__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN MySQL Security Update [Red Hat Advisory RHSA-2005:334-07] March 29, 2005 22:00 GMT Number P-164 [REVISED 05 Apr 2005] [REVISED 13 Apr 2005] [REVISED 15 Jun 2005] [REVISED 12 Aug 2005] ______________________________________________________________________________ PROBLEM: Several vulnerabilities were found in MySQL. PLATFORM: Red Hat Desktop (v.3 and v.4) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v.3 and v.4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 3.0 alias woody DAMAGE: A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. A bug was also discovered in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. SOLUTION: Apply the security upgrade. ______________________________________________________________________________ VULNERABILITY The risk is LOW. An authenticated attacker may execute ASSESSMENT: arbitrary code with mysqld privileges. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-164.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2005-334.html ADDITIONAL LINKS: Red Hat Security Advisory RHSA-2005:348 https://rhn.redhat.com/errata/RHSA-2005-348.html Debian Security Advisory DSA-707-1 http://www.debian.org/security/2005/dsa-707 Red Hat RHSA-2005:415-16 https://rhn.redhat.com/errata/RHSA-2005-415.html Sun Alert ID: 101864 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1&searchclause=101864 CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 ______________________________________________________________________________ REVISION HISTORY: 04/06/05 - added link to Red Hat Security Advisory RHSA-2005:348-06 that fix serveral security risks in the MySQL server. 04/13/05 - added a link to Debian Security Advisory DSA-707-1 for Debian GNU/Linux 3.0 alias woody. 06/15/05 - added a link to Red Hat RHSA-2005:415-16. 08/12/2005 - added a link to Sun Alert ID: 101864 [***** Start Red Hat Advisory RHSA-2005:334-07 *****] Important: mysql security update Advisory: RHSA-2005:334-07 Type: Security Advisory Issued on: 2005-03-28 Last updated on: 2005-03-28 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CAN-2005-0709 CAN-2005-0710 CAN-2005-0711 Details Updated mysql packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL server. Stefano Di Paola discovered two bugs in the way MySQL handles user-defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0709 and CAN-2005-0710 to these issues. Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0711 to this issue. All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: mysql-3.23.58-15.RHEL3.1.src.rpm 854563dcb2706dbf0eb417442e4dd601 IA-32: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-bench-3.23.58-15.RHEL3.1.i386.rpm 84d4de6d6a9fe46cd989d3f28f605a0e mysql-devel-3.23.58-15.RHEL3.1.i386.rpm 0c20117cddfcbcc2ae85b1329cb9dd5e x86_64: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.x86_64.rpm 429fb7ce5fc1e0284c9926df6294d8a3 mysql-bench-3.23.58-15.RHEL3.1.x86_64.rpm b25503c0af603c1d969c45e7b2a2438c mysql-devel-3.23.58-15.RHEL3.1.x86_64.rpm 8068983267456132f1c70468521e3dfd Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: mysql-4.1.10a-1.RHEL4.1.src.rpm b6a840faaf98a346425dd9a06c8fec10 IA-32: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-bench-4.1.10a-1.RHEL4.1.i386.rpm 0187c8af0101368f12335745e860039b mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm 11878e76e63152275d496917c66e9306 mysql-server-4.1.10a-1.RHEL4.1.i386.rpm 7ebf9d00d246c7da140b57ea998d29da