[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ezmlm warning



Hi! This is the ezmlm program. I'm managing the
interim@xxxxxxxxxxxxxxxxxx mailing list.

I'm working for my owner, who can be reached
at interim-owner@xxxxxxxxxxxxxxxxxxx


Messages to you from the interim mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.

If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the interim mailing list,
without further notice.


I've kept a list of which messages from the interim mailing list have 
bounced from your address.

Copies of these messages may be in the archive.

To retrieve a set of messages 123-145 (a maximum of 100 per request),
send an empty message to:
   <interim-get.123_145@xxxxxxxxxxxxxxxxxx>

To receive a subject and author list for the last 100 or so messages,
send an empty message to:
   <interim-index@xxxxxxxxxxxxxxxxxx>

Here are the message numbers:

   1716
   1714
   1724
   1721
   1717
   1727
   1715
   1722
   1723
   1725
   1720
   1718
   1713
   1719
   1712
   1726
   1728

--- Enclosed is a copy of the bounce message I received.

Return-Path: <>
Received: (qmail 4809 invoked from network); 13 Aug 2005 07:27:00 -0000
Received: from mail.cert.uni-stuttgart.de (HELO login-ng.cert.uni-stuttgart.de) (141.58.88.52)
  by mail2.niscc.gov.uk with SMTP; 13 Aug 2005 07:27:00 -0000
Received: from Debian-exim by login-ng.cert.uni-stuttgart.de with local (Exim 4.52)
	id 1E3qNg-0002LC-Ax
	for interim-return-1716-UNIRAS=archive.cert.uni-stuttgart.de@xxxxxxxxxxxxxxxxxx; Sat, 13 Aug 2005 09:24:36 +0200
X-Failed-Recipients: UNIRAS@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Auto-Submitted: auto-generated
From: Mail Delivery System <Mailer-Daemon@xxxxxxxxxxxxxxxxxxxxx>
To: interim-return-1716-UNIRAS=archive.cert.uni-stuttgart.de@xxxxxxxxxxxxxxxxxx
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1E3qNg-0002LC-Ax@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 13 Aug 2005 09:24:36 +0200

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  UNIRAS@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    retry time not reached for any host after a long failure period

------ This is a copy of the message, including all the headers. ------

Return-path: <interim-return-1716-UNIRAS=archive.cert.uni-stuttgart.de@xxxxxxxxxxxxxxxxxx>
Received: from mx.cert.uni-stuttgart.de ([141.58.89.34])
	by login-ng.cert.uni-stuttgart.de with esmtp (Exim 4.52)
	id 1E3AKu-0007pa-Ci
	for UNIRAS@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx; Thu, 11 Aug 2005 12:30:56 +0200
Received: from Debian-exim by mx.zendas.de with spam-scanned (Exim 4.52)
	id 1E3AMG-0000CI-Np
	for UNIRAS@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx; Thu, 11 Aug 2005 12:32:21 +0200
Received: from mail2.niscc.gov.uk ([194.61.191.101]:51099 helo=lists.niscc.gov.uk)
	by mx.zendas.de with smtp (Exim 4.52)
	id 1E3AMG-0000CF-Fw
	for UNIRAS@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx; Thu, 11 Aug 2005 12:32:20 +0200
Received: (qmail 24164 invoked by alias); 11 Aug 2005 10:32:53 -0000
Mailing-List: contact interim-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Post: <mailto:interim@xxxxxxxxxxxxxxxxxx>
List-Help: <mailto:interim-help@xxxxxxxxxxxxxxxxxx>
List-Unsubscribe: <mailto:interim-unsubscribe@xxxxxxxxxxxxxxxxxx>
List-Subscribe: <mailto:interim-subscribe@xxxxxxxxxxxxxxxxxx>
Delivered-To: mailing list interim@xxxxxxxxxxxxxxxxxx
Delivered-To: moderator for interim@xxxxxxxxxxxxxxxxxx
Received: (qmail 24129 invoked from network); 11 Aug 2005 10:29:26 -0000
X-VirusChecked: Checked
X-Env-Sender: uniras@xxxxxxxxxxxx
X-Msg-Ref: server-5.tower-78.messagelabs.com!1123756021!31441464!1
X-StarScan-Version: 5.4.15; banners=niscc.gov.uk,-,niscc.gov.uk
X-Originating-IP: [194.61.184.100]
X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG
Reply-To: <uniras@xxxxxxxxxxxx>
From: "UNIRAS \(HM Govt CERT\)" <uniras@xxxxxxxxxxxx>
To: <uniras@xxxxxxxxxxxx>
Cc: <interim@xxxxxxxxxxxxxxxxxx>
Subject: UNIRAS Brief - 618/05 - Mandriva - Two Security Update Advisories
Date: Thu, 11 Aug 2005 11:27:00 +0100
Organization: NISCC
Message-ID: <00f201c59e5f$35a0cea0$0801a8c0@xxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Importance: Normal
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mx
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=0.8 tests=none autolearn=failed 
	version=3.0.4

