How to handle patch warnings

Your initial response to a warning for a patch on a system should be to carefully read the associated warning text and research the issue to gain a complete understanding of how or if the warning will impact the system.

Because of the number and complexity of the factors involved, there is no single correct way of dealing with a patch with a warning. The following items show some possible courses of action:

In some cases, such as if you encounter a critical problem on the system, immediate removal of the patch might be necessary.

In many cases, removal and replacement can wait until the next scheduled maintenance window.

In other cases, such as when the problem does not affect the hardware or software configuration, there is no need for you to take any action. In fact, HP discourages unnecessary change because it can cause down time and because there is always some risk when making a change to the system.

Questions to ask

If you must deal with a patch that has a warning, consider the following questions in deciding whether or not to use, or continue to use, the patch:

Is the system environment susceptible to the problem?

A patch with a warning might not cause problems for every customer. Exposure depends on the system-use models, and whether you have any of the affected configurations. The previous screen is a good example of this situation. Unless the system is configured with greater than 32 GB of device swap and meets all the other conditions listed, the patch warning given for patch PHKL_30065 will have no impact on the system.

Is a replacement patch available, and, if so, is its HP rating acceptable for the system?

A replacement patch might be available. You can use the ITRC Patch Database to attempt to locate such a patch. Simply search using the explicit patch ID of the patch that has a warning. If there is a replacement patch, it will be displayed in the search results page. If a replacement patch exists, you must take into account its advantages and disadvantages. This includes consideration of the patch's HP rating. See “HP-UX patch ratings” (page 34).

After answering the previous two questions, you must consider the following questions in order to develop an appropriate course of action for your situation:

What is the severity of the problem associated with the patch?

If the patch is already on the system, has it caused any problems?

What is your tolerance for down time if a reboot is necessary?

What is the timing of the next maintenance window?

What are your company's system administration policies?

As a final point, if you choose to remove a patch with a warning from a system, make sure that the patch is not contained in any of the depots used for patch installations. For more information about patch depots, see Chapter 7: “Using software depots for patch management” (page 64).

Advanced topic: finding patches with warnings

HP provides the HP-UX Software Assistant (SWA) tool at no charge. SWA can perform a number of checks including published security issues, installed patches with warnings, and missing patches with critical fixes. Once an analysis has been performed, you can use SWA to download any recommended patches or patch bundles and create a depot ready for installation. For more information, see Chapter 8: “Using HP-UX Software Assistant for patch management” (page 85).

40 HP-UX patch overview