[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 580/04 - 3 Red Hat advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 580/04 dated 21.10.04  Time: 14:35  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

1.   Updated squid package fixes vulnerability
2.   Updated mysql packages fix security issues and bugs
3.   Updated ImageMagick packages fix security vulnerability

Detail
====== 

Product:                squid
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
Impact:                 Denial of Service
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0918

Ref:                    ESB-2004.0637

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated squid package fixes vulnerability
Advisory ID:       RHSA-2004:591-01
Issue date:        2004-10-20
Updated on:        2004-10-20
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2004:462
CVE Names:         CAN-2004-0918
- - - ---------------------------------------------------------------------

1. Summary:

An updated squid package that fixes a remote denial of service vulnerability 
is now avaliable.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Squid is a full-featured Web proxy cache.

iDEFENSE reported a flaw in the squid SNMP module.  This flaw could allow an attacker who has the ability to send arbitrary packets to the SNMP port to restart the server, causing it to drop all open connections.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0918 to this issue.

All users of squid should update to this erratum package, which contains a backport of the security fix for this vulnerability.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.  Use Red Hat Network to download and update your packages.  To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

135319 - CAN-2004-0918 SNMP DoS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/squid-2.4.STABLE7-1.21as.src.rpm
d6f19557d67672e3f08e2ef191c74ba2  squid-2.4.STABLE7-1.21as.src.rpm

i386:
656bb40dacbfda418bc5b0b0a2afb9ca  squid-2.4.STABLE7-1.21as.i386.rpm

ia64:
4c7f9233d5c07161815cd0f238598ad9  squid-2.4.STABLE7-1.21as.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/squid-2.4.STABLE7-1.21as.src.rpm
d6f19557d67672e3f08e2ef191c74ba2  squid-2.4.STABLE7-1.21as.src.rpm

ia64:
4c7f9233d5c07161815cd0f238598ad9  squid-2.4.STABLE7-1.21as.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/squid-2.4.STABLE7-1.21as.src.rpm
d6f19557d67672e3f08e2ef191c74ba2  squid-2.4.STABLE7-1.21as.src.rpm

i386:
656bb40dacbfda418bc5b0b0a2afb9ca  squid-2.4.STABLE7-1.21as.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.2.src.rpm
919b9823a67f83efafc8e34dd7b54a76  squid-2.5.STABLE3-6.3E.2.src.rpm

i386:
1e97031b4ab8ed0095aed15fc8023f57  squid-2.5.STABLE3-6.3E.2.i386.rpm

ia64:
b47592e7fc983dcef36e7949bc603014  squid-2.5.STABLE3-6.3E.2.ia64.rpm

ppc:
73cc5efea1bad51e51858f2e56ea1581  squid-2.5.STABLE3-6.3E.2.ppc.rpm

s390:
d42bd6385028a6336b62acd9e1d3b551  squid-2.5.STABLE3-6.3E.2.s390.rpm

s390x:
c9cbce5de6662b4cc156dce76829bfe1  squid-2.5.STABLE3-6.3E.2.s390x.rpm

x86_64:
50f854496bd475854ef578891dc5d630  squid-2.5.STABLE3-6.3E.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-6.3E.2.src.rpm
919b9823a67f83efafc8e34dd7b54a76  squid-2.5.STABLE3-6.3E.2.src.rpm

i386:
1e97031b4ab8ed0095aed15fc8023f57  squid-2.5.STABLE3-6.3E.2.i386.rpm

x86_64:
50f854496bd475854ef578891dc5d630  squid-2.5.STABLE3-6.3E.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-6.3E.2.src.rpm
919b9823a67f83efafc8e34dd7b54a76  squid-2.5.STABLE3-6.3E.2.src.rpm

