TITLE : HP Tru64 UNIX - SSRT090054 : SSL Remote Denial of Service

Copyright (c) Hewlett-Packard Company 2009.  All rights reserved.


PRODUCT:    HP Internet Express for Tru64 UNIX
SOURCE:     Hewlett-Packard Company

ECO INFORMATION:

     ECO Name:   T64V51B-IX691-APACHE1341-SSRT167-20090626.tar.gz
     ECO Kit Approximate Size: 32.1 MB
     Kit Applies To:  HP Internet Express for Tru64 UNIX 6.9

     ECO Kit CHECKSUMS:
        /usr/bin/sum results:
        39143  32885

        /usr/bin/cksum results:
        3786866192 33673775

        MD5 results:
        285153f662f89f24d588bce9cf26b8e7  

        SHA1 results:
        0e6754bbfd5484b51d8722b9cf956ca2584683ca     
        
ECO KIT SUMMARY:

A setld-based patch kit exists for HP Internet Express for Tru64 UNIX 6.9
(IX) that contains solution to the following problem:

 Potential security vulnerabilities have been reported on the Secure Sockets Layer(SSL) running 
 on the HP Tru64 UNIX Operating System which may allow a remote attacker to cause a Denial of 
 Service (invalid memory access and application crash).


Special Installation Instructions

The kit "T64V51B-IX691-APACHE1341-SSRT167-20090626.tar.gz" when untarred contains the following :

  -  IX691-APACHE1-SSRT167.tar.gz (Installable Kit)
  -  apache_openssl_src.tar.gz (sources)

Installing the kit


1. gunzip T64V51B-IX691-APACHE1341-SSRT167-20090626.tar.gz

2. tar xvf T64V51B-IX691-APACHE1341-SSRT167-20090626.tar

3. gunzip IX691-APACHE1-SSRT167.tar.gz

4. tar xvf IX691-APACHE1-SSRT167.tar

5. cd kit

6. ls -R
IAE.image   IAEAPCH691  INSTCTRL    instctrl

./instctrl:
IAE.image        IAE691.comp      IAEAPCH691.ctrl  IAEAPCH691.inv   IAEAPCH691.scp

5. setld -l .


SUPERSEDE INFORMATION:

Please note that the IX Apache(1.3) ERP being delivered with this EA has IAEAPCH691 and the IX 6.9 
kit will have IAEAPCH690. Hence IX 6.9 Apache (1.3) will not be allowed to overwrite the 
Apache binary delivery by this ERP. All the features present in IX 6.9 Apache are available in this IX Apache ERP.


KNOWN PROBLEMS WITH THE PATCH KIT:

None.


[R] UNIX is a registered trademark in the United States and other countries 
licensed exclusively through X/Open Company Limited.

Copyright Hewlett-Packard Company 2009.  All Rights reserved.

  This software is proprietary to and embodies the confidential technology
  of Hewlett-Packard Company.  Possession, use, or copying of this
  software and media is authorized only pursuant to a valid written license
  from Hewlett-Packard or an authorized sublicensor.

       This ECO has not been through an exhaustive field test process.
       Due to the experimental stage of this ECO/workaround, Hewlett-Packard
       makes no representations regarding its use or performance. The
       customer shall have the sole responsibility for adequate protection
       and back-up data used in conjunction with this ECO/workaround.