Patch-ID# 112869-02


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security mod_ssl library apache
Synopsis: Sun Crypto Accelerator 1000 Patch
Date: Aug/14/2002


Install Requirements: Perform a reconfigure reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 8

SunOS Release: 5.8

Unbundled Product: Sun Crypto Accelerator 1000

Unbundled Release: 1.0

Xref:

Topic: This patch is issued to address a security flaw in OpenSSL. 
        To get a full fix for this problem, you must also update
        Apache by applying 109234-09.

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
470578415112661
472500315117428


Changes incorporated in this version: 4725003

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/opt/SUNWconn/crypto/bin/openssl
/opt/SUNWconn/crypto/include/openssl/asn1.h
/opt/SUNWconn/crypto/include/openssl/bio.h
/opt/SUNWconn/crypto/include/openssl/bn.h
/opt/SUNWconn/crypto/include/openssl/buffer.h
/opt/SUNWconn/crypto/include/openssl/comp.h
/opt/SUNWconn/crypto/include/openssl/conf.h
/opt/SUNWconn/crypto/include/openssl/crypto.h
/opt/SUNWconn/crypto/include/openssl/des.h
/opt/SUNWconn/crypto/include/openssl/dh.h
/opt/SUNWconn/crypto/include/openssl/dsa.h
/opt/SUNWconn/crypto/include/openssl/dso.h
/opt/SUNWconn/crypto/include/openssl/e_os.h
/opt/SUNWconn/crypto/include/openssl/e_os2.h
/opt/SUNWconn/crypto/include/openssl/engine.h
/opt/SUNWconn/crypto/include/openssl/err.h
/opt/SUNWconn/crypto/include/openssl/evp.h
/opt/SUNWconn/crypto/include/openssl/obj_mac.h
/opt/SUNWconn/crypto/include/openssl/objects.h
/opt/SUNWconn/crypto/include/openssl/opensslconf.h
/opt/SUNWconn/crypto/include/openssl/opensslv.h
/opt/SUNWconn/crypto/include/openssl/pem.h
/opt/SUNWconn/crypto/include/openssl/pem2.h
/opt/SUNWconn/crypto/include/openssl/pkcs12.h
/opt/SUNWconn/crypto/include/openssl/pkcs7.h
/opt/SUNWconn/crypto/include/openssl/rand.h
/opt/SUNWconn/crypto/include/openssl/rsa.h
/opt/SUNWconn/crypto/include/openssl/ssl.h
/opt/SUNWconn/crypto/include/openssl/ssl2.h
/opt/SUNWconn/crypto/include/openssl/ssl3.h
/opt/SUNWconn/crypto/include/openssl/x509.h
/opt/SUNWconn/crypto/include/openssl/x509_vfy.h
/opt/SUNWconn/crypto/include/openssl/x509v3.h
/opt/SUNWconn/crypto/lib/libcrypto.a
/opt/SUNWconn/crypto/lib/libssl.a
/opt/SUNWconn/crypto/lib/mod_ssl.so.1.3.26

Problem Description:

4725003 OpenSSL 0.9.6b has remote exploit
 
(from 112869-01)
4705784 support for Apache 1.3.26 required in Sun Crypto Accelerator 1000


Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-8 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
NOTE: Updating Apache when used with the Sun Crypto Accelerator 1000 Board
==========================================================================
 
Different releases of Apache are unable to share modules.  Therefore,
when you upgrade your Apache software, you must also update any modules
you have installed, including the mod_ssl module (for SSL) supplied with
the Sun Crypto Accelerator 1000 board.
 
If you are using Apache 1.3.26, then once you have installed this patch,
you must also run the sslconfig program (/opt/SUNWconn/crypto/bin/sslconfig)
and edit your httpd.conf to change the line that reads
 
        LoadModule ssl_module /usr/apache/libexec/mod_ssl.so.1.3.12
 
so that instead it reads
 
        LoadModule ssl_module /usr/apache/libexec/mod_ssl.so.1.3.26
 
Then you should be able to restart the Apache server using the startup
script (/etc/init.d/apache start).


README -- Last modified date: Friday, November 9, 2012