Hewlett-Packard would like to make you aware of a special
free service provided for all customers of HP e3000 and
HP 9000 computer systems. This service gives customers
a direct route to Hewlett-Packard for obtaining information relating
to the security of their Hewlett-Packard Computer System(s).
Hewlett-Packard issues information on the availability of
Software security patches via Security Bulletins to subscribers
of the HP Security Bulletin Digest e-mail service, a part of the
IT Resource Center (formerly the HP Electronic Support Center).
A Hewlett-Packard support contract is NOT required to subscribe
to this service to obtain information or security patches. Any purchaser
of an HP e3000 or HP 9000 Computer System can
make use of the HP Security Bulletin services at no charge.
Customers may also obtain information and Security Bulletin
services via the World Wide Web.
A security problem is a software defect that allows unauthorized
personnel to gain access to a Computer System or to circumvent any
of the mechanisms that protect the confidentiality, integrity or
availability of the information stored on the system. When such
problems in Hewlett-Packard software are brought to the attention
of the company, their resolution is given a very high priority.
This resolution is usually in the form of a Security Bulletin which
may explain how to correct the problem or describe how to obtain
a software security patch that will correct the problem.
Hewlett-Packard has introduced this service as the primary
mechanism to alert subscribers to security problems and provide
corrections. Hewlett-Packard will not analyze the relevance of any
security patch to any individual customer site within the scope
of the HP Security Bulletin service. The responsibility for obtaining and
applying security patches resides with the customer.
The remainder of this letter outlines the various security
related services offered by Hewlett-Packard IT Resource Center and
the methods for subscribing to and retrieving information from it.
It also outlines how you can inform Hewlett-Packard of potential
security concerns you may have with your Hewlett-Packard Computer
System.
HP IT Resource Center Security-Related Services
HP IT Resource Center offers subscribers the following benefits:
Receive Security Bulletins automatically when they are published.
Retrieve the archive list of bulletins issued prior to subscription.
Download security patches if the subscriber configuration supports it.
Remember, an HP support contract is not required to subscribe
to HP Security Bulletin services.
Subscribing to HP IT Resource Center Security Bulletin Services
Once you have placed your name on the subscriber list for
future Security Bulletins (see instructions below), you will receive
them via e-mail on the day they are issued by HP.
As referenced below, you can also view a list of past Security
Bulletins issued in the "HP Security Bulletins Archive."
Instructions
To subscribe to automatically receive future NEW HP Security
Bulletins from the Hewlett-Packard Electronic Support Center via
electronic mail, do the following (instructions subject to change
without notice):
Use your browser to access the HP IT Resource Center web page at:
http://us-support.external.hp.com
US, Canada, Asia-Pacific, and Latin-America
http://europe-support.external.hp.com
>Europe
Logon with your User ID and password (or register for one). Remember
to save the User ID assigned to you, and your password.
Once you are on the Hewlett-Packard IT Resource Center home page,
click on "Support Information Digests." On this page, you can subscribe
to many different digest services, including the Security Bulletin
Digests.
To review Security Bulletins that have already been released,
click on "Search Technical Knowledge Base (Security Bulletins
only)" on the HP Electronic Support Center home page. Near
the bottom of the next page, click on "Browse the HP Security
Bulletins Archive."
Once in the archive, click on "HP-UX Security Patch
Matrix" to get a patch matrix of current HP-UX and BLS security
patches. Updated daily, this matrix categorizes security patches
by platform/OS release, and by Security Bulletin topic.
If You Discover a Security Problem
To report new security vulnerabilities, send e-mail to
security-alert@hp.com
Please encrypt any explicit information using the security-alert
PGP key, available from your local key server, or by sending a message
with a -subject- (not body) of 'get key' (no quotes)
to security-alert@hp.com.
HP 5000 Printers and HP e3000 A-/N-Class Support Update
Complete PDF