
TITLE:  SSRT4717 - HP Tru64 UNIX - Potential OpenSSL Security Vulnerability

Copyright (c) Hewlett-Packard Company 2004.  All rights reserved.


PRODUCT:    Secure Web Server (powered by Apache) V2.0.47 and V1.3.28
	    for Tru64 UNIX 5.1A and 5.1B
 
SOURCE:     Hewlett-Packard Company

ECO INFORMATION:

     ECO Name:  T64V51AB-IX621-HTTPD2047-APCH1328-SSRT4717.tar
     ECO Kit Approximate Size:  67.5 MB 
     Kit Applies To:  Tru64 5.1A or 5.1B systems on 
                      latest supported base levels. 

# /usr/bin/cksum T64V51AB-IX621-HTTPD2047-APCH1328-SSRT4717.tar
834301398 70645760 T64V51AB-IX621-HTTPD2047-APCH1328-SSRT4717.tar
# /usr/bin/sum T64V51AB-IX621-HTTPD2047-APCH1328-SSRT4717.tar
54179  68990 T64V51AB-IX621-HTTPD2047-APCH1328-SSRT4717.tar


ECO KIT SUMMARY:

A setld-based patch kit exists for Secure Web Server (SWS) that
contains solutions to the following problem(s):

Potential security vulnerability has been identified in OpenSSL
which is used by SWS that may be exploitable resulting 
in Denial of Service(DoS). 

SWS is distributed via the Internet Express (IX) set of products 
available for Tru64 UNIX. 

   o SSRT4717 Internet Express Secure Web Server (Severity - High)

Cross References: CAN-2004-0079

HP has addressed these potential vulnerabilities with this patched 
version of Secure Web Server (powered by Apache) V2.0.47 and V1.3.28.  

The Patch Kit Installation Instructions and the Patch Summary and Release
Notes documents provide patch kit installation and removal instructions
and a summary of each patch. Please read these documents prior to 
installing patches on your system.

The patches in this ERP kit are scheduled to be available in 
the next mainstream Internet Express (IX) release: V6.3.

**********************************
Special Installation Instructions:
**********************************

This patch kit is needed if you have the SWS subsets from 
IX V6.2 (IAEHTTPD620 or IAEAPCH620) or older installed.

To install this patch kit:

# su root
# tar xvf T64V51AB-IX621-HTTPD2047-APCH1328-SSRT4717.tar 
# cd sws_kit/kit
# setld -l . 

To remove this patch kit:

# su root
# setld -d IAEHTTPD621 IAEAPCH621 IAEAPAD621 IAEAPDOC621 IAETOMCAT621

INSTALLATION PREREQUISITES:

You must have Tru64 UNIX 5.1B or 5.1A installed with the latest
supported base level prior to installing this Patch Kit.

KNOWN PROBLEMS WITH THE PATCH KIT:

None.



[R] UNIX is a registered trademark in the United States and other countries 
licensed exclusively through X/Open Company Limited.

Copyright Hewlett-Packard Company 2004.  All Rights reserved.

  This software is proprietary to and embodies the confidential technology
  of Hewlett-Packard Company.  Possession, use, or copying of this
  software and media is authorized only pursuant to a valid written license
  from Hewlett-Packard or an authorized sublicensor.

       This ECO has not been through an exhaustive field test process.
       Due to the experimental stage of this ECO/workaround, Hewlett-Packard
       makes no representations regarding its use or performance. The
       customer shall have the sole responsibility for adequate protection
       and back-up data used in conjunction with this ECO/workaround.