Operating System:

[RedHat]

Published:

13 November 2019

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4247
                         kernel-rt security update
                             13 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel-rt
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux Server 8
Impact/Access:     Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-11135 CVE-2019-0154 CVE-2018-12207

Reference:         ESB-2019.4246

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2019:3833
   https://access.redhat.com/errata/RHSA-2019:3844
   https://access.redhat.com/errata/RHSA-2019:3835

Comment: This bulletin contains three (3) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

======================================================================

                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security update
Advisory ID:       RHSA-2019:3833-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3833
Issue date:        2019-11-12
CVE Names:         CVE-2018-12207 CVE-2019-0154 CVE-2019-11135
======================================================================


1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)

* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)

* hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
(CVE-2019-0154)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IPU)
1724393 - CVE-2019-0154 hw: Intel GPU Denial Of Service while accessing MMI=
O in lower power state
1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:
kernel-rt-4.18.0-147.0.2.rt24.94.el8_1.src.rpm

x86_64:
kernel-rt-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-core-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-core-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-devel-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-modules-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debuginfo-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-devel-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-kvm-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-kvm-debuginfo-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-modules-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-modules-extra-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source:
kernel-rt-4.18.0-147.0.2.rt24.94.el8_1.src.rpm

x86_64:
kernel-rt-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-core-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-core-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-devel-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-modules-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debuginfo-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-devel-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-kvm-debuginfo-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-modules-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm
kernel-rt-modules-extra-4.18.0-147.0.2.rt24.94.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-12207
https://access.redhat.com/security/cve/CVE-2019-0154
https://access.redhat.com/security/cve/CVE-2019-11135
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ifu-page-mce
https://access.redhat.com/solutions/tsx-asynchronousabort
https://access.redhat.com/solutions/i915-graphics

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXcsDVNzjgjWX9erEAQgMfhAApNlfzcgwWo044W86/g8pyn/E37EaWrCV
XfLg/fhM3+98NlQQErWNw1+We8BzcCbpzTWbEpxQAJjAcl3X9ESKBvMXyQwbYLnd
F9a+Dr3gymNcY/+YEILESA33J9rFbQ/MBfdrXC+ZeRuTyq7HTG1QPfvHelqrKe4E
KfSyCN61ghBzP3oKNBOpmkPMb5opKsBkD2qZWAPzPmLzcYBsThsxw1Y332FXlLV/
jnmgB/c6yXpQrlxATRENoWLP2w53W1un3RljJOfK3XoqzqR7ZJ0vdys5QlMmjbUE
4hViEPMOsUkAXozvMg6j4WHsNaxa9grTIXpy1xBunJjlHZGXlabk/IFVz1IHDgs7
R62ix+W3Vlyw6CwFqINPOEE/6t99/tJkskYjX8IVMM92YzkMYur2IWTeLWsdJ/Jt
OgO3gM74dx2Z5AHpocd+pqFHzvLAmWsAs2TWM3gMlSMWlv/fwg4ukr/Nahh9D5JU
tCqyHWZG8+U7Hwsj/L9Wjn7iE5PNQPRvBBIoUroFJ6/iDy2BtrXCS1N+FeNk3FRM
GvDHKNWGofIRzJNeTMsNvk7HDdi52x/lMjV+JdiZs3rm+Y1/pTaS2qO62lIf6uDc
tkFtGTMPHHSLVizPpyZyYBiRprvS9pitkeRKMzh+zGxrJhmboFa5kC3eOxE1xFfm
YDOqJkdA1vk=3D
=3DhwJl
- -----END PGP SIGNATURE-----

======================================================================

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

======================================================================

                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security update
Advisory ID:       RHSA-2019:3844-01
Product:           Red Hat Enterprise MRG for RHEL-6
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3844
Issue date:        2019-11-12
CVE Names:         CVE-2018-12207 CVE-2019-0154 CVE-2019-11135
======================================================================


1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)

* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)

* hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
(CVE-2019-0154)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IPU)
1724393 - CVE-2019-0154 hw: Intel GPU Denial Of Service while accessing MMI=
O in lower power state
1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)

6. Package List:

Red Hat MRG Realtime for RHEL 6 Server v.2:

Source:
kernel-rt-3.10.0-693.60.2.rt56.655.el6rt.src.rpm

noarch:
kernel-rt-doc-3.10.0-693.60.2.rt56.655.el6rt.noarch.rpm
kernel-rt-firmware-3.10.0-693.60.2.rt56.655.el6rt.noarch.rpm

x86_64:
kernel-rt-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-debug-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-devel-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-trace-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-vanilla-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.10.0-693.60.2.rt56.655.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-12207
https://access.redhat.com/security/cve/CVE-2019-0154
https://access.redhat.com/security/cve/CVE-2019-11135
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ifu-page-mce
https://access.redhat.com/solutions/tsx-asynchronousabort
https://access.redhat.com/solutions/i915-graphics

