<< Previous Next >>
contained
RESOLUTION
HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits.
The resolutions contained in the ERP kits are targeted for availability in the following mainstream kit:
HP Tru64 UNIX v 5.1B-5
The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs.
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits.
The resolutions contained in the ERP kits are targeted for availability in the following mainstream kit:
HP Internet Express for Tru64 UNIX v 6.8
The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs.
RESOLUTION
HP is releasing the following early release patches publicly for use by any customer until updates are available in mainstream release patch kits.
The resolutions contained in the ERP kits are targeted for availability in the following mainstream kit:
HP OpenVMS TCP/IP Services v 5.6 ECO 3
HP Alpha BIND Server Patch for TCP/IP Services for OpenVMS v 5.4 ECO 7, v 5.5 ECO 3, v 5.6 ECO 2
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits.
The resolutions contained in the ERP kits are targeted for availability in the following mainstream kit:
HP Tru64 UNIX v 5.1B-5
The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs.
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or v2.0.59.07.02 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier
RESOLUTION
HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits.
The resolutions contained in the ERP kits are targeted for availability in the following mainstream kits:
The Associated Products CD (APCD) associated with HP Tru64 UNIX v 5.1B-5
Internet Express (IX) for HP Tru64 UNIX v 6.8
The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs.
The digital signature and the certificates are stored in the
ODF ZIP container in the file META-INF\documentsignatures.xml.
OpenOffice does store the public-key certificate in X509 format
in the XML file under META-INF\documentsignatures.xml.
Additionally OpenOffice replicates all the information contained
in the X509 formatted certificate in additional XML structures.
For example the issuer's name is stored under
document-signatures/Signature/KeyInfo/X509Data/_
X509IssuerSerial/X509IssuerName.
> signature.
>
>
> As a solution the scope of the signature needs to be extended
>
> to cover all the relevant information contained in the whole
>
> document, thus also the meta data in core.xml.
>
>
> Include core.xml, and probably other files in the signature's
> signature.
>
>
> As a solution the scope of the signature needs to be extended
>
> to cover all the relevant information contained in the whole
>
> document, thus also the meta data in core.xml.
>
>
> Include core.xml, and probably other files in the signature's
>> signature.
>>
>>
>> As a solution the scope of the signature needs to be extended
>>
>> to cover all the relevant information contained in the whole
>>
>> document, thus also the meta data in core.xml.
>>
>>
>> Include core.xml, and probably other files in the signature's
BACKGROUND
RESOLUTION
HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits.
The resolutions contained in the ERP kits are targeted for availability in the following mainstream patch kit:
HP Tru64 UNIX Version v5.1B-5
The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs.
8th Floor | Kings Building | Smith Square | London SW1P 3JJ
Tel: +44 (0) 1242 225 205
Fax: +44 (0) 1242 225 215
www.irmplc.com
The information contained in this email is privileged and confidential and is intended only for the use of the addressee. Unauthorised disclosure, copying or distribution of the contents is strictly prohibited. Please reply immediately if you receive this email in error and then immediately delete it from your system.
Where relevant, any quotation contained within this email is exclusive of VAT at the current rate and valid for 30 days from the date of this email. Information Risk Management Plc (IRM) does not authorise the creation of contracts on its behalf by email. All information contained within this email and its attachments are subject to IRM's standard terms and conditions, a copy of which is available upon request.
All attachments have been scanned for viruses using regularly updated programs. IRM cannot accept liability for any damage you incur as a result of virus infection and we advise that you should carry out such virus and other checks as you consider appropriate.
IRM is a company registered in England with company number 3612719. The above address is the official registered office of IRM.
-- Analysis --
The web portal interface incorporates a collection of .NET scripts,
which utilise a session ID contained within cookies. During the
authentication sequence the user session is redirected via a HTTP meta
refresh header in an HTML response. The browser subsequently uses this
within the next GET request (and the referer header field of the next
HTTP request), placing the session ID in history files, and both client
and server logs. The use of the session ID within the HTML content is
BACKGROUND
RESOLUTION
Until the update is available in the mainstream product release, the patch will be made available to customers via their standard HP support channels through the HP Customer Support Center.
