HP-UX Secure Shell A.04.70.003, A.04.70.004, and A.04.70.005 Release Notes
3
Is libwrap.a linked in HP-UX Secure Shell? Must I only configure hosts.allow
and hosts.deny to use the access control provided by tcp_wrapper?
Yes, thelibwrap.a archive library consisting of tcp_wrapper version
7.6-ipv6.4, is linked to HP-UX Secure Shell. You only need to configure
hosts.allow and hosts.deny to use the access control provided by
tcp_wrapper.
4
Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib
compression algorithm documented at
http://www.cert.org/advisories/CA-2002-07.html?
All versions of HP-UX Secure Shell starting from A.03.10 are built with support for
zlib-1.1.4 or later. So, HP-UX Secure Shell is not affected by the bug described
above.
HP-UX Secure Shell versions A.04.70.003, A.04.70.004, and A.04.70.005 are built with
zlib v1.2.3.
5 Is HP-UX Secure Shell vulnerable to the following CERTs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131?
This version of HP-UX Secure Shell is built with OpenSSL-0.9.7l and is not affected
by these two CERTs. The vulnerabilities were fixed in OpenSSL-0.9.7d.
16 HP-UX Secure Shell A.04.70.003, A.04.70.004, and A.04.70.005