[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 768/06 - Four Debian Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 UNIRAS (UK Government CERT) Briefing - 768/06 dated 21.11.06 time 14:15
 UNIRAS is part of NISCC (the UK National Infrastructure Security
 Co-ordination Centre)
______________________________________________________________________________

 UNIRAS material is available from the NISCC website at www.niscc.gov.uk
______________________________________________________________________________

Title
=====

Four Debian Security Advisories:

1. DSA 1214-1 - New gv packages fix arbitrary code execution

2. DSA 1215-1 - New xine-lib packages fix execution of arbitrary code

3. DSA 1216-1 - New flexbackup packages fix denial of service

4. DSA 1217-1 - New linux-ftpd packages fix access control bypass

Detail
======

1. Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X,
performs insufficient boundary checks in the Postscript parsing code,
which allows the execution of arbitrary code through a buffer overflow.

2. Several remote vulnerabilities have been discovered in the Xine multimedia
library, which may lead to the execution of arbitrary code.

3. Eric Romang discovered that the flexbackup backup tool creates temporary
files in an insecure manner, which allows denial of service through a
symlink attack.

4. Paul Szabo discovered that the netkit ftp server switches the user id too
late, which may lead to the bypass of access restrictions when running
on NFS. This update also adds return value checks to setuid() calls, which
may fail in some PAM configurations.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1214-1                    security@xxxxxxxxxx
http://www.debian.org/security/                         Moritz Muehlenhoff
November 20th, 2006                     http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : gv
Vulnerability  : buffer overflow
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-5864
Debian Bug     : 398292

Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X,
performs insufficient boundary checks in the Postscript parsing code,
which allows the execution of arbitrary code through a buffer overflow.

For the stable distribution (sarge) this problem has been fixed in
version 3.6.1-10sarge1.

For the upcoming stable distribution (etch) this problem has been
fixed in version 3.6.2-2.

For the unstable distribution (sid) this problem has been fixed in
version 3.6.2-2.

We recommend that you upgrade your gv package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1.dsc
      Size/MD5 checksum:      562 a6882dd7ad872c388de651464046bff1
    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1.diff.gz
      Size/MD5 checksum:    30773 0b08b9588e0a4d58e6a13ef3f857a8ba
    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1.orig.tar.gz
      Size/MD5 checksum:   453921 ace080d647b70f46fca7946e9543b79e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_alpha.deb
      Size/MD5 checksum:   204990 cf6a9a52c90e53226eb62ce0f0d02a44

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_amd64.deb
      Size/MD5 checksum:   178114 3f878b28ab56953616cfa7819c6208d8

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_arm.deb
      Size/MD5 checksum:   171660 7f395714932a4fa16547b69887060a75

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_hppa.deb
      Size/MD5 checksum:   183576 ff1d8233c688b444990ab658ad0adb7a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_i386.deb
      Size/MD5 checksum:   169100 46ed76270774df9900d24b96b0f29474

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_ia64.deb
      Size/MD5 checksum:   236388 468fe6518efd6064a76cc9796f99463d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_m68k.deb
      Size/MD5 checksum:   152714 0518e0f6514317ae178bee63ac317b56

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_mips.deb
      Size/MD5 checksum:   188450 64fbd5940f027516477cad9ac43150b6

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_mipsel.deb
      Size/MD5 checksum:   187810 68fc3c4ecafea90c976aef7c680e9d62

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_powerpc.deb
      Size/MD5 checksum:   178918 6c315fbf5b3b9523afc02cbf4425cae8

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_s390.deb
      Size/MD5 checksum:   176388 b04e21f014181006e2a94704e034d5ac

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge1_sparc.deb
      Size/MD5 checksum:   166532 23225642be076f7be8de287e00bb5735

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFYg6EXm3vHE4uyloRAi7XAJ0XHPaLKrC26DYW9cRR+RmHxT7EawCdGKp/
q8tIouCIS2hZ3yE7x2O2Fy8=
=sj31
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1215-1                    security@xxxxxxxxxx
http://www.debian.org/security/                         Moritz Muehlenhoff
November 20th, 2006                     http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : xine-lib
Vulnerability  : several
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-4799 CVE-2006-4800
Debian Bug     : 369876

Several remote vulnerabilities have been discovered in the Xine multimedia
library, which may lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4799

    The XFocus Security Team discovered that insufficient validiation of
    AVI headers may lead to the execution of arbitrary code.

