TITLE: HP System Management Homepage

VERSION: 2.1.7.168 Rev. A
DESCRIPTION:
This package contains the HP System Management Homepage for the supported Blade 
Workstation models and the supported operating systems. 

PURPOSE: Recommended
SOFTPAQ NUMBER: SP35498
SUPERSEDES: SP34626
EFFECTIVE DATE: April 3, 2007
CATEGORY: Software - System Management
SSM SUPPORTED: No

PRODUCT TYPE(S):
Workstations

HARDWARE PRODUCT MODEL(S):
HP ProLiant xw25p Blade Workstation: All Models
HP ProLiant xw460c Blade Workstation: All Models

SOFTWARE PRODUCT(S):
None

OPERATING SYSTEM(S): 
Microsoft Windows XP Professional

LANGUAGE(S): 
Global

ENHANCEMENTS: 
- Updates the OpenSSL and PHP libraries.

FIXES: 
- Fixes issue with OpenSSL 0.9.7 before 0.9.7l, and 0.9.8 before 0.9.8d, which 
allows remote attackers to cause a denial of service (infinite loop and memory 
consumption) via malformed ASN.1 structures that trigger an improperly handled 
error condition. 

- Fixes issue with OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and 
earlier versions, which allows attackers to cause a denial of serivce (CPU 
consumption) via parasitic public keys with large (1) "public exponent" or (2) 
"public modulus" values in X.509 certificates that require extra time to 
process when using RSA signature verification. 

- Fixes buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 
before 0.9.7l, 0.9.8 before 0.9.8d, and earlier verisons, which has an 
unspecified impact and remote attack vectors involving a long list of ciphers. 


- Fixes issue with the get_server_hello function in the SSLv2 client code in 
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions, which 
allows remote servers to cause a denial of service (client crash) via unknown 
vectors that trigger a null pointer dereference. 

- Fixes an issue with OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 
before 0.9.8c when using an RSA key with exponent 3, that removes PKCS-1 
padding before generating a hash, which allows remote attackers to forge a 
PKCS#1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from 
correctly verifying X.509 and other certificates that use PKCS #1. 

- Fixes an off-by-one error in the LDAP scheme handling in the Rewrite module 
(mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46, and other versions before 
2.0.59, and 2.2, when RewriteEngine is enabled, which allows remote attackers 
to cause a denial of service (application crash) and possibly execute arbitrary 
code via crafted URLs that are not properly handled using certain rewrite 
rules.

PREREQUISITES: 
None

INSTALLATION INSTRUCTIONS: 
1. Download the SoftPaq .EXE file to a directory on your hard drive.

2. Execute the downloaded file and follow the on-screen instructions.


Copyright (c) 2007 Hewlett-Packard Development Company, L.P.