HP-UX 11i September 2003 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

111

112

113

114

115

116

117

118

119

120

HP-UX 11i Version 1.0 Operating Environment Applications

HP-UX 11i Foundation Operating Environment

Chapter 6

111

Plus enhancements from v1.0.05.01:

• mod_auth_ldap and its caching module, mod_ldap, have been added to provide

authentication to an LDAP directory. These are new modules from the Apache

Software Foundation. auth_ldap is still provided; however, all ldap users are

encouraged to begin transitioning to mod_auth_ldap. auth_ldap is provided during

this transition but will be removed in a future release.

Plus enhancements from v1.0.03.01:

• Apache upgraded to 2.0.45 which addresses and fixes these security vulnerabilities

described at:

— http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132

— http://nagoya.apache.org/bugzilla/index.html: BUG # 17206

• Fixed OpenSSL 0.9.6i to address and fix these security vulnerabilities described at:

— http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147

— http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131

• Enabling more file descriptors:

HP-UX Apache-based Web Server is now compiled with _USE_BIG_FDS to raise the

maximum allowed number of simultaneous open files, or maximum number of file

descriptors, from 2048 to 60000 per process (depending on system configuration).

new for June 2003 HP-UX Apache-based Web Server v1.0.01.02 includes the following:

• OpenSSL upgraded to 0.9.6i, which addresses and fixes the security vulnerability

described at:

— http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078

• Resolved a problem with Apache going into an infinite loop under certain network

conditions, consuming 100% CPU. The details regarding the bug is available at

http://nagoya.apache.org/bugzilla/index.html: BUG # 15380.

• Resolved a problem with Apache not able to load modules written in C++.

Plus enhancements from v1.0.00.01:

• Apache 2.0.43: All users are urged to upgrade immediately to Apache 2.0.43 which

addresses and fixes these security vulnerabilities described at

http://cve.mitre.org/: CAN-2002-0839, CAN-2002-1156, CAN-2002-0843.

• New Apache modules: mod_charset_lite, mod_deflate, mod_mem_cache

• PHP 4.2.3, a maintenance release with a large number of bug fixes to version 4.2.2.

This version of PHP also incorporates a fix for PHP bug #17466 for uid/gid in

safe_mode.

• New PHP extensions, which add support for sockets, FTP, network management,

XML manipulation using DOM, handling compressed files, image manipulation and

password strength checking.

• Support for IPv6

• mod_perl 1.99_07, now dependent on Perl 5.6.1, which is included in the OE.