From: 	  crawdad@fnal.gov
	Subject: 	Critical vulnerabilities for Linux and Windows
	Date: 	September 21, 2004 16:07:22 CDT
	To: 	  cppm_reg_sysadmins@fnal.gov, pc-manager@fnal.gov
	Cc: 	  winpol@fnal.gov, computer-security@fnal.gov

I'm bundling these together because they are similar and come up at the
same time.

Linux vulnerabilities in image manipulation libraries
  Red Hat Advisory RHSA-2004:465-08
    http://www.ciac.org/ciac/bulletins/o-215.shtml
  Red Hat Advisory RHSA-2004:466-12
    http://www.ciac.org/ciac/bulletins/o-216.shtml
  Red Hat Advisory RHSA-2004:447-17
    http://www.ciac.org/ciac/bulletins/o-217.shtml
(The first of these seems to be much less important than the other two,
although it also affects Sun's Java Desktop System if running on Linux,
but not on Solaris.)
Other versions of Linux are affected as well as Red Hat.
Other Unix systems may be affected if you've installed imlib, gtk2,
GTK+, or GNOME.


Windows vulnerabilities in image manipulation libraries
  MS04-028,
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
    http://www.ciac.org/ciac/bulletins/o-213.shtml
Windows XP and Windows XP+SP1 are affected, as is Windows Server 2003.
Also affected are Office XP+SP3, Office 2003, MS Project, Visio, Visual
Studio .NET, and several other software products, regardless of the
operating system they run on.


Please examine the vendors' or CIAC's bulletins and make sure systems
under your responsibility have patches applied by the end of September.
 (Windows admins, stay tuned for another critical vulnerability
bulletin concerning HP Web JetAdmin and the Office/Works WordPerfect
file converter.)