Next Page >>
revision
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.64.01 or subsequent
hpuxws22TOMCAT.TOMCAT
action: install revision B.5.5.30.04 or subsequent
HP-UX B.11.23
==============
Action - Install revision C.9.3.2.3.0 or subsequent
HP-UX Release - B.11.31 running v9.3.2
Action - Install revision C.9.3.2.3.0 or subsequent
Note: HP is aware of performance issues with these updates / patch. All customers should test the updates / patch in their environment. HP is investigating changes to reduce the performance issues. This bulletin will be revised when new updates / patch become available.
MANUAL ACTIONS: Yes - NonUpdate
For B.11.11 running v8.1.2, upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates
For B.11.11 running v9.2.0 install BIND920v11.depot
fips_1_1_2.FIPS-LIB
fips_1_1_2.FIPS-MAN
fips_1_1_2.FIPS-MIS
fips_1_1_2.FIPS-RUN
fips_1_1_2.FIPS-SRC
action: install revision FIPS-OPENSSL-1.1.2.049 or subsequent
fips_1_2.FIPS-CONF
fips_1_2.FIPS-DOC
fips_1_2.FIPS-INC
fips_1_2.FIPS-LIB
fips_1_2.FIPS-MAN
HP-UX Release - B.11.31 running v9.3.2
Action - Install revision C.9.3.2.3.0 or subsequent;
Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
Note: HP is aware of performance issues with these updates / patch. All customers should test the updates / patch in their environment. HP is investigating changes to reduce the performance issues. This bulletin will be revised when new updates / patch become available.
Note: Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf.
Note: Firewall configurations may need to be adjusted to allow DNS queries from random source ports to pass. In addition, firewalls that forward DNS queries must not replace the random source ports.
fips_1_1_2.FIPS-LIB
fips_1_1_2.FIPS-MAN
fips_1_1_2.FIPS-MIS
fips_1_1_2.FIPS-RUN
fips_1_1_2.FIPS-SRC
action: install revision FIPS-OPENSSL-1.1.2.046 or subsequent
fips_1_2.FIPS-CONF
fips_1_2.FIPS-DOC
fips_1_2.FIPS-INC
fips_1_2.FIPS-LIB
fips_1_2.FIPS-MAN
The patches are available for download from:
http://itrc.hp.com
OS Release - B.11.11
Affected WBEM Services Revision - A.02.07.01
Patch ID - PHSS_37700
OS Release - B.11.23
Affected WBEM Services Revision - A.02.07
Patch ID - PHSS_37701
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 16 July 2008 Initial release
Version:2 (rev.2) - 19 July 2008 Added BIND v9.2.0 depot information
Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information,
added BIND v8.1.2
Version:4 (rev.4) - 08 August 2008 Updated manual actions to include named.conf and firewall configuration setings
Version:5 (rev.5) - 12 October 2010 Updated version for BIND v9.2.0 depot for B.11.11
Version:6 (rev.6) - 15 December 2010 Reformat v9.2.0 recommendation for clarity.
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 16 July 2008 Initial release
Version:2 (rev.2) - 19 July 2008 Added BIND v9.2.0 depot information
Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information, added BIND v8.1.2
Version:4 (rev.4) - 08 August 2008 Updated manual actions to include named.conf and firewall configuration setings
Version:5 (rev.5) - 12 October 2010 Updated version for BIND v9.2.0 depot for B.11.11
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.2.0 or BIND v9.3.2
BACKGROUND
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended action has been taken.
AFFECTED VERSIONS
For BIND v9.2.0
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
The Hewlett-Packard Company thanks an anonymous researcher working with the iDefense VCP for reporting this vulnerability to security-alert@hp.com.
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
vulnerability. The new patch in the updated advisory (below)
correctly checks the buffer length.
Thanks to Kevin Coffman (UMich), Will Fiveash (Sun), and Nico Williams
(Sun) for discovering the bug in the initial CVE-2007-3999 patch and
for help with developing the revised patch for CVE-2007-3999.