x86_64: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.x86_64.rpm aa863d0a948e88220b65196997553834 mysql-bench-4.1.10a-1.RHEL4.1.x86_64.rpm 859368a712acb8c2cb9c574c340b641f mysql-devel-4.1.10a-1.RHEL4.1.x86_64.rpm bb6f83b4432b00bbd495a753f340b84a mysql-server-4.1.10a-1.RHEL4.1.x86_64.rpm ca64d3910c12363a62ec773785f31724 Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: mysql-3.23.58-1.72.2.src.rpm 9f8398d805ce362f80c15408233a9ed1 IA-32: mysql-3.23.58-1.72.2.i386.rpm c8b10a5e219a0bb25c34a2df1b64bc18 mysql-devel-3.23.58-1.72.2.i386.rpm 2cf8e981adf1d3c6563fefa662905819 mysql-server-3.23.58-1.72.2.i386.rpm eab17f634d6291a172d8da3643d0bbc9 IA-64: mysql-3.23.58-1.72.2.ia64.rpm a856bfd608828d4f64d9796917850273 mysql-devel-3.23.58-1.72.2.ia64.rpm 86c85219c9bee00653f7d15c3f7430ee mysql-server-3.23.58-1.72.2.ia64.rpm 2b001d68cb35af5d79c24796a52ebcf0 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: mysql-3.23.58-15.RHEL3.1.src.rpm 854563dcb2706dbf0eb417442e4dd601 IA-32: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-bench-3.23.58-15.RHEL3.1.i386.rpm 84d4de6d6a9fe46cd989d3f28f605a0e mysql-devel-3.23.58-15.RHEL3.1.i386.rpm 0c20117cddfcbcc2ae85b1329cb9dd5e IA-64: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.ia64.rpm f11140c71bd0153313b568b5a2f3c3ce mysql-bench-3.23.58-15.RHEL3.1.ia64.rpm 16090c803a0ebe16c182225a579238ee mysql-devel-3.23.58-15.RHEL3.1.ia64.rpm 88f6753a99b5ee4f47a2d10c4861c945 PPC: mysql-3.23.58-15.RHEL3.1.ppc.rpm a81cdaff84d2f09eb83a102917191afe mysql-3.23.58-15.RHEL3.1.ppc64.rpm 45af37f982e521565793473f340e5be5 mysql-bench-3.23.58-15.RHEL3.1.ppc.rpm 59b3a8a7e23532c70d881b475af4bd7d mysql-devel-3.23.58-15.RHEL3.1.ppc.rpm 3cd8cb4cd0915e0bbd96efa890d9bee4 s390: mysql-3.23.58-15.RHEL3.1.s390.rpm 142b2ed96d26cae6cc4643307909ca91 mysql-bench-3.23.58-15.RHEL3.1.s390.rpm 6562ff7efbe46ecbc1278355653ea7d8 mysql-devel-3.23.58-15.RHEL3.1.s390.rpm 55dc03163e7ffcb5b549ed5865a09d75 s390x: mysql-3.23.58-15.RHEL3.1.s390.rpm 142b2ed96d26cae6cc4643307909ca91 mysql-3.23.58-15.RHEL3.1.s390x.rpm 58e2b16cefa1011b037c3eb19abbadd7 mysql-bench-3.23.58-15.RHEL3.1.s390x.rpm 219bc280dfcc231e133fb176cc5d830c mysql-devel-3.23.58-15.RHEL3.1.s390x.rpm fc9aaa8d267db06e32541a474cbfb743 x86_64: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.x86_64.rpm 429fb7ce5fc1e0284c9926df6294d8a3 mysql-bench-3.23.58-15.RHEL3.1.x86_64.rpm b25503c0af603c1d969c45e7b2a2438c mysql-devel-3.23.58-15.RHEL3.1.x86_64.rpm 8068983267456132f1c70468521e3dfd Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: mysql-4.1.10a-1.RHEL4.1.src.rpm b6a840faaf98a346425dd9a06c8fec10 IA-32: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-bench-4.1.10a-1.RHEL4.1.i386.rpm 0187c8af0101368f12335745e860039b mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm 11878e76e63152275d496917c66e9306 mysql-server-4.1.10a-1.RHEL4.1.i386.rpm 7ebf9d00d246c7da140b57ea998d29da IA-64: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.ia64.rpm c5e66b2052dddad3f7efa8f5a2548306 mysql-bench-4.1.10a-1.RHEL4.1.ia64.rpm 33db1d591733c449d28795506be1d3ec mysql-devel-4.1.10a-1.RHEL4.1.ia64.rpm 960eaaf9f5cf36e0b0a94ab1ef9c21b9 mysql-server-4.1.10a-1.RHEL4.1.ia64.rpm 4bf66c5b263eb18988cd969ecebd8e58 PPC: mysql-4.1.10a-1.RHEL4.1.ppc.rpm 5b88ed2db9ae0fd206eaaa103f043a08 mysql-4.1.10a-1.RHEL4.1.ppc64.rpm 64fd1fa7bc38b404acccbcc38fdf8211 mysql-bench-4.1.10a-1.RHEL4.1.ppc.rpm f94c6abe0859ec58e6eceaf05edbfe2b mysql-devel-4.1.10a-1.RHEL4.1.ppc.rpm