Re: OpenSSL vulnerability

jmb · ‎10-07-2003

In Security Bulletin SSRT3622 "Potential Security Vulnerabilities in Apache HTTP Server" there are problems identified with OpenSSL. That Bulletin provides a fix for the Apache Server. However, OpenSSL is also included in HP's SecureShell.

This is from Bugtraq: "All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected."
(http://www.securityfocus.com/archive/1/339623)

Does anyone know of HP's plans to incorporate the latest OpenSSL into SecureShell?

Steven E. Protter · ‎10-07-2003

Already fixed in HP's port of 3.6

You may verify this by looking at recent posts by Berlen Herren.

You see when HP ports the source code they can actually fix vulnerabilities without having to port the next release. This is what they did. If you use the latest Secure Shell from software.hp.com you will fix the problem.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

jmb · ‎10-08-2003

Thank you, Steven. Good to see someone ahead of the curve for a change!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: OpenSSL vulnerability

OpenSSL vulnerability

Re: OpenSSL vulnerability

Re: OpenSSL vulnerability