HPE Community
Operating System - HP-UX
1825771 Members
2045 Online
109687 Solutions
New Discussion

HPSBUX0402-313 New Mailing List for Security Bulletins Rev.2

 
Berlene Herren
Honored Contributor

‎04-13-2004 01:04 AM

‎04-13-2004 01:04 AM

HPSBUX0402-313 New Mailing List for Security Bulletins Rev.2

It's long... but good info

Berlene
HP Support Information Digests

===============================================================================
o Security Bulletin Digest Split
------------------------------

The security bulletins digest has been split into multiple digests
based on the operating system (HP-UX, MPE/iX, and HP Secure OS
Software for Linux). You will continue to receive all security
bulletin digests unless you choose to update your subscriptions.

To update your subscriptions, use your browser to access the
IT Resource Center on the World Wide Web at:

http://support.itrc.hp.com/

Under the Maintenance and Support Menu, click on the "more..." link.
Then use the 'login' link at the left side of the screen to login
using your IT Resource Center User ID and Password.

Under the notifications section (near the bottom of the page), select
Support Information Digests.

To subscribe or unsubscribe to a specific security bulletin digest,
select or unselect the checkbox beside it. Then click the
"Update Subscriptions" button at the bottom of the page.

o IT Resource Center World Wide Web Service
---------------------------------------------------

If you subscribed through the IT Resource Center and would
like to be REMOVED from this mailing list, access the
IT Resource Center on the World Wide Web at:

http://support.itrc.hp.com/

Login using your IT Resource Center User ID and Password.
Then select Support Information Digests (located under
Maintenance and Support). You may then unsubscribe from the
appropriate digest.
===============================================================================


Digest Name: daily HP-UX security bulletins digest
Created: Tue Apr 13 8:00:02 EDT 2004

Table of Contents:

Document ID Title
--------------- -----------
HPSBUX0402-313 New Mailing List for Security Bulletins Rev.2

The documents are listed below.
-------------------------------------------------------------------------------


Document ID: HPSBUX0402-313
Date Loaded: 20040412
Title: New Mailing List for Security Bulletins Rev.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----------------------------------------------------------------
**REVISED 02**
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0402-313
Originally issued: 23 February 2004
Last revised: 12 April 2004
New Mailing List for Security Bulletins Rev.2
-----------------------------------------------------------------

NOTICE: There are no restrictions for distribution of this Bulletin provided that it remains complete and intact.

The information in the following Security Bulletin should be acted upon as soon as possible. Hewlett-Packard Company will not be liable for any consequences to any customer resulting from customer's failure to fully implement instructions in this Security Bulletin as soon as possible.

-----------------------------------------------------------------
PROBLEM: The current security bulletin mailing list has been
replaced.

IMPACT: Those wishing to receive information on new security
bulletins should subscribe to the new mailing list.

PLATFORM: N/A

SOLUTION: If you wish to continue receiving notification of
security bulletins, please register through
Subscriber's Choice. Please refer to the instructions
below.
-----------------------------------------------------------------
A. Background

HP Security Bulletins and Subscriber's Choice

Summary:

1. Subscriber's Choice is now delivering all Security
Bulletin notifications.

2. Notification of Security Bulletin HPSBUX0306-266 and others
have been sent to the Subscriber's Choice mailing list.

3. If you have not received notification of HPSBUX0306-266 or
any other bulletins via Subscriber's Choice please check your
Subscriber's Choice subscription.

4. If your subscription is correct and you have not received
any notifications, please make sure that you have not opted
out of Email notifications from HP under HP's Privacy Policy.

