Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

HPSBMU02947 - Vulnerabilities fixed in SMH 7.2.3?

 
VulnResearcher
Occasional Contributor

HPSBMU02947 - Vulnerabilities fixed in SMH 7.2.3?

Hello all,

 

Were the vulnerabilites ( CVE-2013-4846 and CVE-2013-6188 ) discussed in HPSBMU02947 fixed in SMH 7.2.3?

 

I assume that they are because it is a later release and the components most likely affected were updated in the 7.2.3 release.

 

Also, SMH 7.2.3 appears to be recommended that it be installed on Windows 2003.  Is this just a recommendation or can 7.2.3 only be installed on Windows 2003?  I did successfully install 7.2.3 on Windows 7.

 

Thanks

3 REPLIES
NJK-Work
Honored Contributor

Re: HPSBMU02947 - Vulnerabilities fixed in SMH 7.2.3?

My understanding is that 7.2.3 is a special version released for Windows 2003 that addresses Heartbleed.  The reason for the special release is the that 7.3.x familiy also includes a new version of PHP that is not compatible with Windows 2003. So if you try to install 7.3.2 on Windows 2003 you would fix heartbleed, but end up breaking SMH due to the incompatible PHP library.  So you need 7.2 for Windows 2003 and 7.3 for Windows 2008/R2 to fix Heartbleed for both OS versions.

 

Nelson

VulnResearcher
Occasional Contributor

Re: HPSBMU02947 - Vulnerabilities fixed in SMH 7.2.3?

Thanks Nelson!  This is helpful, but unfortunately does not answer my question.  Does anybody else have any insight for my question?

NJK-Work
Honored Contributor

Re: HPSBMU02947 - Vulnerabilities fixed in SMH 7.2.3?

Ah - sorry.  I assumed HPSBMU02947 was the article related to Heartbleed (as that seems to be the hot topic recently). But I now see it is related to a sepeperate issue.

 

NK