Logjam in patch pipeline cleared at last
HP Enterprise has popped into its Tardis, and gone back in time to patch OpenSSL bugs dating back to 2014 – including the infamous Logjam bug.
The bugs are in various network products: Intelligent Management Center (iMC), the VCX unified communications products, and the Comware network operating system.

The company’s notice cites Common Vulnerability and Exposure (CVE) advisories CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-1793.
Most of those are Logjam-related; the last is an alternate chains certificate forgery bug.

The 2014 CVE was reported in March of that year, but its association with Logjam didn’t emerge until June 2015.
Logjam was described by security researchers in May 2015, and rolling out patches has been a long, slow slog for vendors. ®

Leave a Reply