Have you seen HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0141,
21 Feb. '01?
I have included a few lines below for your convenience, in case you
missed it.
Please note, under "PLATFORM", the sentence:
This security bulletin applies to Java on HP-UX,
and does not cover software shipped on Linux, nor
on Windows/NT.
Where is MPE/iX? Yes, I can hear it: It would be "inappropriate"
and "confusing". Fair enough. Then, why include Windows/NT?
The very first sentence under "PLATFORM" states:
HP9000 Series 700/800 running HP-UX releases 10.20,
10.24, 11.00, 11.04, and 11.11 only.
Does Windows/NT run on these machines under these versions of HP-UX?
If it does, great. If it does not, then there are a few questions.
Is this mention of Windows/NT "inappropriate" and "confusing"?
If "yes", why go the extra length to mention Windows/NT? If "no",
why is it not confusing to mention Windows/NT in a purely-HP-UX
context? Is there a double (or triple) standard at play somewhere?
Mike Yawn has done an excellent job with Java under MPE/iX. In fact,
Java under MPE/iX is an integral part of the new worldwide launch of
the new HP e3000 servers. What would HP have to lose by extending
the offending sentence above to include (rather, to exclude :-)
MPE/iX explicitly? These technical bulletins, after all, don't go
to "analysts" and other "potentially confusable" people. They go
to nuts-and-bolts engineers and scientists, who can certainly handle
something like this:
This security bulletin applies to Java on HP-UX,
and does not cover software shipped on Linux, nor
on Windows/NT, nor on MPE/iX.
_______________
| |
| |
| r | Alfredo [log in to unmask]
| e | http://www.adager.com
| g | F. Alfredo Rego
| a | Manager, R & D Labs
| d | Adager Corporation
| A | Sun Valley, Idaho 83353-3000 U.S.A.
| |
|_______________|
_________________________________________________________________________
...
Document ID: HPSBUX0102-141
Date Loaded: 20010221
Title: Sec. Vulnerability in JRE
-------------------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0141, 21 Feb. '01
-------------------------------------------------------------------------
The information in the following Security Bulletin should be acted
upon as soon as possible. Hewlett-Packard Company will not be liable
for any consequences to any customer resulting from customer's failure
to fully implement instructions in this Security Bulletin as soon as
possible.
-------------------------------------------------------------------------
ISSUE: Sun Microsystems discovered a potential security issue in the
Java Runtime Environment. The issue poses a possible security
risk by allowing malicious Java code to execute unauthorized
commands under certain circumstances.
PLATFORM: HP9000 Series 700/800 running HP-UX releases 10.20, 10.24,
11.00, 11.04, and 11.11 only. This security bulletin applies
to Java on HP-UX, and does not cover software shipped on
Linux, nor on Windows/NT.
POSSIBLE RESULT: Improper permission may be granted in some cases.
SOLUTION: Install the latest Java releases as described below.
AVAILABILITY: The fixed releases are available immediately.
-------------------------------------------------------------------------
...
|