 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 618/05 dated 11.08.05  Time: 11:26  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Mandriva - Two Security Update Advisories:
     1.  Updated heartbeat packages fix temporary file vulnerabilities [MDKSA-2005:132]
     2.  Updated netpbm packages fix temporary file vulnerabilities    [MDKSA-2005:133]


Detail
====== 

Security update advisory summaries:

     1.  It has been discovered that Heartbeat would create temporary files with
         predictable filenames.  This could allow a local attacker to create
         symbolic links in the temporary file directory pointing to a valid file
         on the filesystem which could lead to the file being overwritten by the
         rights of the user running the vulnerable script.

     2.  It has been discovered that pstopnm, a part of the netpbm graphics
         utility suite, would call the GhostScript interpreter on untrusted
         PostScript files without using the -dSAFER option when converting a
         PostScript file into a PBM, PGM, or PNM file.  This could result in
         the execution of arbitrary commands with the privileges of the user
         running pstopnm if they could be convinced to try to convert a
         malicious PostScript file.


Security update advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           heartbeat
 Advisory ID:            MDKSA-2005:132
 Date:                   August 9th, 2005

 Affected versions:	 Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Eric Romang discovered that Heartbeat would create temporary files with
 predictable filenames.  This could allow a local attacker to create
 symbolic links in the temporary file directory pointing to a valid file
 on the filesystem which could lead to the file being overwritten by the
 rights of the user running the vulnerable script.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2231
 ______________________________________________________________________

 Updated Packages:
  
