NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > HP/HP-UX Digests> 2004-q2

HP-UX security bulletins digest

From: IT Resource Center (support_feedbackus-support2-mail.external.hp.com)
Date: Tue Apr 13 2004 - 09:10:26 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

HP Support Information Digests

===============================================================================
o Security Bulletin Digest Split
------------------------------

   The security bulletins digest has been split into multiple digests
   based on the operating system (HP-UX, MPE/iX, and HP Secure OS
   Software for Linux). You will continue to receive all security
   bulletin digests unless you choose to update your subscriptions.

   To update your subscriptions, use your browser to access the
   IT Resource Center on the World Wide Web at:

http://support.itrc.hp.com/

   Under the Maintenance and Support Menu, click on the "more..." link.
   Then use the 'login' link at the left side of the screen to login
   using your IT Resource Center User ID and Password.

Under the notifications section (near the bottom of the page), select
Support Information Digests.

   To subscribe or unsubscribe to a specific security bulletin digest,
   select or unselect the checkbox beside it. Then click the
   "Update Subscriptions" button at the bottom of the page.

o IT Resource Center World Wide Web Service
---------------------------------------------------

   If you subscribed through the IT Resource Center and would
   like to be REMOVED from this mailing list, access the
   IT Resource Center on the World Wide Web at:

http://support.itrc.hp.com/

   Login using your IT Resource Center User ID and Password.
   Then select Support Information Digests (located under
   Maintenance and Support). You may then unsubscribe from the
   appropriate digest.
===============================================================================

Digest Name: daily HP-UX security bulletins digest
Created: Tue Apr 13 8:00:02 EDT 2004

Table of Contents:

Document ID Title
--------------- -----------
HPSBUX0402-313 New Mailing List for Security Bulletins Rev.2

The documents are listed below.
-------------------------------------------------------------------------------

Document ID: HPSBUX0402-313
Date Loaded: 20040412
Title: New Mailing List for Security Bulletins Rev.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----------------------------------------------------------------
**REVISED 02**
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0402-313
Originally issued: 23 February 2004
Last revised: 12 April 2004
New Mailing List for Security Bulletins Rev.2
-----------------------------------------------------------------

NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact.

The information in the following Security Bulletin should be
acted upon as soon as possible. Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in this
Security Bulletin as soon as possible.

-----------------------------------------------------------------
PROBLEM: The current security bulletin mailing list has been
replaced.

IMPACT: Those wishing to receive information on new security
bulletins should subscribe to the new mailing list.

PLATFORM: N/A

SOLUTION: If you wish to continue receiving notification of
          security bulletins, please register through
          Subscriber's Choice. Please refer to the instructions
          below.
-----------------------------------------------------------------
A. Background

HP Security Bulletins and Subscriber's Choice

Summary:

1. Subscriber's Choice is now delivering all Security
Bulletin notifications.

2. Notification of Security Bulletin HPSBUX0306-266 and others
have been sent to the Subscriber's Choice mailing list.

  3. If you have not received notification of HPSBUX0306-266 or
     any other bulletins via Subscriber's Choice please check your
     Subscriber's Choice subscription.

  4. If your subscription is correct and you have not received
     any notifications, please make sure that you have not opted
     out of Email notifications from HP under HP's Privacy Policy.

Details:

Subscriber's Choice is now delivering all notifications
of new and revised HP Security Bulletins. The old ITRC
Security Bulletin Digest mailing list will no longer
be used. Everyone registered to receive HP-UX Security
Bulletin notifications through Subscriber's Choice
should have received the following notification:

From: Hewlett-Packard [us-newsyour.hp.com]
Subject: Your Daily HP Driver and Support Alert/Notification

HP-UX security bulletins digest
Content type: Security Bulletin
OS: HP-UX
Release date: Fri Mar 19 7:05:02 EST 2004
URL:
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0306-266

Document ID: HPSBUX0306-266
Title: SSRT3487 Rev.1 remote denial of service in tftpd

If the above Subscriber's Choice notification was not
received on or about March 19th then you must verify
your subscription and profile. With reference to HP's
Privacy Policy, please make sure that you have not
'opted out' of receiving any notifications from HP.

