Hewlett-Packard would like to make you aware of a special
free service provided for all customers of HP 3000 and
HP 9000 computer systems. This service gives customers
a direct route to Hewlett-Packard for obtaining information relating
to the security of their Hewlett-Packard Computer System(s).
Hewlett-Packard issues information on the availability of
Software security patches via Security Bulletins to subscribers
of the HP Security Bulletin Digest e-mail service, a part of the
HP Electronic Support Center. A Hewlett-Packard support contract
is NOT required to subscribe to this service to obtain information
or security patches. Any purchaser of an HP 3000 or HP 9000
Computer System can make use of the HP Security Bulletin services at
no charge.
Customers may also obtain information and Security Bulletin
services via the World Wide Web.
A security problem is a software defect that allows unauthorized
personnel to gain access to a Computer System or to circumvent any
of the mechanisms that protect the confidentiality, integrity or
availability of the information stored on the system. When such problems
in Hewlett-Packard software are brought to the attention of the
company, their resolution is given a very high priority. This resolution
is usually in the form of a Security Bulletin which may explain
how to correct the problem or describe how to obtain a software
security patch that will correct the problem.
Hewlett-Packard has introduced this service as the primary
mechanism to alert subscribers to security problems and provide
corrections. Hewlett-Packard will not analyze the relevance of any
security patch to any individual customer site within the scope
of the HP Security Bulletin service. The responsibility for obtaining
and applying security patches resides with the customer.
The remainder of this letter outlines the various security
related services offered by HP Electronic Support Center and the
methods for subscribing to and retrieving information from it. It
also outlines how you can inform Hewlett-Packard of potential security
concerns you may have with your Hewlett-Packard Computer System.
HP Electronic Support Center Security-Related Services
HP Electronic Support Center offers subscribers the following benefits:
Receive Security Bulletins automatically when they are published.
Retrieve the archive list of bulletins issued prior to subscription.
Download security patches if the subscriber configuration supports it.
Remember, an HP support contract is not required to subscribe
to HP Security Bulletin services.
Subscribing to HP Electronic Support Center Security Bulletin Services
Once you have placed your name on the subscriber list for
future Security Bulletins (see instructions below), you will receive
them via e-mail on the day they are issued by HP.
As referenced below, you can also view a list of past Security
Bulletins issued in the "HP Security Bulletins Archive."
Instructions
To subscribe to automatically receive future NEW HP Security
Bulletins from the HP Electronic Support Center via electronic mail,
do the following (instructions subject to change without notice):
Use your browser to access the HP Electronic Support Center web
page at:
http://us-support.external.hp.com
US, Canada, Asia-Pacific, and Latin-America
http://europe-support.external.hp.com
Europe
Logon with your User ID and password (or register for one).
Remember to save the User ID assigned to you, and your password.
Once you are on the HP Electronic Support Center home page, click
on "Support Information Digests." On this page, you can subscribe to
many different digest services, including the Security Bulletin
Digests.
To review Security Bulletins that have already been released,
click on "Search Technical Knowledge Base (Security Bulletins
only)" on the HP Electronic Support Center home page. Near
the bottom of the next page, click on "Browse the HP Security
Bulletins Archive."
Once in the archive, click on "HP-UX Security Patch
Matrix" to get a patch matrix of current HP-UX and BLS
security patches. Updated daily, this matrix categorizes security patches
by platform/OS release, and by Security Bulletin topic.
If You Discover a Security Problem
To report new security vulnerabilities, send e-mail to
security-alert@hp.com
Please encrypt any exploit information using the security-alert
PGP key, available from your local key server, or by sending a message
with a -subject- (not body) of 'get key' (no quotes)
to security-alert@hp.com.