hp-support-head-portlet

操作
正在装入...
HP 客户支持 - 知识库

hp-contact-secondary-navigation-portlet

操作
正在装入...

hp-share-print-widget-portlet

操作
正在装入...

hp-concentra-wrapper-portlet

操作
正在装入...

SUPPORT COMMUNICATION- 資訊安全公告

文件 ID: c04631698

版本: 1

HPSBHF03289 rev.1 - 執行 ThinPro Linux 的 HP 精簡型電腦電腦,遠端程式碼執行、阻斷服務、資訊揭露

Notice:: The information in this security bulletin should be acted upon as soon as possible.

发布日期 : 07-Apr-2015

最近更新 : 10-Apr-2015

Potential Security Impact:
遠端程式碼執行、阻斷服務、資訊揭露

漏洞简介
已發現 HP ThinPro Linux 存在潛在安全性漏洞。這是稱為「GHOST」的 glibc 漏洞,它可被遠端利用,以執行任意程式碼。 此更新也解決 SSL 中的的其他漏洞,這些漏洞可造成遠端阻斷服務、資訊揭露與其他漏洞。
参考编号
  • CVE-2015-0235 (SSRT101953)
  • CVE-2014-3569
  • CVE-2014-3570
  • CVE-2014-3571
  • CVE-2014-3572
  • CVE-2014-8275
  • CVE-2015-0204
  • CVE-2015-0205
  • CVE-2015-0206
支持软件版本*: 只列出受影响的版本。
  • HP ThinPro Linux (x86) v5.1
  • HP ThinPro Linux (x86) v5.0
  • HP ThinPro Linux (x86) v4.4
  • HP ThinPro Linux (x86) v4.3
  • HP ThinPro Linux (x86) v4.2
  • HP ThinPro Linux (x86) v4.1
  • HP ThinPro Linux (ARM) v4.4
  • HP ThinPro Linux (ARM) v4.3
  • HP ThinPro Linux (ARM) v4.2
  • HP ThinPro Linux (ARM) v4.1
后台
CVSS 2.0 基本指標
參考
基本向量
基本評分
CVE-2014-3569
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2014-3570
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5.0
CVE-2014-3571
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2014-3572
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
5.0
CVE-2014-8275
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
5.0
CVE-2015-0204
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
5.0
CVE-2015-0205
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
5.0
CVE-2015-0206
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5.0
CVE-2015-0235
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
10.0
CVSS 相關資訊請見 HP 客戶通知: HPSN-2008-002
解决方案
協力廠商安全性修補程式: 套用要安裝在執行 HP 軟體產品之系統上的協力廠商安全性修補程式時,請務必遵循客戶的修補程式管理原則。
支援: 如有執行本「資訊安全公告」所提建議事項的相關問題,請聯絡一般 HP 服務支援管道。 有關「資訊安全公告」內容的其他問題,請將電子郵件傳送到 security-alert@hp.com。
報告: 若要通報任何 HP 支援產品的潛在安全性漏洞,請寄電子郵件至: security-alert@hp.com
訂閱: 若要啟始訂閱以便透過電子郵件接收日後發佈的「HP 資訊安全公告」,請至: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
資訊安全公告存檔: 近期發佈的「資訊安全公告」可在這裡取得: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive
軟體產品類別: 「軟體產品類別」在標題中,以 HPSB 之後的兩個字元來表示。
3C = 3COM
3P = 協力廠商軟體
GN = HP 一般軟體
HF = HP 硬體與韌體
MP = MPE/iX
MU = 多平台軟體
NS = NonStop 伺服器
OV = OpenVMS
PI = 列印與影像處理
PV = ProCurve
ST = 儲存軟體
TU = Tru64 UNIX
UX = HP-UX
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

HP Inc. shall not be liable for technical or editorial errors or omissions contained herein.The information provided is provided "as is" without warranty of any kind.To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restorationThe information in this document is subject to change without notice.HP Inc. and the names of HP products referenced herein are trademarks of HP Inc. in the United States and other countries.Other product and company names mentioned herein may be trademarks of their respective owners.

hp-feedback-input-portlet

操作
正在装入...

hp-feedback-banner-portlet

操作
正在装入...

hp-country-locator-portlet

操作
正在装入...
国家/地区: 中国

hp-detect-load-my-device-portlet

操作
正在装入...