HPSBUX02308 SSRT080010 rev.1 - HP-UX Running Apache, Remote Execution of Arbitrary Code - c01345501

RESOLUTION

HP has provided the following software updates to resolve the vulnerability.

The updates are available for download from:
ftp://srt80010:srt80010@hprc.external.hp.com/

OS Release	Depot name	MD5 Sum
B.11.11 (IPv4)	HPUXWSA-B218-03-1111ipv4.depot	788d2a200b8e4a0071cabbcb48dc75e2
B.11.11 (IPv6)	HPUXWSA-B218-03-1111ipv6.depot	788d2a200b8e4a0071cabbcb48dc75e2
B.11.23 PA-32	HPUXWSA-B218-03-1123-32.depot	733a4c6fe16f0cd1b3cce6c5446e9a9a
B.11.23 IA-64	HPUXWSA-B218-03-1123-64.depot	5f6a97fdc8153eb5f86ad34b6e6dd457
B.11.31 PA-32	HPUXWSA-B218-03-1131-32.depot	d5d1ce28426d48b597b18bbfc9831cae
B.11.31 IA-64	HPUXWSA-B218-03-1131-64.depot	e01314a0a361a6622604e884a5a2c1ae

MANUAL ACTIONS: Yes - Update
Install Apache v2.0.59.00.2 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

For IPv4:
HP-UX B.11.11
=============
hpuxwsAPACHE
action: install revision A.2.0.59.00.2 or subsequent
restart Apache
URL: ftp://srt80010:80010@hprc.external.hp.com

For IPv6:
HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
=============
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
hpuxwsAPACHE,revision=B.2.0.55.00
hpuxwsAPACHE,revision=B.2.0.56.00
hpuxwsAPACHE,revision=B.2.0.58.00
hpuxwsAPACHE,revision=B.2.0.58.01
hpuxwsAPACHE,revision=B.2.0.59.00
hpuxwsAPACHE,revision=B.2.0.59.00.0
hpuxwsAPACHE,revision=B.2.0.59.00.1
action: install revision B.2.0.59.00.2 or subsequent
restart Apache
URL: ftp://srt80010:srt80010@hprc.external.hp.com

END AFFECTED VERSIONS

HISTORY
Version: 1 (rev.1) - 30 January 2008 Initial release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Documento de Suporte HP

Centro de Suporte Empresarial

Registro no HP Passaport

Tarefas

Recursos