Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Hewlett-Packard Company Information for VU#368819

Date Notified:2002-02-22
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

Some HP-UX software (for example, X and lbxproxy) is linked with the 1.0.8 version of zlib. This version came before the introduction of the reported double free problem and is not vulnerable.

Other HP-UX software (for example, OpenSSH) is linked with the latest zlib (1.1.4) and is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

HP has published multiple HP Security Bulletins to address this issue:

    HPSBTL0204-037 Security vulnerability in audit subsystem
    HPSBTL0204-036 Security vulnerabilities in the kernel
    HPSBTL0204-030 Security vulnerability in zlib library
    HPSBTL0203-029 Security vulnurabilty in openssh-clients
    HPSBUX0211-0226 SSRT2146 Java Zlib compression libraries bug

For further information, please visit http://itrc.hp.com and search for the appropriate reference number. Please note that registration may be required to access these documents.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information