[ MDVSA-2012:153-1 ] dhcp

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory   MDVSA-2012:153-1
 http://www.mandriva.com/security/
 ___

 Package : dhcp
 Date: October 2, 2012
 Affected: 2011.
 ___

 Problem Description:

 A security issue was identified and fixed in dhcp:
 
 ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows
 remote attackers to cause a denial of service (daemon crash)
 in opportunistic circumstances by establishing an IPv6 lease in
 an environment where the lease expiration time is later reduced
 (CVE-2012-3955).
 
 The updated packages have been patched to correct this issue.

 Update:

 Packages for Mandriva Linux 2011 is being provided.
 
 The updated packages have been upgraded to dhcp 4.2.4-P2 which is
 not vulnerable to this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3955
 https://kb.isc.org/article/AA-00779
 ___

 Updated Packages:

 Mandriva Linux 2011:
 2fcc769d84e43b66cb386786b8c3fee0  
2011/i586/dhcp-client-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 66a3bcce42ae48736cb8253212c7eb96  
2011/i586/dhcp-common-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 30027b4ef67fa659ac4ff1e7dcfc5479  
2011/i586/dhcp-devel-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 e7bef4689915a0fd123bbe6cedc4c289  
2011/i586/dhcp-doc-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 a452f75cd1b1aa88095fca4f0b437b94  
2011/i586/dhcp-relay-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm
 7b8c69543e9d3e8c756d791b054d11e0  
2011/i586/dhcp-server-4.2.4-0.P2.0.1-mdv2011.0.i586.rpm 
 f5fc431c0e8c1995191ef11ecc0aaa15  2011/SRPMS/dhcp-4.2.4-0.P2.0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 a95f54f1f4d965fcf21497f072d664d0  
2011/x86_64/dhcp-client-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 7085ed104ef6341d4f975a31c333203f  
2011/x86_64/dhcp-common-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 b2dbbeff1e2cff794afe95ca06f6d41d  
2011/x86_64/dhcp-devel-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 f50177991a1326b1cc3bc3dc610e5ac6  
2011/x86_64/dhcp-doc-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 f1b695af971ce898fa7079bad8a965f3  
2011/x86_64/dhcp-relay-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm
 0e7809a34e959074d3d2721315c1d3c0  
2011/x86_64/dhcp-server-4.2.4-0.P2.0.1-mdv2011.0.x86_64.rpm 
 f5fc431c0e8c1995191ef11ecc0aaa15  2011/SRPMS/dhcp-4.2.4-0.P2.0.1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQauBamqjQ0CJFipgRAoKeAJ0XNq8uPNKQ6/evTes23oZ6tF+PlwCg5bwG
K8ilIWeqLVo35H1GP5nuZKc=
=VQ6K
-END PGP SIGNATURE-

[ MDVSA-2012:157 ] openjpeg

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2012:157
 http://www.mandriva.com/security/
 ___

 Package : openjpeg
 Date: October 3, 2012
 Affected: 2011.
 ___

 Problem Description:

 A security issue was identified and fixed in openjpeg:
 
 A heap-based buffer overflow was found in the way OpenJPEG, an
 open-source JPEG 2000 codec written in C language, performed parsing
 of JPEG2000 image files. A remote attacker could provide a specially
 crafted JPEG 2000 file, which when opened in an application linked
 against openjpeg would lead to that application crash, or, potentially
 arbitrary code execution with the privileges of the user running the
 application (CVE-2012-3535).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3535
 ___

 Updated Packages:

 Mandriva Linux 2011:
 19c2992e75ae2e78054fd86e4f36cbb1  
2011/i586/libopenjpeg2-1.3-8.2-mdv2011.0.i586.rpm
 e997019eba2e7dd10bc2a1ceca6f41c5  
2011/i586/libopenjpeg-devel-1.3-8.2-mdv2011.0.i586.rpm 
 f515ecbc10f13f83d18a8c5a22c88dc3  2011/SRPMS/openjpeg-1.3-8.2.src.rpm

 Mandriva Linux 2011/X86_64:
 7f3ede0e993d9b94712d4ef5fd7b2386  
2011/x86_64/lib64openjpeg2-1.3-8.2-mdv2011.0.x86_64.rpm
 704f05ff7387e4dd8425446d4459ece9  
2011/x86_64/lib64openjpeg-devel-1.3-8.2-mdv2011.0.x86_64.rpm 
 f515ecbc10f13f83d18a8c5a22c88dc3  2011/SRPMS/openjpeg-1.3-8.2.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQa9wvmqjQ0CJFipgRAmQzAJ41BJOMi/TQLkId+nTMbSaMGYJILgCcDDqY
CBRk6alBaWTvwEI1X1awg3A=
=t2Hf
-END PGP SIGNATURE-

