Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Administer
- User and user group setup and security
- SA Core and component security
- Multimaster Mesh administration
- Facility administration
- Satellite administration
- SA remote communications administration
- SA maintenance
- Monitoring SA Core components
- Diagnostic tests
- Log files
- SA notifications
- Global Shell: Windows subauthentication package
- Permissions reference
- Reports
- Content utilities
- Audit and compliance
- SA Provisioning
- Backup and Restore Best Practices
- SA management console
- HPSA_High_Availability
- SA UEFI Secure-Boot Server Provisioning
- RPM Remediation Best Practice - Using the mrc_calc Tool
- SA Agents in the public cloud
- Best Practices for Importing RHEL 7 Content
- Managed OS Platforms as Content in SA
- glibc Vulnerability: CVE-2015-0235
Impact on SA: glibc Vulnerability: CVE-2015-0235
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235
HPE has investigated the CVE-2015-0235 glibc security vulnerability (GHOST) in relation to Server Automation (SA). This document provides required actions you must perform to mitigate this vulnerability.
SA components use glibc, which is installed on the operating system that hosts your cores, slices, and satellites. Operating systems, ogfs binaries, .iso images, and PXE images that use glibc are vulnerable to the GHOST security threat. As a result of the HPE investigation into this threat, HPE recommends that you perform the mitigating actions described in the next section.
Immediate mitigation actions
Perform the actions in this section to address the glibc security vulnerability.
- Update your glibc version on the operating system that hosts your cores, slices, and satellites.
Use one of the following links to access glibc-updating procedures for your specific platform:
RedHat Enterprise Linux: https://access.redhat.com/articles/1332213
SUSE Linux Enterprise: http://support.novell.com/security/cve/CVE-2015-0235.html
Oracle Enterprise Linux: http://linux.oracle.com/cve/CVE-2015-0235.htmlNote: Oracle Solaris 10 SPARC (still supported as a platform in Hubble 9.1x versions) is not vulnerable as it does not use glibc. - Perform one of the following actions:
- (Preferred) Complete a system reboot to clear out the memory cache. Clearing the cache makes sure that glibc-running processes will use the updated glibc version.
- Use the service
opsware-sas
restart command to restart all SA components on every core, slice, and satellite.
- Use the commands below to rebuild the ogfs binaries with the rewink/reload mechanism on the systems that host your cores and slices (you do not need to rebuild the ogfs binaries on systems that host satellites).
Note: Set umask to 0022.# umask 0022
# /opt/opsware/ogfs/tools/rewink
# /opt/opsware/ogfs/tools/reload
- Update the following vulnerable OS provisioning .iso images as soon as HPE releases the updates:
Library->By Folder->OS Provisioning: HPSA_linux_boot_cd.iso
Library->By Folder->OS Provisioning: HPSA_linux_boot_cd_IA64.iso
Library->By Folder->OS Provisioning: HPSA_linux_boot_cd_x86-64.iso
These .iso images are used during OS provisioning staging of a Red Hat Enterprise Linux Server in a non-DHCP environment.
HPE expects to release updated .iso images as soon as possible after Red Hat releases their images with vulnerability fixes (Red Hat versions 7.1, 6.7, and 5.12). For more information on Red Hat releases, see: https://access.redhat.com/articles/3078. - Upgrade outdated vulnerable PXE boot images as soon as HPE releases the updates.
These images are required to boot from the network during Linux OS provisioning.
HPE expects to release updated boot images as soon as possible after Red Hat releases their updated installation images. When the updated boot images are released, use the following Knowledge Base article to install the images: KM1112458.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: