Openvms Patches

Please note that HP have restricted access to patches (even patch cover letters) to people and organisations with valid support agreements. Therefore, this page and the feeds it links to are only here for historical interest. The feeds are no longer updated.

Openvms Patches

This page is my attempt to list the patches for the various releases of OpenVMS. The information is obtained by interrogating the ITRC FTP server once a day (can't make me register for that) and munging the data into RSS feeds.

• The 15 Jan 2002 releasse addresses an issue with XV when trying to use itto put an image on the CDE DECWindows root window.It is essentially the same as the official kit available at JohnBradley's XV site, but has allthe patches applied and is OpenVMS-ready for compiling. XV (v3.10a-VMS) - "THE" X11 Imager Viewer Program (OpenVMS Jumbo Patch-25 Jan 2002) XV (v3.10a-VMS) - "THE" X11 Imager Viewer Program (IA64/OpenVMS Executables 4-FEB-2018)

• Related Image Processing Software NetPBM (1jan96-VMS) - Network supported PBMPlus

Last Modified: Sat Nov 23 14:57:01 2019

The focus this week has very definitely been on testing, with the great Michael Schwern providing all sorts of QA advice, tests and patches. He patched: t/op/rand.t, t/op/time.t, t/op/srand.t, t/op/local.t, t/op/concat.t, t/op/misc.t, t/run/segfault.t, pod/perlhack.pod, t/op/pack.t, lib/Cwd.pm, lib/File/Find.pm, and lib/File/Find/taint.t, in an earnest attempt to deprive himself of $500.

Yes. Apart from the fixes released by Intel and Microsoft, cloud service providers also released their own mitigations and patches. Amazon Web Services (AWS) announced that it has updated its relevant kernel (ALAS-2018-1058) while Google Cloud and Oracle also put out their own advisories. Microsoft Azure also issued mitigation guidance for Azure cloud services and Linux and Windows VMs. Patches are also available for the Linux kernel.

You should upgrade your Perl to 5.6.1 as soon as possible. Patches for earlier releases exist but using the patches require full recompilation from the source code anyway, so 5.6.1 is your best choice.

Until patches are available and can be applied, you may wish todisable the ToolTalk RPC database service. As a best practice, theCERT/CC recommends disabling all services that are not explicitlyrequired. On a typical CDE system, it should be possible to disablerpc.ttdbserverd by commenting out therelevant entries in /etc/inetd.conf andif necessary, /etc/rpc, and then byrestarting the inetd process.

Until patches are available and can be applied, you may wish to blockaccess to the ToolTalk RPC database server and possibly the RPCportmapper service from untrusted networks such as the Internet. Usea firewall or other packet-filtering technology to block theappropriate network ports. The ToolTalk RPC database server may beconfigured to use port 692/tcp or another port as indicated in outputfrom the rpcinfo(1M) command. In theexample above, the ToolTalk RPC database server is configured to useport 32773/tcp. The RPC portmapper service typically runs on ports111/tcp and 111/udp. Keep in mind that blocking ports at a networkperimeter does not protect the vulnerable service from attacks thatoriginate from the internal network.

The Solaris RPC-based ToolTalk database server, rpc.ttdbserverd, isvulnerable to the buffer overflow described in this advisory in allcurrently supported versions of Solaris:Solaris 2.5.1, 2.6, 7, 8, and 9Patches are being generated for all of the above releases. Sun willbe publishing Sun Alert 46366 for this issue which will be locatedhere: -cgi/retrieve.pl?doc=fsalert%2F46366The Sun Alert will be updated as more information or patches becomeavailable. The patches will be available from: will be publishing a Sun Security Bulletin for this issue once all ofthe patches are available which will be located at:

The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches. 041b061a72