[ MDVSA-2012:158 ] gc

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2012:158
 http://www.mandriva.com/security/
 ___

 Package : gc
 Date: October 3, 2012
 Affected: 2011., Enterprise Server 5.0
 ___

 Problem Description:

 A security issue was identified and fixed in gc:
 
 Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc
 funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page
 function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make
 it easier for context-dependent attackers to perform memory-related
 attacks such as buffer overflows via a large size value, which causes
 less memory to be allocated than expected (CVE-2012-2673).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2673
 ___

 Updated Packages:

 Mandriva Linux 2011:
 ff80b2641fc3764b7ed98eb6a8b7310a  2011/i586/libgc1-7.1-8.1-mdv2011.0.i586.rpm
 85d77990548165fb44b9969ebaa37a08  
2011/i586/libgc-devel-7.1-8.1-mdv2011.0.i586.rpm
 9a40880c129be459fab7610510bb3dea  
2011/i586/libgc-static-devel-7.1-8.1-mdv2011.0.i586.rpm 
 3433f6fce39c37469114ce2e40770570  2011/SRPMS/gc-7.1-8.1.src.rpm

 Mandriva Linux 2011/X86_64:
 ac0a695e6ba1d01c58db329ac275e029  
2011/x86_64/lib64gc1-7.1-8.1-mdv2011.0.x86_64.rpm
 2b73bed5897460c97e03a8bc4eb512c4  
2011/x86_64/lib64gc-devel-7.1-8.1-mdv2011.0.x86_64.rpm
 ed2ca7c3c40648a6074e0a5990c49efa  
2011/x86_64/lib64gc-static-devel-7.1-8.1-mdv2011.0.x86_64.rpm 
 3433f6fce39c37469114ce2e40770570  2011/SRPMS/gc-7.1-8.1.src.rpm

 Mandriva Enterprise Server 5:
 4d2dc87cd0f10a438e98f38bf9f53d86  mes5/i586/libgc1-7.1-2.1mdvmes5.2.i586.rpm
 fa03fc646070e70d995f3f09d0121754  
mes5/i586/libgc-devel-7.1-2.1mdvmes5.2.i586.rpm
 12278c7b66468f7d4bb8bbfbd3140e54  
mes5/i586/libgc-static-devel-7.1-2.1mdvmes5.2.i586.rpm 
 04ee1a3f43fdc35db778f7173a78462a  mes5/SRPMS/gc-7.1-2.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 a0ba63a6646876564e4f67559213d785  
mes5/x86_64/lib64gc1-7.1-2.1mdvmes5.2.x86_64.rpm
 76159b94d17a53b8946e61e87c7a474a  
mes5/x86_64/lib64gc-devel-7.1-2.1mdvmes5.2.x86_64.rpm
 5a9475c338a052ad9b6b6cd2a29e89ac  
mes5/x86_64/lib64gc-static-devel-7.1-2.1mdvmes5.2.x86_64.rpm 
 04ee1a3f43fdc35db778f7173a78462a  mes5/SRPMS/gc-7.1-2.1mdvmes5.2.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQbAoymqjQ0CJFipgRAp5iAJ9+8wuQOcpZc8uZ9/zugBXbRKTrNQCdGpNT
iRzFeOMHtQmRP29Avb246JY=
=+JfI
-END PGP SIGNATURE-

Multiple vulnerabilities in Template CMS

[advisory]

Advisory ID: HTB23115
Product: Template CMS
Vendor: template-cms.ru
Vulnerable Version(s): 2.1.1 and probably prior
Tested Version: 2.1.1
Vendor Notification: September 12, 2012 
Public Disclosure: October 3, 2012 
Vulnerability Type: Cross-Site Scripting [CWE-79], Cross-Site Request Forgery 
[CWE-352]
CVE References: CVE-2012-4901, CVE-2012-4902
CVSSv2 Base Scores: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N), 7.6 
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Risk Level: High 
Discovered and Provided: High-Tech Bridge Security Research Lab ( 
https://www.htbridge.com/advisory/ ) 

---

Advisory Details:

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in 
Template CMS, which can be exploited to perform Cross-Site Scripting (XSS) and 
Сross-Site Request Forgery (CSRF) attacks.


1) Cross-Site Scripting (XSS) in Template CMS: CVE-2012-4901

Input passed via the "themes_editor" POST parameter to /admin/index.php is not 
properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in 
administrator's browser session in context of an affected website.