====================
MIT krb5 Security Advisory 2007-006
The BIND v9.3.2 updates are available for download from http://software.hp.com .
HP-UX Release - B.11.11 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent
HP-UX Release - B.11.23 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent
HP-UX Release - B.11.31 running v9.3.2 - Install revision C.9.3.2.3.0 or subsequent
MANUAL ACTIONS: Yes - NonUpdate
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.22, B.11.23 running TCP/IP (IPv4)
BACKGROUND
To determine if an HP-UX system has an affected version, search the output of "swlist -a revision -l fileset" for one of the filesets listed below. For affected systems, verify that the recommended action has been taken.
AFFECTED VERSIONS
HP-UX B.11.11
=============
Cisco Security Advisory: Cisco IOS Software IPsec Vulnerability
Advisory ID: cisco-sa-20100324-ipsec
Revision 1.0
For Public Release 2010 March 24 1600 UTC (GMT)
+---------------------------------------------------------------------
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 2 February 2009 Initial release
Version:2 (rev.2) 12 February 2009 Corrected Affected Versions, clarified Resolution Table
Version:3 (rev.3) 25 February 2009 Revised Affected Versions and Resolution Table
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
HP-UX B.11.11
=============
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
action: install revision B.2.0.59.04.02 or subsequent and restart Apache
URL: ftp://srt80063:srt80063@hprc.external.hp.com
HP-UX B.11.23
=============
hpuxwsAPCH32.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
hpuxwsTOMCAT.TOMCAT
hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent
URL: http://software.hp.com
HP-UX B.11.23
==================
hpuxws22APCH32.APACHE
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.2 or BIND v9.3
BACKGROUND
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For BIND v9.2.0
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
The Hewlett-Packard Company thanks an anonymous researcher working with the iDefense VCP for reporting this vulnerability to security-alert@hp.com.
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
action: install revision B.2.2.8.05 or subsequent
HP-UX B.11.31
==================
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. When final depots are released this bulletin will again be revised.
The upgrades are available from the following location
ftp://s02729:Secure12@ftp.usa.hp.com
BIND 9.2 for HP-UX Release
Depot Name
Advisory ID: cisco-sa-20090818-bgp
http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml
Revision 1.0
For Public Release 2009 August 18 1500 UTC (GMT)
- ---------------------------------------------------------------------
hpuxws22APCH32.PHP
hpuxws22APCH32.PHP2
hpuxws22APCH32.WEBPROXY
hpuxws22APCH32.WEBPROXY2
hpuxws22TOMCAT.TOMCAT
action: install revision B.2.2.8.04 or subsequent
URL: http://software.hp.com
HP-UX B.11.31
==================
hpuxws22APACHE.APACHE
References: CVE-2009-1420
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.51 and v7.53 on HP-UX, Solaris, Linux, and Windows
running SNMP and MIB before revision 1.30.009
BACKGROUND
CVSS 2.0 Base Metrics
===============================================
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
0. Revision History
v1.0 2009-12-03 Initial release.
v1.1 2009-12-03 Corrected instructions in section V.2)b).
I. Background
===========
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
action: install revision B.2.0.59.16 or subsequent
HP-UX B.11.23
==================
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. When final depots are released this bulletin will be revised.
The upgrades are available from the following location
ftp://s02729:Secure12@ftp.usa.hp.com
BIND 9.2 for HP-UX Release / Depot Name
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided unofficial upgrades to resolve this vulnerability. When final depots are released this bulletin will be revised.
The upgrades are available from the following location
ftp.usa.hp.com
User Name: srt10650 Password: zp{GE7ev
or ftp://srt10650:zp{GE7ev@ftp.usa.hp.com
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
action: install revision B.2.2.8.09 or subsequent
HP-UX B.11.31
==================
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. When final depots are released this bulletin will again be revised.
The upgrades are available from the following location
ftp://s02729:Secure12@ftp.usa.hp.com
BIND 9.2 for HP-UX Release / Depot Name
Next Page>>
|
