15 Apr
2014
15 Apr
'14
3:19 p.m.
On 15 Apr 2014, at 11:39 am, Dan Gahlinger <dgahling at hotmail.com> wrote:
If you haven't heard about the openssl exploit
yet, you haven't been reading the news
I'm just wondering if it applies to openvms (or alpha) or other classic systems?
And if it does, is there going to be a bugfix for this?
OpenVMS is not vulnerable if you are using the HP provided OpenSSL libraries. If you go to
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html you will see that the OpenVMS
OpenSSL is based on version 0.9.8y and is not vulnerable. If you have products that use
OpenSSL running on OpenVMS you need to check that they haven?t baked in a different
version of OpenSSL which might be vulnerable. I am aware of at least one such product?
Huw Davies | e-mail: Huw.Davies at kerberos.davies.net.au
Melbourne | "If soccer was meant to be played in the
Australia | air, the sky would be painted green"