ee2a0cc6256bc7329789895e199e859a mysql-server-4.1.10a-1.RHEL4.1.ppc.rpm b5fb67ecd12729f5a473803d12529813 s390: mysql-4.1.10a-1.RHEL4.1.s390.rpm ae44637b61fe5b9c56c7306b396c0bff mysql-bench-4.1.10a-1.RHEL4.1.s390.rpm 5d96344a3dfbd15f42e63d72d9648093 mysql-devel-4.1.10a-1.RHEL4.1.s390.rpm 21c55ea6889bb3a41c42a25f1083d328 mysql-server-4.1.10a-1.RHEL4.1.s390.rpm 3bff18b1d43eb5ef74be7b08714d2978 s390x: mysql-4.1.10a-1.RHEL4.1.s390.rpm ae44637b61fe5b9c56c7306b396c0bff mysql-4.1.10a-1.RHEL4.1.s390x.rpm 9f406ee647de81c005d89d38760b5574 mysql-bench-4.1.10a-1.RHEL4.1.s390x.rpm c2c3bb4b29a135ff177c964e167d3a3e mysql-devel-4.1.10a-1.RHEL4.1.s390x.rpm e858acd2e61b4d7e7874b4f49a00308e mysql-server-4.1.10a-1.RHEL4.1.s390x.rpm 9c12db91656385534ac3a8efdbc5705b x86_64: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.x86_64.rpm aa863d0a948e88220b65196997553834 mysql-bench-4.1.10a-1.RHEL4.1.x86_64.rpm 859368a712acb8c2cb9c574c340b641f mysql-devel-4.1.10a-1.RHEL4.1.x86_64.rpm bb6f83b4432b00bbd495a753f340b84a mysql-server-4.1.10a-1.RHEL4.1.x86_64.rpm ca64d3910c12363a62ec773785f31724 Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: mysql-3.23.58-1.72.2.src.rpm 9f8398d805ce362f80c15408233a9ed1 IA-32: mysql-3.23.58-1.72.2.i386.rpm c8b10a5e219a0bb25c34a2df1b64bc18 mysql-devel-3.23.58-1.72.2.i386.rpm 2cf8e981adf1d3c6563fefa662905819 mysql-server-3.23.58-1.72.2.i386.rpm eab17f634d6291a172d8da3643d0bbc9 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: mysql-3.23.58-15.RHEL3.1.src.rpm 854563dcb2706dbf0eb417442e4dd601 IA-32: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-bench-3.23.58-15.RHEL3.1.i386.rpm 84d4de6d6a9fe46cd989d3f28f605a0e mysql-devel-3.23.58-15.RHEL3.1.i386.rpm 0c20117cddfcbcc2ae85b1329cb9dd5e IA-64: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.ia64.rpm f11140c71bd0153313b568b5a2f3c3ce mysql-bench-3.23.58-15.RHEL3.1.ia64.rpm 16090c803a0ebe16c182225a579238ee mysql-devel-3.23.58-15.RHEL3.1.ia64.rpm 88f6753a99b5ee4f47a2d10c4861c945 x86_64: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.x86_64.rpm 429fb7ce5fc1e0284c9926df6294d8a3 mysql-bench-3.23.58-15.RHEL3.1.x86_64.rpm b25503c0af603c1d969c45e7b2a2438c mysql-devel-3.23.58-15.RHEL3.1.x86_64.rpm 8068983267456132f1c70468521e3dfd Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: mysql-4.1.10a-1.RHEL4.1.src.rpm b6a840faaf98a346425dd9a06c8fec10 IA-32: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-bench-4.1.10a-1.RHEL4.1.i386.rpm 0187c8af0101368f12335745e860039b mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm 11878e76e63152275d496917c66e9306 mysql-server-4.1.10a-1.RHEL4.1.i386.rpm 7ebf9d00d246c7da140b57ea998d29da IA-64: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.ia64.rpm c5e66b2052dddad3f7efa8f5a2548306 mysql-bench-4.1.10a-1.RHEL4.1.ia64.rpm 33db1d591733c449d28795506be1d3ec mysql-devel-4.1.10a-1.RHEL4.1.ia64.rpm 960eaaf9f5cf36e0b0a94ab1ef9c21b9 mysql-server-4.1.10a-1.RHEL4.1.ia64.rpm 4bf66c5b263eb18988cd969ecebd8e58 x86_64: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.x86_64.rpm aa863d0a948e88220b65196997553834 mysql-bench-4.1.10a-1.RHEL4.1.x86_64.rpm 859368a712acb8c2cb9c574c340b641f mysql-devel-4.1.10a-1.RHEL4.1.x86_64.rpm bb6f83b4432b00bbd495a753f340b84a mysql-server-4.1.10a-1.RHEL4.1.x86_64.rpm ca64d3910c12363a62ec773785f31724 Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: mysql-3.23.58-1.72.2.src.rpm 9f8398d805ce362f80c15408233a9ed1 IA-32: mysql-3.23.58-1.72.2.i386.rpm c8b10a5e219a0bb25c34a2df1b64bc18 