3par Heartbleed patch release

Post Reply
Josh26
Posts: 185
Joined: Thu Oct 24, 2013 6:50 pm

3par Heartbleed patch release

Post by Josh26 »

Hey guys,

For anyone not on Bugtraq - it's worth getting this applied.

https://h20564.www2.hp.com/portal/site/ ... -c04261644

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04261644
Version: 3

HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-22
Last Updated: 2014-05-09

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP 3PAR OS
running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed"
which could be exploited remotely resulting in disclosure of information.

References: CVE-2014-0160, SSRT101526

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP 3PAR OS 3.1.2 and subsequent

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has released patches to address this vulnerability for the impacted
software versions of 3PAR OS.

NOTE: No patch will be available for HP 3PAR OS 3.1.2 GA. HP recommends that
customers with arrays running HP 3PAR OS 3.1.2 GA should upgrade to the
latest available MU or HP 3PAR OS 3.1.3 P01. HP 3PAR OS Version
Available patch

HP 3PAR OS 3.1.3
P01

HP 3PAR OS 3.1.2 MU1, MU2, and MU3
P39
Cleanur
Posts: 254
Joined: Wed Aug 07, 2013 3:22 pm

Re: 3par Heartbleed patch release

Post by Cleanur »

Post Reply