HomeSearchSite MapContact Us RemoteDBA Services for CODASYL DBMS and RdbPreserving Mission Critical IT Applications Through Virtualization

Remote Management of OpenVMS SystemsExtreme Performance Consulting


OPEN VMS ADMINISTRATION

 


Printable
Data Sheet

 

 

Follow SoftwareConcept on Twitter

Follow us
on Twitter

   
 
 

OpenVMS Security Advisories Issued

On May 5, 2011 the Hewlett-Packard (HP) Software Security Response Team announced the following potential security vulnerabilities with specific layered products running on OpenVMS.

SCI Remote Managed Services Customers: Your TAM has already contacted you regarding these vulnerabilities.

 

All Others:  Patches are available for download at http://itrc.hp.com, or contact SCI for assistance in installing these patches.


Java for HP OpenVMS:

     Major Version Platform Affected Minor Versions
     J2SE 1.42 Alpha v 1.42-9 and earlier
     J2SE 1.42 I64 v 1.46-6 and earlier
     J2SE 5.0 Alpha v 1.50-7 and earlier
     J2SE 5.0 I64 v 1.50-6 and earlier
     Java SE 6 Alpha & I64 v 6.0-2 and earlier

This vulnerability could be remotely exploited to create a Denial of Service (DoS).

Read full HP security bulletin (ITRC Login Required)

The following tool has been made available by HP to resolve the issue:

   FPUpdater Tool - download tool here

 

The FPUpdater tool must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE) for Java v 1.4-x, v 5.0-x, and v 6.0-x.

 

____________________________________________________
 

Kerberos for HP OpenVMS

     Kerberos v3.1 and earlier

 

This vulnerability could be remotely exploited to create a Denial of Service (DoS) or execution of arbitrary code, or by a remote unauthorized user to modify data, prompts, or responses.

 

Read full HP security bulletin (ITRC Login Required)

 

The following patch kits have been made available by HP to resolve the issue:

     Kerberos v3.2 for OpenVMS alpha and OpenVMS Integrity servers

 

____________________________________________________
 

HP SSL for OpenVMS

     v1.4 and earlier   

 

This vulnerability could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses.

 

Read full HP security bulletin (ITRC Login Required)
 

The following patch kits have been made available by HP to resolve the issue:

     HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers

 

____________________________________________________
 

HP Secure Web Server (SWS) for OpenVMS (based on Apache)
    
v2.1-1 and earlier

This vulnerability could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.

Read full HP security bulletin (ITRC Login Required)

The following patch kits have been made available by HP to resolve the issue:
  
  HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers
     CSWS_PHP V2.2

 

Copyright 2016 Software Concepts International
All Rights Reserved