OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x Product ID: B700-6070-502K Aster Database version: 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x Summary This document provides instructions on how to patch the Aster Database, versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x, in order to avoid the "Heartbleed" security hole in OpenSSL. Who Should Install This Patch? Teradata recommends that customers currently running versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x of the Aster Database install this patch. Contents Summary..................................................................... 1 Who Should Install This Patch?............................................... 1 Contents...................................................................... 1 Addressing the OpenSSL Heartbleed Bug........................................... 2 Aster Database Versions......................................................... 2 What The Patch Does........................................................... 2 Obtaining the Required Patch File................................................ 3 Installing the Patch............................................................. 3 Testing After Installing the Patch................................................. 4 Troubleshooting............................................................... 4 OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x 1
Addressing the OpenSSL Heartbleed Bug Contacting Teradata Global Technical Support (GTS)................................ 4 Third Party Licenses............................................................ 5 About This Document.......................................................... 5 Copyright and Legal Statements............................................... 5 Addressing the OpenSSL Heartbleed Bug Teradata Aster released Aster Release httpd-2.2.15-patch-rc1, version number r38013, which provides the fix for the Heartbleed Bug on versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x of the Aster Database. For more information about this bug, see heartbleed.com. Teradata recommends that you install this patch to take advantage of the OpenSSL fix. If you do not install this patch on systems running versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x of the Aster Database, your server could be compromised through security vulnerability caused by the Heartbleed vulnerability. Aster Database Versions The instructions apply to these supported versions of the Aster Database: 5.0.2GA 5.0.2HP0A 5.0.2HP0B 5.0.2HP0C 5.0.1GA 5.0.0GA 4.6.3GA 4.6.3HP0A If you have a newer version of the Aster Database, you must obtain and follow the instructions for the specific version of the Aster database installed on your system. If you have an older version of the Aster Database, you should not be impacted by the Heartbleed security hole because older versions of the Aster Database do not use the SSL library versions impacted by the bug. What The Patch Does The patch replaces the existing mod_ssl.so file in the Aster toolchain with an updated mod_ssl.so file. The updated module uses a version of the SSL library that does not have the Heartbleed vulnerability. OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x 2
Obtaining the Required Patch File Obtaining the Required Patch File Teradata Aster Database software is distributed using the established Teradata software distribution process. To obtain the required patch file, Aster-httpd-2.2.15- patch001.bin, request Aster Release httpd-2.2.15-patch-rc1, version number r38013: From your local Teradata Aster Customer Support Representative By calling Teradata Aster Support at +1 650 273-5599 By sending electronic mail to Teradata Global Technical Support (GTS) at coresupport@asterdata.com Installing the Patch To install the patch: NOTE: You do NOT need to shut down the server before installing the patch. The patch primarily affects the AMC, and not client connections to the database server. 1 As user "root", copy the required file, Aster-httpd-2.2.15-patch001.bin, to the root ("/") directory of the queen. For neatness, Teradata recommends creating the subdirectory /heartbleed_fix and copying the file to that subdirectory, but doing so is not required. 2 Ensure user "root" has executable rights for Aster-httpd-2.2.15-patch001.bin. As user "root", run the following command: chmod u+x./aster-httpd-2.2.15-patch001.bin 3 As user "root", from the directory containing Aster-httpd-2.2.15-patch001.bin, run the file by executing this command:./aster-httpd-2.2.15-patch001.bin The program will run and then generate a few lines of output. The last three lines should be: *** Replacing: mod_ssl.so in httpd-2.2.15 *** Restarting Apache *** Apache restarted, patching complete 4 If there are no error messages, the patch was successfully installed. If error messages are returned, repeat the above steps. If repeating the above steps does not resolve the error messages, contact Teradata Global Technical Support. OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x 3
Testing After Installing the Patch Testing After Installing the Patch As a precaution, Teradata recommends: 1 Running a trivial query to verify that you can access the database. For example: SELECT COUNT(*) FROM <anysmalltable>; 2 Using a new or existing AMC session to check the Dashboard and Admin tabs in the AMC in order to make sure that you can access the AMC. Troubleshooting If you encounter any issues, perform these actions to troubleshoot the cause and resolve the issue: Verify that the required file was installed properly by executing this command: ls -lt /home/beehive/toolchain/x86_64-unknown-linux-gnu/httpd-2.2.15/ modules/mod_ssl.* These two files should be listed: mod_ssl.so (225902 bytes) mod_ssl.so.old (3077135 bytes) Note: The difference in file size is correct. mod_ssl.so.old is approximately 14 times larger than mod_ssl.so. If only the original file (mod_ssl.so, with a size of 3077135 bytes) is listed after verifying that the required file was installed properly, follow the procedure to install the patch again. Ensure that all steps are performed as the user "root". If performing the troubleshooting actions does not resolve the issue, or if a different issue is encountered, contact Teradata Global Technical Support. Contacting Teradata Global Technical Support (GTS) For assistance and updated documentation, contact Teradata Global Technical Support (GTS): Support Portal: http://tays.teradata.com/ International: 212-444-0443 US Customers: 877-698-3282 Toll Free Number: 877-MyT-Data OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x 4
