On Thu, April 10, 2014 08:45, Mark Ranft wrote:
> Might this vulnerability be a concern for MPE posix OpenSSL users?
>
> The product, HP WebWise MPE/iX Secure Web Server, contained Openssl 0.9.7d
> cryptographic/SSL library
>
> And there are those that downloaded OpenSLL for sftp. The version I have is
> openssl-0.9.6a-mpe.tar.
>
No, any version of OpenSSL prior to 1.0.1 is not affected by this
vulnerability as the heartbeat protocol was not introduced before 2012 and
v.1.0.1 was the first release to include it.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:[log in to unmask]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *