HP-UX Secure Shell A.04.50.003, A.04.50.004, and A.04.50.005 Release Notes
library consisting of tcp_wrapper version 7.6-ipv6.4, is linked to HP-UX Secure Shell.
You only need to configure hosts.allow and hosts.deny to use the access control provided
by tcp_wrapper.
Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib compression
algorithm documented at http://www.cert.org/advisories/CA-2002-07.html? All versions of
HP-UX Secure Shell starting from A.03.10 are built with support for zlib-1.1.4 or later. So,
HP-UX Secure Shell is not affected by the bug described above.
HP-UX Secure Shell versions A.04.50.003, A.04.50.004, and A.04.50.005 are built with zlib v1.2.3.
Is HP-UX Secure Shell vulnerable to the following CERTs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131? This version of HP-UX
Secure Shell is built with OpenSSL-0.9.7i and is not affected by these two CERTs. The
vulnerabilities were fixed in OpenSSL-0.9.7d.
Frequently Asked Questions (FAQ) 13