Third Party Licenses Third Party Licenses Your Aster installation includes a number of open source products. The license text for these products is available on your Aster queen, as a set of text files in the /home/beehive/licenses directory. About This Document OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x, 1st edition, April 21, 2014. Copyright and Legal Statements The product or products described in this document are licensed products of Teradata Corporation or its affiliates. Teradata, Active Data Warehousing, Active Enterprise Intelligence, Applications-Within, Aprimo Marketing Studio, Aster, BYNET, Claraview, DecisionCast, Gridscale, MyCommerce, SQL-MapReduce, Teradata Decision Experts, "Teradata Labs" logo, Teradata ServiceConnect, Teradata Source Experts, WebAnalyst, and Xkoto are trademarks or registered trademarks of Teradata Corporation or its affiliates in the United States and other countries. Adaptec and SCSISelect are trademarks or registered trademarks of Adaptec, Inc. AMD Opteron and Opteron are trademarks of Advanced Micro Devices, Inc. Apache, Apache Hadoop, Hadoop, and the yellow elephant logo are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. Apple, Mac, and OS X all are registered trademarks of Apple Inc. Axeda is a registered trademark of Axeda Corporation. Axeda Agents, Axeda Applications, Axeda Policy Manager, Axeda Enterprise, Axeda Access, Axeda Software Management, Axeda Service, Axeda ServiceLink, and Firewall-Friendly are trademarks and Maximum Results and Maximum Support are servicemarks of Axeda Corporation. Data Domain, EMC, PowerPath, SRDF, and Symmetrix are registered trademarks of EMC Corporation. GoldenGate is a trademark of Oracle. Hewlett-Packard and HP are registered trademarks of Hewlett-Packard Company. Hortonworks, the Hortonworks logo and other Hortonworks trademarks are trademarks of Hortonworks Inc. in the United States and other countries. Intel, Pentium, and XEON are registered trademarks of Intel Corporation. IBM, CICS, RACF, Tivoli, and z/os are registered trademarks of International Business Machines Corporation. OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x 5
About This Document Linux is a registered trademark of Linus Torvalds. LSI is a registered trademark of LSI Corporation. Microsoft, Active Directory, Windows, Windows NT, and Windows Server are registered trademarks of Microsoft Corporation in the United States and other countries. NetVault is a trademark or registered trademark of Dell Inc. in the United States and/or other countries. Novell and SUSE are registered trademarks of Novell, Inc., in the United States and other countries. Oracle, Java, and Solaris are registered trademarks of Oracle and/or its affiliates. QLogic and SANbox are trademarks or registered trademarks of QLogic Corporation. Quantum and the Quantum logo are trademarks of Quantum Corporation, registered in the U.S.A. and other countries. Red Hat is a trademark of Red Hat, Inc., registered in the U.S. and other countries. Used under license. SAS and SAS/C are trademarks or registered trademarks of SAS Institute Inc. SPARC is a registered trademark of SPARC International, Inc. Symantec, NetBackup, and VERITAS are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Unicode is a registered trademark of Unicode, Inc. in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. The information contained in this document is provided on an "as-is" basis, without warranty of any kind, either express or implied, including the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. Some jurisdictions do not allow the exclusion of implied warranties, so the above exclusion may not apply to you. In no event will Teradata Corporation be liable for any indirect, direct, special, incidental, or consequential damages, including lost profits or lost savings, even if expressly advised of the possibility of such damages. The information contained in this document may contain references or cross-references to features, functions, products, or services that are not announced or available in your country. Such references do not imply that Teradata Corporation intends to announce such features, functions, products, or services in your country. Please consult your local Teradata Corporation representative for those features, functions, products, or services available in your country. Information contained in this document may contain technical inaccuracies or typographical errors. Information may be changed or updated without notice. Teradata Corporation may also make improvements or changes in the products or services described in this information at any time without notice. OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x 6
About This Document To maintain the quality of our products and services, we would like your comments on the accuracy, clarity, organization, and value of this document. Please email: teradatabooks@lists.teradata.com. Any comments or materials (collectively referred to as "Feedback") sent to Teradata Corporation will be deemed non-confidential. Teradata Corporation will have no obligation of any kind with respect to Feedback and will be free to use, reproduce, disclose, exhibit, display, transform, create derivative works of, and distribute the Feedback and derivative works thereof without limitation on a royalty-free basis. Further, Teradata Corporation will be free to use any ideas, concepts, know-how, or techniques contained in such Feedback for any purpose whatsoever, including developing, manufacturing, or marketing products or services incorporating Feedback. Copyright 2000-2014 by Teradata. All Rights Reserved. www.teradata.com www.asterdata.com OpenSSL Heartbleed Vulnerability Fix Procedure for Aster Database Versions 5.0.2x, 5.0.1, 5.0.0 and 4.6.3x 7