HP Secure Web Server Version 2.2 for OpenVMS Alpha [based on Apache] Update 02 Release Notes September 2012 Based on Apache V2.0.63 -------------------------------------- Complete documentation for CSWS, including the Installation and Configuration Guide, SSL User Guide, and Release Notes, is available in HTML and PDF format from: http://h71000.www7.hp.com/openvms/products/ips/apache/csws_doc.html Problems Corrected: ------------------ This update contains software fixes for the security vulnerabilities detailed below and software fixes for general problems. 1. This update kit contains seven CVE fixes. Below is the list of CVEs and their associated Quix cases: * QXCM1001197162: * CVE-2011-3368 * CVE-2011-3607 * CVE-2011-4317 * CVE-2012-0031 * QXCM1001161558: * CVE-2011-3192 * QXCM1001141192: * CVE-2011-0419 * CVE-2011-1928 2. QXCM1001207218 and QXCM1001213329 -- mod_ssl: This update kit has been built with SSL V1.4-467 OpenSSL V0.9.8w which incorporates required SSL enhancements. (http://h71000.www7.hp.com/openvms/products/ssl/ssl_iguide_467.txt) 3. QXCM1001139781 - TraceEnable directive not working. 4. QXCM1001206024 - Creates dump while trying to get Version information from the $httpd "-V". 5. QXCM1001160697 - AP_NONBLOCK_WHEN_MULTI_LISTEN macro is used to unblock multiple listening sockets when web server comes to hang state so that other incoming requests could be processed. Installation instructions: ------------------------- To install the kit, type the following: $ @SYS$STARTUP:APACHE$SHUTDOWN $ PRODUCT INSTALL CSWS22_UPDATE $ @SYS$MANAGER:APACHE$CONFIG $ @SYS$STARTUP:APACHE$STARTUP -----------------------------------------------