HP3000-L Archives

April 2014, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: OT OpenSSL-1.0.1 Heartbeat exploit named heartbleed
From:
"James B. Byrne" <[log in to unmask]>
Reply To:
James B. Byrne
Date:
Thu, 10 Apr 2014 09:12:10 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (25 lines) 
On Thu, April 10, 2014 08:45, Mark Ranft wrote:
> Might this vulnerability be a concern for MPE posix OpenSSL users?
>
> The product, HP WebWise MPE/iX Secure Web Server, contained Openssl 0.9.7d
> cryptographic/SSL library
>
> And there are those that downloaded OpenSLL for sftp.  The version I have is
> openssl-0.9.6a-mpe.tar.
>

No, any version of OpenSSL prior to 1.0.1 is not affected by this
vulnerability as the heartbeat protocol was not introduced before 2012 and
v.1.0.1 was the first release to include it.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:[log in to unmask]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2