 Corporate 3.0:
 988b71b1018f73f77a94f9ac4d736ad1  corporate/3.0/RPMS/heartbeat-1.2.3-2.1.C30mdk.i586.rpm
 6afa9bcec600cba453e97cfb8910eb66  corporate/3.0/RPMS/heartbeat-ldirectord-1.2.3-2.1.C30mdk.i586.rpm
 02d4854a8683c467debb9a56a44123ac  corporate/3.0/RPMS/heartbeat-pils-1.2.3-2.1.C30mdk.i586.rpm
 23618a86f47b4289e9c85732569cfc1b  corporate/3.0/RPMS/heartbeat-stonith-1.2.3-2.1.C30mdk.i586.rpm
 c515a12308e088d3aa322de379040d0a  corporate/3.0/RPMS/libheartbeat-pils0-1.2.3-2.1.C30mdk.i586.rpm
 cd30d48b40ed4d9c4e2e86d6fcb0d9c9  corporate/3.0/RPMS/libheartbeat-pils0-devel-1.2.3-2.1.C30mdk.i586.rpm
 cf2081419d50b42044a69de786b3e059  corporate/3.0/RPMS/libheartbeat-stonith0-1.2.3-2.1.C30mdk.i586.rpm
 f2cef6941e6d635f1f21fe651e9646b4  corporate/3.0/RPMS/libheartbeat-stonith0-devel-1.2.3-2.1.C30mdk.i586.rpm
 6da3d9489adc023b552116324c70f35a  corporate/3.0/RPMS/libheartbeat0-1.2.3-2.1.C30mdk.i586.rpm
 67f33aac7c08767c5b2df9fb71ad64aa  corporate/3.0/RPMS/libheartbeat0-devel-1.2.3-2.1.C30mdk.i586.rpm
 0f9dc2960afa29d70f57aff6573a0559  corporate/3.0/SRPMS/heartbeat-1.2.3-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1c1a953510c8d5a82c9d5774c12b915a  x86_64/corporate/3.0/RPMS/heartbeat-1.2.3-2.1.C30mdk.x86_64.rpm
 7c9f07341f2d7e9e68df078365c05334  x86_64/corporate/3.0/RPMS/heartbeat-ldirectord-1.2.3-2.1.C30mdk.x86_64.rpm
 5cc9ef2dbf09da3b5bad12387b9d94a0  x86_64/corporate/3.0/RPMS/heartbeat-pils-1.2.3-2.1.C30mdk.x86_64.rpm
 972307d2bdf4396e2df0b4fd0c3f8007  x86_64/corporate/3.0/RPMS/heartbeat-stonith-1.2.3-2.1.C30mdk.x86_64.rpm
 d2287fd3e7d1ce3cbabc8331f9f8bfea  x86_64/corporate/3.0/RPMS/lib64heartbeat-pils0-1.2.3-2.1.C30mdk.x86_64.rpm
 5e523b3319eb3519420b9f651f6c5c01  x86_64/corporate/3.0/RPMS/lib64heartbeat-pils0-devel-1.2.3-2.1.C30mdk.x86_64.rpm
 e3276d0abb8c2c79287fe50bf6934a8a  x86_64/corporate/3.0/RPMS/lib64heartbeat-stonith0-1.2.3-2.1.C30mdk.x86_64.rpm
 c636cc202c0ffdb8132bcfbb5d2ed142  x86_64/corporate/3.0/RPMS/lib64heartbeat-stonith0-devel-1.2.3-2.1.C30mdk.x86_64.rpm
 de2a839582b402dd63d9b435a956c103  x86_64/corporate/3.0/RPMS/lib64heartbeat0-1.2.3-2.1.C30mdk.x86_64.rpm
 e05f6de07919d8dc994a83951ebf0794  x86_64/corporate/3.0/RPMS/lib64heartbeat0-devel-1.2.3-2.1.C30mdk.x86_64.rpm
 0f9dc2960afa29d70f57aff6573a0559  x86_64/corporate/3.0/SRPMS/heartbeat-1.2.3-2.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+lKZmqjQ0CJFipgRAiCRAKCEiLCa1CtuxcbWTjlTXtITcgsqJwCgl7Qp
Inpxe+m9REv2u+kqZLGQIT8=
=G34L
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           netpbm
 Advisory ID:            MDKSA-2005:133
 Date:                   August 9th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Max Vozeler discovered that pstopnm, a part of the netpbm graphics
 utility suite, would call the GhostScript interpreter on untrusted
 PostScript files without using the -dSAFER option when converting a
 PostScript file into a PBM, PGM, or PNM file.  This could result in
 the execution of arbitrary commands with the privileges of the user
 running pstopnm if they could be convinced to try to convert a
 malicious PostScript file.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2471
  http://secunia.com/advisories/16184/
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 7bb710a56342cc78170bb74b37f512b0  10.0/RPMS/libnetpbm9-9.24-8.2.100mdk.i586.rpm
 7f820a3e8fcfaa705c0164cfd1b7a5c0  10.0/RPMS/libnetpbm9-devel-9.24-8.2.100mdk.i586.rpm
 3de55337645f009ed8e951b3e97b9507  10.0/RPMS/libnetpbm9-static-devel-9.24-8.2.100mdk.i586.rpm
 d32febe43b6b19ca7a3189b41de6d53c  10.0/RPMS/netpbm-9.24-8.2.100mdk.i586.rpm
 7d2bdf5636955adc39bfe13c4c581858  10.0/SRPMS/netpbm-9.24-8.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 04a7546fef5edfa604cdfd1e3dff1bc2  amd64/10.0/RPMS/lib64netpbm9-9.24-8.2.100mdk.amd64.rpm
 f89f7f330ecb8dd8e9a536afdcfb56f0  amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.2.100mdk.amd64.rpm
 0401393af2d5b3a933b487a1e00e3e43  amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.2.100mdk.amd64.rpm
 2400c52abc020a3ac9883bc02dc77f36  amd64/10.0/RPMS/netpbm-9.24-8.2.100mdk.amd64.rpm
 7d2bdf5636955adc39bfe13c4c581858  amd64/10.0/SRPMS/netpbm-9.24-8.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 0c7ca6675e4a1502dc450d8b31076753  10.1/RPMS/libnetpbm9-9.24-8.1.101mdk.i586.rpm
 ac327d0433d6c672e382a2c1f4dc8667  10.1/RPMS/libnetpbm9-devel-9.24-8.1.101mdk.i586.rpm
 dee01cf52709fbbc65f3a0c21d4573d9  10.1/RPMS/libnetpbm9-static-devel-9.24-8.1.101mdk.i586.rpm
 6c9bedecf233accd53f123f3c2a26aec  10.1/RPMS/netpbm-9.24-8.1.101mdk.i586.rpm
 8722f08f1813fb796d7b5fa8576f6045  10.1/SRPMS/netpbm-9.24-8.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 9b99ec325088181a931983f622c7649f  x86_64/10.1/RPMS/lib64netpbm9-9.24-8.1.101mdk.x86_64.rpm
 119d4f558fddb4bafee84dc5da3f0c8a  x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.1.101mdk.x86_64.rpm
 13e9911031dc3d8b23da2157451f89a8  x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.1.101mdk.x86_64.rpm
 6637e848b29abe54142155f66ac79fb9  x86_64/10.1/RPMS/netpbm-9.24-8.1.101mdk.x86_64.rpm
 8722f08f1813fb796d7b5fa8576f6045  x86_64/10.1/SRPMS/netpbm-9.24-8.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 4db608229fad2d6014ea506ad775e9f8  10.2/RPMS/libnetpbm10-10.26-2.1.102mdk.i586.rpm
 4fd7e7857c692209d4c94a8a5ebe84cc  10.2/RPMS/libnetpbm10-devel-10.26-2.1.102mdk.i586.rpm
 4521de30a4e9ee995200ae0c1443132b  10.2/RPMS/libnetpbm10-static-devel-10.26-2.1.102mdk.i586.rpm
 a3b5efc89e18489ef2cd181b20a1dc1b  10.2/RPMS/netpbm-10.26-2.1.102mdk.i586.rpm
 52d2d1a460d07b33fbe7f6204d1cf51f  10.2/SRPMS/netpbm-10.26-2.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 37912f8c31bd31b979bfdb69ad357837  x86_64/10.2/RPMS/lib64netpbm10-10.26-2.1.102mdk.x86_64.rpm
 928a397b673e96ed0fecdd62878aef84  x86_64/10.2/RPMS/lib64netpbm10-devel-10.26-2.1.102mdk.x86_64.rpm
 b74c96495461b1406af317e91932500e  x86_64/10.2/RPMS/lib64netpbm10-static-devel-10.26-2.1.102mdk.x86_64.rpm
 30ae5cd7a9e65594e30cf876f352fda6  x86_64/10.2/RPMS/netpbm-10.26-2.1.102mdk.x86_64.rpm
 52d2d1a460d07b33fbe7f6204d1cf51f  x86_64/10.2/SRPMS/netpbm-10.26-2.1.102mdk.src.rpm

