======================================================================= Hewlett-Packard OpenVMS ECO Cover Letter ======================================================================= 1 KIT NAME: VAXSMGRMUP01_062 2 KIT DESCRIPTION: 2.1 Installation Rating: MUP : Must be installed by all customers. This patch kit is a Mandatory Update kit (MUP). It corrects a critical issue which, if left uncorrected, could result in a non-privileged user compromising system security. All users must install this patch as early as possible. This installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) 2.2 Reboot Requirement: No reboot is necessary after installation of this kit, however, there are additional steps that must be performed in order to use the images provided by this kit. Refer to the section titled Special Installation Instructions for required post-installation actions. 2.3 Version(s) of OpenVMS to which this kit may be applied: OpenVMS VAX V6.2 2.4 New functionality or new hardware support provided: No. 3 KITS SUPERSEDED BY THIS KIT: - None 4 KIT DEPENDENCIES: Page 2 4.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: - None 4.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: - None 5 NEW FUNCTIONALITY AND/OR PROBLEMS ADDRESSED IN THE VAXSMGRMUP01_062 KIT 5.1 New functionality addressed in this kit Not Applicable 5.2 Problems addressed in this kit 5.2.1 PC Corruption 5.2.1.1 Problem Description: Buffer overflow leads to corrupted PC in the stack. Images Affected: - [SYSLIB]SMGSHR.EXE 5.2.1.2 Quix and PTR cases reporting this problem: 5.2.1.2.1 Quix Cases None. 5.2.1.2.2 PTR(s) 75-120-288 Page 3 5.2.1.3 Work-arounds: None. 6 FILES PATCHED OR REPLACED: o [SYSLIB]SMGSHR.EXE (new image) Image Identification Information image name: "SMGSHR" image file identification: "V06-001" link date/time: 4-SEP-2008 09:12:19.10 linker identification: "05-13" Overall Image Checksum: 1194060533 7 INSTALLATION INSTRUCTIONS 7.1 Test/Debug Image Loss In the course of debugging problems reported to OpenVMS Engineering, customers may be given debug or point-fix images to install. Typicaly, these images do not have the same image generation flags contained in images released via the OpenVMS remedial patch process. Because of this, any debug or point-fix image that is in the SYS$COMMON area, will be replaced by any image of the same name installed by this kit. If this occurs, you will lose any functionality that is provided by the replaced image. If you wish to retain these debug or point-fix images, you can take the following steps: o Prior to installing this kit, move the test/debug image(s) to be saved to the SYS$SPECIFIC area. o During kit installation, you will be asked if you wish to delete the image(s) in SYS$SPECIFIC. You should answer "No" for each image that you want to keep. o After installation completes, but before rebooting the system (if required), move the image(s) from SYS$SPECIFIC back to SYS$COMMON. 7.2 Compressed File This kit is provided as a DCX compressed kit. To expand this file to the installable .PCSI file, run the file with a RUN file_name command. When the file is run you will see the following output: $ RUN VAXSMGRMUP01_062.A-DCX_VAXEXE FTSV DCX auto-extractible compressed file for OpenVMS (AXP) Page 4 FTSV V3.0 -- FTSV$DCX_AXP_AUTO_EXTRACT Copyright (c) Digital Equipment Corp. 1993 Options: [output_file_specification] [input_file_specification] The decompressor needs to know the filename to use for the decompressed file. If you don't specify any, it will use the original name of the file before it was compressed, and create it in the current directory. If you specify a directory name, the file will be created in that directory. Decompress into (file specification): If you want the file to be expanded into a different directory, enter the directory specification. DO NOT enter a new file name. The expanded file must retain the original name. If you want to expand the file via batch, the command file must contain an answer to the Decompress into "(file specification)" question, either a or an alternate directory specification 7.3 Installation Command Install this kit with the VMSINSTAL utility by logging into the SYSTEM account, and typing the following at the DCL prompt: @SYS$UPDATE:VMSINSTAL VAXSMGRMUP01_062 [location of the saveset] The saveset location may be a tape drive, CD, or a disk directory that contains the kit saveset. 7.4 Special Installation Instructions: If this kit is being installed in a clustered environment with a shared system disk, in order for all members of the cluster that share the system disk to make use of the new image, you must execute the following command on each node that is sharing the system disk: INSTALL REPLACE SYS$SHARE:SMGSHR.EXE Once installed, users will need to log out and log back in in order to use the new image. 8 COPYRIGHT AND DISCLAIMER: (C) Copyright 2008 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP and/or its subsidiaries required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under Page 5 vendor's standard commercial license. Neither HP nor any of its subsidiaries shall be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for HP products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL HP BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.