CE1CF846B5E224E143B4900DDED2679 ======================================================================= Hewlett-Packard OpenVMS ECO Cover Letter ======================================================================= 1 KIT NAME: VMS732_MP-V0100 2 KIT DESCRIPTION: 2.1 Installation Rating: INSTALL_1 : To be installed by all customers. This installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) 2.2 Reboot Requirement: No reboot is necessary after installation of this kit. 2.3 Version(s) of OpenVMS to which this kit may be applied: OpenVMS ALPHA V7.3-2 2.4 New functionality or new hardware support provided: No 3 KITS SUPERSEDED BY THIS KIT: - None 4 KIT DEPENDENCIES: 4.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: - VMS732_PCSI-V0300 - VMS732_UPDATE-V0400 Page 2 4.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: - None 5 NEW FUNCTIONALITY AND/OR PROBLEMS ADDRESSED IN THE VMS732_MP-V0100 KIT 5.1 New functionality addressed in this kit Not Applicable 5.2 Problems addressed in this kit 5.2.1 Potential Security Vulnerability 5.2.1.1 Problem Description: HP has determined that systems running OpenVMS V7.3-2 have a potential security vulnerability. This vulnerability could be exploited, allowing non-privileged users or remote users to cause a system crash. To protect against this potential security risk, HP is making a mandatory update patch available for OpenVMS customers. This patch is provided by installing this VMS732_MP-V0100 kit. Images Affected: - [SYSEXE]SMPUTIL.EXE 5.2.1.2 CLDs, and QARs reporting this problem: 5.2.1.2.1 CLD(s) None. 5.2.1.2.2 QAR(s) None. 5.2.1.3 Problem Analysis: See problem description Page 3 5.2.1.4 Release Version of OpenVMS that will contain this change: OpenVMS Alpha V8.2 5.2.1.5 Work-arounds: None. 6 FILES PATCHED OR REPLACED: o [SYSEXE]SMPUTIL.EXE (new image) Image Identification Information image name: "SMPUTIL" image file identification: "X-30" image file build identification: "XA99-0060110004" link date/time: 26-OCT-2005 14:36:38.41 linker identification: "A11-50" Overall Image Checksum: 1530296493 7 INSTALLATION INSTRUCTIONS 7.1 Test/Debug Image Loss In the course of debugging problems reported to OpenVMS Engineering, customers may be given debug or point-fix images to install. Typically, these images do not have the same image generation flags contained in images released via the OpenVMS remedial patch process. Because of this, any debug or point-fix image that is in the SYS$COMMON area, will be replaced by any image of the same name installed by this kit. If this occurs, you will lose any functionality that is provided by the replaced image. If you wish to retain these debug or point-fix images, you can take the following steps: o Prior to installing this kit, move the test/debug image(s) to be saved to the SYS$SPECIFIC area. o During kit installation, you will be asked if you wish to delete the image(s) in SYS$SPECIFIC. You should answer NO for each image that you want to keep. o After installation completes, but before rebooting the system (if required), move the image(s) from SYS$SPECIFIC back to SYS$COMMON. Page 4 7.2 Compressed File 7.3 Installation Command Install this kit with the POLYCENTER Software installation utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL VMS732_MP[/SOURCE=location of Kit] Note that this kit will install with the /SAVE_RECOVERY_DATA option turned on. Using this qualifier will allow easy removal of the kit from the system in the event of problems. If you wish to disable this option you must use the /NOSAVE_RECOVERY_DATA qualifier on the PRODUCT INSTALL command. The /SAVE_RECOVERY_DATA qualifier is optional but highly recommended. Using this qualifier will allow easy removal of the kit from the system in the event of problems. The kit location may be a tape drive, CD, or a disk directory that contains the kit. The /SOURCE qualifier is not needed if the PRODUCT INSTALL command is executed from the same directory as the kit location. Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt. 7.4 Scripting of Answers to Installation Questions During installation, this kit will ask and require user response to several questions. If you wish to automate the installation of this kit and avoid having to provide responses to these questions, you must create a DCL command procedure that includes the following logical name definitions and commands: o To avoid the BACKUP question, define the following: $ DEFINE/SYS NO_ASK$BACKUP TRUE o To save replaced files as *.*_OLD define the following logical name as YES. If you do not wish to save replaced files, define the logical name as NO. Note that if you use the /SAVE_RECOVERY_DATA qualifier (recommended) on the PRODUCT INSTALL command all replaced files will be saved as part of that operation. There is no need to also save files as *.*_OLD: $ DEFINE/JOB ARCHIVE_OLD NO o Add the following qualifiers to the PRODUCT INSTALL command and add that command to the DCL procedure. /PROD=DEC/BASE=AXPVMS/VER=V1.0 '[/SOURCE=location of Kit] Page 5 o De-assign the logical names assigned For example, a sample command file to install the VMS732_MP-V0100 kit would be: $ DEFINE/SYS NO_ASK$BACKUP TRUE $ DEFINE/JOB ARCHIVE_OLD NO $! $ PROD INSTALL VMS732_MP/PRODUCER=DEC/BASE=AXPVMS/VER=V1.0" $! $ DEASSIGN/SYS NO_ASK$BACKUP $! $ exit $! 8 COPYRIGHT AND DISCLAIMER: (C) Copyright 2005 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP and/or its subsidiaries required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Neither HP nor any of its subsidiaries shall be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for HP products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL HP BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.