Hewlett-Packard would like to make you aware of a special
free service provided for all customers of HP e3000 and HP 9000
computer systems. This service gives customers a direct route to
Hewlett-Packard for obtaining information relating to the security
of their Hewlett-Packard Computer System(s).
Hewlett-Packard issues information on the availability of
Software security patches via Security Bulletins to subscribers
of the HP Security Bulletin Digest e-mail service, a part of the
IT Resource Center (formerly the HP Electronic Support Center).
A Hewlett-Packard support contract is NOT required to subscribe
to this service to obtain information or security patches. Any purchaser
of an HP e3000 or HP 9000 Computer System can make use of the HP
Security Bulletin services at no charge.
Customers may also obtain information and Security Bulletin
services via the World Wide Web.
A security problem is a software defect that allows unauthorized
personnel to gain access to a Computer System or to circumvent any
of the mechanisms that protect the confidentiality, integrity or
availability of the information stored on the system. When such
problems in Hewlett-Packard software are brought to the attention
of the company, their resolution is given a very high priority.
This resolution is usually in the form of a Security Bulletin which
may explain how to correct the problem or describe how to obtain
a software security patch that will correct the problem.
Hewlett-Packard has introduced this service as the primary
mechanism to alert subscribers to security problems and provide
corrections. Hewlett-Packard will not analyze the relevance of any
security patch to any individual customer site within the scope
of the HP Security Bulletin service. The responsibility for obtaining and
applying security patches resides with the customer.
The remainder of this section outlines the various security
related services offered by Hewlett-Packard IT Resource Center and
the methods for subscribing to and retrieving information from it.
It also outlines how you can inform Hewlett-Packard of potential
security concerns you may have with your Hewlett-Packard Computer
System.
HP IT Resource Center Security-Related Services
HP IT Resource Center offers subscribers the following benefits:
Receive Security Bulletins automatically when they are
published.
Retrieve the archive list of bulletins issued prior to
subscription.
Download security patches if the subscriber configuration supports
it.
Remember, an HP support contract is not required to subscribe
to HP Security Bulletin services.
Subscribing to HP IT Resource Center Security Bulletin Services
Once you have placed your name on the subscriber list for
future Security Bulletins (see instructions below), you will receive
them via e-mail on the day they are issued by HP.
As referenced below, you can also view a list of past Security
Bulletins issued in the "HP Security Bulletins Archive."
How to Subscribe
To subscribe to automatically receive future NEW HP Security
Bulletins from the Hewlett-Packard Electronic Support Center via
electronic mail, do the following (instructions subject to change
without notice):
Use your browser to access the HP IT Resource Center web page at:
http://us-support.external.hp.com
US, Canada, Asia-Pacific, and Latin-America
http://europe-support.external.hp.com
Europe
Logon with your User ID and password (or register for one).
Remember to save the User ID assigned to you, and your
password.
Once on the archive page, scroll down to find "MPE Security
Bulletins". On this page, you can subscribe to many different digest
services, including the Security Bulletin Digests.
To review Security Bulletins that have already been released,
click on "Search Technical Knowledge Base" on the
HP Electronic Support Center home page. Near the bottom of the next
page, click on "Security Bulletins" under "MPE
Software". On that next page click on "Security
Bulletin Archive".
Once in the archive page, click on "HP-UX Security
Patch Matrix" to get a patch matrix of current HP-UX and BLS
security patches. Updated daily, this matrix categorizes security
patches by platform/OS release, and by Security Bulletin topic.
If You Discover a Security Problem
To report new security vulnerabilities, send e-mail to
security-alert@hp.com
Please encrypt any explicit information using the security-alert
PGP key, available from your local key server, or by sending a message
with a -subject- (not body) of 'get key' (no quotes)
to security-alert@hp.com.