mysql-devel-3.23.58-1.72.2.i386.rpm 2cf8e981adf1d3c6563fefa662905819 mysql-server-3.23.58-1.72.2.i386.rpm eab17f634d6291a172d8da3643d0bbc9 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: mysql-3.23.58-15.RHEL3.1.src.rpm 854563dcb2706dbf0eb417442e4dd601 IA-32: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-bench-3.23.58-15.RHEL3.1.i386.rpm 84d4de6d6a9fe46cd989d3f28f605a0e mysql-devel-3.23.58-15.RHEL3.1.i386.rpm 0c20117cddfcbcc2ae85b1329cb9dd5e IA-64: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.ia64.rpm f11140c71bd0153313b568b5a2f3c3ce mysql-bench-3.23.58-15.RHEL3.1.ia64.rpm 16090c803a0ebe16c182225a579238ee mysql-devel-3.23.58-15.RHEL3.1.ia64.rpm 88f6753a99b5ee4f47a2d10c4861c945 x86_64: mysql-3.23.58-15.RHEL3.1.i386.rpm 6e214b26ef33b2a8af7e94e37af6fc4b mysql-3.23.58-15.RHEL3.1.x86_64.rpm 429fb7ce5fc1e0284c9926df6294d8a3 mysql-bench-3.23.58-15.RHEL3.1.x86_64.rpm b25503c0af603c1d969c45e7b2a2438c mysql-devel-3.23.58-15.RHEL3.1.x86_64.rpm 8068983267456132f1c70468521e3dfd Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: mysql-4.1.10a-1.RHEL4.1.src.rpm b6a840faaf98a346425dd9a06c8fec10 IA-32: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-bench-4.1.10a-1.RHEL4.1.i386.rpm 0187c8af0101368f12335745e860039b mysql-devel-4.1.10a-1.RHEL4.1.i386.rpm 11878e76e63152275d496917c66e9306 mysql-server-4.1.10a-1.RHEL4.1.i386.rpm 7ebf9d00d246c7da140b57ea998d29da IA-64: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.ia64.rpm c5e66b2052dddad3f7efa8f5a2548306 mysql-bench-4.1.10a-1.RHEL4.1.ia64.rpm 33db1d591733c449d28795506be1d3ec mysql-devel-4.1.10a-1.RHEL4.1.ia64.rpm 960eaaf9f5cf36e0b0a94ab1ef9c21b9 mysql-server-4.1.10a-1.RHEL4.1.ia64.rpm 4bf66c5b263eb18988cd969ecebd8e58 x86_64: mysql-4.1.10a-1.RHEL4.1.i386.rpm 6a7fdca164e9d66223f86902be96a088 mysql-4.1.10a-1.RHEL4.1.x86_64.rpm aa863d0a948e88220b65196997553834 mysql-bench-4.1.10a-1.RHEL4.1.x86_64.rpm 859368a712acb8c2cb9c574c340b641f mysql-devel-4.1.10a-1.RHEL4.1.x86_64.rpm bb6f83b4432b00bbd495a753f340b84a mysql-server-4.1.10a-1.RHEL4.1.x86_64.rpm ca64d3910c12363a62ec773785f31724 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: mysql-3.23.58-1.72.2.src.rpm 9f8398d805ce362f80c15408233a9ed1 IA-64: mysql-3.23.58-1.72.2.ia64.rpm a856bfd608828d4f64d9796917850273 mysql-devel-3.23.58-1.72.2.ia64.rpm 86c85219c9bee00653f7d15c3f7430ee mysql-server-3.23.58-1.72.2.ia64.rpm 2b001d68cb35af5d79c24796a52ebcf0 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 150868 - CAN-2005-0711 Insecure temporary file creation with CREATE TEMPORARY TABLE 150871 - CAN-2005-0710 MySQL security attacks via user-defined functions in C (CAN-2005-0709) 151051 - CAN-2005-0710 MySQL security attacks via user-defined functions in C (CAN-2005-0709) 152344 - CAN-2005-0711 Insecure temporary file creation with CREATE TEMPORARY TABLE References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711 -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat Advisory RHSA-2005:334-07 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) P-154: Ethereal versions 0.9.1 to 0.10.9 Vulnerabilities P-155: Sylpheed Security Update P-156: Apple Security Update 2005-003 P-157: Perl P-158: McAfee Scan Engine LHA File Flaws P-159: kdelibs Security Update P-160: GIF Heap Overflow Parsing Netscape Extension 2 P-161: Security Vulnerability with Java Web Start P-162: Cross Site Scripting Vulnerability in Sun Java System Application Server P-163: Kerberos 5 Telnet Client Buffer Overflow