CVE-2006-4800

    Michael Niedermayer discovered that a buffer overflow in the 4XM
    codec may lead to the execution of arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 1.0.1-1sarge4.

For the upcoming stable distribution (etch) these problems have been
fixed in version 1.1.2-1.

For the unstable distribution (sid) these problems have been fixed in
version 1.1.2-1.

We recommend that you upgrade your xine-lib packages.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge4.dsc
      Size/MD5 checksum:     1059 496e1580534533de51ecd73dcc6f7605
    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge4.diff.gz
      Size/MD5 checksum:     3865 e9563d5086e17144d6fdce8399294ae9
    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5 checksum:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_alpha.deb
      Size/MD5 checksum:   107706 a8f2dc8666d43197a6d8d86ee35a6e2a
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_alpha.deb
      Size/MD5 checksum:  4829532 720dbca316a59d5678c09040c3011f72

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_amd64.deb
      Size/MD5 checksum:   107702 f46c34fbf3cb15e7c1051a76c0bf65e8
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_amd64.deb
      Size/MD5 checksum:  3933472 82a89fe04e3489369e027f844da02feb

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_arm.deb
      Size/MD5 checksum:   107754 76a45e29adc3c5e3ac91a220fe45f308
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_arm.deb
      Size/MD5 checksum:  3878388 43c26b48bbff755078874cd54064366a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_hppa.deb
      Size/MD5 checksum:   107724 c300f6415f7cdb6619695fe2bb4680ff
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_hppa.deb
      Size/MD5 checksum:  3600746 197ab4dedf46e005bfcfeb88ecab6e41

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_i386.deb
      Size/MD5 checksum:   107696 7452c8c07920488d4efae39eaffb3bc8
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_i386.deb
      Size/MD5 checksum:  4205940 e39f804fcbb15e2e64532cc3c253267e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_ia64.deb
      Size/MD5 checksum:   107700 1e1c7b93ed294053c8ba7f666c87750d
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_ia64.deb
      Size/MD5 checksum:  5620774 3b512d328b7d157ab482758513abbd64

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_m68k.deb
      Size/MD5 checksum:   107778 31ca7042eea32fd97c6b97b219e1979c
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_m68k.deb
      Size/MD5 checksum:  3175204 73634beda9c164a8a355fe0053265a5a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_mips.deb
      Size/MD5 checksum:   107722 46920b95ec15787ada1a9d7252a7c929
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_mips.deb
      Size/MD5 checksum:  4066764 0d4f7ae3ae5e2d034d3a551c85c40760

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_mipsel.deb
      Size/MD5 checksum:   107718 813f51bd63594d4a2ff6396b74147df2
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_mipsel.deb
      Size/MD5 checksum:  4125516 05bb286bd083dc62bd2de7d43af354b8

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_powerpc.deb
      Size/MD5 checksum:   107728 7a8df7a817e5461f350f23655faf2613
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_powerpc.deb
      Size/MD5 checksum:  4305600 3a874f3e7d1dec9b81be31576f505f0a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_s390.deb
      Size/MD5 checksum:   107712 882da791cc78e7005e5ddcb5d26ab34e
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_s390.deb
      Size/MD5 checksum:  3880732 5cc6cb2f0ccc3d6640099e6a78db2d28

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_sparc.deb
      Size/MD5 checksum:   107726 36cf39714e6b9848d9d21dae4a8306e9
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_sparc.deb
      Size/MD5 checksum:  4360636 0c0d702507cb1c2e43a1cfe7864ab22e


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFYhGjXm3vHE4uyloRAkJ2AKDFLnNOowHeR2ghcTw8rxe+jyQ8zQCg29Ms
sarQ/j0Dk5j+VmokhqUZGUY=
=CZKL
- -----END PGP SIGNATURE-----



3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1216-1                    security@xxxxxxxxxx
http://www.debian.org/security/                         Moritz Muehlenhoff
November 20th, 2006                     http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : flexbackup
Vulnerability  : insecure temporary file
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2006-4802
Debian Bug     : 334350

Eric Romang discovered that the flexbackup backup tool creates temporary
files in an insecure manner, which allows denial of service through a
symlink attack.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.1-2sarge1

For the upcoming stable distribution (etch) this problem has been
fixed in version 1.2.1-3.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.1-3.

