Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.3202.2
HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches,
Remote Denial of Service (DoS), Unauthorized Access.
1 February 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: HP Network Products
Publisher: Hewlett-Packard
Operating System: Network Appliance
Impact/Access: Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-5434
Original Bulletin:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492
Revision History: February 1 2016: Added Note section in the Vulnerability Summary
December 22 2015: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04779492
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04779492
Version: 3
HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS),
Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-12-18
Last Updated: 2016-01-29
Potential Security Impact: Remote Denial of Service (DoS), unauthorized
access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HPE Networking
Products. This is a Virtual routing and forwarding (VRF) hopping
vulnerability that could be exploited remotely resulting in Denial of Service
(DoS) or unauthorized access.
Note: This vulnerability could be exploited remotely as a result of the
following network interface conditions:
VRF (Virtual Routing and Forwarding) is enabled.
MPLS (Multiprotocol Label Switching) is disabled.
MPLS-labeled packets are received that match FIB (Forwarding Information
Base) entries.
When all the above conditions exist, the interface could incorrectly forward
the MPLS-labeled packets.
References:
CVE-2015-5434
SSRT102034
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
section below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-5434 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett Packard Enterprise Company thanks G. Geshev from MWR Labs. for
reporting this issue to security-alert@hpe.com
RESOLUTION
HP has provided the following software updates to resolve the vulnerability
in the HP Networking products listed.
Family
Fixed Version
HP Branded Products Impacted
H3C Branded Products Impacted
MSR20 (Comware 5)
R2514P01 or later
JD432A HP A-MSR20-21 Router
JD662A HP MSR20-20 Router
JD663A HP A-MSR20-21 Router
JD663B HP MSR20-21 Router
JD664A HP MSR20-40 Router
JF228A HP MSR20-40 Router
JF283A) HP MSR20-20 Router
N/A
MSR20-1X (Comware 5)
R2514P01 or later
JD431A HP MSR20-10 Router
JD667A HP MSR20-15 IW Multi-Service Router
JD668A HP MSR20-13 Multi-Service Router
JD669A HP MSR20-13 W Multi-Service Router
JD670A HP MSR20-15 A Multi-Service Router
JD671A HP MSR20-15 AW Multi-Service Router
JD672A HP MSR20-15 I Multi-Service Router
JD673A HP MSR20-11 Multi-Service Router
JD674A HP MSR20-12 Multi-Service Router
JD675A HP MSR20-12 W Multi-Service Router
JD676A HP MSR20-12 T1 Multi-Service Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
JG209A HP MSR20-12-T-W Router (NA)
JG210A HP MSR20-13-W Router (NA)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-11 (0235A31V)
H3C MSR 20-12 (0235A32E)
H3C MSR 20-12 T1 (0235A32B)
H3C MSR 20-13 (0235A31W)
H3C MSR 20-13 W (0235A31X)
H3C MSR 20-15 A (0235A31Q)
H3C MSR 20-15 A W (0235A31R)
H3C MSR 20-15 I (0235A31N)
H3C MSR 20-15 IW (0235A31P)
H3C MSR20-12 W (0235A32G)
MSR 30 (Comware 5)
R2514P01 or later
JD654A HP MSR30-60 POE Multi-Service Router
JD657A HP MSR30-40 Multi-Service Router
JD658A HP MSR30-60 Multi-Service Router
JD660A HP MSR30-20 POE Multi-Service Router
JD661A HP MSR30-40 POE Multi-Service Router
