Hewlett Packard - OpenSSL Heartbleed Vulnerability

Number: AL14-023 - UPDATE
Date:0 8 May 2014

Purpose

The purpose of this Alert is to bring attention to recently released security updates for HP Software Asset Manager running OpenSSL.

Assessment

Hewlett Packard has released security updates for the following products to resolve the OpenSSL issue:

  • Win32 9.40.10535 p3 (en) Products: asset manager > 9.40 OS: Windows - All Language Versions.
  • Linux 9.40.10535 p3 (de) Products: asset manager > 9.40 OS: Linux – All Language Versions.

CVE Reference: CVE-2014-0160

Suggested action

CCIRC recommends that system administrators test and deploy the vendor released updates to affected platforms accordingly.

References:

HPSBMU03018 rev.3 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information

Number: AL14-023
Date: 19 April 2014

Purpose

The purpose of this Alert is to bring attention to recently released security updates for various Hewlett Packard products.

Assessment

Hewlett Packard has released security updates for the following products to resolve the OpenSSL issue:

CVE Reference: CVE-2014-0160

Suggested action

CCIRC recommends that system administrators test and deploy the vendor released updates to affected platforms accordingly.

References:

OpenSSL Heartbeat Extension Vulnerability in Multiple Hewlett Packard Products

HPSBNS02991 rev.1 - HP NonStop Servers running Samba
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04226299-1%257CdocLocale%253Den_US%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/action.process/public/kb/docDisplay/?javax.portlet.action=true&spf_p.tpst=kbDocDisplay&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.prp_kbDocDisplay=wsrp-interactionState%3DdocId%253DZW1yX25hLWMwNDIzNjA2Mg%2525253D%2525253DhPsCeNc%257CdocLocale%253Den_US%257CcalledBy%253D&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBMU02995 rev.4*END* HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/action.process/public/kb/docDisplay/?javax.portlet.action=true&spf_p.tpst=kbDocDisplay&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.prp_kbDocDisplay=wsrp-interactionState%3DdocId%253DZW1yX25hLWMwNDIzNjEwMg%2525253D%2525253DhPsCeNc%257CdocLocale%253Den_US%257CcalledBy%253D&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBMU02999 rev.2 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04239374-2%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBMU03012 rev.1 HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL,
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/action.process/public/kb/docDisplay/?javax.portlet.action=true&spf_p.tpst=kbDocDisplay&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.prp_kbDocDisplay=wsrp-interactionState%3DdocId%253DZW1yX25hLWMwNDI1NTc5Ng%2525253D%2525253DhPsCeNc%257CdocLocale%253Den_US%257CcalledBy%253D&javax.portlet.endCacheTok=com.vignette.cachetoken

CCIRC's AV14-017 OpenSSL Vulnerability
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2014/av14-017-eng.aspx 

CCIRC's AL14-005 OpenSSL Heartbleed Vulnerability
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2014/al14-005-eng.aspx 

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: