TITLE: HP System Management Homepage VERSION: 184.108.40.206 Rev. A DESCRIPTION: This package contains the HP System Management Homepage for the supported Blade Workstation models and the supported operating systems. PURPOSE: Recommended SOFTPAQ NUMBER: SP35498 SUPERSEDES: SP34626 EFFECTIVE DATE: April 3, 2007 CATEGORY: Software - System Management SSM SUPPORTED: No PRODUCT TYPE(S): Workstations HARDWARE PRODUCT MODEL(S): HP ProLiant xw25p Blade Workstation: All Models HP ProLiant xw460c Blade Workstation: All Models SOFTWARE PRODUCT(S): None OPERATING SYSTEM(S): Microsoft Windows XP Professional LANGUAGE(S): Global ENHANCEMENTS: - Updates the OpenSSL and PHP libraries. FIXES: - Fixes issue with OpenSSL 0.9.7 before 0.9.7l, and 0.9.8 before 0.9.8d, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. - Fixes issue with OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions, which allows attackers to cause a denial of serivce (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. - Fixes buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier verisons, which has an unspecified impact and remote attack vectors involving a long list of ciphers. - Fixes issue with the get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions, which allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. - Fixes an issue with OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c when using an RSA key with exponent 3, that removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS#1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. - Fixes an off-by-one error in the LDAP scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46, and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. PREREQUISITES: None INSTALLATION INSTRUCTIONS: 1. Download the SoftPaq .EXE file to a directory on your hard drive. 2. Execute the downloaded file and follow the on-screen instructions. Copyright (c) 2007 Hewlett-Packard Development Company, L.P.