Release Notes for ProLiant Support Pack for Microsoft Windows Server 2003, v7.80


********************************
Following issues which may be seen with HP ProLiant Support Pack (PSP) 7.80, have been resolved in PSP 7.90:

1) An HP ProLiant server running Microsoft Windows Server 2003 with HP ProLiant Smart Array SAS/SATA Controller Driver (HPCISSS2.SYS) Version 6.6.0 (or earlier) and HP Insight Management Agents may blue screen after applying HP ProLiant Support Pack (PSP) 7.80. HP recommends updating the HPCISSS2.SYS driver to the latest version. For more details on this issue, please refer to the following customer advisories: 
	a) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01102958 
	b)http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01102961

2) Issue 2: An HP ProLiant server running Microsoft Windows Server 2003 with HP Network Configuration Utility for Windows Server 2003 (CPQTEAM.SYS) Version 8.60 may blue screen after applying HP ProLiant Support Pack (PSP) 7.80. 
 
 
********************************
Following components were removed from the Windows 2003 PSP 7.80:

1) CP007195 - HP ProLiant Hot Plug Memory Configuration Utility for Windows Server 2003 Enterprise Edition
2) CP005760 - HP ProLiant Smart Array-2 Controllers Driver for Windows Server 2003
3) CP005781 - HP StorageWorks Fibre Channel Support for Windows Server 2003
4) CP005786 - HP ProLiant Drive Array Notification for Windows 2000/Server 2003
5) CP007532 - Hp Integrated Tape Applications and Utilities for Windows


********************************
Following is the list of all the components that were updated in 7.80 from 7.70.


********************************
cp007496.exe - HP System Management Homepage for Windows Version:  2.1.8.179  

Enhancements
Addressed the following vulnerabilities: 

1) CVE-2007-1710 - The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. 
2) CVE-2007-1286 - Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. 
3) CVE-2006-4625 - PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. 
4) CVE-2007-1884 - Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. 
5) CVE-2007-1885 - Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6. 
6) CVE-2007-1701 - PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". 
7) CVE-2007-1700 - The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. 
8) CVE-2007-1380 - The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. 
9) CVE-2007-0988 - The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. 
10) CVE-2007-1886 - Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow." 
11) CVE-2007-1835 - PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

********************************
cp007541.exe - HP ProLiant iLO Advanced and Enhanced System Management Controller Driver for Windows Server 2003  
 v5.42.0.0 B

Enhancements
1) Enhanced support in component installers for Windows PE.

********************************
cp007542.exe - HP ProLiant Advanced System Management Controller Driver for Windows 2000/Windows Server 2003  
, v5.37.0.0 C

Enhancements
1) Enhanced support in component installers for Windows PE.

********************************
cp007401.exe - HP ProLiant iLO 2 Management Controller Driver for Windows Server 2003 , v1.3.0.0

Enhancements
1) Added support for reporting system power consumption to the HP Insight Management Agents (requires iLO 2 firmware version 1.30 or later and updated System ROM).
2) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007522.exe - AMD Chipset Support for ProLiant Servers for Windows Server 2003, v2.0.0.0 C

Enhancements
1) Enhanced support in component installers for Windows PE.

********************************
cp007357.exe - Intel Chipset Support for ProLiant Servers for Windows Server 2003, v7.0.0.0

Enhancements
1) Enhanced support in component installers for Windows PE.

********************************
cp007339.exe - High Precision Event Timer Support for ProLiant Servers for Windows Server 2003, v1.0.0.0 B

Enhancements
1) Enhanced support in component installers for Windows PE.

********************************
cp007548.exe - HP ProLiant 64-Bit/133-MHz Single/Dual Channel Ultra320 SCSI HBA and SCxxXe series SCSI HBA Driver for Windows Server 2003 , v1.21.8.0 D

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007552.exe - HP 4/8 Internal Port SAS HBA with RAID and SCxxGe series HBA Driver for Windows Server 2003, v1.21.29.0 B

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007417.exe - HP ProLiant Smart Array SAS/SATA Controller Driver for Windows Server 2003, v6.6.0.32 

Enchancements
1) Storage driver performance enhancements.
2) Component installer was modified to allow this component to be installed on systems running Beta versions of Microsoft Windows Server Code Name “Longhorn".