The following PoC (Proof of Concept) demonstrates the vulnerability:


http://[host]/admin/index.php?action=add_template&id=themes"; 
method="post">








2) Сross-Site Request Forgery (CSRF) in Template CMS: CVE-2012-4902

The application allows authorized administrator to perform certain actions via 
HTTP requests without making proper validity checks to verify the source of the 
requests. This can be exploited to add, delete or modify sensitive information, 
for example to create new administrator or execute arbitrary PHP code.

An attacker has to trick a logged-in administrator to visit a malicious web 
page containing the following code that will add a new administrator to the CMS:


http://[host]/admin/index.php?id=system&sub_id=users&action=add"; 
method="post">








document.getElementById('btn').click();




The second PoC adds arbitrary PHP code (phpinfo() in our case) into CMS's page: 


http://[host]/admin/index.php?id=themes&action=edit_template&file=aboutTemplate.php";
 method="post">







document.getElementById('btn').click();



The phpinfo() function will be executed [if allowed by web server 
configuration] on the following web page:

http://[vulnerable_host]/about



---

References:

[1] High-Tech Bridge Advisory HTB23115 - 
https://www.htbridge.com/advisory/HTB23115 - Multiple vulnerabilities in 
Template CMS.
[2] Template CMS  - http://template-cms.ru - Template CMS is a fast and simple 
content management system written in PHP.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - 
international in scope and free for public use, CVE® is a dictionary of 
publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to 
developers and security practitioners, CWE is a formal list of software 
weakness types. 

---

Disclaimer: The information provided in this Advisory is provided "as is" and 
without any warranty of any kind. Details of this Advisory may be updated in 
order to provide as accurate information as possible. The latest version of the 
Advisory is available on web page [1] in the References.

Omnistar Mailer v7.2 - Multiple Web Vulnerabilities

[Vulnerability Lab]

Title:
==
Omnistar Mailer v7.2  - Multiple Web Vulnerabilities


Date:
=
2012-10-01


References:
===
http://www.vulnerability-lab.com/get_content.php?id=711


VL-ID:
=
711


Common Vulnerability Scoring System:

8.5


Introduction:
=
The Omnistar Mailer software was developed because of the need that was found 
in the industry to easily manage 
email marketing campaigns without having much technical experience. After 
reviewing feedback from various users 
that had used email mailing list managers, it was determined that many of the 
current solutions that are on the 
market are cumbersome and overly complex. Most users of email marketing 
solutions desire a simple solution were 
they can easily add email list campaigns and track the success of them. There 
of course are many other features 
that add value to the products, however the main function is to send out mass 
emails, manage the opt-in / 
opt-out process. After reviewing the feedback of these users and studying the 
current solutions on the market, 
we developed what we call Omnistar Mailer. We feel our product combines 
simplicity with a robust set of features 
and functions that should meet the needs of most users.

The Omnistar Mailer software is one of the flag ship solutions from Omnistar 
Interactive. Our entire goal when 
developing any of our solutions has been to make it so easy to use, that any 
non-technical person can successfully 
use the software. Everyday we strive to make more and more improvements to the 
software so that it becomes better 
and better. To make this goal a reality, we actively solicit feedback from our 
customers so that we stay on the 
pulse of their needs. It is only through this interactive dialogue that we can 
implement those features that make 
sense to our customers. It is our customers that drive our development process 
and make sure that our software has 
the most desired components and features.

(Copy of the Vendor Homepage: http://www.omnistarmailer.com/company.htm )


Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Web 
Vulnerabilities in the Omnistar Mailer v7.2 Email Marketing Software.


Report-Timeline:

2012-10-01: Public or Non-Public Disclosure


Status:

Published


Affected Products:
==
Omnistar Interactive
Product: Omnistar Mailer v7.2


Exploitation-Technique:
===
Remote


Severity:
=
Critical


Details:

1.1
Multiple SQL Injection vulnerabilities are detected in the Omnistar Mailer v7.2 
Email Marketing Software.
The vulnerabilities allow an attacker (remote) or local low privileged user 
account to execute a SQL commands on the 
affected application dbms. The vulnerabilities are located in the responder, 
preview, pages, navlinks, contacts, 
register and index modules with the bound vulnerable id & form_id parameters. 
Successful exploitation of the vulnerability 
results in dbms & application compromise. Exploitation requires no user inter 
action & without privileged user account.