JD666A HP MSR30-20 Multi-Service Router
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF232A HP RTMSR3040-AC-OVSAS-H3
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)
H3C MSR 30-20 (0235A19L)
H3C MSR 30-20 POE (0235A239)
H3C MSR 30-40 (0235A20J)
H3C MSR 30-40 POE (0235A25R)
H3C MSR 30-60 (0235A20K)
H3C MSR 30-60 POE (0235A25S)
H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
MSR 30-16 (Comware 5)
R2514P01 or later
JD659A HP MSR30-16 POE Multi-Service Router
JD665A HP MSR30-16 Multi-Service Router
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
H3C MSR 30-16 (0235A237)
H3C MSR 30-16 POE (0235A238)
MSR 30-1X (Comware 5)
R2514P01 or later
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
2FE 2SIC 1XMIM 256DDR (0235A39H)
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
MSR 50 (Comware 5)
R2514P01 or later
JD433A HP MSR50-40 Router
JD653A HP MSR50 Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR5040-DCOVS-H3C (0235A20P)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
MSR 50-G2 (Comware 5)
R2514P01 or later
JD429A HP MSR50 G2 Processor Module
JD429B HP MSR50 G2 Processor Module
H3C H3C MSR 50 Processor Module-G2 (0231A84Q)
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD
(0231A0KL)
MSR 9XX (Comware 5)
R2514P01 or later
JF812A HP MSR900 Router
JF813A HP MSR920 Router
JF814A HP MSR900-W Router
JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
JG207A HP MSR900-W Router (NA)
JG208A HP MSR920-W Router (NA)
H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b
(0235A0C2)
H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)
H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)
H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)
MSR 93X (Comware 5)
R2514P01 or later
JG512A HP MSR930 Wireless Router
JG513A HP MSR930 3G Router
JG514A HP MSR931 Router
JG515A HP MSR931 3G Router
JG516A HP MSR933 Router
JG517A HP MSR933 3G Router
JG518A HP MSR935 Router
JG519A HP MSR935 Wireless Router
JG520A HP MSR935 3G Router
JG531A HP MSR931 Dual 3G Router
JG596A HP MSR930 4G LTE/3G CDMA Router
JG597A HP MSR936 Wireless Router
JG665A HP MSR930 4G LTE/3G WCDMA Global Router
JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
N/A
MSR1000 (Comware 5)
R2514P01 or later
JG732A HP MSR1003-8 AC Router
N/A
MSR20 RU (Comware 5 Low Encryption SW)
R2514L03 or later
JD663B HP MSR20-21 Router
JF228A HP MSR20-40 Router
JF283A HP MSR20-20 Router
H3C RT-MSR2020-AC-OVS-H3C (0235A324)
H3C RT-MSR2040-AC-OVS-H3 (0235A326)
MSR20-1X RU (Comware 5 Low Encryption SW)
R2514L03 or later
JD431A HP MSR20-10 Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
H3C MSR 20-10 (0235A0A7)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-A-H3 (0235A392)
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2011-AC-OVS-H3 (0235A395)
H3C RT-MSR2013-AC-OVS-H3 (0235A390)
H3C RT-MSR2012-AC-OVS-H3 (0235A396)
H3C RT-MSR2012-TAC-OVS-H3 (0235A398)
H3C RT-MSR2012-AC-OVS-W-H3 (0235A397)
H3C RT-MSR2013-AC-OVS-W-H3 (0235A391)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
MSR30 RU (Comware 5 Low Encryption SW)
R2514L03 or later
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
MSR30-16 RU (Comware 5 Low Encryption SW)
R2514L03 or later
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
MSR30-1X RU (Comware 5 Low Encryption SW)
R2514L03 or later
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
MSR50 RU(Comware 5 Low Encryption SW)
R2514L03 or later
JD433A HP MSR50-40 Router