********************************
cp007527.exe - HP 6-Port SATA RAID Controller Driver for Windows 2000/Windows Server 2003, v4.2.1.7365 D

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007419.exe - HP ProLiant Smart Array 5x and 6x Controller Driver for Windows 2000/Windows Server 2003, v5.76.0.32 

Fixes
1) Smart Array 5x and 6x Controller Driver (cpqcissm.sys): Incremented version number
2) Smart Array 5x and 6x Controller Event Notification Driver (cpqcisse.sys): Corrected an issue where events would incorrectly identify the location of a failed fan or power supply in certain configurations.

Enhancements
1) Smart Array 5x and 6x Controller Event Notification Driver (cpqcisse.sys): Added new events to support the HP StorageWorks 20 Modular Smart Array Enclosure

********************************
cp007528.exe - HP ProLiant Smart Array Device Manager Extension for Windows Server 2003, v6.2.0.32 

Fixes
1) Corrected an issue where the "Launch Agent" button in the Device Manager Extension would not function.
2) Modified the "Visit HP Storage Support on the Web" hyperlink in the Device Manager Extension to point to the correct web page on HP.com.

Enhancements
1) Updated to use Microsoft Installer (MSI) to support Windows Server codename Longhorn

********************************
cp007437.exe - HP ProLiant Smart Array SAS/SATA Event Notification Service for Windows 2000/Windows Server 2003, v6.2.0.32 

Enhancements
1) The component installer was changed to allow the component to be installed on systems running Beta versions of Microsoft Windows Server Code Name “Longhorn".
2) Added a description for the HP Smart Array SAS/SATA Event Notification Service to the “Services” branch of the Microsoft Management Console.
3) Changed the wording of Event ID 24601 to make it more user friendly and descriptive.
4) Modified the Event Notification Service to capture the output from the Smart Array Controller firmware and save it to disk (this feature is only available on select HP Smart Array controllers with certain firmware versions).

********************************
cp007523.exe - HP ProLiant Storage System Driver for Windows 2000/Windows Server 2003, v5.22.0.32 C

Fixes
1) Fixed an installation/upgrade problem if the debug symbols for this driver are present on the system. 

****************************************************************
cp007109.exe - HP StorageWorks Fibre Channel Adapter Kit for the x86 Emulex Storport Driver, v1.7.0.3

Fixes
1) Modified HTML pages to reflect current parameter options.

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

****************************************************************
cp006975.exe - HP StorageWorks Fibre Channel Adapter Kit for the x86 QLogic Storport Driver, v1.4.0.1

Fixes
1) Modified HTML pages to reflect current parameter options.

Enhancements
1) Added support for the QLE220 adapter

****************************************************************
cp007543.exe - HP StorageWorks Fibre Channel Array Notification Driver for Windows Server 2003, v6.0.0.32

Fixes
1) Corrected an issue with cpqfcac’s event reporting where event notification messages would not correctly identify the location of a failed fan or power supply module in certain configurations.

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

****************************************************************
cp007314.exe - HP ProLiant Remote Monitor Service for Windows, v5.11.2.0 

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE. 
2) Removed the installation-time check for a system management driver.

****************************************************************
cp007533.exe - HP ProLiant PCI Hot Plug Controller Driver for Windows 2000/Windows Server 2003, v6.3.2.1 C 

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

****************************************************************
cp007524.exe - HP ProLiant Remote Insight Board Driver for Windows, v2.7.0.0 B

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

****************************************************************
cp007411.exe - HP ProLiant Integrated Lights-Out Management Interface Driver for Windows, v1.11.0.0

Fixes
1) Do not allow driver to be disabled in Device Manager.

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

****************************************************************
cp007525.exe - HP ProLiant Remote Insight Lights-Out II Board Driver for Windows, v3.6.0.0 B

Fixes
1) Resolved issue related to HP ProLiant WMI Providers.

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007444.exe - HP ProLiant ATI RAGE XL Video Controller Driver for Windows Server 2003, v5.10.2600.6024 B

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007459.exe - ATI ES1000 Video Controller Driver for Windows Server 2003, v6.14.10.6606 

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.
2) This driver can also be installed on beta versions of Windows Server code-named Longhorn. 

