New Mailing List for HP Security Bulletins Rev.2

From: Security Alert (secure_at_cup.hp.com)
Date: 04/13/04

  • Next message: Ewoki: "Intruder lock on Linux" 
    Date: 13 Apr 2004 10:49:54 -0700

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     -----------------------------------------------------------------
    **REVISED 02**
     Source: HEWLETT-PACKARD COMPANY
     SECURITY BULLETIN: HPSBUX0402-313
     Originally issued: 23 February 2004
     Last revised: 12 April 2004
     New Mailing List for Security Bulletins Rev.2
     -----------------------------------------------------------------

    NOTICE: There are no restrictions for distribution of this
    Bulletin provided that it remains complete and intact.

    The information in the following Security Bulletin should be
    acted upon as soon as possible. Hewlett-Packard Company will
    not be liable for any consequences to any customer resulting
    from customer's failure to fully implement instructions in this
    Security Bulletin as soon as possible.

     -----------------------------------------------------------------
    PROBLEM: The current security bulletin mailing list has been
             replaced.

    IMPACT: Those wishing to receive information on new security
            bulletins should subscribe to the new mailing list.

    PLATFORM: N/A

    SOLUTION: If you wish to continue receiving notification of
              security bulletins, please register through
              Subscriber's Choice. Please refer to the instructions
              below.
     -----------------------------------------------------------------
     A. Background

    HP Security Bulletins and Subscriber's Choice

    Summary:

      1. Subscriber's Choice is now delivering all Security
         Bulletin notifications.

      2. Notification of Security Bulletin HPSBUX0306-266 and others
         have been sent to the Subscriber's Choice mailing list.

      3. If you have not received notification of HPSBUX0306-266 or
         any other bulletins via Subscriber's Choice please check your
         Subscriber's Choice subscription.

      4. If your subscription is correct and you have not received
         any notifications, please make sure that you have not opted
         out of Email notifications from HP under HP's Privacy Policy.

    Details:

    Subscriber's Choice is now delivering all notifications
    of new and revised HP Security Bulletins. The old ITRC
    Security Bulletin Digest mailing list will no longer
    be used. Everyone registered to receive HP-UX Security
    Bulletin notifications through Subscriber's Choice
    should have received the following notification:

    From: Hewlett-Packard [us-news@your.hp.com]
    Subject: Your Daily HP Driver and Support Alert/Notification

    HP-UX security bulletins digest
    Content type: Security Bulletin
    OS: HP-UX
    Release date: Fri Mar 19 7:05:02 EST 2004
    URL:
    http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0306-266

    Document ID: HPSBUX0306-266
    Title: SSRT3487 Rev.1 remote denial of service in tftpd

    If the above Subscriber's Choice notification was not
    received on or about March 19th then you must verify
    your subscription and profile. With reference to HP's
    Privacy Policy, please make sure that you have not
    'opted out' of receiving any notifications from HP.

    Since March 19th notifications of several other bulletins have
    been sent to the Subscriber's Choice mailing list, including
    the following:

    HPSBTU01000 - SSRT3674 rev.0 Tru64 UNIX IPsec/IKE Potential
    HPSBUX01002 - SSRT4688 rev.0 HP-UX rpc.ypupdated remote unauth.
    access
    HPSBMA01003 - SSRT4679 rev.0 HP Web-enabled Management
    HPSBGN01004 - SSRT3614 HP OpenCall Multiservice Controller (OCMC) DoS
    HPSBUX01006 - SSRT2320 rev.0 HP-UX elevated privileges related
    HPSBPI01007 - SSRT4700 rev.0 HP Web Jetadmin denial of service
    HPSBGN01009 - SSRT4726 rev.0 Carrier Grade Invalid LAN Management
    HPSBMA01010 - SSRT4727 rev.0 OpenView Operations remote

    Please refer to the instructions and information below.

    SUBSCRIBE:To initiate a subscription to receive future
    HP Security Bulletins via Email:

    <http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA
    &langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC>

    On the web page:
      "Driver and Support Alerts/Notifications Sign-up:
      Product Selection"
       Under "Step 1: your products"
          1. Select product category:
              a minimum of "servers" must be selected.
          2. Select product family or search:
              a minimum of one product must be selected.
          3. Add a product:
              a minimum of one product must be added.
        In "Step 2: your operating system(s)"
              check ALL operating systems for which alerts
              are required.
       Complete the form and "Save".

    UPDATE:To update an existing subscription:

       <http://h30046.www3.hp.com/subSignIn.php>

      Log in on the web page
       "Subscriber's choice for Business: sign-in"
      On the Web page:
       "Subscriber's Choice: your profile summary"
          use "Edit Profile" to update appropriate sections.

    Note: In addition to the individual alerts/notifications for
    the selected operating systems/products, subscribers will
    automatically receive one copy of alerts for non-operating
    system categories (i.e., a subscriber who signs up for all
    six operating system alerts will only receive one copy of
    all the non-operating system alerts).

    HP is committed to respecting your privacy. For specific
    guidelines, please read HP's Privacy Policy.
    http://thenew.hp.com/country/us/eng/privacy_intent.html

    HP Privacy Mailbox, 20555 SH 249, MS 040307, Houston, Texas 77070

     B. Recommended solution

        Please refer to the information above.

     C. The PGP key used to sign this bulletin is available from
        several PGP Public Key servers. The key identification
        information is:

           2D2A7D59
           HP Security Response Team (Security Bulletin signing only)
           <security-alert@hp.com>
           Fingerprint =
             6002 6019 BFC1 BC62 F079 862E E01F 3AFC 2D2A 7D59

        If you have problems locating the key please write to
        security-alert@hp.com. Please note that this key is
        for signing bulletins only and is not the key returned
        by sending 'get key' to security-alert@hp.com.

     D. To report new security vulnerabilities, send email to

        security-alert@hp.com

        Please encrypt any exploit information using the
        security-alert PGP key, available from your local key
        server, or by sending a message with a -subject- (not body)
        of 'get key' (no quotes) to security-alert@hp.com.

     -----------------------------------------------------------------

    (c)Copyright 2004 Hewlett-Packard Company
    Hewlett-Packard Company shall not be liable for technical or
    editorial errors or omissions contained herein. The information
    in this document is subject to change without notice.
    Hewlett-Packard Company and the names of HP products referenced
    herein are trademarks and/or service marks of Hewlett-Packard
    Company. Other product and company names mentioned herein may be
    trademarks and/or service marks of their respective owners.

     ________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com

    iQA/AwUBQHrw/uAfOvwtKn1ZEQJQFwCeJDBtL+TzKZTgCK7XAF/35Lx4iKkAoJGX
    nSXk/83MQwXnrFqegy3Jtcw/
    =JQiI
    -----END PGP SIGNATURE----- 

    --
Yours truly,
HP S/W Security Team
WTEC Cupertino, California
Return-Path: secure@cup.hp.com
Reply-to: security-alert@hp.com
  • Next message: Ewoki: "Intruder lock on Linux"

    Relevant Pages