 Corporate Server 2.1:
 f42bccdec9b6f8a432191730b85d186c  corporate/2.1/RPMS/libnetpbm9-9.24-4.4.C21mdk.i586.rpm
 3e877555a0533572d788a4d47694bccd  corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.4.C21mdk.i586.rpm
 57dcadc0b0d94243894bccdaf17acf8a  corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.4.C21mdk.i586.rpm
 1fa1e01964db5302ddc773c2be67ca6b  corporate/2.1/RPMS/netpbm-9.24-4.4.C21mdk.i586.rpm
 511aeb9ce3bdb6429e8a8ce06b873b6b  corporate/2.1/SRPMS/netpbm-9.24-4.4.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 6dfd39d7a3b0db15b273b2b7b7db01c4  x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.4.C21mdk.x86_64.rpm
 50c24455f7b43e1f7fe7581a12655c39  x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.4.C21mdk.x86_64.rpm
 b947dcdb4226298cb90c644cce9dbd4c  x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.4.C21mdk.x86_64.rpm
 e1ace7d529c4adc3cc4e64d116467e0b  x86_64/corporate/2.1/RPMS/netpbm-9.24-4.4.C21mdk.x86_64.rpm
 511aeb9ce3bdb6429e8a8ce06b873b6b  x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.4.C21mdk.src.rpm

 Corporate 3.0:
 b086f97cc2bad2023fd2446135e00def  corporate/3.0/RPMS/libnetpbm9-9.24-8.2.C30mdk.i586.rpm
 768f2b273391c3cb4d39790ac91b40c4  corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.2.C30mdk.i586.rpm
 7f6eb96aef5065be7370f1954b252dee  corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.2.C30mdk.i586.rpm
 1b2c5cb64efceac8a39d1d84aa362f2d  corporate/3.0/RPMS/netpbm-9.24-8.2.C30mdk.i586.rpm
 435e2548bed0da6bc4519910e3bae83f  corporate/3.0/SRPMS/netpbm-9.24-8.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c6fcd7a90094eeae7e67ee56d71d3e22  x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.2.C30mdk.x86_64.rpm
 a8d06987e1aacb0c9ab174082bc024a0  x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.2.C30mdk.x86_64.rpm
 2653e371af14609096eb2ed9ef7e5963  x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.2.C30mdk.x86_64.rpm
 7b93e604b00f197a77e49fe94a3cd612  x86_64/corporate/3.0/RPMS/netpbm-9.24-8.2.C30mdk.x86_64.rpm
 435e2548bed0da6bc4519910e3bae83f  x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+lMPmqjQ0CJFipgRAkreAJ4kAZA+Mh+k65v3cr5ZUpDVun4QYwCdF6NJ
ooCqglOMXw6xMoN8W8h8m9g=
=tJMw
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQvsn7Ipao72zK539AQFU3QQAirxe0lk3Ul2efI9UmYCwl2zVA4lscAXS
TQz9nGyyVA+pUfEe9Z9kYv9UU6zpK8B05p2ppwjB9ypS9oJEvCCgmLTsexEVYUTJ
ifsKFy/GwTA5IsPuipvw+HkeydEX9ZDDm2Yvs4cKWMluqlK860n6SLYY9UhXyQ/W
xwzF8pOjPsc=
=puuA
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________