New Mailing List for HP Security Bulletins Rev.2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Hash: SHA1

**REVISED 02**
 Originally issued: 23 February 2004
 Last revised: 12 April 2004
 New Mailing List for Security Bulletins Rev.2

NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact.

The information in the following Security Bulletin should be
acted upon as soon as possible.  Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in this
Security Bulletin as soon as possible.

PROBLEM: The current security bulletin mailing list has been

IMPACT: Those wishing to receive information on new security
        bulletins should subscribe to the new mailing list.


SOLUTION: If you wish to continue receiving notification of
          security bulletins, please register through
          Subscriber's Choice.  Please refer to the instructions
 A. Background

HP Security Bulletins and Subscriber's Choice


  1. Subscriber's Choice is now delivering all Security
     Bulletin notifications.

  2. Notification of Security Bulletin HPSBUX0306-266 and others
     have been sent to the Subscriber's Choice mailing list.

  3. If you have not received notification of HPSBUX0306-266 or
     any other bulletins via Subscriber's Choice please check your
     Subscriber's Choice subscription.

  4. If your subscription is correct and you have not received
     any notifications, please make sure that you have not opted
     out of Email notifications from HP under HP's Privacy Policy.


Subscriber's Choice is now delivering all notifications
of new and revised HP Security Bulletins.  The old ITRC
Security Bulletin Digest mailing list will no longer
be used.  Everyone registered to receive HP-UX Security
Bulletin notifications through Subscriber's Choice
should have received the following notification:

From: Hewlett-Packard []
Subject: Your Daily HP Driver and Support Alert/Notification

HP-UX security bulletins digest
Content type: Security Bulletin
Release date: Fri Mar 19  7:05:02 EST 2004

Document ID: HPSBUX0306-266
Title: SSRT3487 Rev.1 remote denial of service in tftpd

If the above Subscriber's Choice notification was not
received on or about March 19th then you must verify
your subscription and profile.  With reference to HP's
Privacy Policy, please make sure that you have not
'opted out' of receiving any notifications from HP.

Since March 19th notifications of several other bulletins have
been sent to the Subscriber's Choice mailing list, including
the following:

HPSBTU01000 - SSRT3674 rev.0 Tru64 UNIX IPsec/IKE Potential
HPSBUX01002 - SSRT4688 rev.0 HP-UX rpc.ypupdated remote unauth.
HPSBMA01003 - SSRT4679 rev.0 HP Web-enabled Management
HPSBGN01004 - SSRT3614 HP OpenCall Multiservice Controller (OCMC) DoS
HPSBUX01006 - SSRT2320 rev.0 HP-UX elevated privileges related
HPSBPI01007 - SSRT4700 rev.0 HP Web Jetadmin denial of service
HPSBGN01009 - SSRT4726 rev.0 Carrier Grade Invalid LAN Management
HPSBMA01010 - SSRT4727 rev.0 OpenView Operations remote

Please refer to the instructions and information below.

SUBSCRIBE:To initiate a subscription to receive future
HP Security Bulletins via Email:


On the web page:
  "Driver and Support Alerts/Notifications Sign-up:
  Product Selection"
   Under "Step 1:  your products"
      1.  Select product category:
          a minimum of "servers" must be selected.
      2.  Select product family or search:
          a minimum of one product must be selected.
      3.  Add a product:
          a minimum of one product must be added.
    In "Step 2:  your operating system(s)"
          check ALL operating systems for which alerts
          are required.
   Complete the form and "Save".

UPDATE:To update an existing subscription:


  Log in on the web page
   "Subscriber's choice for Business:  sign-in"
  On the Web page:
   "Subscriber's Choice:  your profile summary"
      use "Edit Profile" to update appropriate sections.

Note:  In addition to the individual alerts/notifications for
the selected operating systems/products, subscribers will
automatically receive one copy of alerts for non-operating
system categories (i.e., a subscriber who signs up for all
six operating system alerts will only receive one copy of
all the non-operating system alerts).

HP is committed to respecting your privacy. For specific
guidelines, please read HP's Privacy Policy.

HP Privacy Mailbox, 20555 SH 249, MS 040307, Houston, Texas 77070

 B. Recommended solution

    Please refer to the information above.

 C. The PGP key used to sign this bulletin is available from
    several PGP Public Key servers.  The key identification
    information is:

       HP Security Response Team (Security Bulletin signing only)
       Fingerprint =
         6002 6019 BFC1 BC62 F079 862E E01F 3AFC 2D2A 7D59

    If you have problems locating the key please write to  Please note that this key is
    for signing bulletins only and is not the key returned
    by sending 'get key' to

 D. To report new security vulnerabilities, send email to

    Please encrypt any exploit information using the
    security-alert PGP key, available from your local key
    server, or by sending a message with a -subject- (not body)
    of 'get key' (no quotes) to


(c)Copyright 2004 Hewlett-Packard Company
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of HP products referenced
herein are trademarks and/or service marks of Hewlett-Packard
Company.  Other product and company names mentioned herein may be
trademarks and/or service marks of their respective owners.


Version: PGP 8.0.2 - not licensed for commercial use:


Yours truly,
HP S/W Security Team
WTEC Cupertino, California


Site Timeline