HP-UX 11i June 2003 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

101

102

103

104

105

106

107

108

109

110

HP-UX 11i Version 1.0 Operating Environment Applications

HP-UX 11i Foundation Operating Environment

Chapter 6

110

Documentation

Bundled documentation (Release Notes, Admin Guides, User Guides, Migration Guides

and FAQs) now install into /opt/hpws/hp_docs. These documents can be accessed after

starting HP-UX Apache-based Web Server, HP-UX Tomcat-based Servlet Engine, and

HP-UX Webmin-based Admin by browsing to http://yourserver.com/hp_docs on the

appropriate port (i.e., for Webmin on port 10000, the URL should be:

http://yourserver.com:10000/hp_docs). ). See /opt/hpws/README for more

information about getting started with each component.

The latest information can also be found on the product web site:

http://www.hp.com/go/webserver

HP-UX Apache-based Web Server

HP-UX Apache-based Web Server combines Apache with numerous popular modules

from other Open Source projects and provides HP value-added features for the HP-UX

platform:

• Scripting capabilities: PHP, mod_perl, CGI

• Content management: WebDAV

• Security: authentication through an LDAP server, Chrooted environment, SSL and

TLS support

new for June 2003 HP-UX Apache-based Web Server v.1.0.02.01 includes the following:

• Upgraded to OpenSSL 0.9.6i: Vulnerability regarding ssl3_get_record in

s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC

computation if an incorrect block cipher padding is used, which causes an

information leak (timing discrepancy) that may make it easier to launch

cryptographic attacks that rely on distinguishing between padding and MAC

verification errors, possibly leading to extraction of the original plaintext, AKA the

“Vaudenay timing attack.” More details are available at http://cve.mitre.org/:

CAN-2003-0078.

• Resolved a problem with Apache going into an infinite loop under certain network

conditions, consuming 100% CPU. The details regarding the bug is available at

http://nagoya.apache.org/bugzilla/index.html: BUG # 15380.

• Resolved a problem with Apache not able to load modules written in C++.

Plus enhancements from v1.0.00.01:

• Apache 2.0.43: All users are urged to upgrade immediately to Apache 2.0.43 which

addresses and fixes these security vulnerabilities described at

http://cve.mitre.org/: CAN-2002-0839, CAN-2002-1156, CAN-2002-0843.

• New Apache modules: mod_charset_lite, mod_deflate, mod_mem_cache

• PHP 4.2.3, a maintenance release with a large number of bug fixes to version 4.2.2.

This version of PHP also incorporates a fix for PHP bug #17466 for uid/gid in

safe_mode.