[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 578/05 - Conectiva - Five Security Announcements



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 578/05 dated 26.07.05  Time: 11:00  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Conectiva - Five Security Announcements:
     1.  Conectiva Security Announcement - apache   [CLA-2005:982]
     2.  Conectiva Security Announcement - dhcpcd   [CLA-2005:983]
     3.  Conectiva Security Announcement - ruby     [CLA-2005:984]
     4.  Conectiva Security Announcement - wget     [CLA-2005:985]
     5.  Conectiva Security Announcement - tcpdump  [CLA-2005:986]


Detail
====== 

Security announcement summaries:

     1.  This announcement fixes two security vulnerabilities in apache

     2.  This announcement fixes a denial of service vulnerability in
         dhcpcd that could be triggered by a remote attacker and cause an
         out-of-bounds memory read.

     3.  This announcement fixes a XMLRPC.iPIMethods vulnerability which
         could allow remote attackers to execute arbitrary commands.

     4.  This announcement fixes a security vulnerability in wget which
         could allow a specially prepared remote web server to overwrite
         certain files.

     5.  This announcement fixes three security vulnerabilities in tcpdump


Security announcement content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- - --------------------------------------------------------------------------

PACKAGE   : apache
SUMMARY   : Fix for security vulnerabilities in apache
DATE      : 2005-07-25 10:23:00
ID        : CLA-2005:982
RELEVANT
RELEASES  : 9, 10

- - -------------------------------------------------------------------------

DESCRIPTION
 Apache[1] is the most popular webserver in use today.
 
 This announcement fixes two security vulnerabilities in apache:
 
 1.CAN-2005-1268
   Fixes a possible crash on printing CRL details when debugging is
 enabled, if configured to use a CRL from a malicious source.
 
 2.CAN-2005-2088
   When acting as an HTTP proxy, apache allows remote attackers to
 poison the web cache, bypass web application firewall protection and
 conduct XSS attacks via an HTTP request with both a
 "Transfer-Encoding: chunked" header and a Content-Length header,
 which causes Apache to incorrectly handle and forward the body of the
 request in a way that causes the receiving server to process it as a
 separate HTTP request.


SOLUTION
 It is recommended that all Apache users upgrade their packages.
 
 IMPORTANT: it is necessary to manually restart the httpd server after
 upgrading the packages. In order to do this, execute the following as
 root:
 
 # service httpd stop
 
 (wait a few seconds and check with "pidof httpd" if there are any
 httpd processes running. On a busy webserver this could take a little
 longer)
 
 # service httpd start
 
 
 REFERENCES
 1.http://apache.httpd.org/
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/apache-2.0.49-61251U10_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-devel-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-doc-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-htpasswd-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-static-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr0-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_auth_ldap-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_dav-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_10cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_10cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFC5OfQ42jd0JmAcZARArfHAJ9ir0KwTfTk8aJpY1S67lB4Bg24BwCePsTb
Eq7Beg2tfu3EAWci9iZvkI8=
=9PFC
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- - --------------------------------------------------------------------------

PACKAGE   : dhcpcd
SUMMARY   : Fix for security vulnerability in dhcpcd
DATE      : 2005-07-25 10:26:00
ID        : CLA-2005:983
RELEVANT
RELEASES  : 9, 10

- - -------------------------------------------------------------------------

DESCRIPTION
 dhcpcd[1] is a widely used dhcp client.
 
 This announcement fixes a denial of service vulnerability[2] in
 dhcpcd that could be triggered by a remote attacker and cause an
 out-of-bounds memory read.


SOLUTION
 It is recommended that all dhcpcd users upgrade their packages.
 
 
 REFERENCES
 1.http://www.phystech.com/download/dhcpcd.html
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/dhcpcd-1.3.22pl4-69034U10_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/dhcpcd-1.3.22pl4-69034U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/dhcpcd-1.3.22pl4-24708U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/dhcpcd-1.3.22pl4-24708U90_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFC5OiY42jd0JmAcZARAsBpAJ4q548RjJB4xwYWi9B++zDzO7b9sgCgoszz
5aBUxaS/l4QKwSXHS7iBLmc=
=b8Lc
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- - --------------------------------------------------------------------------

PACKAGE   : ruby
SUMMARY   : Fix for security vulnerability in ruby
DATE      : 2005-07-25 10:29:00
ID        : CLA-2005:984
RELEVANT
RELEASES  : 10

- - -------------------------------------------------------------------------

DESCRIPTION
 ruby[1] is an object oriented script language.
 
 This announcement fixes a XMLRPC.iPIMethods vulnerability[2] which
 chould allow remote attackers to execute arbitrary commands.


