[Info-vax] OpenSSL update at HP (2014.09.xx)
Bob Gezelter
gezelter at rlgsc.com
Tue Sep 16 10:27:45 EDT 2014
On Tuesday, September 16, 2014 9:49:08 AM UTC-4, Stephen Hoffman wrote:
> On 2014-09-16 11:38:12 +0000, Neil Rieck said:
>
>
>
> > Yesterday I received an HP security alert regarding OpenSSL problems
>
> > which I won't post here. Concerned citizens can download updated images
>
> > here:
>
> >
>
> > http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
>
>
>
> Here's the most recent HP security announcement
>
> <https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04426586>
>
>
>
>
>
> This SSL 1.4-493 kit is reportedly the port of OpenSSL 0.9.8zb, which
>
> OpenSSL released back on 06-Aug-2014.
>
>
>
> Beware: there is (was) another SSL patch around with the previous
>
> OpenSSL 0.9.8za version. That patch arrived about two weeks ago.
>
>
>
>
>
>
>
>
>
> --
>
> Pure Personal Opinion | HoffmanLabs LLC
The background on these vulnerabilities can be found at:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3505
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3506
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3507
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3508
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510
(Vulnerability IDs from the HP Bulletin, which failed referenced, but failed to include details of, the vulnerabilities)
- Bob Gezelter, http://www.rlgsc.com
More information about the Info-vax
mailing list