i386:
1e97031b4ab8ed0095aed15fc8023f57  squid-2.5.STABLE3-6.3E.2.i386.rpm

ia64:
b47592e7fc983dcef36e7949bc603014  squid-2.5.STABLE3-6.3E.2.ia64.rpm

x86_64:
50f854496bd475854ef578891dc5d630  squid-2.5.STABLE3-6.3E.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.2.src.rpm
919b9823a67f83efafc8e34dd7b54a76  squid-2.5.STABLE3-6.3E.2.src.rpm

i386:
1e97031b4ab8ed0095aed15fc8023f57  squid-2.5.STABLE3-6.3E.2.i386.rpm

ia64:
b47592e7fc983dcef36e7949bc603014  squid-2.5.STABLE3-6.3E.2.ia64.rpm

x86_64:
50f854496bd475854ef578891dc5d630  squid-2.5.STABLE3-6.3E.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0918

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdsDcXlSAg2UNWIIRAgOvAJ4nAi5zobqRy6zUAmgFnkvw5IBMTACePSDg
L9wAsv5keCvSnMLUMqlwCPY=
=SCeD
- - -----END PGP SIGNATURE-----







Product:                mysql
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
Impact:                 Execute Arbitrary Code/Commands
                        Inappropriate Access
                        Overwrite Arbitrary Files
                        Denial of Service
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0957 CAN-2004-0837 CAN-2004-0836
                        CAN-2004-0835 CAN-2004-0457 CAN-2004-0388
                        CAN-2004-0381

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated mysql packages fix minor security issues and bugs
Advisory ID:       RHSA-2004:569-01
Issue date:        2004-10-20
Updated on:        2004-10-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0381 CAN-2004-0388 CAN-2004-0457
- - - ---------------------------------------------------------------------

1. Summary:

Updated mysql packages that fix various temporary file security issues, as well as a number of bugs, are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server.

This update fixes a number of small bugs, including some potential security problems associated with careless handling of temporary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0381, CAN-2004-0388, and CAN-2004-0457 to these issues.

A number of additional security issues that affect mysql have been corrected in the source package.  These include CAN-2004-0835, CAN-2004-0836, CAN-2004-0837, and CAN-2004-0957.  Red Hat Enterprise Linux 3 does not ship with the mysql-server package and is therefore not affected by these issues.

This update also allows 32-bit and 64-bit libraries to be installed concurrently on the same system.

All users of mysql should upgrade to these updated packages, which resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.  Use Red Hat Network to download and update your packages.  To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

58732 - /etc/init.d/mysqld doesn't wait for server to start 108779 - Always timeout error starting MySQL Daemon 117017 - RHEL2.1: removing mysql-server does not remove the mysql user. 115165 - botched string concat ? 113960 - [PATCH] Bug fix + enhancement for mysql_setpermission 112693 - mysqlhotcopy of local Fedora DB broken after upgrade from RH9 102190 - specfile contains improper log details in %files 124352 - Cannot drop databases 119442 - CAN-2004-0381 mysqlbug temporary file vulnerability 130348 - CAN-2004-0457 mysqlhotcopy insecure temporary file vulnerability 128852 - database service should start earlier 129409 - linking with 'mysql --libs' doesent seem to work correctly. 133993 - Service mysqld restart 135387 - CAN-2004-0835 MySQL flaws (CAN-2004-0836, CAN-2004-0837, CAN-2004-0957)

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm
3fea570d29c4a66fd5578705fd3a5f08  mysql-3.23.58-2.3.src.rpm

i386:
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm d8d9f29055d4f9ac2bd0c577cf3c9f1a  mysql-bench-3.23.58-2.3.i386.rpm 942437a7d22c99a96ccbc1fe30e01857  mysql-devel-3.23.58-2.3.i386.rpm

ia64:
273e64f3bc444f642cc27e149047e88b  mysql-3.23.58-2.3.ia64.rpm a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm 035537b43e8860f4713bb8ba2f434376  mysql-bench-3.23.58-2.3.ia64.rpm b10cfeaa55f652962f424036f6dd169b  mysql-devel-3.23.58-2.3.ia64.rpm

