Manualshelf

HP Tru64 UNIX and TruCluster Server Version 5.1B-6 Patch Summary and Release Notes

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.0A
51525354555657585960
sendmail Application Size/Length Limits Can Cause Problems
When upgrading older releases of sendmail, be aware that the 5.1B version of sendmail has
MIME header/content marker size limits and message header length limits. These limits have
been added to stop a Denial of Service (DoS) attack on the sendmail server. The values default
to the following:
MIME Header Length Size = 2048 characters
MIME Content Marker Size = 1024 characters
The MaxHeadersLength value is the maximum message header length allowed and its size
can be installation dependent (the value defaults to 8192 bytes).
Some legacy applications may be affected by this security addition if the application is sending
mail messages with long lines of text and no new-line markers. These limitations may cause
sendmail to insert a carriage return at these boundaries.
To revert back to the old sendmail behavior, do the following:
1. Verify the V2/Digital header line is in the /var/adm/sendmail/sendmail.cf file. If
the line is there, proceed to step 2. If it's not there, add it above the # predefined line. For
example:
# vi sendmail.cf
############################################################
V2/Digital
## predefined
2. Add the following lines to the /var/adm/sendmail/sendmail.cf file:
O MaxMimeHeaderLength=0/0
O MaxHeadersLength=-1/-1
3. Restart sendmail
Increasing RDG max_objs Value Recommended
For certain applications where Oracle instances are running in a cluster and Memory Channel
is used as the interconnect, console messages of rdg: out of objects may occur.
Tuning the sysconfigtab value max_objs (under the rdg subsystem) can eliminate these
messages. We recommend doubling your current value.
Because this parameter is not dynamic, you can only change it by modifying the sysconfigtab
file and rebooting your system. After doing this, observe your cluster to see if the messages have
been eliminated.
You can set this value to a maximum of 50,000.
Reboot May Resolve Problem with Smart Array Controller
If a problem with your Smart Array controller generates the following message, try rebooting
your system:
Smart Array at ciss(1) not responding - disabled.
If the reboot does not re-enable the hardware, you will need to call your HP support representative
to have the unit repaired.
Additional Steps for IPsec Connections
This kit fixes a potential security vulnerability in IP security (IPsec). If you have one or more
IPsec connections configured on your system, you need to ensure that you have restricted access
to each IPsec connection based on the identity of the remote hosts. You can accomplish this after
installing this kit by starting the IPsec SysMan configuration tool from the command line:
Prior Release Notes 51