Novell

This is Your Open EnterpriseTM

Privileged User Manager 2.3.1 HF2 (2.3.1-2)

This document (5153390) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

FileProductStatusPatch
novell-npum-packages-2.3.0-2.tar.gzPrivileged User Manager 2.2.2ObsoleteNovell Privileged User Manager 2.3.0 HF2 (2.3.0-2)
NetIQ-npum-packages-2.3.1-1.tar.gzPrivileged User Manager 2.3ObsoletePrivileged User Manager 2.3.1 HF1 (2.3.1-1)
NetIQ-npum-packages-2.3.1-1.tar.gzPrivileged User Manager 2.3.1ObsoletePrivileged User Manager 2.3.1 HF1 (2.3.1-1)

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Security patch: Yes
Priority: Mandatory
Distribution Type: Public

document

Revision: 3
Document ID: 5153390
Creation Date: 2012-11-16 16:01:29
Modified Date: 2012-11-20 15:31:48

abstract

NetIQ Privileged User Manager 2.3.1 HF2 (2.3.1-2) is a bundle of fixes for NetIQ Privileged User Manager 2.3.1 and contains a Vulnerability fix.

details

Fixes included in NetIQ Privileged User Manager 2.3.1 HF2 (2.3.1-2):

Note:  Privileged User Manager is vulnerable to an exploit whereby an attacker could, without prior authentication, change the password of the admin user and/or execute a Perl script with SYSTEM privileges.
 
Access Manager (auth):
LDAP Credential Agent (ldapagnt):
Registry Agent (regclnt):
Bug 789854 - Security Vulnerability: NetIQ Privileged User Manager Remote Code Execution Vulnerability
Resolved:  Resolved vulnerabilities 



Fixes included in NetIQ Privileged User Manager 2.3.1 HF1 (2.3.1-1)
 
Command Control Agent (rexec):
Bug 776218 - EAC: Error, cannot open policy: Bad file number (Solaris specific)
Resolved:  Resolved EAC error
 
Bug 774457 - EAC shell hoards audit data in memory
Resolved:  Resolved memory hog
 
Bug 767472 - EAC doesn’t work on Solaris x86 v9 - "Value too large for defined data type"
Resolved: EAC works on Solaris x86 v9
 
Bug 766958 - remove rush man page, add pcksh man page
Resolved: pcksh man page added, removed old rush man page
 
Bug 766638 - Solaris: EAC causes core when running 'man' as root
Resolved:  Resolved core when running man as root
 
Bug 763482 - HP-UX EAC corrupts when login with /usr/bin/ksh or /sbin/sh
Resolved: EAC works when login shell is /usr/bin/ksh or /sbin/sh
 
Bug 757337 - Unable to set ulimit after EAC is enabled
Resolved:  Resolved, ulimit can be set after EAC is enabled
 
Bug 754353 - Using EAC with 'tail -f' on SLES10 causes tail to segmentation fault when using PUTTY
Resolved: tail -f can be run on SLES without segmentation fault
 
 
Messaging Component (msgagnt):
Bug 767942 - msgagnt sending emails with 1970/01/01 date
Resolved:  Stopped utf-8 Date attributes in smtp headers
 
 
Framework Patch
Resolved: Update to 2.3.1 HF1 (2.3.1-1)
 
 
Agent Console:
Bug 674816 - Request Certificate - Finish button isn't enabled until you edit the Common Name
Resolved: Finish button is enabled after filling out blank settings
 
 
Command Control Manager (cmdctrl): 
Bug 747447 - default 20mb queue_wm_size too small
Resolved:  Default watermark increased to 100MB, max size 250MB
 
 
Reporting Console (audit):
Bug 746377 - Add option to Syslog configuration in Reports gui to enable/disable persistent connections
Resolved: Option added to enable/disable persistent connections
 
 
Command Control Console (cmdctrl):  
Bug 766910: Update Sample Scripts
Resolved: Sample script added/updated
 
 
MD5SUM:
679b1a18cf591c168b9bd96c9eac4026  NetIQ-npum-packages-2.3.1-2.tar.gz
 
NetIQ-npum-packages-2.3.1-2.tar.gz includes: 
All updated packages since the 2.3.1 release for all platforms (except SLES specific installs)
 
 
 
Installation:
 
To install Hot Fix 2 (HF2) please do the following:

For SLES servers running SLES specific rpm's ONLY.

*** Note: For all other platforms, see 'Manually publish patch to Package Manager' below.***
 
1. Download/Copy the NetIQ-sles-pum-2.3.1-2.tar.gz
2. Extract NetIQ-sles-pum-2.3.1-2.tar.gz into a temporary location, such as /tmp/
example:
tar -xvf NetIQ-sles-pum-2.3.1-2.tar.gz
3. Stop NetIQ Privileged User Manager (/etc/init.d/npum stop)
4. Install the corresponding rpm for your SLES platform (SLES10/SLES11), using the 'rpm -U' command.
example: (32bit install)
sd147:/tmp # rpm -U novell-pum-2.3.1-23768.x86_64.rpm novell-pum-manager-2.3.1-23768.i586.rpm
Note: If the SLES server has the manager rpm installed, you must install both the manager rpm and agent (base) rpm. However, if the SLES server is just an agent, only the agent (or base) rpm needs to be updated. 

Manually publish patch to Package Manager

1. Download/Copy the NetIQ-npum-packages-2.3.1-2.tar.gz file onto one of your Privileged User Manager machines.
2. Extract NetIQ-npum-packages-2.3.1-2.tar.gz into a temporary location, such as /tmp/framework/
example:
tar -xvf NetIQ-npum-packages-2.3.1-2.tar.gz 
3. Publish the packages to your Package Manager, using the following command:
/opt/novell/npum/sbin/unifi -u admin distrib publish -d /tmp/framework/packages/
example:
sd142/ # /opt/novell/npum/sbin/unifi -u admin distrib publish -d /tmp/framework/packages/
Username: (admin)
Password:
4. Install the packages via the Framework.
 
To patch all Hosts:
Login to the Framework. Select Hosts | Select the root most Domain. From the left Navigation, select "Update Domain Packages" | Select the desired Hosts,(use Shift click or Ctrl click to select multiple hosts) then Next
Select Finish
 
or
 
To patch selected Hosts:
Login to the Framework. Select Hosts | Select the desired Host. From the left Navigation, select "Update Packages" | Select the desired Hosts,(use Shift click or Ctrl click to select multiple hosts) then Next
Select Finish
Note: Prior to patching Hosts, it is a good idea to "Commit Packages" on each host/domain. The "Commit Packages" will clean out the existing backup (if any) so that a backup can be created when a new patch is installed. Commit Packages can be done on a individual host or by Domain. If doing so by Domain, use the "Commit Domain Packages". If doing so by Host, use the "Commit Packages" option.
Note: During the process of installing the packages via the Framework, by default, it will create a backup of the existing packages that are being replaced if you leave the option to "Create backup" enabled when installing the patch. Should you need to remove the update, you can use the "Rollback Packages" option.

security fixes

NetIQ credits Andrea Micalizzi (aka rgod) for reporting this flaw.

change log

Tuesday Nov 20, 2012: Added SLES specific installers

file contents

Files IncludedSizeDate
NetIQ-sles-pum-2.3.1-2.tar.gz46.2 MB (48448446)2012-11-20 14:58:21
NetIQ-npum-packages-2.3.1-2.tar.gz77.2 MB (80961164)2012-11-16 13:05:06
readme_5153390.htmlN/A2012-11-20 15:31:49

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.