ppc:
22972cd7c174cd85e0c08cf6232d90c2  mysql-3.23.58-2.3.ppc.rpm 3d2f07341d89c5793f56dc9879b4c4e6  mysql-bench-3.23.58-2.3.ppc.rpm 2a3bb5baaecc6f1101d2a9d2c0f0938b  mysql-devel-3.23.58-2.3.ppc.rpm

ppc64:
552fb60408534cc09ea24f7a141a016b  mysql-3.23.58-2.3.ppc64.rpm

s390:
f47fbbc3e354853485c5424dc22ccc8c  mysql-3.23.58-2.3.s390.rpm 973e0714e31de71c0efad0599941bb7e  mysql-bench-3.23.58-2.3.s390.rpm 6efe72cbdabdde4e2d3db8c24d5e8e24  mysql-devel-3.23.58-2.3.s390.rpm

s390x:
e525bd1a40a1157ff99f79006d8447fe  mysql-3.23.58-2.3.s390x.rpm f47fbbc3e354853485c5424dc22ccc8c  mysql-3.23.58-2.3.s390.rpm 62bc707e3a3a6444e7dad5fd0947249a  mysql-bench-3.23.58-2.3.s390x.rpm a07377d3c15bcbf4a978676036a04d76  mysql-devel-3.23.58-2.3.s390x.rpm

x86_64:
f11ffaa788c38434a7259bccf485b1a0  mysql-3.23.58-2.3.x86_64.rpm a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm 9c20d57a7c724de9cd30a7a8be88fa1e  mysql-bench-3.23.58-2.3.x86_64.rpm
14a7a2b00486de17c287bf90010b7377  mysql-devel-3.23.58-2.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm
3fea570d29c4a66fd5578705fd3a5f08  mysql-3.23.58-2.3.src.rpm

i386:
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm d8d9f29055d4f9ac2bd0c577cf3c9f1a  mysql-bench-3.23.58-2.3.i386.rpm 942437a7d22c99a96ccbc1fe30e01857  mysql-devel-3.23.58-2.3.i386.rpm

x86_64:
f11ffaa788c38434a7259bccf485b1a0  mysql-3.23.58-2.3.x86_64.rpm a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm 9c20d57a7c724de9cd30a7a8be88fa1e  mysql-bench-3.23.58-2.3.x86_64.rpm
14a7a2b00486de17c287bf90010b7377  mysql-devel-3.23.58-2.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm
3fea570d29c4a66fd5578705fd3a5f08  mysql-3.23.58-2.3.src.rpm

i386:
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm d8d9f29055d4f9ac2bd0c577cf3c9f1a  mysql-bench-3.23.58-2.3.i386.rpm 942437a7d22c99a96ccbc1fe30e01857  mysql-devel-3.23.58-2.3.i386.rpm

ia64:
273e64f3bc444f642cc27e149047e88b  mysql-3.23.58-2.3.ia64.rpm a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm 035537b43e8860f4713bb8ba2f434376  mysql-bench-3.23.58-2.3.ia64.rpm b10cfeaa55f652962f424036f6dd169b  mysql-devel-3.23.58-2.3.ia64.rpm

x86_64:
f11ffaa788c38434a7259bccf485b1a0  mysql-3.23.58-2.3.x86_64.rpm a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm 9c20d57a7c724de9cd30a7a8be88fa1e  mysql-bench-3.23.58-2.3.x86_64.rpm
14a7a2b00486de17c287bf90010b7377  mysql-devel-3.23.58-2.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm
3fea570d29c4a66fd5578705fd3a5f08  mysql-3.23.58-2.3.src.rpm

i386:
a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm d8d9f29055d4f9ac2bd0c577cf3c9f1a  mysql-bench-3.23.58-2.3.i386.rpm 942437a7d22c99a96ccbc1fe30e01857  mysql-devel-3.23.58-2.3.i386.rpm

