Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

How to cross reference HP security bulletins to other sources...

 

How to cross reference HP security bulletins to other sources...

Generally, can someone explain how to coorelate HP security bulletins to HP QXCR... fixes to CVE bulletins.

Specifically, I am trying to determine if the QXCR... fixes in BIND 9.3.2.7/8 satisfy the vulnerabilities identified in CVE:2010-0097.

Prior to 9/11 it was sufficient to simply upgrade to the latest product version available from HP. Now we are primarily driven by notifications from a couple computer security organizations and must address them first.
3 REPLIES 3
Cass Witkowski
Trusted Contributor

Re: How to cross reference HP security bulletins to other sources...

You'll have to ask HP.

I'll get notified of a security issue. I will then have to look it up to determine which CVEs are included in this security issue. I would then have to log a call with HP to determine if their product (i.e. HP SWS Secure Web Server) is vulnerable. If it is then they send a patch. The QXCR numbers increase in time so if you get a patch for say MOD_JK and then later there is another patch with a higher QXCR number then you can assume that the previous fix is included.

Hope this helps
Ian Miller.
Honored Contributor

Re: How to cross reference HP security bulletins to other sources...

Also logging a call can trigger the creation of a patch if it does not already exist.

So log a call listing the software you are running and the CVE bulletins.
____________________
Purely Personal Opinion
Cass Witkowski
Trusted Contributor

Re: How to cross reference HP security bulletins to other sources...

I also put the originating security notification number in the call to HP so I can link back the CVEs to the original issue later.

Having a good spreadsheet of all the different numbers is good too