JD653A HP MSR50Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR 50 Processor Module (0231A791)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR5040-DCOVS-H3C (0235A20P)
MSR50 G2 RU (Comware 5 Low Encryption SW)
R2514L03 or later
JD429B HP MSR50 G2 Processor Module
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD
(0231A0KL)
12500 (Comware 5)
R1829 or later
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
JC072B HP 12500 Main Processing Unit
JC808A HP 12500 TAA Main Processing Unit
H3C S12508 Routing Switch (AC-1) (0235A0GE)
H3C S12518 Routing Switch (AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
H3C 12508 DC Switch Chassis (0235A38L)
H3C 12518 DC Switch Chassis (0235A38K)
9500E (Comware 5)
R1829 or later
JC124A HP A9508 Switch Chassis
JC124B HP 9505 Switch Chassis
JC125A HP A9512 Switch Chassis
JC125B HP 9512 Switch Chassis
JC474A HP A9508-V Switch Chassis
JC474B HP 9508-V Switch Chassis
H3C S9505E Routing-Switch Chassis (0235A0G6)
H3C S9512E Routing-Switch Chassis (0235A0G7)
H3C S9508E-V Routing-Switch Chassis (0235A38Q)
H3C S9505E Chassis w/ Fans (0235A38P)
H3C S9512E Chassis w/ Fans (0235A38R)
12500 (Comware 7)
R7375 or later
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
JC072B HP 12500 Main Processing Unit
JG497A HP 12500 MPU w/Comware V7 OS
JG782A HP FF 12508E AC Switch Chassis
JG783A HP FF 12508E DC Switch Chassis
JG784A HP FF 12518E AC Switch Chassis
JG785A HP FF 12518E DC Switch Chassis
JG802A HP FF 12500E MPU
JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis
JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis
JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis
JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis
JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module
JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module
JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module
JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module
JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module
JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module
JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module
JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module
JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module
JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module
JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module
JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module
JG798A HP FlexFabric 12508E Fabric Module
H3C S12508 Routing Switch (AC-1) (0235A0GE)
H3C S12518 Routing Switch (AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
H3C 12508 DC Switch Chassis (0235A38L)
H3C 12518 DC Switch Chassis (0235A38K)
10500 (Comware 7)
R7168 or later
JC611A HP 10508-V Switch Chassis
JC612A HP 10508 Switch Chassis
JC613A HP 10504 Switch Chassis
JC748A HP 10512 Switch Chassis
JG820A HP 10504 TAA Switch Chassis
JG821A HP 10508 TAA Switch Chassis
JG822A HP 10508-V TAA Switch Chassis
JG823A HP 10512 TAA Switch Chassis
JG496A HP 10500 Type A MPU w/Comware v7 OS
JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module
JH192A HP 10500 48-port Gig-T (RJ45) SE Module
JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module
JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module
JH195A HP 10500 6-port 40GbE QSFP+ EC Module
JH196A HP 10500 2-port 100GbE CFP EC Module
JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module
N/A
5900 (Comware 7)
R2422P01 or later
JC772A HP 5900AF-48XG-4QSFP+ Switch
