Fixes included in NetIQ Privileged User Manager 2.3.1 HF2 (2.3.1-2):
Note: Privileged User Manager is vulnerable to an exploit whereby an attacker could, without prior authentication, change the password of the admin user and/or execute a Perl script with SYSTEM privileges.
Access Manager (auth):
LDAP Credential Agent (ldapagnt):
Registry Agent (regclnt):
Bug 789854 - Security Vulnerability: NetIQ Privileged User Manager Remote Code Execution Vulnerability
Resolved: Resolved vulnerabilities
Fixes included in NetIQ Privileged User Manager 2.3.1 HF1 (2.3.1-1)
Command Control Agent (rexec):
Bug 776218 - EAC: Error, cannot open policy: Bad file number (Solaris specific)
Resolved: Resolved EAC error
Bug 774457 - EAC shell hoards audit data in memory
Resolved: Resolved memory hog
Bug 767472 - EAC doesn’t work on Solaris x86 v9 - "Value too large for defined data type"
Resolved: EAC works on Solaris x86 v9
Bug 766958 - remove rush man page, add pcksh man page
Resolved: pcksh man page added, removed old rush man page
Bug 766638 - Solaris: EAC causes core when running 'man' as root
Resolved: Resolved core when running man as root
Bug 763482 - HP-UX EAC corrupts when login with /usr/bin/ksh or /sbin/sh
Resolved: EAC works when login shell is /usr/bin/ksh or /sbin/sh
Bug 757337 - Unable to set ulimit after EAC is enabled
Resolved: Resolved, ulimit can be set after EAC is enabled
Bug 754353 - Using EAC with 'tail -f' on SLES10 causes tail to segmentation fault when using PUTTY
Resolved: tail -f can be run on SLES without segmentation fault
Messaging Component (msgagnt):
Bug 767942 - msgagnt sending emails with 1970/01/01 date
Resolved: Stopped utf-8 Date attributes in smtp headers
Resolved: Update to 2.3.1 HF1 (2.3.1-1)
Bug 674816 - Request Certificate - Finish button isn't enabled until you edit the Common Name
Resolved: Finish button is enabled after filling out blank settings
Command Control Manager (cmdctrl):
Bug 747447 - default 20mb queue_wm_size too small
Resolved: Default watermark increased to 100MB, max size 250MB
Reporting Console (audit):
Bug 746377 - Add option to Syslog configuration in Reports gui to enable/disable persistent connections
Resolved: Option added to enable/disable persistent connections
Command Control Console (cmdctrl):
Bug 766910: Update Sample Scripts
Resolved: Sample script added/updated
All updated packages since the 2.3.1 release for all platforms (except SLES specific installs)
To install Hot Fix 2 (HF2) please do the following:
For SLES servers running SLES specific rpm's ONLY.
*** Note: For all other platforms, see 'Manually publish patch to Package Manager' below.***
1. Download/Copy the NetIQ-sles-pum-2.3.1-2.tar.gz
2. Extract NetIQ-sles-pum-2.3.1-2.tar.gz into a temporary location, such as /tmp/
tar -xvf NetIQ-sles-pum-2.3.1-2.tar.gz
3. Stop NetIQ Privileged User Manager (/etc/init.d/npum stop)
4. Install the corresponding rpm for your SLES platform (SLES10/SLES11), using the 'rpm -U' command.
example: (32bit install)
sd147:/tmp # rpm -U novell-pum-2.3.1-23768.x86_64.rpm novell-pum-manager-2.3.1-23768.i586.rpm
Note: If the SLES server has the manager rpm installed, you must install both the manager rpm and agent (base) rpm. However, if the SLES server is just an agent, only the agent (or base) rpm needs to be updated.
Manually publish patch to Package Manager
1. Download/Copy the NetIQ-npum-packages-2.3.1-2.tar.gz file onto one of your Privileged User Manager machines.
2. Extract NetIQ-npum-packages-2.3.1-2.tar.gz into a temporary location, such as /tmp/framework/
tar -xvf NetIQ-npum-packages-2.3.1-2.tar.gz
3. Publish the packages to your Package Manager, using the following command:
/opt/novell/npum/sbin/unifi -u admin distrib publish -d /tmp/framework/packages/
sd142/ # /opt/novell/npum/sbin/unifi -u admin distrib publish -d /tmp/framework/packages/
4. Install the packages via the Framework.
To patch all Hosts:
Login to the Framework. Select Hosts | Select the root most Domain. From the left Navigation, select "Update Domain Packages" | Select the desired Hosts,(use Shift click or Ctrl click to select multiple hosts) then Next
To patch selected Hosts:
Login to the Framework. Select Hosts | Select the desired Host. From the left Navigation, select "Update Packages" | Select the desired Hosts,(use Shift click or Ctrl click to select multiple hosts) then Next
Note: Prior to patching Hosts, it is a good idea to "Commit Packages" on each host/domain. The "Commit Packages" will clean out the existing backup (if any) so that a backup can be created when a new patch is installed. Commit Packages can be done on a individual host or by Domain. If doing so by Domain, use the "Commit Domain Packages". If doing so by Host, use the "Commit Packages" option.
Note: During the process of installing the packages via the Framework, by default, it will create a backup of the existing packages that are being replaced if you leave the option to "Create backup" enabled when installing the patch. Should you need to remove the update, you can use the "Rollback Packages" option.
© 2007 Novell, Inc. All Rights Reserved.