paoloc1 wrote:
Our 3par SP's are currently running under the (latest?) 5.0.9.2 revision. However the underlying version of Debian 9.6 has been unsupported since 6.7.20. HPE previously told us that "a fix is in the works and slated for mid-year, in a new major release” (which, we're presuming, would involve include an upgrade to Debian Linux 10.x)
Is anyone aware of when the next release will be, as now being chased by our security team regarding when we'll have a fix for the increasing number of high vulnerabilities associated with our 3par SP's ?
I might be looking at this from another point of view.
Why do you care about when Debian 9.6 stopped being maintained? The Service Processor (like SSMC) is an appliance. You are not maintaining the underlying operating system. From every point of view, SP 5.0.9.2 is supported. You're not running Debian 9.6, you are running an appliance based (loosely or not) on Debian 9.6 but with a number of modifications.
What at least I would care about is vulnerabilities that is exploitable on the Service Processor. What vulnerabilties are your security team worried about? Last time I ran a scanner on one of my SPs it didn't find any vulnerabilities. It threw a warning about one CVE but when I tried to use the exploit it didn't work, most likely because the exploitable service was disabled or locked down so it couldn't be used.