ia64:
273e64f3bc444f642cc27e149047e88b  mysql-3.23.58-2.3.ia64.rpm a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm 035537b43e8860f4713bb8ba2f434376  mysql-bench-3.23.58-2.3.ia64.rpm b10cfeaa55f652962f424036f6dd169b  mysql-devel-3.23.58-2.3.ia64.rpm

x86_64:
f11ffaa788c38434a7259bccf485b1a0  mysql-3.23.58-2.3.x86_64.rpm a5291f0504a64c7640818b554b2ec268  mysql-3.23.58-2.3.i386.rpm 9c20d57a7c724de9cd30a7a8be88fa1e  mysql-bench-3.23.58-2.3.x86_64.rpm
14a7a2b00486de17c287bf90010b7377  mysql-devel-3.23.58-2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdsC+XlSAg2UNWIIRAtqpAKC5PDXwBDy+Se6OgTYSIe4AJtSP5QCeOuAp
dU4BbLANx/21TUx8It8HBsM=
=chW6
- - -----END PGP SIGNATURE-----

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated mysql packages fix security issues and bugs
Advisory ID:       RHSA-2004:597-01
Issue date:        2004-10-20
Updated on:        2004-10-20
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2003:282
CVE Names:         CAN-2004-0381 CAN-2004-0388 CAN-2004-0457 CAN-2004-0835 CAN-2004-0836 CAN-2004-0837 CAN-2004-0957
- - - ---------------------------------------------------------------------

1. Summary:

Updated mysql packages that fix various security issues, as well as a number of bugs, are now available for Red Hat Enterprise Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server.

A number security issues that affect the mysql server have been reported:  

Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT rights of the old table instead of the new one.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0835 to this issue.

Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function.  In order to exploit this issue an attacker would need to force the use of a malicious DNS server (CAN-2004-0836).

Dean Ellis discovered that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION could cause the server to crash or stall (CAN-2004-0837).

Sergei Golubchik discovered that if a user is granted privileges to a database with a name containing an underscore ("_"), the user also gains the ability to grant privileges to other databases with similar names (CAN-2004-0957).

Additionally, the following minor temporary file vulnerabilities were
discovered:
 
- - - - Stan Bubroski and Shaun Colley found a temporary file vulnerability in 
  the mysqlbug script (CAN-2004-0381).
- - - - A temporary file vulnerability was discovered in mysqld_multi  
  (CAN-2004-0388).
- - - - Jeroen van Wolffelaar discovered an temporary file vulnerability in the 
  mysqlhotcopy script when using the scp method (CAN-2004-0457).

All users of mysql should upgrade to these updated packages, which resolve these issues and also include fixes for a number of small bugs.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.  Use Red Hat Network to download and update your packages.  To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

112693 - mysqlhotcopy of local Fedora DB broken after upgrade from RH9 113960 - [PATCH] Bug fix + enhancement for mysql_setpermission 115165 - botched string concat ? 124352 - Cannot drop databases 129409 - linking with 'mysql --libs' doesent seem to work correctly. 130348 - CAN-2004-0457 mysqlhotcopy insecure temporary file vulnerability 135372 - CAN-2004-0835 MySQL flaws (CAN-2004-0836, CAN-2004-0837, CAN-2004-0957)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mysql-3.23.58-1.72.1.src.rpm
1a6ad34678d35aa5c1bfba0ff7290c44  mysql-3.23.58-1.72.1.src.rpm

i386:
a33c7efe12e0a4b0dade197a823a5e42  mysql-3.23.58-1.72.1.i386.rpm 3b0621721b68c67f3d73681c9fbade09  mysql-devel-3.23.58-1.72.1.i386.rpm
63280ad1d2b39d5865a209e2822cec5e  mysql-server-3.23.58-1.72.1.i386.rpm

