__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Linux Kernel Vulnerabilities [RHSA-2004:689-06] December 29, 2004 00:00 GMT Number P-081 [REVISED 21 Jan 2005] [REVISED 24 Jan 2005] [REVISED 22 Feb 2005] [REVISED 24 MAR 2006] [REVISED 30 May 2006] ______________________________________________________________________________ PROBLEM: Vulnerabilities in 32bit emulation code, IGMP functionality, scm_send function, ia64 architecture context switch code, and load_elf_binary code were discovered. PLATFORM: Linux Kernel 2.4.x Red Hat Desktop (v.3) & (v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 2.1 and 3) & (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 3.0 alias woody DAMAGE: A local attacker could use the 32bit emulation code vulnerability to gain privileges. Multiple vulnerabilities in IGMP functionality which were backported in Red Hat Enterprise Linux 3 kernels may allow a local attacker to cause a denial of service or gain privileges. A flaw in the scm_send function in the auxiliary message layer may allow an attacker to craft an auxiliary message which could cause a denial of service. A floating point information leak was discovered in the ia64 architecture context switch code which may allow an attacker to read register values of other processes by setting the MFH bit. A flaw in the load-elf-binary affecting kernels prior to 2.4.26 may allow a local attacker to craft a binary in such a way to cause a crash. SOLUTION: Apply the updated packages. ______________________________________________________________________________ VULNERABILITY The risk is Low. The worst of these vulnerabilities may allow a ASSESSMENT: local attacker to gain elevated privileges. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-081.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2004-689.html ADDITIONAL LINKS: Red Hat Security Advisory RHSA-2005-016 https://rhn.redhat.com/errata/RHSA-2005-016.html Red Hat Security Advisory RHSA-2005-017 https://rhn.redhat.com/errata/RHSA-2005-017.html Secunia Advisory SA13972 http://secunia.com/advisories/13972/ ed Hat Security Advisory RHSA-2005-092-14 https://rhn.redhat.com/errata/RHSA-2005-092.html DSA-1017-1 http://www.debian.org/security/2006/dsa-1017 Debian Security Advisory DSA-1082-1 http://www.debian.org/security/2006/dsa-1082 CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-0565 CAN-2004-1016 CAN-2004-1017 CAN-2004-1137 CAN-2004-1144 CAN-2004-1234 ______________________________________________________________________________ REVISION HISTORY: 01/21/2005 - added link to Red Hat Advisories RHSA-2005:016 and 2005:017 that provide updated kernel packages for Enterprise Linux AS, ES, WS (v.2.1) and Linux Advanced Workstation 2.1 for the Itanium Processor. In addition to the vulnerabilities noted in the original bulletin, these bulletins provide fixes for CAN#2005-0003, 2004-1057, and 2004-1335. 01/24/2005 - added a link to Secunia Advisory SA13972. 02/22/2005 - added a link to Red Hat Security Advisory RHSA-2005:092-14 for Red Hat Desktop (v. 4) and Red Hat Enterprise Linux AS, ES, WS (v. 4). 03/24/2006 - added a link to DSA 1017 05/30/2006 - added a link to Debian Security Advisory DSA-1082-1 for Debian GNU/Linux 3.0 alias woody. [***** Start RHSA-2004:689-06 *****] Updated kernel packages fix security vulnerabilities Advisory: RHSA-2004:689-06 Last updated on: 2004-12-23 Affected Products: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3) CVEs (cve.mitre.org): CAN-2004-0565 CAN-2004-1016 CAN-2004-1017 CAN-2004-1137 CAN-2004-1144 CAN-2004-1234 back Security Advisory Details: Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues: Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the Linux 2.4 kernel on the AMD64 architecture. A local attacker could