****************************
       MUP SUMMARY INFORMATION
    ****************************
    Kit Name: DEC-AXPVMS-VMS731_VMSMUP-V0100--4.PCSI
    Kit Applies To: OpenVMS ALPHA V7.3-1
    Approximate Kit Size: 832 blocks
    Installation Rating: INSTALL_1
    Superseded Kits: None.
    Mandatory Kit Dependencies: VMS731_PCSI-V0100
    Optional Kit Dependencies: DEC-AXPVMS-DNVOSIMUP01-V0703-1-4.PCSI  -  For  DECnet  Phase  V
    VMS731_VMSMUP-V0100.PCSI-DCX_AXPEXE Checksum: 3847988023


    
    =======================================================================
     Hewlett-Packard OpenVMS MUP Cover Letter
    =======================================================================

             MUP NUMBER:     VMS731_VMSMUP-V0100
             PRODUCT:        OpenVMS Alpha OPERATING SYSTEM V7.3-1
             UPDATE PRODUCT: OpenVMS Alpha OPERATING SYSTEM V7.3-1



1  KIT NAME:

     VMS731_VMSMUP-V0100


2  KIT DESCRIPTION:

     2.1  Installation Rating:

     INSTALL_1 :  To be installed by all customers.

     This installation rating, based upon current CLD information, is
     provided to serve as a guide to which customers should apply this
     remedial kit.  (Reference attached Disclaimer of Warranty and
     Limitation of Liability Statement)


     2.2  Reboot Requirement:

     Reboot Required.

     HP strongly recommends that a reboot is performed immediately after
     kit  installation  to  avoid system instability.  If you have other
     nodes in your OpenVMS cluster, they must also be rebooted in  order
     to  make  use  of  the  new  image(s).   If  it  is not possible or
     convenient to reboot the entire cluster at  this  time,  a  rolling
     re-boot may be performed.


     2.3  Version(s) of OpenVMS to which this kit may be applied:

     OpenVMS Alpha V7.3-1


     2.4  New functionality or new hardware support provided:

     No.


3  KITS SUPERSEDED BY THIS KIT:


      -  None.



4  KIT DEPENDENCIES:

     4.1  The following remedial kit(s), or  later,  must  be  installed
          BEFORE installation of this, or any required kit:


      -  VMS731_PCSI-V0100


                                                                Page 2


     4.2  In order to receive all the corrections listed  in  this  kit,
          the   following  remedial  kits,  or  later,  should  also  be
          installed:


      -  DEC-AXPVMS-DNVOSIMUP01-V0703-1-4.PCSI  -  For  DECnet  Phase  V
         users only



5  FILES PATCHED OR REPLACED:


      o  [SYSLIB]DECW$SESSIONSHRP.EXE (new image)

         Image Identification Information

         image name: "DECW$SESSIONSHRP"
         image file identification: "DW V7.3-041207"
         image file build identification "0060030003"
         link date/time: 7-DEC-2004 14:28:21.49
         linker identification:  "A11-50"
         Overall Image Checksum: 632315676

      o  [SYSEXE]PPPD$UTIL.EXE (new image)
          
         Image Identification Information
          
         image name: "PPPD$UTIL"
         image file identification:  "X-20"
         image file build identification:  "XA9J-0060030001"
         link date/time: 22-NOV-2004 16:07:13.95
         linker identification:  "A11-50"
         Overall Image Checksum: 2308688704

      o  [SYSEXE]USB$UCM_CLIENT.EXE (new image)
          
         Image Identification Information
          
         image name: "USB$UCM_CLIENT"
         image file identification:  "X-6"
         image file build identification:  "0060110001"
         link date/time: 23-NOV-2004 14:30:49.23
         linker identification:  "A11-50"
         Overall Image Checksum: 836616867



6  NEW FUNCTIONALITY AND/OR PROBLEMS ADDRESSED IN THE
   VMS731_VMSMUP-V0100 KIT


                                                                Page 3


     6.1  New functionality addressed in this kit

          None.


     6.2  Problems addressed in this kit

          6.2.1  Potential security vulnerability.

               6.2.1.1  Problem Description:

               HP has determined that systems running OpenVMS VAX or
               Alpha Version V7.* or V6.* have a potential security
               vulnerability.  This vulnerability could be exploited
               allowing for an unintended privileged access to data and
               system resources.  To protect against this potential
               security risk, HP is making a mandatory update patch
               available for OpenVMS customers.  This patch is provided
               by installing this VMS731_VMSMUP-V0100 kit and the
               DNVOSIMUP01-V0703-1 kit.  To fully install this Security
               MUP, DECnet-Phase V customers must install both of these
               kits.

               Note that OpenVMS V8.2 and VAX Version 5.* customers are
               not subject to this potential security vulnerability.

               Images Affected:

                -  [SYSLIB]DECW$SESSIONSHRP.EXE

                -  [SYSEXE]PPPD$UTIL.EXE

                -  [SYSEXE]USB$UCM_CLIENT.EXE



               6.2.1.2  CLDs, and QARs reporting this problem:

                    6.2.1.2.1  CLD(s)

                    None.


                    6.2.1.2.2  QAR(s)

                    None.


