Patch: update-is931003 built on 27Jan16-17:53:12 Product: VTL v8.20 Build 9310 Areas Affected: Security, Fibre Channel, Console, NAS, SNMP Prerequisite: update-is931002 Behavior: Interruptive; stops the server modules if running, copies binaries, and restarts the server modules. Mandatory for: - All new installations - Next time maintenance is performed on existing installations - Servers experiencing issues related to affected areas FIXES: ------ Security: - Enhancement: Do not allow configuration files to be modified by users other than the root user. - Resolution: Remove write permissions for regular users on configuration files. - Severity: Low - Files: libfsnxml.so libnas.so librde_util.so libfdsdedup.so libfxutil.so vtl ipstornasmgtd sirstatdbcli sirstatdbdaemon fsiscsid conf_repository.sh ipstorcomm fdsc2s fdscli fdsrepli_svr sirrepsrcd sirreptargd tleupd_32bit networker_restorer rde_test sirscan_config_update SirInlineParse ostcfgmgr ostnascfgmgr gcdispatcher rptgen rdereposit.sh vtlostsvr vtlostd - References: RFE1907 TS87532 BZ34504 - Enhancement: Require longer passwords when the strong password option is enabled. - Resolution: Increase the minimum length of strong passwords from 8 to 14 characters; this affects new passwords. This fix requires console patch 8.20-9310-03. - Severity: Low - Files: iscon isscon pwdenforce.sh - References: BZ35063 - Enhancement: Implement specific security requirements. - Resolution: Provide the option to restrict usage of some server options and features: Do not allow CLI operations from a remote machine; do not allow multiple console sessions at the same time for any user; dedicate one TCP port for server management and another port for data replication; remove 'Location' from server properties; remove the 'Auto Save' option for server configuration; remove the NAS options 'NAS Resource->Export' and 'Purge Expired Replica Files'. - Severity: Low - Files: ipstorcomm rptgen iscliproxy.sh iscon isscon crptgen lvitcheck rde_gc sirstat vtl pwdenforce.sh - References: BZ34796 BZ35063 BZ35048 Fibre Channel: - Symptom: Persistent binding is lost for a Fibre Channel adapter after starting services. - Cause: The rebinding process ran before retrieving the full list of adapters. - Resolution: Add a delay before running the rebinding command. - Severity: Low - Files: vtl - References: TS105031 BZ34590 Console: - Symptom: SSH and SFTP services are not started after they were enabled at the same time from the management console. - Cause: The order of enabling SSH and SFTP was incorrect. - Resolution: Enable SSH before SFTP. - Severity: Low - Files: ipstorcomm - References: TS105186 BZ34642 NAS: - Symptom: A NAS share cannot be accessed by a host client. - Cause: Under heavy SCSI traffic, a race condition was possible, which resulted in an attempt to access an invalid memory location. - Resolution: Enhance the lock mechanism to prevent a race condition. - Severity: Medium - Files: libfdsdedup.so - References: TS105072 BZ35033 SNMP: - Symptom: An SNMP trap is received with the enterprise OID rather than the product OID. - Cause: The SNMP version 1 traps were sent using an incorrect OID. - Resolution: Change the OID for SNMP version 1 traps. - Severity: Low - Files: sanidmgr libfsnlog.so - References: TS105517 BZ35113