AIX security patches

Hi All,

We have upgraded our systems to AIX systems to TL12 SP2 in February. Now, we need to apply only security patches on the systems which we will be ongoing process. How can I check what security patches are available for the AIX 5.3 TL12, what is the process, how can I download the same and from where I can download. I know using SUMA we can do it, but would apprecite if someone can provide the steps for the same.

Thanks
virgo
virgo0880Asked:
Who is Participating?
 
woolmilkporcConnect With a Mentor Commented:
Use Fix Central:

http://www-933.ibm.com/support/fixcentral/

Select Power -> AIX -> 5.3 -> Security -> Continue

On the next page you can see all bulletins for the past 12 months.

Click the links. The bulletins contain in most cases a download URL, which you should copy and paste into your browser's address field. Don't ask why the URL's are not clickable, I don't know.

Install the downloaded fixes according to the instructions given in the bulletin or on the download page.

SUMA is quite easy. Issue

"smitty suma_easy_fixtype", select "Security" and Go!

Once the fixes are downloaded install them from /usr/sys/inst.images using "smitty update_all".

wmp

0
 
balasundaram_sCommented:
To Clarify,

SP  means "SERVICE PACK" and NOT "security patch", I know some people think like that.

IBM sometimes releases the e-fix as a security fix as mentioned in those security advisories.   All those e-fixes and other updates are part of the next SP (Service Pack).   OS should be updated regularly as soon as the next SP released by IBM.

Its the same link as above, and select "fix pack" to continue to download the SP(Service Pack).
0
 
virgo0880Author Commented:
Ok. I will check the same and revert.

Thanks
virgo
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
virgo0880Author Commented:
I created and execute a suma task wherein before downloading it is showing me this message :

The download list contains one or more fixes known to cause a regression:
        U840447, U840445

What does this mean. Also, let me know whether the task which I created is fine :

10:
        DisplayName=Q2_Security_2011
        Action=Download
        RqType=Security
        RqName=
        RqLevel=
        PreCoreqs=y
        Ifreqs=y
        Supersedes=n
        ResolvePE=IfAvailable
        Repeats=y
        DLTarget=/export/suma/q2_security_2011
        NotifyEmail=root
        FilterDir=
        FilterML=5300-12
        FilterSysFile=localhost
        MaxDLSize=-1
        Extend=y
        MaxFSSize=-1

virgo
0
 
virgo0880Author Commented:
Also the downloads are getting failed :

Download FAILED:    X11.motif.mwm.5.3.12.1.bff
Download FAILED:    bos.acct.5.3.12.1.bff
Download FAILED:    bos.64bit.5.3.12.2.bff
Download FAILED:    X11.motif.lib.5.3.12.1.bff
Download FAILED:    X11.compat.lib.X11R5.5.3.12.1.bff
Download FAILED:    bos.adt.base.5.3.12.2.bff
Download FAILED:    bos.adt.insttools.5.3.12.1.bff
Download FAILED:    bos.adt.include.5.3.12.2.bff
Download FAILED:    bos.adt.debug.5.3.12.2.bff
Download FAILED:    bos.adt.prof.5.3.12.2.bff
Download FAILED:    bos.alt_disk_install.rte.5.3.12.2.bff
Download FAILED:    bos.cifs_fs.rte.5.3.12.1.bff
Download FAILED:    bos.aixpert.cmds.5.3.12.1.bff
Download FAILED:    bos.alt_disk_install.boot_images.5.3.12.1.bff
Download FAILED:    bos.adt.syscalls.5.3.12.1.bff
Download FAILED:    bos.diag.util.5.3.12.1.bff
Download FAILED:    bos.ecc_client.rte.5.3.12.1.bff
Download FAILED:    bos.diag.rte.5.3.12.2.bff
Download FAILED:    bos.diag.com.5.3.12.1.bff
Download FAILED:    bos.clvm.enh.5.3.12.1.bff
Download FAILED:    bos.loc.adt.iconv.5.3.12.1.bff
Download FAILED:    bos.iocp.rte.5.3.12.1.bff
Download FAILED:    bos.iconv.ucs.com.5.3.12.1.bff
Download FAILED:    bos.iconv.com.5.3.12.2.bff
Download FAILED:    bos.esagent.6.5.12.3.bff

What can be done in this case.

Virgo
0
 
woolmilkporcCommented:
Your SUMA task is OK.

Regression means that a previously functional feature might no longer work.
Carefully check if this would affect you.
Look up the APARs by their numbers in the IBM database
http://www14.software.ibm.com/webapp/set2/psearch/search?domain=aixfix&new=y&os=53

In your case I found this:
https://www-304.ibm.com/support/docview.wss?q1=U840447&dc=DB550&rs=1209&uid=isg1IZ90625&context=SG11P&cs=UTF-8&lang=en&loc=en_US

Download FAILED: Is your machine able to access the internet? Do you have to specify a (possibly authenticated) proxy?

Check "man suma", particularly HTTP_PROXY, HTTPS_PROXY, FTP_PROXY depending on DOWNLOAD_PROTOCOL.

Use "suma -c" to view all settings, "suma -c -a parameter=value" to change.

wmp
0
 
virgo0880Author Commented:
So, what is to be done in this case. We recently applied TL12 SP2 in feb 2011 on our AIX systems. Now I have to apply security fixes on the systems on a monthly basis. So, when I started downloaded the patches, it shown me this warning message. My question is "what has to be done in this case". I am not sure what I have to do now ? Do I need to download the fixes also for this ?

By the way, the downloads was failing coz ftp was blocked. Now the download is working and the patches has been downloaded.

Virgo
0
 
woolmilkporcCommented:
Do I need to download the fixes also for this ?

SUMA downloads the fixes for you, despite of the warning.

"what has to be done in this case"

It depends. Check whether the security gain is of greater importance for you than a possible (small) loss in functionality. This loss will be healed in a follow-up fix anyway, in almost any case.

I fear I will not be able to give you universally valid instructions. Decide for yourself in every individual case, or grit your teeth and get to it regardless.

wmp
0
 
virgo0880Author Commented:
Ok, I will open a call with IBM. Thanks for the comments.

virgo
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.