Vulnerable Module(s):
[+] /admin/responder
[+] /admin/preview
[+] /admin/navlinks
[+] /admin/pages
[+] /admin/contacts
[+] /users/index
[+] /users/register

Vulnerable File(s):
[+] /admin/responder.php
[+] /admin/preview.php
[+] /admin/pages.php
[+] /admin/navlinks.php
[+] /admin/contacts.php
[+] /user/register.php
[+] /users/index.php

Vulnerable Parameter(s):
[+] ?op=edit&id=
[+] ?id=
[+] ?form_id=
[+] ?op=edit&nav_id=
[+] ?op=edit&id=16&form_id=
[+] ?op=edit&id=3&form_id=

[+] ?nav_id=
[+] ?profile=1&form_id=
[+] ?form_id=


1.2
A persistent input validation vulnerability is detected in the Omnistar Mailer 
v7.2 Email Marketing Software.
The bugs allow remote attackers to implement/inject malicious script code on 
the application side (persistent). 
The persistent vulnerability is located in the Create Website Forms module with 
the bound vulnerable form name parameters.
Successful exploitation of the vulnerability can lead to session hijacking 
(manager/admin) or stable (persistent) context manipulation. 
Exploitation requires low user inter action & privileged user account.

Vulnerable Section(s):
[+] Customise Interface -> Create Website Forms

Vulnerable Module(s):
[+] Create Standard Registration Form -> Add form 

Vulnerable Param

[security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information

[security-alert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03507708

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03507708
Version: 1

HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX,
Linux, Solaris, and Windows, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2012-10-03
Last Updated: 2012-10-03

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Network Node
Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability
could be remotely exploited resulting in disclosure of information.

References: CVE-2012-3267

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Network Node Manager I (NNMi) v9.20 for HP-UX, Linux, Solaris, and
Windows.

BACKGROUND

CVSS 2.0 Base Metrics
===
  Reference  Base Vector Base Score
CVE-2012-3267(AV:N/AC:H/Au:N/C:C/I:C/A:C)   7.6
===
 Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made hotfixes available to resolve these vulnerabilities for NNMi
v9.20. The hotfixes can be obtained by contacting the normal HP Services
support channel. Customers should open a support case to request the
following hotfixes.

NNMi Version
 Platform / Required Patch Level
 Hotfix

9.20
 Linux
 NNM920L_1

Solaris
 NNM920S_1

Windows
 NNM920W_1

HP-UX
 PHSS_42793
 Note: See Product Specific Information below.

Hotfix-NNMI-9.2XP1-UI-20120917.zip or newer

Note: The hotfix must be installed after the required patch. The hotfix must
be reinstalled if the required patch is reinstalled.

MANUAL ACTIONS: Yes - Update

Install the applicable patch and hotfix.

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

For HP-UX NNMi v9.20

HP-UX B.11.31
HP-UX B.11.23 (IA)
=
HPOvNNM.HPNMSCLUSTER
HPOvNNM.HPNMSCOMPS
HPOvNNM.HPNMSCUSTPOLL
HPOvNNM.HPNMSDEVEXTN
HPOvNNM.HPNMSJBOSS
HPOvNNM.HPNMSSPIRAMS
HPOvNNM.HPNNMTRAPSV
HPOvNNM.HPOVICMP
HPOvNNM.HPOVMIB
HPOvNNM.HPOVNMSCAUSESV
HPOvNNM.HPOVNMSCOMMON
HPOvNNM.HPOVNMSCONFIG
HPOvNNM.HPOVNMSCUSTCORR
HPOvNNM.HPOVNMSDISCOSV
HPOvNNM.HPOVNMSEMBDDB
HPOvNNM.HPOVNMSEVNT
HPOvNNM.HPOVNMSEVTPSV
HPOvNNM.HPOVNMSHA
HPOvNNM.HPOVNMSISPINET
HPOvNNM.HPOVNMSLIC
HPOvNNM.HPOVNMSRBA
HPOvNNM.HPOVNMSSNMPCO
HPOvNNM.HPOVNMSSPICOM
HPOvNNM.HPOVNMSSPMD
HPOvNNM.HPOVNNMBAC
HPOvNNM.HPOVNNMBSM
HPOvNNM.HPOVNNMCISCO
HPOvNNM.HPOVNNMGEN
HPOvNNM.HPOVNNMINSTALL
HPOvNNM.HPOVNNMNA
HPOvNNM.HPOVNNMNB
HPOvNNM.HPOVNNMNC
HPOvNNM.HPOVNNMOM
HPOvNNM.HPOVNNMSIM
HPOvNNM.HPOVNNMUCMDB
HPOvNNM.HPOVNNMUI
HPOvNNM.HPOVPERFSPIADA
HPOvNNM.HPOVSNMP
HPOvNNM.HPOVSTPLR
action: install Hotfix-NNMI-9.2XP1-UI-20120917.zip

END AFFECTED VERSIONS

HISTORY
Version:1 (rev.1) - 3 October 2012 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel.  For other issues about
the content of this Security Bulletin, send e-mail to security-al...@hp.com.

Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-al...@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonSt