TITLE : HP Tru64 UNIX - SSRT090054 : SSL Remote Denial of Service

Copyright (c) Hewlett-Packard Company 2009.  All rights reserved.


PRODUCT:    HP Internet Express for Tru64 UNIX
SOURCE:     Hewlett-Packard Company

ECO INFORMATION:

     ECO Name:   T64V51B-IX691-SENDMAIL8143-SSRT167-20090820.tar.gz
     ECO Kit Approximate Size: 19.2 MB
     Kit Applies To:  HP Internet Express for Tru64 UNIX 6.9

     ECO Kit CHECKSUMS:
        /usr/bin/sum results:
        40997  19619

        /usr/bin/cksum results:
        9237501 20089568

        MD5 results:
        a3855d64f989622fbf3261658571f146  

        SHA1 results:
        59bf3b8fc51e89d150691e90be033f7643705ad7     
        
ECO KIT SUMMARY:

A setld-based patch kit exists for HP Internet Express for Tru64 UNIX 6.9
(IX) that contains solution to the following problem:

 Potential security vulnerabilities have been reported on the Secure Sockets Layer(SSL) running 
 on the HP Tru64 UNIX Operating System which may allow a remote attacker to cause a Denial of 
 Service (invalid memory access and application crash).


Special Installation Instructions

The kit "T64V51B-IX691-SENDMAIL8143-SSRT167-20090820.tar.gz" when untarred contains the following :

  -  IX691-SENDMAIL-SSRT167.tar.gz (Installable Kit)
  -  sendmail-8.14.3.tar.Z (sources)

Installing the kit


1. gunzip T64V51B-IX691-SENDMAIL8143-SSRT167-20090820.tar.gz

2. tar xvf T64V51B-IX691-SENDMAIL8143-SSRT167-20090820.tar

3. gunzip IX691-SENDMAIL-SSRT167.tar.gz

4. tar xvf IX691-SENDMAIL-SSRT167.tar

5. cd sendmail_kit

6. ls -R
IAE.image   IAESMTP691  INSTCTRL    instctrl

./instctrl:
IAE.image        IAE691.comp      IAESMTP691.ctrl  IAESMTP691.inv   IAESMTP691.scp

5. setld -l .


SUPERSEDE INFORMATION:

Please note that this IX Sendmail ERP being delivered, contains the subset IAESMTP691 and the 
IX 6.9 kit will have the subset IAESMTP690. Hence, IX 6.9 SENDMAIL will not be allowed to 
overwrite this ERP. All the features present in IX 6.9 Sendmail are available in this ERP.


KNOWN PROBLEMS WITH THE PATCH KIT:

None.


[R] UNIX is a registered trademark in the United States and other countries 
licensed exclusively through X/Open Company Limited.

Copyright Hewlett-Packard Company 2009.  All Rights reserved.

  This software is proprietary to and embodies the confidential technology
  of Hewlett-Packard Company.  Possession, use, or copying of this
  software and media is authorized only pursuant to a valid written license
  from Hewlett-Packard or an authorized sublicensor.

       This ECO has not been through an exhaustive field test process.
       Due to the experimental stage of this ECO/workaround, Hewlett-Packard
       makes no representations regarding its use or performance. The
       customer shall have the sole responsibility for adequate protection
       and back-up data used in conjunction with this ECO/workaround.