We recommend that you upgrade your flexbackup package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.dsc
      Size/MD5 checksum:      587 06539319d0534272e216306562677723
    http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.diff.gz
      Size/MD5 checksum:     3546 3365f545bd49464f4e58bacc503f8b28
    http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1.orig.tar.gz
      Size/MD5 checksum:    80158 4955c89dbee354248f354a9bf0a480dd

  Architecture independent components:

    http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1_all.deb
      Size/MD5 checksum:    75836 240f8792a65a0d80b8ef85d4343a4827

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFYhMIXm3vHE4uyloRAjjTAKDCnxcy1cKXf1yBEbVCIyc3JANyMQCgz8JD
pz5K4X1ok9uom1/tmGPBFoU=
=WJOD
- -----END PGP SIGNATURE-----



4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1217-1                    security@xxxxxxxxxx
http://www.debian.org/security/                         Moritz Muehlenhoff
November 20th, 2006                     http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : linux-ftpd
Vulnerability  : programming error
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-5778
Debian Bug     : 384454

Paul Szabo discovered that the netkit ftp server switches the user id too
late, which may lead to the bypass of access restrictions when running
on NFS. This update also adds return value checks to setuid() calls, which
may fail in some PAM configurations.

For the stable distribution (sarge) this problem has been fixed in
version 0.17-20sarge2.

For the upcoming stable distribution (etch) this problem has been
fixed in version 0.17-22.

For the unstable distribution (sid) this problem has been fixed in
version 0.17-22.

We recommend that you upgrade your ftpd package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.dsc
      Size/MD5 checksum:      610 371222af9e3f445d8b1a0622f3a70382
    http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.diff.gz
      Size/MD5 checksum:    16034 3848d3d15b78aa4dd17b0e09c64b15a8
    http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17.orig.tar.gz
      Size/MD5 checksum:    46763 f5f491564812db5d8783daa538c49186

  Alpha architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_alpha.deb
      Size/MD5 checksum:    49118 caeecd835e084796f921fd1941fc8912

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_amd64.deb
      Size/MD5 checksum:    44858 bb6746d34dac3b9304dae0551c6355f4

  ARM architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_arm.deb
      Size/MD5 checksum:    44090 baa6dc258bbba352aad5d59bbc03f87b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_hppa.deb
      Size/MD5 checksum:    47430 d856102807f47f8dac3a0b383c1149b4

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_i386.deb
      Size/MD5 checksum:    43310 10ce0c8367e83b1ce1419b244753dcc0

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_ia64.deb
      Size/MD5 checksum:    57366 2121d4017c33f4968230011b27d56bfc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_m68k.deb
      Size/MD5 checksum:    40914 81af10a14af21fa4a73a97d4b7581cba

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_mips.deb
      Size/MD5 checksum:    46802 ef336e8a944121be9974ae72d6ee5ae8

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_mipsel.deb
      Size/MD5 checksum:    46746 05aa9e2e9c127110d09f345e2a6367d1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_powerpc.deb
      Size/MD5 checksum:    46712 6932bbad8b6852a3776b40196d28dee1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_s390.deb
      Size/MD5 checksum:    45992 a0b2bad9c6b04889be2c7b87840769c6

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_sparc.deb
      Size/MD5 checksum:    43366 a92a7561358f005be3ff58c73a4c4b7b

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFYhY1Xm3vHE4uyloRAiLjAJ96HUpkwdfPSo3x6rS6tC4D/S07GACg2EwU
8VIZXUcpi47z+WMwzqNqCcg=
=x+ku
- -----END PGP SIGNATURE-----



______________________________________________________________________________

NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
______________________________________________________________________________

For additional information or assistance, please contact our help desk
by telephone.  You may send Not Protectively Marked information via
e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

______________________________________________________________________________

UNIRAS wishes to acknowledge the contributions of Debian for the
information contained in this briefing.
______________________________________________________________________________

This notice contains information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the site of the original source to ensure that you receive the most
current information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this
notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response
Teams (IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
______________________________________________________________________________

<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRWMIAWl7oeQsXfKvEQLyxACffqImGqJlELWNWlAFdQ5WDfZIVw8AoOOC
/3zJEEfxgP+0HplPx9YOLtcu
=MBri
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________