TITLE: SSRT4717 - HP Tru64 UNIX - Potential OpenSSL Security Vulnerability Copyright (c) Hewlett-Packard Company 2004. All rights reserved. PRODUCT: OpenLDAP V2.0.27 for Tru64 UNIX 5.1A and 5.1B SOURCE: Hewlett-Packard Company ECO INFORMATION: ECO Name: T64V51AB-IX621-OLDAP2027-SSRT4717.tar ECO Kit Approximate Size: 25.7 MB Kit Applies To: Tru64 5.1A or 5.1B systems on latest supported base levels. # /usr/bin/cksum T64V51AB-IX621-OLDAP2027-SSRT4717.tar 1856779159 26910720 T64V51AB-IX621-OLDAP2027-SSRT4717.tar # /usr/bin/sum T64V51AB-IX621-OLDAP2027-SSRT4717.tar 42004 26280 T64V51AB-IX621-OLDAP2027-SSRT4717.tar ECO KIT SUMMARY: A setld-based patch kit exists for OpenLDAP that contains solutions to the following problem(s): Potential security vulnerability has been identified in OpenSSL which is used by OpenLDAP that may be exploitable resulting in Denial of Service(DoS). OpenLDAP is distributed via the Internet Express (IX) set of products available for Tru64 UNIX. o SSRT4717 Internet Express OpenLDAP (Severity - High) Cross References: CAN-2004-0079 HP has addressed these potential vulnerabilities with this patched version of OpenLDAP V2.0.27. The Patch Kit Installation Instructions and the Patch Summary and Release Notes documents provide patch kit installation and removal instructions and a summary of each patch. Please read these documents prior to installing patches on your system. The patches in this ERP kit are scheduled to be available in the next mainstream Internet Express (IX) release: V6.3. ********************************** Special Installation Instructions: ********************************** This patch kit is needed if you have the OpenLDAP subset from IX V6.2 (IAEOLDAP620) or older installed. To install this patch kit: # su root # tar xvf T64V51AB-IX621-OLDAP2027-SSRT4717.tar # cd openldap_kit # setld -l IAEOLDAP621 To remove this patch kit: # su root # setld -d IAEOLDAP621 INSTALLATION PREREQUISITES: You must have Tru64 UNIX 5.1B or 5.1A installed with the latest supported base level prior to installing this Patch Kit. KNOWN PROBLEMS WITH THE PATCH KIT: None. [R] UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited. Copyright Hewlett-Packard Company 2004. All Rights reserved. This software is proprietary to and embodies the confidential technology of Hewlett-Packard Company. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from Hewlett-Packard or an authorized sublicensor. This ECO has not been through an exhaustive field test process. Due to the experimental stage of this ECO/workaround, Hewlett-Packard makes no representations regarding its use or performance. The customer shall have the sole responsibility for adequate protection and back-up data used in conjunction with this ECO/workaround.