 |
≫ |
|
|
|
パッチ名: PHNE_34689
パッチ摘要: s700_800 11.23 sendmail(1m) 8.11.1パッチ
作成日: 06/07/26
公開日: 06/07/31
警告: 07/05/03 - これは、当社からの重大な警告(Criticalレベル)です。
- PHNE_34689をインストールすると、sendmailの子プロセスが、着信メールの
処理中にループして、ハングしたようになることがあります。
- この問題の特徴は、sendmailの子プロセスが予想以上のCPUタイムを使用し
ているように見えることと、メールキュー内に大規模なdfファイルが作成さ
れることです。通常、CPUの使用率は問題ではありませんが、メールキュー
内に大規模なファイルが作成されると、ファイルスペースの問題が生じる可
能性があります。
- この問題はごく稀にしか起きません。
- この問題の詳細は、サービス要求8606457791(JAGag14059)を参照してくださ
い。
- この問題は、リリース済みのPHNE_35485で解決されています。したがって、
この問題を防ぐために、システムにPHNE_34689がインストールされている場
合はPHNE_35485をインストールするようお勧めします。
- PHNE_34689はHPセキュリティ報告HPSBUX02108およびHPUXSB02124に記載され
ているセキュリティ問題にも対処しているので、上記の問題の回避策として
単にPHNE_34689を削除することはお勧めできません。
ハードウェアプラットフォームおよびOSリリース:
s700: 11.23
s800: 11.23
現象:
PHNE_34689:
1.(SR:8606437932 CR:JAGaf96078)
sendmail(1M)がタイムアウトを適切に処理しないことがあります。
2.(SR:8606445290 CR:JAGag02760) 重複
(SR:8606444296 CR:JAGag01864)
sendmail(1M)がMIMEメッセージを適切に処理しないことがあります。
3.(SR:8606447864 CR:JAGag05151)
メッセージにヘッダーフォールディングが含まれている場合、sendmail(1M)が
継続行とそれに続くヘッダーをメッセージ本文とみなします。
問題点の説明:
PHNE_34689:
1.(SR:8606437932 CR:JAGaf96078)
sendmail(1M)はタイムアウトを適切に処理しないことがありました。
解決方法:
タイムアウトを適切に処理するようにsendmail(1M)を修正しました。
2.(SR:8606445290 CR:JAGag02760) 重複
(SR:8606444296 CR:JAGag01864)
sendmail(1M)はMIMEメッセージを適切に処理しないことがありました。
解決方法:
MIMEメッセージを適切に処理するようにsendmail(1M)を修正しました。
3.(SR:8606447864 CR:JAGag05151)
ヘッダーフォールディングはタブ/空白文字で認識できます。ところが、メッ
セージ内にヘッダーフォールディングが含まれている場合、sendmail(1M)は、
タブ/空白文字を適切に処理していませんでした。そのため、継続行とそれに
続くヘッダーがメッセージ本文の一部とみなされていました。
解決方法:
ヘッダーフォールディングを適切に処理するようにsendmail(1M)を修正しまし
た。
-----------------------------------------------------------------------------
Patch Name: PHNE_34689
Patch Description: s700_800 11.23 sendmail(1m) 8.11.1 patch
Creation Date: 06/07/26
Post Date: 06/07/31
Warning: 07/05/03 - This Critical Warning has been issued by HP.
- PHNE_34689 introduced behavior that may cause sendmail child
processes to loop and appear hung when handling inbound mail.
- This behavior is characterized by sendmail child processes
which appear to be using an unexpected amount of CPU and also
by the creation of large df files in the mail queue. The
CPU usage is generally not a problem, but the large files
created in the mail queue can cause file space issues.
- This behavior is a corner case and occurs infrequently.
- Additional details on this behavior may be found in Service
Request 8606457791 (JAGag14059).
- This behavior is corrected in PHNE_35485, which is released.
To avoid this behavior, HP recommends installing PHNE_35485
on systems with PHNE_34689 installed.
