Remote disclosure of information
The “Heartbleed” vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP products. This bulletin’s objective is to notify HP customers about certain HP Thin Client class of products affected by the “Heartbleed” vulnerability. HP will continue to release additional bulletins advising customers about other HP products
> note:
>
> The “Heartbleed” vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software.
HP has released a patch to address this vulnerability for the impacted versions HP ThinPro OS version 4.4 and HP Smart Zero Core Services version 4.4.
The patch is available here: <ftp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/openssl-service-pack-1.0-all-4.4-x86.xar>