HP-UX update for OpenSSL

Secunia ID	SA49229
CVE-ID	CVE-2006-7250, CVE-2011-4619, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2131
Release Date	18 May 2012
Criticality	Highly Critical
Solution Status	Vendor Patch
Where	From remote
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Security Bypass This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application.
Description	HP has issued an update for OpenSSL in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA46958 SA47426 SA48153 SA48847 The vulnerabilities are reported in HP-UX versions B.11.11, B.11.23, and B.11.31 running OpenSSL versions prior to vA.00.09.08w.
Solution	Apply patches. B.11.11 PA (32 and 64): Apply patch OpenSSL_A.00.09.08w.001_HP-UX_B.11.11_32+64.depot B.11.23 (PA and IA): Apply patch OpenSSL_A.00.09.08w.002_HP-UX_B.11.23_IA-PA.depot B.11.31 (PA and IA): Apply patch OpenSSL_A.00.09.08w.003_HP-UX_B.11.31_IA-PA.depot
Original Advisory	HPSBUX02782 SSRT100844: https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03333987&ac.admitted=1337324854606.876444892.492883150

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.