Simpler Navigation coming for Servers and Operating Systems
Coming soon: a much simpler Servers and Operating Systems section of the Community. We will combine many of the older boards, and you won't have to click through so many levels to get at the information you need. If you are looking for an older board and do not find it, check the consolidated boards, as the posts are still there.
cancel
Showing results for 
Search instead for 
Did you mean: 

The heartbleed bug

Pomz
Occasional Visitor

The heartbleed bug

Hi Friends,

Anybody know about impact of a recent disclose vunerability ''Heartbleed" bug to HP-UX? and how to prevent it?

Thanks in advanced.

Cheers,

Pomz

 

3 REPLIES
Patrick Wallek
Honored Contributor

Re: The heartbleed bug

I just wrote an internal whitepaper for my company regarding this.

 

In a nutshell, you need to check the versions of OpenSSL you are running on your system.  You can do this in a couple of ways.

 

# openssl version

 

Will check the version that is in your $PATH.

 

You should probably also check and see if you have multiple versions installed on the system.

 

One way to do this is:

 

# swlist -l product openssl

 

It is entirely possible that you have a version from HP installed, that was installed by default with the OS, and also a separate version that was installed from the HP-UX porting and archive centre.

 

HP's latest version of OpenSSL is available here, but it is based on ver 0.9.8y and 0.9.7m of OpenSSL.

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

 

The latest OpenSSL from the HP-UX porting and archive centre is here:

http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/openssl-1.0.1g/

 

 

Torsten.
Acclaimed Contributor

Re: The heartbleed bug

HP says, HP-UX is not affected:

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04239413

(unless you installed openssl from another source ...)

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Highlighted
Matti_Kurkela
Honored Contributor

Re: The heartbleed bug

By the way, if you need to explain the Heartbleed bug to a non-technical person, this xkcd.com comic strip can be very helpful:

 

http://www.xkcd.com/1354/

MK