HPE Community
Operating System - HP-UX
1848965 Members
6836 Online
104040 Solutions
New Discussion

T1471AA release A.03.71 (OpenSSH) is concerned by Security Alert TA04-078A of OpenSSL

 
Jdamian
Respected Contributor

‎03-23-2004 11:12 PM

‎03-23-2004 11:12 PM

T1471AA release A.03.71 (OpenSSH) is concerned by Security Alert TA04-078A of OpenSSL

Hi
I received a notification to update OpenSSL due to some bugs.

http://www.us-cert.gov/cas/techalerts/TA04-078A.html

I read README.hp file installed by OpenSSH A.03.71 (T1471AA). In this file you find:

HP built HP-UX Secure Shell A.03.71 with the following libraries:

* zlib v1.1.4

* OpenSSL v0.9.7c

* TCP Wrappers v7.6

In other words, release A.03.71 is built on OpenSSL v0.9.7c that contains the bugs listed in link above.

When a new release will be available to solve this bugs ?
0 Kudos
Reply
4 REPLIES 4
Alzhy
Honored Contributor

‎03-24-2004 12:35 AM

‎03-24-2004 12:35 AM

Re: T1471AA release A.03.71 (OpenSSH) is concerned by Security Alert TA04-078A of OpenSSL

Oh joy, I was just about to deploy this HP release. I suppose the A.03.61.x release also has this problem?
Hakuna Matata.
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎03-24-2004 12:53 AM

‎03-24-2004 12:53 AM

Re: T1471AA release A.03.71 (OpenSSH) is concerned by Security Alert TA04-078A of OpenSSL

It has been reported to the security lab and is under investigation. There is no further information or release date available. HP will issue a security bulletin when ready to make a statement.

Security Bulletins are available for http://www1.itrc.hp.com/service/cki/secBullArchive.do HP provides automatic notification for new bulletins by subscribing to the SB Digest.

"Downtime is a Crime."
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎03-24-2004 12:55 AM

‎03-24-2004 12:55 AM

Re: T1471AA release A.03.71 (OpenSSH) is concerned by Security Alert TA04-078A of OpenSSL

In addition, you can address your concerns directly to the security team by email: security-alert@hp.com

No detailed vulnerability information should be sent to this email address without encryption.
"Downtime is a Crime."
0 Kudos
Reply
Jdamian
Respected Contributor

‎03-29-2004 07:05 PM

‎03-29-2004 07:05 PM

Re: T1471AA release A.03.71 (OpenSSH) is concerned by Security Alert TA04-078A of OpenSSL

I opened a call in my Support Centre about this issue.

They confirmed that OpenSSH is NOT CONCERNED by the bugs in OpenSSL due to the functions quoted in the security alert are not used by OpenSSH.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.