HP-UX Secure Shell A.04.50.009, A.04.50.010, and A.04.50.011 Release Notes

Is libwrap.a linked in HP-UX Secure Shell? Must I only configure hosts.allow and

hosts.deny to use the access control provided by tcp_wrapper? Yes,

thelibwrap.a archive library consisting of tcp_wrapper version 7.6-ipv6.4,

is linked to HP-UX Secure Shell. You only need to configure hosts.allow and

hosts.deny to use the access control provided by tcp_wrapper.

Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib

compression algorithm documented at

http://www.cert.org/advisories/CA-2002-07.html? All versions of HP-UX Secure

Shell starting from A.03.10 are built with support for zlib-1.1.4 or later. So, HP-UX

Secure Shell is not affected by the bug described above.

HP-UX Secure Shell versions A.04.50.009, A.04.50.010, and A.04.50.011 are built with

zlib v1.2.3.

Is HP-UX Secure Shell vulnerable to the following CERTs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131? This version of

HP-UX Secure Shell is built with OpenSSL-0.9.7i and is not affected by these two CERTs.

The vulnerabilities were fixed in OpenSSL-0.9.7d.

Frequently Asked Questions (FAQ) 15