Page 1 of 1

3par Heartbleed patch release

Posted: Tue May 13, 2014 11:09 pm
by Josh26
Hey guys,

For anyone not on Bugtraq - it's worth getting this applied.

https://h20564.www2.hp.com/portal/site/ ... -c04261644

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04261644
Version: 3

HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-22
Last Updated: 2014-05-09

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP 3PAR OS
running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed"
which could be exploited remotely resulting in disclosure of information.

References: CVE-2014-0160, SSRT101526

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP 3PAR OS 3.1.2 and subsequent

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has released patches to address this vulnerability for the impacted
software versions of 3PAR OS.

NOTE: No patch will be available for HP 3PAR OS 3.1.2 GA. HP recommends that
customers with arrays running HP 3PAR OS 3.1.2 GA should upgrade to the
latest available MU or HP 3PAR OS 3.1.3 P01. HP 3PAR OS Version
Available patch

HP 3PAR OS 3.1.3
P01

HP 3PAR OS 3.1.2 MU1, MU2, and MU3
P39

Re: 3par Heartbleed patch release

Posted: Wed May 14, 2014 8:29 am
by Cleanur