SOLUTION
 It is recommended that all ruby users upgrade their packages.
 
 
 REFERENCES
 1.http://www.ruby-lang.org/
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/ruby-1.8.1-55599U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-1.8.1-55599U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-devel-1.8.1-55599U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-devel-static-1.8.1-55599U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-doc-1.8.1-55599U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-tk-1.8.1-55599U10_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFC5Omp42jd0JmAcZARAle9AJ9TPf+IUct/e0hpNHH0FqxjuSpPygCdGZ9q
6e5iBbHxCWAHJeiSbK/GX3Q=
=vzHD
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- - --------------------------------------------------------------------------

PACKAGE   : wget
SUMMARY   : Fix for security vulnerability in wget
DATE      : 2005-07-25 10:37:00
ID        : CLA-2005:985
RELEVANT
RELEASES  : 9, 10

- - -------------------------------------------------------------------------

DESCRIPTION
 wget[1] is a largely known client for ftp and http protocols.
 
 This announcement fixes a security vulnerability[2] in wget which
 could allow a specially prepared remote web server to overwrite
 certain files via a redirection URL containing a ".." that resolves
 to the IP address of the malicious server, which bypasses wget's
 filtering for ".." sequences.
 
 It also fixes another vulnerability[3] where wget does not filter or
 quote control characters when displaying HTTP responses to the
 terminal, which may allow a specially crafted remote web server to
 inject terminal escape sequences and execute arbitrary code.


SOLUTION
 It is recommended that all wget users upgrade their packages.
 
 
 REFERENCES
 1.http://sunsite.dk/wget
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1487
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1488


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/wget-1.9.1-52156U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-bg-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-ca-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-cs-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-da-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-de-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-el-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-es-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-et-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-fr-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-gl-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-he-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-hr-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-hu-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-it-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-ja-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-nl-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-no-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-pl-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-pt_BR-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-ro-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-ru-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-sk-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-sl-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-sv-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-tr-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-uk-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-zh_CN-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-zh_TW-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/wget-1.8.2-13946U90_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/wget-1.8.2-13946U90_3cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFC5Osw42jd0JmAcZARAoNdAJ9xHESKbnkMvN7Fr1bgmaT3RTMyGwCdFWW4
xxZ10X5r3uDwja9TiE6ynNM=
=uVX+
- -----END PGP SIGNATURE-----




5.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- - --------------------------------------------------------------------------

PACKAGE   : tcpdump
SUMMARY   : Security fixes for tcpdump
DATE      : 2005-07-25 10:40:00
ID        : CLA-2005:986
RELEVANT
RELEASES  : 10

- - -------------------------------------------------------------------------

DESCRIPTION
 Tcpdump[1] is a command-line tool for monitoring network traffic.
 
 This announcement fixes three security vulnerabilities in tcpdump:
 
 1.CAN-2005-1278[2]
   The isis_print function, as called by isoclns_print, in tcpdump
 3.9.1 and earlier allows remote attackers to cause a denial of
 service (infinite loop) via a zero length, as demonstrated using a
 GRE packet.
 
 2.CAN-2005-1279[3]
   tcpdump 3.8.3 and earlier allows remote attackers to cause a denial
 of service (infinite loop) via a specially crafted BGP packet, which
 is not properly handled by RT_ROUTING_INFO, or LDP packet, which is
 not properly handled by the ldp_print function.
 
 3.CAN-2005-1280[4]
   The rsvp_print function in tcpdump 3.9.1 and earlier allows remote
 attackers to cause a denial of service (infinite loop) via a crafted
 RSVP packet of length 4.


SOLUTION
 It is recommended that all tcpdump users upgrade their packages.
 
 
 REFERENCES
 1.http://www.tcpdump.org/
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/tcpdump-3.8.3-56737U10_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/tcpdump-3.8.3-56737U10_2cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFC5Ova42jd0JmAcZARAijlAJ91PlBeVaoOjuwo5Qy4M2g0kts5IgCg1c3S
p/lG4xsnGcDd033q81ec3Rk=
=KLlc
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Conectiva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQuYIwYpao72zK539AQFmCgQAnnjjYVhv2S0CDTz6FLULlYzwN88GO0mx
wJyjmFhNTMRFOoT5eDbmCDea1LBDW6i8hBn4sW2bMkPv1e7yYqOIPDqFHDY3dNoB
GZQeNDL1ZnlJerc2pvQE1apmWtIO0HGiLRJFwIxSTCr349hrCvJBiwZS/3Yd2Icp
RHFbuJZcIy4=
=uB3n
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________