********************************
cp007526.exe - HP ProLiant Rack Infrastructure Interface Service for Windows Server 2003, v1.24.2.0

Fixes
1) Fixed problem with uninstalling the service after upgrading from a prior version.

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007343.exe - HP ProLiant Integrated Management Log Viewer for Windows, v5.12.0.0 

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007570.exe - HP ProLiant Array Configuration Utility for Windows, v7.80.6.0

Enhancements
1) Support SATA NCQ status

********************************
cp007568.exe - HP ProLiant Array Diagnostics Utility for Windows, v7.80.6.0

Enhancements
1) Added NCQ support.  

********************************
cp007571.exe - HP ProLiant Array Configuration Utility (CLI) for Windows, v7.80.6.0

Enhancements
1) Added support for SATA NCQ status.

********************************
cp007369.exe -  HP NC-Series Intel Driver for Windows Server 2003, v8.8.1.0 

Enhancements
1) This driver is the latest available from Intel.

********************************
cp007293.exe -  HP NC-Series Broadcom Driver for Windows Server 2003, v10.24.0.0

Enhancements
1) This driver now provides TX/RX tunable parameters which allow better resource control for the user.

********************************
cp007290.exe -  HP NC-Series Multifunction Driver for Windows Server 2003, v3.0.7.0 

Fixes
1) Customer cable diagnostics no longer fail when NICs are configured for offline diagnostics which prevents false failures and unnecessary replacement. 
2) This driver has a fix for a problem where SMB could erroneously be dropped if offloaded, which will prevent session drops and maintain client connectivity. 
3) NCU now reports session details of an iSCSI booted adapter which allows for easier configuration and use of iSCSI.

********************************
cp007371.exe -  HP NC-Series Intel N1E Driver for Windows Server 2003, v9.7.34.0 

Enhancements
1) This driver is the latest available from Intel.

********************************
cp007172.exe -  HP Network Configuration Utility for Windows Server 2003, v8.60.0.0   

Enhancements
This software now supports TOE Teaming on the following additional team types: 
	- Automatic 
	- 802.3ad Dynamic with Fault Tolerance 
	- Switch-assisted Load Balancing with Fault Tolerance (SLB) 
	- 802.3ad Dynamic Dual Channel Network Fault Tolerance (INP) 
	- 802.3ad Dynamic Dual Channel NFT and Preference Order (INP) 
	- Switch-assisted Dual Channel Network Fault Tolerance (INP) 
	- Switch-assisted Dual Channel NFT and Preference Order (INP) 

********************************
cp007204.exe -  HP Virus Throttle for Windows Server 2003, v8.60.0.0   

Enhancements
1) The driver provided with this software now supports a query to determine the driver version, so the software component can be correctly upgraded.

********************************
cp007354.exe -  HP Version Control Agent for Windows, v2.1.8.780   

Fixes
1) Incomplete deployment of Supprt Pack on Longhorn Beta Systems.

Enhancements
1) Integrated discovery module. 
2) Redesigned to avoid hard dependency on SNMP. 

********************************
cp007179.exe -  HP Insight Management Agents for Windows Server 2003, v7.80.0.0   

Fixes
1) Disk space usage percentage displays low incorrect amount when large size array is near full (roughly 75% full)
2) Remote Insight Information Agent is not active when agent installed on drive other then c:\
3) Processor correctable error threshold trap not sent.
4) Mibstatus array value is shown degraded with Riloe card installed.

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007529.exe -  HP NULL IPMI Controller Driver for Windows 2000/Windows Server 2003, v1.0.0.0 D 

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007530.exe -  HP ProLiant IPMI Provider, v 1.1.0.0 C  

Enhancements
1) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
cp007544.exe -  HP Lights-Out Online Configuration Utility for Windows Server 2003, v1.5.1.1  

Fixes
1. Fixes an issue where the downgrade of the hponcfg package in used to create two entries in the Add/Remove programs.

2. Usage string of the utility is updated to show the complete version number of the binary.

********************************
cp007416.exe -  HP Insight Diagnostics Online Edition for Windows Server 2003, v7.8.0.2257   

Enhancements
1) Added support for new ProLiant hardware. 
2) Enhanced support in component installers for Windows Server code-named “Longhorn” and Windows PE.

********************************
Copyright 2003-2007 Hewlett-Packard Development Company, L.P.