https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228161#M748866 It has been reported to the security lab and is under investigation. There is no further information or release date available. HP will issue a security bulletin when ready to make a statement.<BR /><BR />Security Bulletins are available for <A href="http://www1.itrc.hp.com/service/cki/secBullArchive.do" target="_blank">http://www1.itrc.hp.com/service/cki/secBullArchive.do</A> HP provides automatic notification for new bulletins by subscribing to the SB Digest.<BR /><BR /> Wed, 24 Mar 2004 08:53:02 GMT Cheryl Griffin 2004-03-24T08:53:02Z https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228159#M748864 Hi<BR />I received a notification to update OpenSSL due to some bugs.<BR /><BR /><A href="http://www.us-cert.gov/cas/techalerts/TA04-078A.html" target="_blank">http://www.us-cert.gov/cas/techalerts/TA04-078A.html</A><BR /><BR />I read README.hp file installed by OpenSSH A.03.71 (T1471AA). In this file you find:<BR /><BR />HP built HP-UX Secure Shell A.03.71 with the following libraries:<BR /><BR /> * zlib v1.1.4<BR /><BR /> * OpenSSL v0.9.7c<BR /><BR /> * TCP Wrappers v7.6<BR /><BR />In other words, release A.03.71 is built on OpenSSL v0.9.7c that contains the bugs listed in link above.<BR /><BR />When a new release will be available to solve this bugs ? Wed, 24 Mar 2004 07:12:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228159#M748864 Jdamian 2004-03-24T07:12:52Z https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228160#M748865 Oh joy, I was just about to deploy this HP release. I suppose the A.03.61.x release also has this problem? Wed, 24 Mar 2004 08:35:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228160#M748865 Alzhy 2004-03-24T08:35:45Z https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228161#M748866 It has been reported to the security lab and is under investigation. There is no further information or release date available. HP will issue a security bulletin when ready to make a statement.<BR /><BR />Security Bulletins are available for <A href="http://www1.itrc.hp.com/service/cki/secBullArchive.do" target="_blank">http://www1.itrc.hp.com/service/cki/secBullArchive.do</A> HP provides automatic notification for new bulletins by subscribing to the SB Digest.<BR /><BR /> Wed, 24 Mar 2004 08:53:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228161#M748866 Cheryl Griffin 2004-03-24T08:53:02Z https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228162#M748867 In addition, you can address your concerns directly to the security team by email: security-alert@hp.com<BR /><BR />No detailed vulnerability information should be sent to this email address without encryption. Wed, 24 Mar 2004 08:55:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228162#M748867 Cheryl Griffin 2004-03-24T08:55:22Z https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228163#M748868 I opened a call in my Support Centre about this issue.<BR /><BR />They confirmed that OpenSSH is NOT CONCERNED by the bugs in OpenSSL due to the functions quoted in the security alert are not used by OpenSSH. Tue, 30 Mar 2004 03:05:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/t1471aa-release-a-03-71-openssh-is-concerned-by-security-alert/m-p/3228163#M748868 Jdamian 2004-03-30T03:05:41Z