HP-UX Secure Shell A.05.10.006,A.05.10.007, and A.05.10.008 Release Notes HP-UX 11i v1, 11i v2, and 11i v3
Yes, the libwrap.a archive library consisting of tcp_wrapper version 7.6-ipv6.4,
is linked to HP-UX Secure Shell. You only need to configure hosts.allow and hosts.deny
to use the access control provided by tcp_wrapper.
4
Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib compression
algorithm documented at http://www.cert.org/advisories/CA-2002-07.html?
All versions of HP-UX Secure Shell starting from A.03.10 are built with support for
zlib-1.1.4 or later. So, HP-UX Secure Shell is not affected by the bug described above.
HP-UX Secure Shell versions A.05.00.021, A.05.00.022, and A.05.00.023 are built with zlib
v1.2.3.
5 Is HP-UX Secure Shell vulnerable to the following CERTs: http://cve.mitre.org/cgi-bin/
cvename.cgi?name=CAN-2003-0147 http://cve.mitre.org/cgi-bin/
cvename.cgi?name=CAN-2003-0131?
This version of HP-UX Secure Shell is built with OpenSSL-0.9.7m and is not affected by these
two CERTs. The vulnerabilities were fixed in OpenSSL-0.9.7d.
14 HP-UX Secure Shell A.05.10.006, A.05.10.007, and A.05.10.008