HP-UX Secure Shell A.04.30.014 and A.04.30.015 Release Notes, Nov 2006

HP-UX Secure Shell A04.30.014 and A.04.30.015

Frequently Asked Questions (FAQ)

Chapter30

Is HP-UX Secure Shell vulnerable to the reported double free bug in the

zlib compression algorithm documented at

http://www.cert.org/advisories/CA-2002-07.html

All versions of HP-UX Secure Shell starting from A.03.10 are built with

support for zlib-1.1.4 or later. So, HP-UX Secure Shell is not affected

by the bug described above.

HP-UX Secure Shell A.04.30.014/015 is built with zlib v1.2.3.

Is HP-UX Secure Shell vulnerable to the following CERTs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131?

This version of HP-UX Secure Shell is built with OpenSSL-0.9.7i and is

not affected by these two CERTs. The vulnerabilities were fixed in

OpenSSL-0.9.7d.