use this flaw to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1144 to this issue. ISEC security research discovered multiple vulnerabilities in the IGMP functionality which was backported in the Red Hat Enterprise Linux 3 kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1137 to this issue. ISEC security research and Georgi Guninski independantly discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1016 to this issue. A floating point information leak was discovered in the ia64 architecture context switch code. A local user could use this flaw to read register values of other processes by setting the MFH bit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0565 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver, and a memory leak in ip_options_get. Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Updated packages: Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: kernel-2.4.21-27.0.1.EL.src.rpm abbf2ea9f5b6cd480eab25b472ed64ba IA-32: kernel-2.4.21-27.0.1.EL.athlon.rpm 1f8c7b25b7fffbc85993ec55905dcc5e kernel-2.4.21-27.0.1.EL.i686.rpm b0a8a21ca61cb102ebbccb3ea815fa8d kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm dbe3ea95f5e93c6d61394cb829dd18d4 kernel-doc-2.4.21-27.0.1.EL.i386.rpm 7f4dd010b194e99a4e8e8cfdec9c2097 kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm abdef53df06ee9af541823ac24261f2d kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm 816e736618c6d05b35c979b2492d6fb8 kernel-smp-2.4.21-27.0.1.EL.athlon.rpm b7ec4b9732b8743940cab2f4853ccae8 kernel-smp-2.4.21-27.0.1.EL.i686.rpm 6bd020027cdb043d747452fadc043ec5 kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm caec8b413e4b0bd3abe885fbde2b2d4c kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm 68ea78ae3d41965edd0cd80cc17ff95e kernel-source-2.4.21-27.0.1.EL.i386.rpm 162ab3a522f8160b09c1629f563a2fc4 kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm f67ab1ac2f5b06c9c0e97d074684974e kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm 7a997263d5c711cc787fe2a9bb4101a3 x86_64: kernel-2.4.21-27.0.1.EL.ia32e.rpm f5b00c38dc3884ecac2e5566c8db7471 kernel-2.4.21-27.0.1.EL.x86_64.rpm b143e2768ecc0b84e5d10987fe76925d kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm 010de9e78951ac60ad2d9b88fb3d4eba kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm d41dff47cc7c3278daf998d447bc5809 kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm e792eaa5735a1852c2f32088fd24378f kernel-source-2.4.21-27.0.1.EL.x86_64.rpm 2271f0c3aec207d30b4c81b386fb64fb kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm 2a0f9f13ef39f254697455fb36af531e kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm e2b329e10ee3a5d254385d49e57e3558 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: kernel-2.4.21-27.0.1.EL.src.rpm abbf2ea9f5b6cd480eab25b472ed64ba IA-32: kernel-2.4.21-27.0.1.EL.athlon.rpm 1f8c7b25b7fffbc85993ec55905dcc5e kernel-2.4.21-27.0.1.EL.i686.rpm b0a8a21ca61cb102ebbccb3ea815fa8d kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm dbe3ea95f5e93c6d61394cb829dd18d4 kernel-doc-2.4.21-27.0.1.EL.i386.rpm 7f4dd010b194e99a4e8e8cfdec9c2097 kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm abdef53df06ee9af541823ac24261f2d kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm 816e736618c6d05b35c979b2492d6fb8 kernel-smp-2.4.21-27.0.1.EL.athlon.rpm b7ec4b9732b8743940cab2f4853ccae8 kernel-smp-2.4.21-27.0.1.EL.i686.rpm 6bd020027cdb043d747452fadc043ec5 kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm caec8b413e4b0bd3abe885fbde2b2d4c kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm 68ea78ae3d41965edd0cd80cc17ff95e kernel-source-2.4.21-27.0.1.EL.i386.rpm 162ab3a522f8160b09c1629f563a2fc4 kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm f67ab1ac2f5b06c9c0e97d074684974e kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm 7a997263d5c711cc787fe2a9bb4101a3 IA-64: kernel-2.4.21-27.0.1.EL.ia64.rpm 5d8f8152c6c9786cda4b12e75fe66221 kernel-doc-2.4.21-27.0.1.EL.ia64.rpm e3b551b4df18eadc40fe6ae7d0d0d013 kernel-source-2.4.21-27.0.1.EL.ia64.rpm f0ede4dc792c5cbbe3d80af6dd4bab07 kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm 51fdf74adca231adebace8f019d8d920 PPC: kernel-2.4.21-27.0.1.EL.ppc64iseries.rpm bc4093dfba89bafa591eaa78ec5f6916 kernel-2.4.21-27.0.1.EL.ppc64pseries.rpm fc6f34a93f682a1273e0ec4375eb0998 kernel-doc-2.4.21-27.0.1.EL.ppc64.rpm 9fad7bb5b55495ddee280d62de15b1dc kernel-source-2.4.21-27.0.1.EL.ppc64.rpm c083c0b8df5ff034f269d8380e6dbad0 kernel-unsupported-2.4.21-27.0.1.EL.ppc64iseries.rpm abb1744cd91a84d40e7f5a016ead294c kernel-unsupported-2.4.21-27.0.1.EL.ppc64pseries.rpm a39c1a6fa61b0295e0f5e3065b0812f6 s390: kernel-2.4.21-27.0.1.EL.s390.rpm 30e5097e6dd66d5c21a99901882f7e9f kernel-doc-2.4.21-27.0.1.EL.s390.rpm d481b85ea42c24a00736ea720ae48c39 kernel-source-2.4.21-27.0.1.EL.s390.rpm 81c880f52af50c26f8a525e114b8b223 kernel-unsupported-2.4.21-27.0.1.EL.s390.rpm 79fd1f5f22ad407138185018ee029750 s390x: kernel-2.4.21-27.0.1.EL.s390x.rpm dfcdfd9650c5a5012ade9ea3afb1c186 kernel-doc-2.4.21-27.0.1.EL.s390x.rpm 66d37169facb8256fdf5f4658d11ac80 kernel-source-2.4.21-27.0.1.EL.s390x.rpm d3f921de093961d3badf8f1da21f4a82 kernel-unsupported-2.4.21-27.0.1.EL.s390x.rpm e7d85997309e95e1f778fd34a069d999 x86_64: kernel-2.4.21-27.0.1.EL.ia32e.rpm f5b00c38dc3884ecac2e5566c8db7471 kernel-2.4.21-27.0.1.EL.x86_64.rpm b143e2768ecc0b84e5d10987fe76925d kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm 010de9e78951ac60ad2d9b88fb3d4eba kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm d41dff47cc7c3278daf998d447bc5809 kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm e792eaa5735a1852c2f32088fd24378f kernel-source-2.4.21-27.0.1.EL.x86_64.rpm 2271f0c3aec207d30b4c81b386fb64fb kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm 2a0f9f13ef39f254697455fb36af531e kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm e2b329e10ee3a5d254385d49e57e3558 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: kernel-2.4.21-27.0.1.EL.src.rpm abbf2ea9f5b6cd480eab25b472ed64ba IA-32: kernel-2.4.21-27.0.1.EL.athlon.rpm 1f8c7b25b7fffbc85993ec55905dcc5e kernel-2.4.21-27.0.1.EL.i686.rpm b0a8a21ca61cb102ebbccb3ea815fa8d kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm dbe3ea95f5e93c6d61394cb829dd18d4 kernel-doc-2.4.21-27.0.1.EL.i386.rpm 7f4dd010b194e99a4e8e8cfdec9c2097 kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm abdef53df06ee9af541823ac24261f2d kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm 816e736618c6d05b35c979b2492d6fb8 kernel-smp-2.4.21-27.0.1.EL.athlon.rpm b7ec4b9732b8743940cab2f4853ccae8 kernel-smp-2.4.21-27.0.1.EL.i686.rpm 6bd020027cdb043d747452fadc043ec5 kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm caec8b413e4b0bd3abe885fbde2b2d4c kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm 68ea78ae3d41965edd0cd80cc17ff95e kernel-source-2.4.21-27.0.1.EL.i386.rpm 162ab3a522f8160b09c1629f563a2fc4 kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm f67ab1ac2f5b06c9c0e97d074684974e kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm 7a997263d5c711cc787fe2a9bb4101a3 IA-64: kernel-2.4.21-27.0.1.EL.ia64.rpm 5d8f8152c6c9786cda4b12e75fe66221 kernel-doc-2.4.21-27.0.1.EL.ia64.rpm e3b551b4df18eadc40fe6ae7d0d0d013 kernel-source-2.4.21-27.0.1.EL.ia64.rpm f0ede4dc792c5cbbe3d80af6dd4bab07 kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm 51fdf74adca231adebace8f019d8d920 x86_64: kernel-2.4.21-27.0.1.EL.ia32e.rpm f5b00c38dc3884ecac2e5566c8db7471 kernel-2.4.21-27.0.1.EL.x86_64.rpm b143e2768ecc0b84e5d10987fe76925d kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm 