| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 158.1 | Security Bulletin | SBUOA::CHARPENTIER | | Thu Apr 03 1997 10:46 | 36 |
| From: NAME: Corporate Information Security
<SECURITY@A1@SALES@PKO>
To: See Below
From: Chuck Noble, [email protected], MSO2-1, DTN 223-8728
DIGITAL INTERNAL USE ONLY
The Corporate Information Security Group (CISG) has issued
Security Bulletin 97-02, OpenVMS Delta-Time Limit Problem. This
Bulletin is for immediate distribution to all DIGITAL internal
OpenVMS/Alpha and OpenVMS/VAX system managers.
The OpenVMS operating system has a documented delta-time
limit that may cause a serious error in some applications and
OpenVMS components beginning on or around 19-MAY-1997. OpenVMS
customers may experience errors in some applications and OpenVMS
components when dates are specified on or around 19-MAY-1997.
The OpenVMS SECURITY Server is identified as one of the
known components to be affected by the delta-time limit. Symptoms
may involve denial-of-service, including system crash.
DIGITAL has provided ECOs (Engineering Change Orders) that
remove the delta-time limit. Security Bulletin 1997-02 contains
detailed information for obtaining and installing the appropriate
ECO for your OpenVMS system. A complete copy of this Bulletin can
be obtained from the Corporate Security Home Page at URL
http://corpsec.mso.dec.com/Ref-Bulletins.htm, or in the Security
Advisory Notefile at MINOTR::SECURITY_ADVISORY, or in VTX
SECURITY.
CoC Managers hosting Contracted Personnel are responsible
for appropriate forwarding of this announcement.
Any questions or comments concerning this or any other CISG
security communication may contact our group at DTN 223-8900, or
at [email protected].
DIGITAL INTERNAL USE ONLY
|
| 158.2 | OpenVMS Delta-Time Limit Problem (LMS) | SBUOA::CHARPENTIER | | Thu Apr 03 1997 10:48 | 39 |
| As you are probably already aware that the OpenVMS has documented
delta-time limit problem, which may cause serious errors in some
applications starting 19-May-1997. There is an ECO (Engineering Change
Orders) patch which is required to be installed on the systems running
the OpenVMS VAX operating System.
In Kanata, we have two VMS clusters (POLAR VAX/VMS V5.52 & KAMFG
VAX/VMS V6.2) for the manufacturing businesses (SBU and PCBU), each of
these clusters will be upgraded with the ECO patch.
The applications that are going to be impacted are ones that use the
library calls mentioned in the attachments. It is imperative, that you
review each of the attachments and determine how they apply to LMS
software. If LMS application is going to be affected then send us
notification to let us know what your plan of action is. We require
all corrections, if any, by April 15, 1997.
Further information can be found in the web sites listed below and
VMSNOTES file (VAXAXP::VMSNOTES) entry 238.*.
Attached is the cover letter describing the problem site for this is:
ftp://ftp.service.digital.com/public/vms/vax/v5.5/vaxlibr05_070.CVRLET_TXT
ftp://ftp.service.digital.com/public/vms/
http://corpsec.mso.dec.com/Ref-Bulletins.htm
http://www.service.digital.com/html/patch_main.html
Shairoz Velji
Kanata IM&T @KAO 3/3
Dtn 621-4715
|
| 158.3 | AOW: OpenVMS Delta-Time Limit Problem (LMS) | SBUOA::CHARPENTIER | | Thu Apr 03 1997 10:50 | 71 |
|
Analysis of Work Document
=====================
Problem Reported:
Quoting from documents transmitted to MFA from DEC:
The OpenVMS operating system has a documented delta-time limit
that may cause a serious error in some applications and OpenVMS
components beginning on or around 19-MAY-1997. DIGITAL has
provided ECOs (Engineering Change Orders) that remove the delta-
time limit.
OpenVMS customers may experience errors in some applications
and OpenVMS components when dates are specified on or around
19-MAY-1997.
The OpenVMS SECURITY Server is one of the known components to
be affected by the delta-time limit. Symptoms may involve
denial-of-
service, including system crash.
Corrective Process:
Obtain and install the appropriate corrective ECO. A reboot
of the system must occur for the ECO to take effect.
Corrective Action By Module:
No corrective action is needed for LMS. The reason for this
is that the LMS was designed so that it gets its delta date
information from a program that DEC supplies. The DEC supplied
program waits in the background for other programs, like LMS to
ask for information, such as a delta time value. The DEC
supplied program will then pass the requested information
back to LMS. If the DEC supplied program is replaced, then
LMS will use the new version to obtain delta time values. This
happens automatically, no changes to LMS are required. LMS uses
the version of the DEC supplied program that is running at the
time the request for information is made. Therefore, the problem
that LMS will have with delta times is that the DEC supplied
program will not providing good information back to LMS. The
ECO will replace the DEC supplied program with a version that
will provide accurate data to LMS.
Test To Be Performed:
None
Expected Test Results:
None
Documentation:
None
Expected Time Estimate:
On the MFA test system, McCoy: 1 hour to install the ECO and reboot
the system.
Expected completion date:
The patch has been applied at LMSCU on Friday, March 28, 1997.
All other sites need to be scheduled in advance of the May 19 date.
The system at MFA will be updated and rebooted as soon as the
ECO has been supplied.
Deb Charpentier
* [email protected]
|