ia64:
73b97bae08854a6bbd25a8ad0e057666  mysql-3.23.58-1.72.1.ia64.rpm 709aff64529b31c9dc3ade3017509d44  mysql-devel-3.23.58-1.72.1.ia64.rpm
311db47abcc5cc79b094804c5b3912f4  mysql-server-3.23.58-1.72.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mysql-3.23.58-1.72.1.src.rpm
1a6ad34678d35aa5c1bfba0ff7290c44  mysql-3.23.58-1.72.1.src.rpm

ia64:
73b97bae08854a6bbd25a8ad0e057666  mysql-3.23.58-1.72.1.ia64.rpm 709aff64529b31c9dc3ade3017509d44  mysql-devel-3.23.58-1.72.1.ia64.rpm
311db47abcc5cc79b094804c5b3912f4  mysql-server-3.23.58-1.72.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.1.src.rpm
1a6ad34678d35aa5c1bfba0ff7290c44  mysql-3.23.58-1.72.1.src.rpm

i386:
a33c7efe12e0a4b0dade197a823a5e42  mysql-3.23.58-1.72.1.i386.rpm 3b0621721b68c67f3d73681c9fbade09  mysql-devel-3.23.58-1.72.1.i386.rpm
63280ad1d2b39d5865a209e2822cec5e  mysql-server-3.23.58-1.72.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mysql-3.23.58-1.72.1.src.rpm
1a6ad34678d35aa5c1bfba0ff7290c44  mysql-3.23.58-1.72.1.src.rpm

i386:
a33c7efe12e0a4b0dade197a823a5e42  mysql-3.23.58-1.72.1.i386.rpm 3b0621721b68c67f3d73681c9fbade09  mysql-devel-3.23.58-1.72.1.i386.rpm
63280ad1d2b39d5865a209e2822cec5e  mysql-server-3.23.58-1.72.1.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdsDnXlSAg2UNWIIRArmMAJ44yYqEYMrzgkmRFZY7455sPg8W6ACdGITG
9Sw5OczEVx/gi22kQd76hfo=
=Q/TC
- - -----END PGP SIGNATURE-----


Product:                ImageMagick
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
Impact:                 Execute Arbitrary Code/Commands
                        Overwrite Arbitrary Files
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0827 CAN-2003-0455

Ref:                    ESB-2004.0585

Comment: Please note that this bulletin contains two Redhat advisories
         addressing ImageMagick vulnerabilities.
         
         The file overwrite vulnerability is only exploitable by local users.

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated ImageMagick packages fix security vulnerability
Advisory ID:       RHSA-2004:480-01
Issue date:        2004-10-20
Updated on:        2004-10-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0827
- - - ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix a BMP loader vulnerability are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window System.

A heap overflow flaw has been discovered in the ImageMagick image handler. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to this issue.

Users of ImageMagick should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.  Use Red Hat Network to download and update your packages.  To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

130807 - CAN-2004-0827 heap overflow in BMP decoder

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-6.src.rpm
045e0e91f0ed8f8dec140bf3747b4077  ImageMagick-5.5.6-6.src.rpm

i386:
10ce65b271a96aa9936dde261101950f  ImageMagick-5.5.6-6.i386.rpm 77116e9d76af4794f483762d9f20e4ea  ImageMagick-c++-5.5.6-6.i386.rpm 57ec4d864f39319124aec5f5e4b43280  ImageMagick-c++-devel-5.5.6-6.i386.rpm
ae1f3e70590fffb590956d8fdce9bfcc  ImageMagick-devel-5.5.6-6.i386.rpm
9d5f480fdd133748dcddc33a763d490f  ImageMagick-perl-5.5.6-6.i386.rpm

ia64:
e20e8750e25c70bbb816e927f630c267  ImageMagick-5.5.6-6.ia64.rpm 3116fc8ca9bd813065000825ab3a1bad  ImageMagick-c++-5.5.6-6.ia64.rpm b5dc78df650c171dea8e962c79b1efe0  ImageMagick-c++-devel-5.5.6-6.ia64.rpm
f65e3ce07d6b67d238f5a85ab020885f  ImageMagick-devel-5.5.6-6.ia64.rpm
09f10be40bd9a88f7e0ff6d59e34e70f  ImageMagick-perl-5.5.6-6.ia64.rpm