               6.2.1.3  Problem Analysis:

               See Problem Description

                                                                Page 4


               6.2.1.4  Release Version of OpenVMS that will contain
                        this change:

               Open VMS Alpha and I64 V8.2


               6.2.1.5  Work-arounds:

               None.


7  INSTALLATION INSTRUCTIONS

     7.1  Compressed File

     This kit is provided as a DCX compressed kit.  To expand this file
     to the installable PCSI file, run the file with a RUN file_name
     command.  When the file is run you will see the following output:

     $ RUN VMS731_VMSMUP-V0100.PCSI-DCX_AXPEXE

     FTSV DCX auto-extractible compressed file for OpenVMS (AXP)
     FTSV V3.0 -- FTSV$DCX_AXP_AUTO_EXTRACT
     Copyright (c) Digital Equipment Corp. 1993

     Options: [output_file_specification] [input_file_specification]

     The decompressor needs to know the filename to use for the
     decompressed file. If you don't specify any, it will use the
     original name of the file before it was compressed, and
     create it in the current directory.  If you specify a
     directory name, the file will be created in that directory.

     Decompress into (file specification):


     If you want the file to be expanded into a different directory,
     enter the directory specification.  DO NOT enter a new file name.
     The expanded file must retain the original name.  The file will
     expand into the installable file:

     DEC-AXPVMS-VMS731_VMSMUP-V0100--.PCSI


     If you want to expand the file via batch, the command file must
     contain an answer to the Decompress into "(file specification)"
     question, either a <CR> or an alternate directory specification


     7.2  Installation Command

     Install this kit with the POLYCENTER Software installation utility
     by logging into the SYSTEM account, and typing the following at the
     DCL prompt:

     PRODUCT INSTALL VMS731_VMSMUP /SAVE_RECOVERY_DATA
     [/SOURCE=location of Kit]

                                                                Page 5



     The /SAVE_RECOVERY_DATA qualifier is optional but highly
     recommended.  Using this qualifier will allow easy removal of the
     kit from the system in the event of problems.

     The kit location may be a tape drive, CD, or a disk directory that
     contains the kit.  The /SOURCE qualifier is not needed if the
     PRODUCT INSTALL command is executed from the same directory as the
     kit location.

     Additional help on installing PCSI kits can be found by typing HELP
     PRODUCT INSTALL at the system prompt.


     7.3  Scripting of Answers to Installation Questions

     During installation, this kit will ask and require user response to
     several questions.  If you wish to automate the installation of
     this kit and avoid having to provide responses to these questions,
     you must create a DCL command procedure that includes the following
     logical name definitions and commands:

      o  To avoid the BACKUP question, define the following:

              $ DEFINE/SYS NO_ASK$BACKUP TRUE

      o  To avoid the REBOOT question, define the following:

              $ DEFINE/SYS NO_ASK$REBOOT TRUE


      o  To save replaced files as *.*_OLD define the following logical
         name as YES.  If you do not wish to save replaced files, define
         the logical name as NO.  Note that if you use the
         /SAVE_RECOVERY_DATA qualifier (recommended) on the PRODUCT
         INSTALL command all replaced files will be saved as part of
         that operation.  There is no need to also save files as
         *.*_OLD:

            $ DEFINE/JOB ARCHIVE_OLD NO

      o  Add the following qualifiers to the PRODUCT INSTALL command and
         add that command to the DCL procedure.

           /PROD=DEC/BASE=AXPVMS/VER=V1.0/SAVE_RECOVERY_DATA


      o  De-assign the logical names assigned

     For example, a sample command file to install the
     VMS731_VMSMUP-V0100 kit would be:

     $
     $ DEFINE/SYS NO_ASK$BACKUP TRUE
     $ DEFINE/SYS NO_ASK$REBOOT TRUE
     $!
     $ PROD INSTALL VMS731_VMSMUP/PRODUCER=DEC/BASE=AXPVMS-

                                                                Page 6


           /VER=V1.0/SAVE_RECOVERY_DATA
     $!
     $ DEASSIGN/SYS NO_ASK$BACKUP
     $ DEASSIGN/SYS NO_ASK$REBOOT
     $!
     $ exit



8  COPYRIGHT AND DISCLAIMER:

     (C) Copyright 2004 Hewlett-Packard Development Company, L.P.

     Confidential computer software.  Valid license from HP and/or its
     subsidiaries required for possession, use, or copying.

     Consistent with FAR 12.211 and 12.212, Commercial Computer
     Software, Computer Software Documentation, and Technical Data for
     Commercial Items are licensed to the U.S.  Government under
     vendor's standard commercial license.

     Neither HP nor any of its subsidiaries shall be liable for
     technical or editorial errors or omissions contained herein.  The
     information in this document is provided "as is" without warranty
     of any kind and is subject to change without notice.  The
     warranties for HP products are set forth in the express limited
     warranty statements accompanying such products.  Nothing herein
     should be construed as constituting an additional warranty.

     DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY

     THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND.  ALL
     EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
     INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
     PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE
     EXTENT PERMITTED BY APPLICABLE LAW.  IN NO EVENT WILL HP BE LIABLE
     FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT,
     CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND
     REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH
     MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.