Partnering with leading security vendors

Year  2011 ›  2010 ›  2009 ›  2008 ›  2006 ›  2005 ›  2004

Additional security software

Note: SSH is included in Tru64 UNIX V5.1B and is no longer available for download from this site. If you are using an earlier version of Tru64 UNIX and require SSH, there are other SSH implementations available, such as OpenSSH.

  • Non-security related Early Release Patches (ERPs)

To access most patch links on this page, please register on the HP IT Resource Center website. Registration is free.

Security advisories and associated patches - 2007
Problem description Security patch kit for affected OS/Patch Kit or product Last update Summary Cross-reference Fixed in next mainstream patch kit
SSRT071452 5.1B-4
5.1B-3
20-Dec-07 HP Tru64 UNIX running FFM, Local Denial of Service (Dos) None 5.1B-5
(target)
SSRT071472 Apache
Tomcat on
IX 6.7
IX 6.6
IX 6.5
15-Oct-07 HP Tru64 UNIX Running Apache Tomcat, Remote Unauthorized Access, Remote Denial of Service (DoS) CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
IX v 6.8
SSRT071449 5.1B-4
5.1B-3
IX 6.6
29-Aug-07 HP Tru64 UNIX or HP Tru64 Internet Express running BIND, Remote DNS Cache Poisoning CVE-2007-2926 5.1B-5
(target)
IX v 6.7
SSRT071424 Internet Express 6.6 running Samba  3.0.23 27-June-07 HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation CVE-2007-2444
CVE-2007-2446
CVE-2007-2447
IX v 6.7
SSRT071429 HP Internet Express (IX) for Tru64 UNIX 6.6 and earlier
Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS)  6.6.4 and earlier
25-June-07 Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS CVE-2006-4625
CVE-2007-0988
CVE-2007-1286
CVE-2007-1380
CVE-2007-1700
CVE-2007-1701
CVE-2007-1710
CVE-2007-1835
CVE-2007-1884
CVE-2007-1885
CVE-2007-1886
IX v 6.7
SSRT061213 ›
SSRT061239 ›
SSRT071304

Rev. 2

New 5.1B-4 kit provided›

5.1B-4
5.1B-3
5.1A PK6
4.0G PK4
4.0F PK8
Insight Mgt Agents patch v 3.6.1

IX v 6.6 customers should install the BIND 9.2.8 patch from the ERP kit appropriate for their base OS  version.

21-June-07
(Rev. 2)
HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS) SSL:
VU#547300
VU#386964
CAN-2006-4339
CVE-2006-2937
CVE-2006-2940
CVE-2006-3738

BIND:
VU#697164
VU#915404
CVE-2007-0493
CVE-2007-0494

5.1B-5 (target)

IX 6.7

IM Agents patch 3.6.1 (already available)

SSRT071323 5.1B-4
5.1B-3
9-May-07 HP Tru64 UNIX Running Secure Shell (SSH), Remote Unauthorized Identification of Valid Users none 5.1B-5 (target)
SSRT071326 5.1B-4
5.1B-3
5.1A PK6
1-May-07 HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation none 5.1B-5 (target)
SSRT061135›
Vers. 3

Vers 3: updated 5.1B-3 kit
provided

5.1B-3  
5.1A PK6 ›
4.0G PK4›
4.0F PK8›
IX 6.5
25-Apr-07 HP Tru64 UNIX and HP Internet Express for Tru64 UNIX Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS) CVE-2006-0058›
(
VU# 834865)›
CVE-2006-1173›
(
VU#146718)
IX 6.6
(already shipping)

5.1B-4

SSRT061256 5.1B-4
5.1B-3
5.1A PK6
4.0G PK4
4.0F PK8
25-Apr-07 HP Tru64 UNIX Running the ps command, Local Disclosure of Sensitive Information none 5.1B-5 (target)
SSRT061213 ›
SSRT061239 ›
SSRT071304
5.1B-4
5.1B-3
5.1A PK6
4.0G PK4
4.0F PK8
Insight Mgt Agents patch v 3.6.1

IX v 6.6 customers should install the BIND 9.2.8 patch from the ERP kit appropriate for their base OS  version.

12-Apr-07
Updated
21-June-07
with new 5.1B-4 kit
HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS) SSL:
VU#547300
VU#386964
CAN-2006-4339
CVE-2006-2937
CVE-2006-2940
CVE-2006-3738

BIND:
VU#697164
VU#915404
CVE-2007-0493
CVE-2007-0494

5.1B-5 (target)

IX 6.7

IM Agents patch 3.6.1 (already available)


MD5 checksums are available from the ITRC patch database main page http://www.itrc.hp.com/service/patch/mainPage.do. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.