ppc:
46f51cb3c082370bd2f1b9af9415ad7a  ImageMagick-5.5.6-6.ppc.rpm 03f63acc78df42657e6891077d3467f1  ImageMagick-c++-5.5.6-6.ppc.rpm 09fe58f083ffa8e2941202821c0534b5  ImageMagick-c++-devel-5.5.6-6.ppc.rpm
33df253831ce0cd8708afc20f589abbd  ImageMagick-devel-5.5.6-6.ppc.rpm 61477cb1d82fd9079254b995aca7e678  ImageMagick-perl-5.5.6-6.ppc.rpm

s390:
757608ce8939fe166074c93913c7b8a2  ImageMagick-5.5.6-6.s390.rpm af8965782a23f7d484df3293eb214c0d  ImageMagick-c++-5.5.6-6.s390.rpm 00c94923b096cf548592ed6f6f16f745  ImageMagick-c++-devel-5.5.6-6.s390.rpm
c07a76f6457cb277518c17c64d074321  ImageMagick-devel-5.5.6-6.s390.rpm
9faafb72664e87bb2f191fc60fad75b5  ImageMagick-perl-5.5.6-6.s390.rpm

s390x:
55a76a77830de834060f039cc176e4cd  ImageMagick-5.5.6-6.s390x.rpm 8ccdb45d34ff40712ab9f6d0a19fbe86  ImageMagick-c++-5.5.6-6.s390x.rpm e7eb1807788551defe5f50df2763fce1  ImageMagick-c++-devel-5.5.6-6.s390x.rpm
c74e048ac339446226b5f7c6d76b97f5  ImageMagick-devel-5.5.6-6.s390x.rpm
e05b50851348d5c370901e7d2f3d16e4  ImageMagick-perl-5.5.6-6.s390x.rpm

x86_64:
ac2398a57cf51e8a69dd8c5390f59ff9  ImageMagick-5.5.6-6.x86_64.rpm 16d4ae779d2ef69aea9d863725022a21  ImageMagick-c++-5.5.6-6.x86_64.rpm
30c42ec86f195228c268c24001f45c9a  ImageMagick-c++-devel-5.5.6-6.x86_64.rpm
b1f941d2a971a417d858ff32f188bf6c  ImageMagick-devel-5.5.6-6.x86_64.rpm
4dea1aa57f513c5e84c3900d455a4637  ImageMagick-perl-5.5.6-6.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-6.src.rpm
045e0e91f0ed8f8dec140bf3747b4077  ImageMagick-5.5.6-6.src.rpm

i386:
10ce65b271a96aa9936dde261101950f  ImageMagick-5.5.6-6.i386.rpm 77116e9d76af4794f483762d9f20e4ea  ImageMagick-c++-5.5.6-6.i386.rpm 57ec4d864f39319124aec5f5e4b43280  ImageMagick-c++-devel-5.5.6-6.i386.rpm
ae1f3e70590fffb590956d8fdce9bfcc  ImageMagick-devel-5.5.6-6.i386.rpm
9d5f480fdd133748dcddc33a763d490f  ImageMagick-perl-5.5.6-6.i386.rpm

x86_64:
ac2398a57cf51e8a69dd8c5390f59ff9  ImageMagick-5.5.6-6.x86_64.rpm 16d4ae779d2ef69aea9d863725022a21  ImageMagick-c++-5.5.6-6.x86_64.rpm
30c42ec86f195228c268c24001f45c9a  ImageMagick-c++-devel-5.5.6-6.x86_64.rpm
b1f941d2a971a417d858ff32f188bf6c  ImageMagick-devel-5.5.6-6.x86_64.rpm
4dea1aa57f513c5e84c3900d455a4637  ImageMagick-perl-5.5.6-6.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-6.src.rpm
045e0e91f0ed8f8dec140bf3747b4077  ImageMagick-5.5.6-6.src.rpm