010de9e78951ac60ad2d9b88fb3d4eba kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm d41dff47cc7c3278daf998d447bc5809 kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm e792eaa5735a1852c2f32088fd24378f kernel-source-2.4.21-27.0.1.EL.x86_64.rpm 2271f0c3aec207d30b4c81b386fb64fb kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm 2a0f9f13ef39f254697455fb36af531e kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm e2b329e10ee3a5d254385d49e57e3558 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: kernel-2.4.21-27.0.1.EL.src.rpm abbf2ea9f5b6cd480eab25b472ed64ba IA-32: kernel-2.4.21-27.0.1.EL.athlon.rpm 1f8c7b25b7fffbc85993ec55905dcc5e kernel-2.4.21-27.0.1.EL.i686.rpm b0a8a21ca61cb102ebbccb3ea815fa8d kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm dbe3ea95f5e93c6d61394cb829dd18d4 kernel-doc-2.4.21-27.0.1.EL.i386.rpm 7f4dd010b194e99a4e8e8cfdec9c2097 kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm abdef53df06ee9af541823ac24261f2d kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm 816e736618c6d05b35c979b2492d6fb8 kernel-smp-2.4.21-27.0.1.EL.athlon.rpm b7ec4b9732b8743940cab2f4853ccae8 kernel-smp-2.4.21-27.0.1.EL.i686.rpm 6bd020027cdb043d747452fadc043ec5 kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm caec8b413e4b0bd3abe885fbde2b2d4c kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm 68ea78ae3d41965edd0cd80cc17ff95e kernel-source-2.4.21-27.0.1.EL.i386.rpm 162ab3a522f8160b09c1629f563a2fc4 kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm f67ab1ac2f5b06c9c0e97d074684974e kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm 7a997263d5c711cc787fe2a9bb4101a3 IA-64: kernel-2.4.21-27.0.1.EL.ia64.rpm 5d8f8152c6c9786cda4b12e75fe66221 kernel-doc-2.4.21-27.0.1.EL.ia64.rpm e3b551b4df18eadc40fe6ae7d0d0d013 kernel-source-2.4.21-27.0.1.EL.ia64.rpm f0ede4dc792c5cbbe3d80af6dd4bab07 kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm 51fdf74adca231adebace8f019d8d920 x86_64: kernel-2.4.21-27.0.1.EL.ia32e.rpm f5b00c38dc3884ecac2e5566c8db7471 kernel-2.4.21-27.0.1.EL.x86_64.rpm b143e2768ecc0b84e5d10987fe76925d kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm 010de9e78951ac60ad2d9b88fb3d4eba kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm d41dff47cc7c3278daf998d447bc5809 kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm e792eaa5735a1852c2f32088fd24378f kernel-source-2.4.21-27.0.1.EL.x86_64.rpm 2271f0c3aec207d30b4c81b386fb64fb kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm 2a0f9f13ef39f254697455fb36af531e kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm e2b329e10ee3a5d254385d49e57e3558 (The unlinked packages above are only available from the Red Hat Network) Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Bugs fixed: (see bugzilla for more information) 124734 - CAN-2004-0565 Information leak on Linux/ia64 126126 - CAN-2004-0565 Information leak on Linux/ia64 142593 - CAN-2004-1017 io_edgeport driver overflows 142729 - CAN-2004-1016 CMSG validation checks 142733 - 20041208 ip_options_get memory leak 142748 - CAN-2004-1137 IGMP flaws 142964 - CAN-2004-1144 x86-64 privilege escalation 142965 - CAN-2004-1234 kernel denial of service vulnerability and exploit References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234 Keywords: errata, kernel, security, taroon [***** End RHSA-2004:689-06 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) P-071: Updated "gd" Packages P-072: Updated ZIP Packages P-073: Updated "libxml" Packages for Versions Prior to 2.6.14 P-074: “newgrp(1)” Local Privilege Escalation p-075: "libkadm5srv" Heap Buffer Overflow P-076: "nfs-utils" Package Vulnerabilities P-077: "paginit" Command Vulnerability P-078: Diag script Vulnerability P-079: "chcod" Command Vulnerability P-080: "lsvpd" Untrusted Path Vulnerability