- Due to the security concerns documented in HP Security
Bulletins HPSBUX02108 and and HPUXSB02124, HP does not
recommend removing PHNE_34689 to avoid this behavior.
Hardware Platforms - OS Releases:
s700: 11.23
s800: 11.23
Products: N/A
Filesets:
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP
Automatic Reboot?: No
Status: General Superseded With Warnings
Critical:
Yes
PHNE_34689: CORRUPTION
The fix for CR JAGag05151 (SR 8606447864) corrects
a possible header corruption in a message.
Category Tags:
defect_repair enhancement general_release critical
corruption
Path Name: /hp-ux_patches/s700_800/11.X/PHNE_34689
Symptoms:
PHNE_34689:
( SR:8606437932 CR:JAGaf96078 )
Under certain circumstances, sendmail(1M) does not handle
timeouts properly.
( SR:8606445290 CR:JAGag02760 ) Duplicate
( SR:8606444296 CR:JAGag01864 )
In some cases, sendmail(1M) does not process MIME
messages properly.
( SR:8606447864 CR:JAGag05151 )
When a message contains a header folding, sendmail(1M)
treats the continuation line and the headers that follow
this continuation line as the body of the message.
PHNE_31734:
( SR:8606359269 CR:JAGaf19965 )
This product update provides pre-enablement for future
expansion of the maximum length of the system nodename and
hostname. Any actual expansion capability may be provided
in a future HP-UX nodename and hostname expansion product.
Upon installation, the nodename and hostname expansion
bundle (NodeHostNameXpnd) will install the full set of
product updates (including this one) needed to enable the
expansion.
If the nodename and hostname expansion bundle is not
installed, this product update will have no affect on your
system.
( SR:8606366075 CR:JAGaf26704 )
For an IPv4 connection, identd logs IPv4 address as
IPv4-mapped-IPv6-address in the syslog file.
PHNE_29913:
SR 8606330618/ CR JAGae91741
1. Under some circumstances, Sendmail does not parse the
headers properly.
SR 8606331548/ CR JAGae92668
2. Under certain circumstances, Sendmail does not parse
some rulesets properly.
Defect Description:
PHNE_34689:
( SR:8606437932 CR:JAGaf96078 )
Under certain circumstances, sendmail(1M) does not handle
timeouts properly.
Resolution:
sendmail(1M) now handles timeouts properly.
( SR:8606445290 CR:JAGag02760 ) Duplicate
( SR:8606444296 CR:JAGag01864 )
In some cases, sendmail(1M) does not process MIME
messages properly.
Resolution:
sendmail(1M) now processes MIME messages properly.
( SR:8606447864 CR:JAGag05151 )
A header folding is recognized by a tab or space character.
When a message contains a header folding, sendmail(1M)
does not process the tab or space character appropriately.
Therefore, sendmail(1M) treats the continuation line
and the headers following the line as part of the
body of the message.
Resolution:
sendmail(1M) now processes the header folding properly.
PHNE_31734:
( SR:8606359269 CR:JAGaf19965 )
This product update contains some minor enhancements
required to pre-enable a future HP-UX nodename and
hostname expansion product bundle (NodeHostNameXpnd).
Resolution:
Internal buffers for the nodename or hostname are expanded
in preparation for a future increase to the associated
maximum length constraint.
( SR:8606366075 CR:JAGaf26704 )
identd logs IPv4-mapped-IPv6-addresses instead of
IPv4 addresses in the syslog file for IPv4 connections.
Resolution:
identd now logs IPv4 addresses for IPv4 connections.
PHNE_29913:
SR 8606330618/ CR JAGae91741
1. Under some circumstances, Sendmail does not parse the
headers properly.
Resolution:
Code has now been modified to fix the problem.
SR 8606331548/ CR JAGae92668
2. Under certain circumstances, Sendmail does not parse
some rulesets properly.
Resolution:
Code has now been modified to fix the problem.