i386:
10ce65b271a96aa9936dde261101950f  ImageMagick-5.5.6-6.i386.rpm 77116e9d76af4794f483762d9f20e4ea  ImageMagick-c++-5.5.6-6.i386.rpm 57ec4d864f39319124aec5f5e4b43280  ImageMagick-c++-devel-5.5.6-6.i386.rpm
ae1f3e70590fffb590956d8fdce9bfcc  ImageMagick-devel-5.5.6-6.i386.rpm
9d5f480fdd133748dcddc33a763d490f  ImageMagick-perl-5.5.6-6.i386.rpm

ia64:
e20e8750e25c70bbb816e927f630c267  ImageMagick-5.5.6-6.ia64.rpm 3116fc8ca9bd813065000825ab3a1bad  ImageMagick-c++-5.5.6-6.ia64.rpm b5dc78df650c171dea8e962c79b1efe0  ImageMagick-c++-devel-5.5.6-6.ia64.rpm
f65e3ce07d6b67d238f5a85ab020885f  ImageMagick-devel-5.5.6-6.ia64.rpm
09f10be40bd9a88f7e0ff6d59e34e70f  ImageMagick-perl-5.5.6-6.ia64.rpm

x86_64:
ac2398a57cf51e8a69dd8c5390f59ff9  ImageMagick-5.5.6-6.x86_64.rpm 16d4ae779d2ef69aea9d863725022a21  ImageMagick-c++-5.5.6-6.x86_64.rpm
30c42ec86f195228c268c24001f45c9a  ImageMagick-c++-devel-5.5.6-6.x86_64.rpm
b1f941d2a971a417d858ff32f188bf6c  ImageMagick-devel-5.5.6-6.x86_64.rpm
4dea1aa57f513c5e84c3900d455a4637  ImageMagick-perl-5.5.6-6.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-6.src.rpm
045e0e91f0ed8f8dec140bf3747b4077  ImageMagick-5.5.6-6.src.rpm

i386:
10ce65b271a96aa9936dde261101950f  ImageMagick-5.5.6-6.i386.rpm 77116e9d76af4794f483762d9f20e4ea  ImageMagick-c++-5.5.6-6.i386.rpm 57ec4d864f39319124aec5f5e4b43280  ImageMagick-c++-devel-5.5.6-6.i386.rpm
ae1f3e70590fffb590956d8fdce9bfcc  ImageMagick-devel-5.5.6-6.i386.rpm
9d5f480fdd133748dcddc33a763d490f  ImageMagick-perl-5.5.6-6.i386.rpm

ia64:
e20e8750e25c70bbb816e927f630c267  ImageMagick-5.5.6-6.ia64.rpm 3116fc8ca9bd813065000825ab3a1bad  ImageMagick-c++-5.5.6-6.ia64.rpm b5dc78df650c171dea8e962c79b1efe0  ImageMagick-c++-devel-5.5.6-6.ia64.rpm
f65e3ce07d6b67d238f5a85ab020885f  ImageMagick-devel-5.5.6-6.ia64.rpm
09f10be40bd9a88f7e0ff6d59e34e70f  ImageMagick-perl-5.5.6-6.ia64.rpm

x86_64:
ac2398a57cf51e8a69dd8c5390f59ff9  ImageMagick-5.5.6-6.x86_64.rpm 16d4ae779d2ef69aea9d863725022a21  ImageMagick-c++-5.5.6-6.x86_64.rpm
30c42ec86f195228c268c24001f45c9a  ImageMagick-c++-devel-5.5.6-6.x86_64.rpm
b1f941d2a971a417d858ff32f188bf6c  ImageMagick-devel-5.5.6-6.x86_64.rpm
4dea1aa57f513c5e84c3900d455a4637  ImageMagick-perl-5.5.6-6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdr8XXlSAg2UNWIIRAtD0AJ0RvnAbnrmTTivtpzDU+8puYzfnbQCeIAN0
nu5bnwWe+47VWNkOHdbYgyo=
=KC+k
- - -----END PGP SIGNATURE-----


- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated ImageMagick packages fix security vulnerabilities
Advisory ID:       RHSA-2004:494-01
Issue date:        2004-10-20
Updated on:        2004-10-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2003-0455 CAN-2004-0827
- - - ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix various security vulnerabilities are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window System.

