U programskom paketu OpenSSL otkriveno je nekoliko sigurnosnih nedostataka koji se mogu iskoristiti za neovlašten pristup i otkrivanje osjetljivih podataka.

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03141193

Version: 1
HPSBUX02734 SSRT100729 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-01-19

Last Updated: 2012-01-19

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access.

References: CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s.
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics

Reference
	
Base Vector
	
Base Score
CVE-2011-3210
	
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
	
5.0
CVE-2011-4108
	
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
	
4.3
CVE-2011-4109
	
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
	
9.3
CVE-2011-4576
	
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
	
5.0
CVE-2011-4577
	
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
	
4.3
CVE-2011-4619
	
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
	
5.0

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability.
The upgrades are available from the following location
ftp://ossl098s:Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

HP-UX Release
	
Depot Name
B.11.11 PA (32 and 64)
	
OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot
B.11.23 (PA and IA)
	
OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (PA and IA)
	
OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08s or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: Install revision A.00.09.08s.001 or subsequent

HP-UX B.11.23
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: Install revision A.00.09.08s.002 or subsequent

HP-UX B.11.31
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: Install revision A.00.09.08s.003 or subsequent

END AFFECTED VERSIONS

HISTORY
Version:1 (rev.1) 19 January 2012 Initial release