Since March 19th notifications of several other bulletins have
been sent to the Subscriber's Choice mailing list, including
the following:

HPSBTU01000 - SSRT3674 rev.0 Tru64 UNIX IPsec/IKE Potential
HPSBUX01002 - SSRT4688 rev.0 HP-UX rpc.ypupdated remote unauth.
access
HPSBMA01003 - SSRT4679 rev.0 HP Web-enabled Management
HPSBGN01004 - SSRT3614 HP OpenCall Multiservice Controller (OCMC) DoS
HPSBUX01006 - SSRT2320 rev.0 HP-UX elevated privileges related
HPSBPI01007 - SSRT4700 rev.0 HP Web Jetadmin denial of service
HPSBGN01009 - SSRT4726 rev.0 Carrier Grade Invalid LAN Management
HPSBMA01010 - SSRT4727 rev.0 OpenView Operations remote

Please refer to the instructions and information below.

SUBSCRIBE:To initiate a subscription to receive future
HP Security Bulletins via Email:

<http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA
&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC>

On the web page:
  "Driver and Support Alerts/Notifications Sign-up:
  Product Selection"
   Under "Step 1: your products"
      1. Select product category:
          a minimum of "servers" must be selected.
      2. Select product family or search:
          a minimum of one product must be selected.
      3. Add a product:
          a minimum of one product must be added.
    In "Step 2: your operating system(s)"
          check ALL operating systems for which alerts
          are required.
   Complete the form and "Save".

UPDATE:To update an existing subscription:

<http://h30046.www3.hp.com/subSignIn.php>

  Log in on the web page
   "Subscriber's choice for Business: sign-in"
  On the Web page:
   "Subscriber's Choice: your profile summary"
      use "Edit Profile" to update appropriate sections.

Note: In addition to the individual alerts/notifications for
the selected operating systems/products, subscribers will
automatically receive one copy of alerts for non-operating
system categories (i.e., a subscriber who signs up for all
six operating system alerts will only receive one copy of
all the non-operating system alerts).

HP is committed to respecting your privacy. For specific
guidelines, please read HP's Privacy Policy.
http://thenew.hp.com/country/us/eng/privacy_intent.html

HP Privacy Mailbox, 20555 SH 249, MS 040307, Houston, Texas 77070

B. Recommended solution

Please refer to the information above.

C. The PGP key used to sign this bulletin is available from
several PGP Public Key servers. The key identification
information is:

       2D2A7D59
       HP Security Response Team (Security Bulletin signing only)
       <security-alerthp.com>
       Fingerprint =
         6002 6019 BFC1 BC62 F079 862E E01F 3AFC 2D2A 7D59

    If you have problems locating the key please write to
    security-alerthp.com. Please note that this key is
    for signing bulletins only and is not the key returned
    by sending 'get key' to security-alerthp.com.

D. To report new security vulnerabilities, send email to

security-alerthp.com

    Please encrypt any exploit information using the
    security-alert PGP key, available from your local key
    server, or by sending a message with a -subject- (not body)
    of 'get key' (no quotes) to security-alerthp.com.

-----------------------------------------------------------------

(c)Copyright 2004 Hewlett-Packard Company
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of HP products referenced
herein are trademarks and/or service marks of Hewlett-Packard
Company. Other product and company names mentioned herein may be
trademarks and/or service marks of their respective owners.

________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com

iQA/AwUBQHrw/uAfOvwtKn1ZEQJQFwCeJDBtL+TzKZTgCK7XAF/35Lx4iKkAoJGX
nSXk/83MQwXnrFqegy3Jtcw/
=JQiI
-----END PGP SIGNATURE-----
-----End of Document ID: HPSBUX0402-313--------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]