Enhancement:
No (superseded patches contained enhancements)
PHNE_31734:
( SR:8606359269 CR:JAGaf19965 )
Yes. Support added for future maximum length expansion of
nodename and hostname.
SR:
8606437932 8606444296 8606445290 8606447864 8606330618
8606331548 8606359269 8606366075
Patch Files:
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_IA,
v=HP:
/usr/sbin/idlookup
/usr/sbin/mailstats
/usr/bin/praliases
/usr/sbin/smrsh
/usr/lbin/identd
/usr/sbin/makemap
/usr/sbin/sendmail
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_PA,
v=HP:
/usr/sbin/idlookup
/usr/sbin/mailstats
/usr/bin/praliases
/usr/sbin/smrsh
/usr/lbin/identd
/usr/sbin/makemap
/usr/sbin/sendmail
what(1) Output:
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_IA,
v=HP:
/usr/sbin/idlookup:
$Revision: B11.23.0409LR
/usr/sbin/mailstats:
mailstats.c 8.53.16.11 (Berkeley) 2002/07/31
/usr/bin/praliases:
praliases.c 8.59.4.10 (Berkeley) 2002/07/31
/usr/sbin/smrsh:
smrsh.c 8.31.4.5 (Berkeley) 2002/12/11
/usr/lbin/identd:
$Revision: B11.23.0409LR
/usr/sbin/makemap:
makemap.c 8.135.4.11 (Berkeley) 2002/07/31
/usr/sbin/sendmail:
University of California. All rights reserved.
including Sendmail, Inc., and the Regents of the
Copyright (c) 1998 HEWLETT PACKARD COMPANY and its l
icensors,
version.c 8.11.1 (Berkeley) - 28th June 2006 (PHNE
_34689)
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_PA,
v=HP:
/usr/sbin/idlookup:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: B11.23.0409LR
/usr/sbin/mailstats:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
mailstats.c 8.53.16.11 (Berkeley) 2002/07/31
/usr/bin/praliases:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
praliases.c 8.59.4.10 (Berkeley) 2002/07/31
/usr/sbin/smrsh:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
smrsh.c 8.31.4.5 (Berkeley) 2002/12/11
/usr/lbin/identd:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: B11.23.0409LR
/usr/sbin/makemap:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
makemap.c 8.135.4.11 (Berkeley) 2002/07/31
/usr/sbin/sendmail:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
Copyright (c) 1998 HEWLETT PACKARD COMPANY and its l
icensors,
including Sendmail, Inc., and the Regents of the
University of California. All rights reserved.
version.c 8.11.1 (Berkeley) - 28th June 2006 (PHNE
_34689)
cksum(1) Output:
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_IA,
v=HP:
1872516871 18700 /usr/sbin/idlookup
3194909455 28004 /usr/sbin/mailstats
3340942858 1150620 /usr/bin/praliases
2158034586 23116 /usr/sbin/smrsh
924385575 63652 /usr/lbin/identd
2775624793 1150740 /usr/sbin/makemap
1212115082 2561608 /usr/sbin/sendmail
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_PA,
v=HP:
3767845638 32768 /usr/sbin/idlookup
334290098 32768 /usr/sbin/mailstats
1177634411 626688 /usr/bin/praliases
3057688491 32768 /usr/sbin/smrsh
1986434830 49152 /usr/lbin/identd
3878752948 630784 /usr/sbin/makemap
2761786069 1339392 /usr/sbin/sendmail
Patch Conflicts: None
Patch Dependencies:
s700: 11.23: PHCO_32475
s800: 11.23: PHCO_32475
Hardware Dependencies: None
Other Dependencies: None
Supersedes:
PHNE_31734 PHNE_29913
Equivalent Patches: None
Patch Package Size: 3250 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHNE_34689
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHNE_34689.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHNE_34689. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHNE_34689.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHNE_34689.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHNE_34689.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions:
PHNE_34689:
The temporary solution provided by HP in security bulletin
HPSBUX02108 must be removed before this patch can
be installed.
|