A heap overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted BMP file in such a way that it would cause ImageMagick to execute arbitrary code when processing the image.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to this issue.

A temporary file handling bug has been found in ImageMagick's libmagick library.  A local user could overwrite or create files as a different user if a program was linked with the vulnerable library.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0455 to this issue.

Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.  Use Red Hat Network to download and update your packages.  To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

98827 - CAN-2003-0455 ImageMagick temporary file handling vulnerability 130807 - CAN-2004-0827 heap overflow in BMP decoder

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-5.src.rpm
22738cf864df785a841772511e92e689  ImageMagick-5.3.8-5.src.rpm

i386:
6f2d75c18a23e1dfd8436612760cea77  ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54  ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc  ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58  ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb  ImageMagick-perl-5.3.8-5.i386.rpm

ia64:
13a0333046d8337643de2b338aa157b9  ImageMagick-5.3.8-5.ia64.rpm 163e1753c113703c2b279ab2b6150c9f  ImageMagick-c++-5.3.8-5.ia64.rpm 4f16d62bf35adb7512da4fb1cbc93df7  ImageMagick-c++-devel-5.3.8-5.ia64.rpm
641626cf00da91e4cf321e5b5bde5ff8  ImageMagick-devel-5.3.8-5.ia64.rpm
5ae53b3226e04ca6bb3f4906faafa998  ImageMagick-perl-5.3.8-5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-5.src.rpm
22738cf864df785a841772511e92e689  ImageMagick-5.3.8-5.src.rpm

ia64:
13a0333046d8337643de2b338aa157b9  ImageMagick-5.3.8-5.ia64.rpm 163e1753c113703c2b279ab2b6150c9f  ImageMagick-c++-5.3.8-5.ia64.rpm 4f16d62bf35adb7512da4fb1cbc93df7  ImageMagick-c++-devel-5.3.8-5.ia64.rpm
641626cf00da91e4cf321e5b5bde5ff8  ImageMagick-devel-5.3.8-5.ia64.rpm
5ae53b3226e04ca6bb3f4906faafa998  ImageMagick-perl-5.3.8-5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-5.src.rpm
22738cf864df785a841772511e92e689  ImageMagick-5.3.8-5.src.rpm

i386:
6f2d75c18a23e1dfd8436612760cea77  ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54  ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc  ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58  ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb  ImageMagick-perl-5.3.8-5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-5.src.rpm
22738cf864df785a841772511e92e689  ImageMagick-5.3.8-5.src.rpm

i386:
6f2d75c18a23e1dfd8436612760cea77  ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54  ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc  ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58  ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb  ImageMagick-perl-5.3.8-5.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdr8oXlSAg2UNWIIRAgokAJ0YRjujcb1+SPurBRZwWWa5BwYS7wCfSe5H
gmGlyvxkwsiwgU6aEEoX3fk=
=bta3
- - -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Redhat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQXe54Ipao72zK539AQEoYgP8DcA1R3IoPPFz68QWAJEzG9orgqtF6PcC
djhpDjSs70oCnWm7EBAAHKHirBljvDLHfwgQtzvBoOkYCRJvunZHFY+hWqmClIhU
i7lpdnpyEpRsKVAsekZ2kEfjR3JTMjR/kXrIEm8oFXAfEtTcOQX33ADwBSAcS+XC
MhsdFooj7X8=
=Y4w+
-----END PGP SIGNATURE-----