Release Notes for ProLiant Support Pack for Red Hat Enterprise Linux 5, v7.71 Following is the list of all the components in the 7.71 ProLiant Support Pack for Red Hat Enterprise Linux 5: ******************************** cpq_cciss-3.6.16-4.rhel5.i686.rpm - HP ProLiant Smart Array Controller (x86/AMD32) Driver for Red Hat Enterprise Linux 5 (x86), v3.6.16-4 Enhancements Added support for Red Hat Enterprise Linux 5 (x86). ******************************** cpq_cciss-3.6.16-4.rhel5.x86_64.rpm - HP ProLiant Smart Array Controller (AMD64/EM64T) Driver for Red Hat Enterprise Linux 5 (AMD64/EM64T), v3.6.16-4 Enhancements Added support for Red Hat Enterprise Linux 5 (x86). ******************************** mptlinux-4.00.03.00-1.rhel5.i686.rpm - HP U320 SCSI Adapter, SAS HBA with RAID, SCxxXe and SCxxGe series HBA (x86 & AMD32) Driver for Red Hat Enterprise Linux 5 (x86), v4.00.03.00-1 Enhancements Initial release for Red Hat Enterprise Linux 5. ******************************** mptlinux-4.00.03.00-1.rhel5.x86_64.rpm - HP U320 SCSI Adapter, SAS HBA with RAID, SCxxXe and SCxxGe series HBA (AMD64/EM64T) Driver for Red Hat Enterprise Linux 5 (AMD64/EM64T), v4.00.03.00-1 Enhancements Initial release for Red Hat Enterprise Linux 5. ******************************** hpsmh-2.1.8-176.linux.i386.rpm - HP System Management Homepage for Linux (x86), v2.1.8-176 Enhancements Updated PHP libraries. Added operating system support to include: Red Hat Enterprise Linux 5 for AMD64 and Intel EM64T Addressed the following vulnerabilities: CVE-2007-1835 PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. CVE-2007-1701 PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". CVE-2007-1700 The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. CVE-2007-1380 The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. ******************************** hpsmh-2.1.8-176.linux.x86_64.rpm - HP System Management Homepage for Linux (AMD64/EM64T), v2.1.8-176 Enhancements Updated PHP libraries. Added operating system support to include: Red Hat Enterprise Linux 5 for AMD64 and Intel EM64T Addressed the following vulnerabilities: CVE-2007-1835 PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. CVE-2007-1701 PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". CVE-2007-1700 The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. CVE-2007-1380 The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. ******************************** hp-OpenIPMI-7.7.0c-32.rhel5.i386.rpm - HP OpenIPMI Device Driver for Red Hat Enterprise Linux 5 (x86), v7.7.0c-32.rhel5 Enhancements Initial release to support Red Hat Enterprise Linux 5 (x86) ******************************** hp-OpenIPMI-7.7.0c-32.rhel5.x86_64.rpm - HP OpenIPMI Device Driver for Red Hat Enterprise Linux 5 (AMD64/EM64T), v7.7.0c-32.rhel5 Enhancements Initial release to support Red Hat Enterprise Linux 5 (AMD64/EM64T) ******************************** hpasm-7.7.0c-24.rhel5.i586.rpm - HP System Health Application and Insight Management Agents for Red Hat Enterprise Linux 5 (x86), v7.7.0c-24.rhel5 Enhancements Initial release to support Red Hat Enterprise Linux 5 (x86) ******************************** hpasm-7.7.0c-24.rhel5.x86_64.rpm - HP System Health Application and Insight Management Agents for Red Hat Enterprise Linux 5 (AMD64/EM64T), v7.7.0c-24.rhel5 Enhancements Initial release to support Red Hat Enterprise Linux 5 (AMD64/EM64T) ******************************** hprsm-7.7.0c-30.rhel5.i386.rpm - HP Lights-Out Drivers and Agents for Red Hat Enterprise Linux 5 (x86), v7.7.0c-30.rhel5 Enhancements Initial release to support Red Hat Enterprise Linux 5 (x86) ******************************** hprsm-7.7.0c-30.rhel5.x86_64.rpm - HP Lights-Out Drivers and Agents for Red Hat Enterprise Linux 5 (AMD64/EM64T), v7.7.0c-30.rhel5 Enhancements Initial release to support Red Hat Enterprise Linux 5 (AMD64/EM64T) ******************************** hpvca-2.1.8-3.linux.rpm - HP Version Control Agent for Linux, v2.1.8-3 Enhancements Enhanced to support RHEL5 ******************************** hp-pel-1.0.1-1.rhel5.linux.rpm - HP Linux ProLiant Essentials Licensing for Red Hat Enterprise Linux 5 , v1.0.1-1.rhel5 Enhancements Initial release ******************************** hp-vt-1.1.1-1.rhel5.linux.rpm - HP Virus Throttle for Red Hat Enterprise Linux 5, v1.1.1-1.rhel5 Enhancements Initial release ******************************** cmanic-7.8.0-2.rhel5.linux.rpm - HP NIC Agents for Red Hat Enterprise LINUX 5, v7.8.0-2.rhel5 Enhancements Initial release ******************************** cpqacuxe-7.73-1.linux.rpm - HP Array Configuration Utility for Linux, v7.73-1 Fixes The ACU utility was modified to display a message informing customers that a firmware update is required if firmware version 2.04 is detected on a Smart Array P400, P400i, or P800 controller. Enhancements Added support for the Smart Array E500 controller. ******************************** hpacucli-7.73-1.linux.rpm - HP Array Configuration Utility CLI for Linux, v7.73-1 Fixes The ACU utility was modified to display a message informing customers that a firmware update is required if firmware version 2.04 is detected on a Smart Array P400, P400i, or P800 controller. Enhancements Added support for the Smart Array E500 controller. ******************************** hpadu-7.72-2.linux.rpm - HP Array Diagnostics Utility for Linux, v7.72-2 Enhancements Added support for the Smart Array E500 controller. ******************************** Copyright 2003-2007 Hewlett-Packard Development Company, L.P.