Thanks for the reply.
It wasn't originally clear to me in the advisory that the fix was to update 5.28.1.7 to 5.28.1.8 but I see this now and have updated the fileset.
Original Message:
Sent: Mon July 29, 2024 03:05 AM
From: Alan
Subject: perl_advisory7 query
Hi Stephen,
As per the advisory, the fix when running on 5.28.1.7 is to upgrade the perl.rte fileset to 5.28.1.8 to resolve the vulnerability.
That ifix you tried to apply is for systems running 5.28.1.6 and earlier - that have a dependency on older OpenSSL and do not want to upgrade to OpenSSL 3.0.
You can download the new perl.rte from MRS here:
https://www.ibm.com/resources/mrs/assets?source=aixbp
Cheers,
Alan
------------------------------
Alan
Original Message:
Sent: Thu July 25, 2024 07:00 AM
From: Stephen Eccles
Subject: perl_advisory7 query
Hello,
Hope someone can help.
When running the IBM FLRTVC tool on our AIX LPAR it reports that fileset "perl.rte" has a security vulnerability which is described here : https://aix.software.ibm.com/aix/efixes/security/perl_advisory7.asc
We have downloaded the iFixes contained within perl_fix7.tar.
Within this tar file is contained "Advisory.asc" which states :
AFFECTED PRODUCTS AND VERSIONS:
AIX 7.2, 7.3
VIOS 3.1
The following fileset levels are vulnerable:
key_fileset = aix
Fileset Lower Level Upper Level KEY
---------------------------------------------------------
perl.rte 5.28.0.0 5.28.1.7 key_w_fs
However, when we try and install 31484m6a.231020.epkg.Z it gives this error:
+-----------------------------------------------------------------------------+
Installp Prerequisite Verification
+-----------------------------------------------------------------------------+
Verifying prerequisite file ...
Checking prerequisites ...
Prerequisite Number: 1
Fileset: perl.rte
Minimal Level: 5.28.1.0
Maximum Level: 5.28.1.6
Actual Level: 5.28.1.7
Type: PREREQ
Requisite Met: no
emgr: 0645-050 Prerequisite number 1 did not pass all checks. Please see
details above.
emgr: 0645-035 Efix package did not pass all preview checks.
Does anyone know how we can fix the security vulnerability in perl.rte?
Thanks in advance
------------------------------
Stephen Eccles
------------------------------