lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 25 Sep 2003 15:21:33 -0400
From: Matt Power <mhpower@....bindview.com>
To: bugtraq@...urityfocus.com
Subject: Tru64 and OpenVMS patch announcements change after next month


An October 31 change will apparently affect announcements and
distribution of various patches (including security-related patches)
for Tru64 UNIX and OpenVMS. As an example, a recent announcement had:

  Date: Thu, 11 Sep 2003 22:30:02 -0600 (MDT)
  To: "OpenVMS Patch Mailing List" <openvms@...t.support.compaq.com>
  Subject: OpenVMS DCE_030_SSRT3608-V0100 VAX V6.2_V7.2_V7.3 ECO Summary
  ...
  A potential denial of service has been identified on
  OpenVMS systems with DCE and/or RPC installed.  These
  OpenVMS system could be vunerable [sic] to a remote initated [sic]
  Buffer Overflow which would result a hang of DCE or RPC
  applications on OpenVMS.

Matt Power
BindView Corporation, RAZOR Team
mhpower@....bindview.com


------- Forwarded Message

From: "CSDI" <csdi@...com>
Reply-To: ECO-Queries@...paq.com
Subject: Update on OpenVMS and Tru64 UNIX Patches in HP ITRC
Date: Thu, 25 Sep 2003 11:41:45 -0600

Thanks to everyone who has used the HP IT Resource Center to find and
retrieve OpenVMS and Tru64 UNIX ECO patch kits, and has provided feedback on
their experience.  This update is being sent to address some of the HP ITRC
feedback received thus far, and to remind you that the existing OpenVMS and
Tru64 patch server will soon be shutdown.


EXISTING PATCH SERVER SHUTDOWN REMINDER:

OpenVMS and Tru64 UNIX patches will no longer be available after October 31,
2003 from the existing patch servers (http://www.support.compaq.com/patches/
or ftp://ftp.support.compaq.com/public/).  This includes the patch
notification e-mail distribution lists, through which you are receiving this
message.  After October 31, 2003, OpenVMS and Tru64 UNIX patches will only be
available through the HP ITRC (http://www.itrc.hp.com).  Please update your
bookmarks to point to this web site for patch retrieval of OpenVMS and Tru64
UNIX patches.  We encourage you to begin familiarizing yourself with the HP
ITRC patch web site before the existing patch server is shutdown, to minimize
any disruption to your online patch retrieval process.


ACCESS TO ITRC WEB AND FTP SITES:

Registering for an HP ITRC login is required to find and retrieve patches via
the HP ITRC web interface.  This ensures that we can contact anyone who may
have downloaded a patch for which a serious problem is later discovered.
Please note there is no need to link Support Contracts with your HP ITRC
login at this time.  You can access all patch content and most other HP ITRC
services without a linked support contract, as Support Contracts are only
necessary for a few HP ITRC services related to some pre-merger HP products
only.

The HP ITRC FTP site (ftp://ftp.itrc.hp.com) is also available for those who
prefer this method of patch retrieval.  Access to the HP ITRC FTP site is
through anonymous FTP, so no login registration is required.  We are working
on reorganizing the directory structure for OpenVMS patches to more closely
match the structure on the existing patch server, so that the automated patch
retrieval tools you may have created will continue to work with minimal
modifications.  This reorganization will be completed before the existing
patch server is shutdown at the end of October.


SEARCHING FOR PATCHES:

We are investigating some patch searching enhancements to make it easier to
find patches by post date, installation ratings and product or facility.
Until these enhancements are available, you may find the following
workarounds useful.

Wildcard characters can be used with the "Search by Keyword" option.  Use a
question mark (?) to match any single character, and an asterisk (*) to match
multiple characters.  Using wildcards, it is possible to search for all
patches posted within a given month.  Since the patch post date is always
recorded in yyyymmdd format, entering "200308*" in the keyword field will
return all patches posted in August 2003.

We will soon be adding installation rating keywords (INSTALL_1, INSTALL_2 &
INSTALL_3) to OpenVMS patch documents in HP ITRC.  This will enable you to
search for OpenVMS patches based on installation ratings by entering an
installation rating keyword in the keyword field.  Keywords can also be
combined using the Boolean search criteria for more advanced searches.
Entering "INSTALL_1 AND (200308* OR 200309*)" will return all patches posted
during the past 2 months with an installation rating of 1.

The "Search by Patch IDs" option was designed to quickly search for specific
patches when the patch IDs are already known.  Wildcard characters ("*", "?")
are not recognized with the "Search by Patch IDs" option, and are interpreted
literally.  More than one patch ID can be entered in the "Search by Patch
IDs" field (separated by spaces or commas) to search for more than one patch
at a time.  Although it is possible to only enter a portion of a patch ID in
the "Search by Patch IDs" field (e.g. LINKER), only the first matching patch
will be returned for each "word" entered.  Since the corresponding patch ID
is included in each patch document, try using the "Search by Keyword" option
to find all patches by product or facility.

Older patches for Open VMS and Tru64 UNIX will be available from the HP ITRC
Patch Archive web pages and the HP ITRC FTP site within the next few weeks,
before the existing patch server is shutdown at the end of October.  Please
note that advanced patch searching, patch dependency relationship and
multiple patch download features are not available for patches listed in the
HP ITRC Patch Archive web pages, or from the HP ITRC FTP site.


ITRC PERFORMANCE:

We are aware of HP ITRC performance problems in some areas.  We are
investigating these problems and should have a resolution to them soon.
There are many factors that can affect the performance of any internet web
site, and many of these problems are temporary.  Please report all repeated
HP ITRC performance problems via the "contact hp" link, so we can be sure to
address the more consistent problems.


PATCH DIGESTS:

We are also aware that the HP ITRC Patch Digests for OpenVMS and Tru64 UNIX
are incorrect and do not contain just the ECO kits and patches posted within
the previous week.  We are working on this problem, which will be resolved
before the existing patch server is shutdown at the end of October.  In the
meantime, please continue to rely upon the patch notifications from the
existing patch notification distribution lists.  Although the HP ITRC Patch
Digests for OpenVMS and Tru64 UNIX are not working correctly, the latest
OpenVMS and Tru64 UNIX patches can still be retrieved from HP ITRC (or the
existing patch server until October 31, 2003).


ITRC FEEDBACK:

Please continue to send us your feedback regarding problems encountered while
using the HP ITRC or suggestions for improving your patch search and
retrieval experience.  You can do this by selecting the "contact hp" link in
the upper left corner of any HP ITRC web page and selecting "ask a question
about using the IT resource center" link under the "e-mail hp" heading on the
following page.

Thanks,
The HP ITRC Patch Team

------- End of Forwarded Message

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