User group survivors launch Treeware Project
Bloggy bits on several fronts

HP plugs SSL exploit for HP-UX

Hewlett-Packard's support team announced a security alert for all HP-UX servers running any version of HP-UX 11, warning the community this week that the OpenSSL security mechanism can be used to breach HP's Unix system.

Unix exploits generate critical warnings on a regular basis for HP-UX servers. To mitigate the risk, HP patches up such breeches as quickly as possible. The latest information on how to keep the security tool SSL from becoming a Unix back door, by adding patch HPSBUX02418, is available at HP's IT Response Center (ITRC) Web site.

SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Access
Content Type: HP-UX security bulletins digest
PRIORITY: Critical
Release Date: 03/30/2009

HP notes that HP-UX users such as those who have migrated to the company's HP 9000 or Integrity platforms will need a Response Center login ID and password to read the security bulletin. And to comply with HP's requests, the information excerpted above is

Copyright 2008, Hewlett-Packard Company. All rights reserved. All product and company names referenced herein are trademarks of their respective owners.

You can sign up for automatic notice of these recurring alerts. HP instructs system administrators to initiate a subscription to receive future HP Security Bulletins via e-mail at the HP Web page for bulletins:

On the Web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
    - check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
    - verify your operating system selections are checked and save.