- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: OA Heartbleed update?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2014 11:29 PM
04-10-2014 11:29 PM
OA Heartbleed update?
According to a post on the interwebs, OA v4.11 web interface is affected by the Heartbleed screwup.
Is there a 'known good' version that is recommended or will there be a fix up soon?
- Tags:
- OpenSSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2014 12:39 AM
04-11-2014 12:39 AM
Re: OA Heartbleed update?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2014 01:30 PM
04-11-2014 01:30 PM
Re: OA Heartbleed update?
I found this.
Is there a Security Advisory from HP regarding affected products?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2014 05:54 AM
04-13-2014 05:54 AM
Re: OA Heartbleed update?
OA v4.11 and v4.20 contain an OpenSSL version that has the vulnerability.
Please go back to v4.01 until we can release a fix.
Oh, by the way.
iLOs are NOT vulnerable as they don't use SSL/TLS libraries that contain the TLS heartbeat extension BUT, we are receiving reports that the script that test for the HeartBleed bug is causing iLO2 to stop responding and the blades have to be e-fused to recover iLO2 functionality.
Please don't run the Heartbleed script against iLO2 until we fix this problem.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Tags:
- iLO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2014 03:22 AM
04-14-2014 03:22 AM
Re: OA Heartbleed update?
Oscar,
Is possible to deactivate some iLO functionality and features to do it invulnerable for HeartBleed?
May be change SSL port to not 443?
May be enable the "Enforce AES/3DES Encryption"?
Something else?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2014 08:33 AM
04-14-2014 08:33 AM
Re: OA Heartbleed update?
Is there an ETA for a fix for this?
We are running 4.0.1a and are seeing all of our iLO cards crash. We cannot upgrade to the releases that are vulnerable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2014 08:34 AM
04-14-2014 08:34 AM
Re: OA Heartbleed update?
+1
We have >300 servers iLO2 offline. It' horrible :(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2014 09:13 AM
04-14-2014 09:13 AM
Re: OA Heartbleed update?
We are investigating why iLO2 stops responding after security scanners run the Heartbleed bug test but, so far we cannot even reproduce this issue in our labs. Any info that can help us reproduce the issue is welcomed.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2014 09:20 AM
04-14-2014 09:20 AM
Re: OA Heartbleed update?
Oscar,
We have one of servers which we can access remotelly.
Also, iLO address of this server responds to ping's.
But do not allow to connect via HTTP(s), IPMI or SSH.
Here is output of hponcfg utility:
# hponcfg
HP Lights-Out Online Configuration utility
Version 4.3.0 Date 12/10/2013 (c) Hewlett-Packard Company, 2014
ERROR: CpqCiCreateFunc() 0 time failed.
Driver Error Code:(1,1h).
Driver Error Message: CPQCIDRV driver is not loaded.
ERROR: CpqCiCreateFunc() 1 time failed.
Driver Error Code:(1,1h).
Driver Error Message: CPQCIDRV driver is not loaded.
ERROR: A general system error occurred while detecting Management Processor.
ACTION REQUIRED: Check if iLO and iLO driver are up and running.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2014 09:50 AM
04-14-2014 09:50 AM
Re: OA Heartbleed update?
HP is currently investigating the issue and which systems are potentially affected. and when all investigation is done a formal noticed will be published.