Very Computer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 -----------------------------------------------------------------
 Source: HEWLETT-PACKARD COMPANY
 SECURITY BULLETIN: HPSBUX0307-268
 Originally issued: 16 July 2003
 SSRT3582 Potential Sec. Vulnerability in Java VM (J2SE) and
          the Java Plugin
 -----------------------------------------------------------------
NOTICE: There are no restrictions for distribution of this
        Bulletin provided that it remains complete and intact.
        The information in the following Security Bulletin should
        be acted upon as soon as possible.  Hewlett-Packard
        Company will not be liable for any consequences to any
        customer resulting from customer's failure to fully
        implement instructions in this Security Bulletin as soon
        as possible.
- ------------------------------------------------------------------
PROBLEM: A vulnerability in the Java(TM) Runtime Environment may
         allow an untrusted applet to access restricted resources.
         In addition, a vulnerability in the Java Plugin may allow
         user authentication information to be accessed

IMPACT:  This bug may introduce potential vulnerabilities into any
         program. These defects includes the affected libraries.
         The resulting vulnerabilities may result in information
         leakage and improper code execution.

PLATFORM: HP-UX B.11.00, B.11.11, B.11.22, B.11.23 running
          the supported versions of Java 1.2.X, 1.3.X, and 1.4.X
          (except 1.4.1).

SOLUTION: Manual update to version of Java with the security
          fixes.  The list below describes each fixed Java
          version:
           Java 1.2.2.15
           Java 1.3.1.09
           Java 1.4.0.05

           Note: HP-UX versions of Java 1.4.1 are unaffected.

MANUAL ACTIONS:Yes - update Java to at least:
                 1.2.2.15  or
                 1.3.1.09  or
                 1.4.0.05

AVAILABILITY: Updated releases are now available at:
             www.hp.com/go/java.

- ------------------------------------------------------------------
A. Background
   Javasoft has issued their Security Bulletins 113.

B. Recommended solution
   Resolution of this issue requires a manual update to the
   appropriate versions of the Java SDK, JPI, and JRE, which
   contain the security fix.

   Update to at least the following appropriate Java version
   from the website www.hp.com/go/java.

      1.2.X    - 1.2.2.15
      1.3.X    - 1.3.1.09
      1.4.0.X  - 1.4.0.05

      Note: HP-UX versions of Java 1.4.1 are unaffected.

C. To subscribe to automatically receive future NEW HP Security
   Bulletins from the HP IT Resource Center via electronic
   mail, do the following:

   Use your browser to et to the HP IT Resource Center page
   at:

       http://itrc.hp.com

   Use the 'Loin' tab at the left side of the screen to loin
   using your ID and password.  Use your existing login or the
   "Register" button at the left to create a login, in order to
   gain access to many areas of the ITRC.  Remember to save the
   User ID assigned to you, and your password.

   In the left most frame select "Maintenance and Support".

   Under the "Notifications" section (near the bottom of
   the page), select "Support Information Diests".

   To -subscribe- to future HP Security Bulletins or other
   Technical Digests, click the check box (in the left column)
   for the appropriate digest and then click the "Update
   Subscriptions" button at the bottom of the page.

   or

   To -review- bulletins already released, select the link
   (in the middle column) for the appropriate digest.

   NOTE: Using your itrc account, security bulletins can be
         found here:
   http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin

   To -gain access- to the Security Patch Matrix, select
   the link for "The Security Bulletins Archive".  (near the
   bottom of the page)  Once in the archive the third link is
   to the current Security Patch Matrix. Updated daily, this
   matrix categorizes security patches by platform/OS release,
   and by bulletin topic.  Security Patch Check completely
   automates the process of reviewing the patch matrix for
   11.XX systems.

   For information on the Security Patch Check tool, see:
   http://www.software.hp.com/ci-bin/swdepot_parser.ci/ci/
   displayProductInfo.pl?productNumber=B6834AA

   The security patch matrix is also available via anonymous
   ftp:

   ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix/

   On the "Support Information Digest Main" page:
   click on the "HP Security Bulletin Archive".

D. To report new security vulnerabilities, send email to

   Please encrypt any exploit information using the
   security-alert PGP key, available from your local key
   server, or by sending a message with a -subject- (not body)

 -----------------------------------------------------------------

(c)Copyright 2003 Hewlett-Packard Company
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
in this document is subject to change without notice.
Hewlett-Packard Company and the names of HP products referenced
herein are trademarks and/or service marks of Hewlett-Packard
Company.  Other product and company names mentioned herein may be
trademarks and/or service marks of their respective owners.

 ________________________________________________________________
- --

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPxR64OAfOvwtKn1ZEQJCpACfS6nVIjTejoxiu/ZHUuC39IzlhUcAoI5W
FhwBjkcegt0mlakKAZjDsxwZ
=di7y
-----END PGP SIGNATURE-----

--
Yours truly,
HP S/W Security Team
WTEC Cupertino, California