Details:

Subscriber's Choice is now delivering all notifications of new and revised HP Security Bulletins. The old ITRC Security Bulletin Digest mailing list will no longer be used. Everyone registered to receive HP-UX Security Bulletin notifications through Subscriber's Choice should have received the following notification:

From: Hewlett-Packard [us-news@your.hp.com]
Subject: Your Daily HP Driver and Support Alert/Notification

HP-UX security bulletins digest
Content type: Security Bulletin
OS: HP-UX
Release date: Fri Mar 19 7:05:02 EST 2004
URL:
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0306-266

Document ID: HPSBUX0306-266
Title: SSRT3487 Rev.1 remote denial of service in tftpd

If the above Subscriber's Choice notification was not received on or about March 19th then you must verify your subscription and profile. With reference to HP's Privacy Policy, please make sure that you have not 'opted out' of receiving any notifications from HP.

Since March 19th notifications of several other bulletins have been sent to the Subscriber's Choice mailing list, including the following:

HPSBTU01000 - SSRT3674 rev.0 Tru64 UNIX IPsec/IKE Potential
HPSBUX01002 - SSRT4688 rev.0 HP-UX rpc.ypupdated remote unauth.
access
HPSBMA01003 - SSRT4679 rev.0 HP Web-enabled Management
HPSBGN01004 - SSRT3614 HP OpenCall Multiservice Controller (OCMC) DoS
HPSBUX01006 - SSRT2320 rev.0 HP-UX elevated privileges related
HPSBPI01007 - SSRT4700 rev.0 HP Web Jetadmin denial of service
HPSBGN01009 - SSRT4726 rev.0 Carrier Grade Invalid LAN Management HPSBMA01010 - SSRT4727 rev.0 OpenView Operations remote


Please refer to the instructions and information below.

SUBSCRIBE:To initiate a subscription to receive future HP Security Bulletins via Email:

<>&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC>

On the web page:
"Driver and Support Alerts/Notifications Sign-up:
Product Selection"
Under "Step 1: your products"
1. Select product category:
a minimum of "servers" must be selected.
2. Select product family or search:
a minimum of one product must be selected.
3. Add a product:
a minimum of one product must be added.
In "Step 2: your operating system(s)"
check ALL operating systems for which alerts
are required.
Complete the form and "Save".

UPDATE:To update an existing subscription:

<>

Log in on the web page
"Subscriber's choice for Business: sign-in"
On the Web page:
"Subscriber's Choice: your profile summary"
use "Edit Profile" to update appropriate sections.

Note: In addition to the individual alerts/notifications for the selected operating systems/products, subscribers will automatically receive one copy of alerts for non-operating system categories (i.e., a subscriber who signs up for all six operating system alerts will only receive one copy of all the non-operating system alerts).

HP is committed to respecting your privacy. For specific guidelines, please read HP's Privacy Policy.
http://thenew.hp.com/country/us/eng/privacy_intent.html

HP Privacy Mailbox, 20555 SH 249, MS 040307, Houston, Texas 77070




B. Recommended solution

Please refer to the information above.

C. The PGP key used to sign this bulletin is available from
several PGP Public Key servers. The key identification
information is:

2D2A7D59
HP Security Response Team (Security Bulletin signing only)

Fingerprint =
6002 6019 BFC1 BC62 F079 862E E01F 3AFC 2D2A 7D59

If you have problems locating the key please write to
security-alert@hp.com. Please note that this key is
for signing bulletins only and is not the key returned
by sending 'get key' to security-alert@hp.com.


D. To report new security vulnerabilities, send email to

security-alert@hp.com

Please encrypt any exploit information using the
security-alert PGP key, available from your local key
server, or by sending a message with a -subject- (not body)
of 'get key' (no quotes) to security-alert@hp.com.

-----------------------------------------------------------------

(c)Copyright 2004 Hewlett-Packard Company Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice.
Hewlett-Packard Company and the names of HP products referenced herein are trademarks and/or service marks of Hewlett-Packard Company. Other product and company names mentioned herein may be trademarks and/or service marks of their respective owners.

________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com

iQA/AwUBQHrw/uAfOvwtKn1ZEQJQFwCeJDBtL+TzKZTgCK7XAF/35Lx4iKkAoJGX
nSXk/83MQwXnrFqegy3Jtcw/
=JQiI
-----END PGP SIGNATURE-----
-----End of Document ID: HPSBUX0402-313--------------------------------------
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.