JG336A HP 5900AF-48XGT-4QSFP+ Switch
JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
JG838A HP FF 5900CP-48XG-4QSFP+ Switch
JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
N/A
5920 (Comware 7)
R2422P01 or later
JG296A HP 5920AF-24XG Switch
JG555A HP 5920AF-24XG TAA Switch
N/A
MSR1000 (Comware 7)
R0304P02 or later
JG875A HP MSR1002-4 AC Router
JH060A HP MSR1003-8S AC Router
N/A
MSR2000 (Comware 7)
R0304P02 or later
JG411A HP MSR2003 AC Router
JG734A HP MSR2004-24 AC Router
JG735A) HP MSR2004-48 Router
JG866A HP MSR2003 TAA-compliant AC Router
N/A
MSR3000 (Comware 7)
R0304P02 or later
JG404A HP MSR3064 Router
JG405A HP MSR3044 Router
JG406A HP MSR3024 AC Router
JG407A HP MSR3024 DC Router
JG408A HP MSR3024 PoE Router
JG409A HP MSR3012 AC Router
JG410A HP MSR3012 DC Router
JG861A HP MSR3024 TAA-compliant AC Router
N/A
MSR4000 (Comware 7)
R0304P02 or later
JG402A HP MSR4080 Router Chassis
JG403A HP MSR4060 Router Chassis
JG412A HP MSR4000 MPU-100 Main Processing Unit
JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
N/A
VSR (Comware 7)
E0321 or later
JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
JG811AAE HP VSR1001 Comware 7 Virtual Services Router
JG812AAE HP VSR1004 Comware 7 Virtual Services Router
JG813AAE HP VSR1008 Comware 7 Virtual Services Router
N/A
5930 (Comware 7)
R2422P01 or later
JG726A HP FlexFabric 5930 32QSFP+ Switch
JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
JH179A HP FlexFabric 5930 4-slot Switch
JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
N/A
HSR6602 (Comware 7)
R7103P05 or later
JG353A HP HSR6602-G Router
JG354A HP HSR6602-XG Router
JG776A HP HSR6602-G TAA-compliant Router
JG777A HP HSR6602-XG TAA-compliant Router
N/A
HSR6800 (Comware 7)
R7103P05 pr later
JG361A HP HSR6802 Router Chassis
JG361B HP HSR6802 Router Chassis
JG362A HP HSR6804 Router Chassis
JG362B HP HSR6804 Router Chassis
JG363A HP HSR6808 Router Chassis
JG363B HP HSR6808 Router Chassis
JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit
N/A
HISTORY
Version:1 (rev.1) - 18 December 2015 Initial Release
Version:2 (rev.2) - 12 January 2016 Changed name of fix R2422 to R2422P01
Version:3 (rev.3) - 29 January 2016 Added Note section in the Vulnerability
Summary
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJWq9bRAAoJEGIGBBYqRO9/SZgH/jR3sYXQXaNXUT3barkmxeIz
YfdrrBda6xUECJ4jASbbcPQRPB9v0rBdMG0xtX/y49TkTIBDPoqDygrY+imZQQ5n
rMSeLBa3+ZlsgBE9PZ3stOOR261CgP3Iymp5NJvVeFYPV8XKhcS+Zne81SSoiLqp
HpZIzQX90vZ0Oz4hXmdP2A/1yK8kjSFIe4eSTb8DdlqYtgPqqgIaY4UT8U56LrQG
FU8Q6StuZH9eOIehTkmi9nTN4fn87+NR46d16yXRTL9MHAr2gpq8mr1DRX88mTNf
/ZjYJHv1bES250S6jJZsf06BTKQwLeRg11EWpK4pYycV2emOsA11qVCZiblSSfc=
=NEGF
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVq6Wi36ZAP0PgtI9AQILIQ//R+dec2qdPmQNK9YF2vpa19De8VbOkv10
o9/IdswiNVv/av1cM8ld7W2D0qQq5LDFgsRvbozVVSCbc8gxit4dH3bsnSZoF4H+
Lu9fwYIEDj/lBAr5NGqCCjXsXnVDdDUA9XVNbC7LV7F27Ha71XEg6hR01Tt2+glF
zwLYB5Vqs8TuJaSWsDO6Y3ovBPnbAt9ybGnX1rynulGVHThhV+dRa0aptRdPyvCY
Bor7ANyxa2/SBIaLdt5F13W0pI+DeVER11F8CS/NnCL4ir3p+dpTmCvIv9I1UWzB
LmSG16TAfxo6vzZLWmJz2K7T3VMruOBQgCr74JyyXmwDOfzc2gewWUIIWlzt8qUL
EN5KdqbiQjWcbrNPa+ISJGYQ40qzIGP6yQezelGqCqowRQKAQ7q/kSsGHNmjp/em
HsZXwzqQGPDyb/nPmLKWhgJIx+2JGWooRMQ9vtFjA9XzPQ3XKtrqdFG78nu0ILHt
Kr6Tw1a3zvkuacLN4VYF6vnYt7Wp85yLx546H1SaYrQ/wUJm/s/DdxDLbRZ2/Xfr
Rsn1ApJrXk3s1t9IPtzpE+Tu7HW0S3NMH1RqPt0RbGrmLMAn+g2vxKTk2kVotAUn
nJjmvjL4tmy1By9QAFhHVYQsp5pYle3fHi3QHrpz+UrhHWYfeSYvdAvX5GBpUUPE
TliFF3H1fBA=
=t9Cj
-----END PGP SIGNATURE-----