HPE Community
Operating System - HP-UX
1752632 Members
5879 Online
108788 Solutions
New Discussion юеВ

Re: The heartbleed bug

 
Pomz
Occasional Visitor

тАО04-15-2014 08:53 PM

тАО04-15-2014 08:53 PM

The heartbleed bug

Hi Friends,

Anybody know about impact of a recent disclose vunerability ''Heartbleed" bug to HP-UX? and how to prevent it?

Thanks in advanced.

Cheers,

Pomz

 

0 Kudos
Reply
3 REPLIES 3
Patrick Wallek
Honored Contributor

тАО04-16-2014 06:36 AM

тАО04-16-2014 06:36 AM

Re: The heartbleed bug

I just wrote an internal whitepaper for my company regarding this.

 

In a nutshell, you need to check the versions of OpenSSL you are running on your system.  You can do this in a couple of ways.

 

# openssl version

 

Will check the version that is in your $PATH.

 

You should probably also check and see if you have multiple versions installed on the system.

 

One way to do this is:

 

# swlist -l product openssl

 

It is entirely possible that you have a version from HP installed, that was installed by default with the OS, and also a separate version that was installed from the HP-UX porting and archive centre.

 

HP's latest version of OpenSSL is available here, but it is based on ver 0.9.8y and 0.9.7m of OpenSSL.

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

 

The latest OpenSSL from the HP-UX porting and archive centre is here:

http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/openssl-1.0.1g/

 

 

0 Kudos
Reply
Torsten.
Acclaimed Contributor

тАО04-16-2014 06:43 AM

тАО04-16-2014 06:43 AM

Re: The heartbleed bug

HP says, HP-UX is not affected:

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04239413

(unless you installed openssl from another source ...)

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
Matti_Kurkela
Honored Contributor

тАО04-17-2014 05:15 AM

тАО04-17-2014 05:15 AM

Re: The heartbleed bug

By the way, if you need to explain the Heartbleed bug to a non-technical person, this xkcd.com comic strip can be very helpful:

 

http://www.xkcd.com/1354/

MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.