The resolutions contained in patch kits are targeted for availability in the following mainstream product release:
TCPIP for OpenVMS V5.4 ECO7 which is planned for release in HP-Q1FY08
TCPIP for OpenVMS V5.5 ECO3 which is not yet scheduled for release
TCPIP for OpenVMS V5.6 ECO3 which is not yet scheduled for release
BACKGROUND
RESOLUTION
Until the update is available in the mainstream product release, HP is releasing the following setld-based patch kits publicly for use by any customer.
The resolutions contained in patch kits are targeted for availability in the following mainstream product release:
HP Tru64 UNIX v 5.1B-5
HP Internet Express for Tru64 UNIX v 6.7
The kits distribute the following:
Apply the patch NNM_01203, available here: http://support.openview.hp.com/selfsolve/patches
3. Install the Hotfix
Install the hotfix as described in the README.txt contained in SSRT100025.zip.
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 hotfix listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
RESOLUTION
HP has provided HP Insight Managed System Setup Wizard v6.2 or subsequent to resolve the vulnerability
The HP Insight Managed System Setup Wizard updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
RESOLUTION
HP has provided HP Insight Recovery v6.2 or subsequent to resolve the vulnerability
The HP Insight Recovery updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
RESOLUTION
HP has provided HP Insight Orchestration software v6.2 or subsequent to resolve the vulnerability
The HP Insight Orchestration software updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
RESOLUTION
HP has provided HP Insight Control performance management v6.1 update 2 to resolve the vulnerability.
The HP Insight Control performance management updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
Note: The vulnerability can also be resolved by updating to HP Insight Control performance management v6.2 or subsequent.
RESOLUTION
HP has provided HP Insight Control performance management v6.2 or subsequent to resolve the vulnerability
The HP Insight Control performance management updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
RESOLUTION
HP has provided HP Insight Control virtual machine management v6.2 or subsequent to resolve the vulnerabilities.
HP Insight Control virtual machine management updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
These DVD images are available for download here.
http://h18000.www1.hp.com/products/blades/components/ethernet/vcem/index.html
HP Virtual Connect Enterprise Manager (VCEM) - Part of HP Insight Software
The VCEM updates are also contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
RESOLUTION
HP has provided HP Insight Control virtual machine management v6.2 or subsequent to resolve the vulnerabilities.
HP Insight Control virtual machine management updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
VCRM is available as part of HP Insight Software and as part of HP Systems Insight Manager. VCRM is also available for direct download.
VCRM - part of HP Insight Software
The VCRM updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
VCRM - part of HP Systems Insight Manager (SIM)
RESOLUTION
HP has provided HP Virtual Server Environment v6.2 or subsequent to resolve the vulnerability
The HP Virtual Server Environment updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
RESOLUTION
HP has provided HP Insight Control Server Migration v6.2 or subsequent to resolve the vulnerabilities
The HP Insight Control Server Migration updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
RESOLUTION
HP has provided HP Insight Control Power Management v6.2 or subsequent to resolve the vulnerabilities.
HP Insight Control Power Management updates are contained on Insight Software DVD images. These DVD images are available here.
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
PRODUCT SPECIFIC INFORMATION
None
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These
vulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial
of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite.
References: CVE-2010-2227, CVE-2010-1157, CVE-2009-0783, CVE-2009-0781, CVE-2009-0580, CVE-2009-0033, CVE-2008-5515
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier
References: CVE-2010-1452, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890, CVE-2009-1195, CVE-2009-0023, CVE-2007-6203, CVE-2006-3918
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to v2.0.63.01
Note: HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX Web Server Suite v.2.32
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
<<Previous Next>>
|