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXcsfNdzjgjWX9erEAQhvtBAAi8skkd+2dRkE92nx/PAePxh1YMQYGIb5
cekzX5HaqBDvjkqtPtCd2QR6n56Fu08k0PwnfUThW+PnWL1UQpwAYz8jUTGQ/N+S
FWhSHZKIRYf3Z4KvYVFE400h65AosnZASjldH3UlQW4jAl2aM+S7Z5Gb5jQjuyhw
Ba85eRT2UuW/YP1cR3fCBt69El9XnKlSmJF/veIVMPUJ2ZjaB2wgt/nQ8Y34sMCm
Rf1OSXcH24Nd+rQfgEqlPTyT72OQ2mgByRKQjw/0Li7pgliMWBuUncJaj6UpywkR
wRvLxhZ4Jj52fX5PJZvIZ1Px0Wrc7HiynudJdusPfo9PeqBTTKsaQqp32bN+GjxS
+GNTsBQb27WMrqKy9PWY8RVZCQvxyPLUjIx7tAhaYEIUSa9h0Gk4Kr4QVnWpZRSG
z3CcHlWeaPGPZzAa1TIgOQE36b+o2O2wShqkvn+1R0AFN4t+MTb7x3FaT2tVNg9k
70StHy5KN/Ubd4OTijC2hOh1cOyoz9iglLY/ZRY9W/N3SzFrbkT1xPbbWCAvTCzH
O78scAoPr1TPfyf8k+GfK5As87IqkHpyXQLOih9ZwG3nPywGQCiNu92KANKNfEp+
SGxIFhZvEg3Hq/UXzHKvr/ZLiFLyQI1KP536+9nVVBhr9y7DPXJqW/gmL7NWklOG
AiIZDh1FNzk=3D
=3Dt0pY
- -----END PGP SIGNATURE-----

======================================================================

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

======================================================================

                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security update
Advisory ID:       RHSA-2019:3835-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3835
Issue date:        2019-11-12
CVE Names:         CVE-2018-12207 CVE-2019-0154 CVE-2019-11135
======================================================================


1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)

* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)

* hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
(CVE-2019-0154)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IPU)
1724393 - CVE-2019-0154 hw: Intel GPU Denial Of Service while accessing MMI=
O in lower power state
1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-1062.4.2.rt56.1028.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-1062.4.2.rt56.1028.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm

Red Hat Enterprise Linux Realtime (v. 7):

Source:
kernel-rt-3.10.0-1062.4.2.rt56.1028.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-1062.4.2.rt56.1028.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-12207
https://access.redhat.com/security/cve/CVE-2019-0154
https://access.redhat.com/security/cve/CVE-2019-11135
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ifu-page-mce
https://access.redhat.com/solutions/tsx-asynchronousabort
https://access.redhat.com/solutions/i915-graphics

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXcsHT9zjgjWX9erEAQitQw//VaSqAcjakBvsat57r3xxm8ZZ6jSRYTy4
v+GAIgrXc+Kp5/94WgBUlPzbtvAtCu6eaZByRGLv7czoQtLu1e3QigzulxjkCMkr
nVIFFUZUN6F/VsTcqByt1G1bFa/15RhhdSXp7qRRjgIAXmpc4JvldEYxe/7rGePV
Rr0dNsJrt92GNAJFXl9pzhWX9vfy2w3KE8Gcckyzi6dCBwjtksktTOdeBv5MYKQV
vcuIjJYzCo1dm4aTE/H9WytRJ4yMXAq5fTwmDBlir/PBOs7Ez/lUmR95lC67Q0I/
/pMbnGtUld89cKkGZNqgcHnXxZDC3oLQzXYfo2YVy+IHMsFEbPEt8aOIU1cF+fiq
OxsUgvE1PRiwg2wz7nosGqqcTq1EE8gSmFW1R25+o5QQE0xX+pplAp3Rc6NZVvpI
iumQSKXHPHDgfLDe8cndbrOPixaKjPD0ZKCmZScOt1920tb+RTa0h3uAw79nycoG
l5MyIL6PUN2fOsXe+EDyuYd9gkkX07OXB1yYmPQxhrKNT9u21igpg93UtWLcHgAX
JO3SdNQIvFIJeYpjN0aWg6opFvl3Pswz1YMODA90EWwftogqyr+L6KOfoXy7snUe
APOg+5+d7UWjE42rgDzRPg4fQAw86NbQMjuiXh78h2Kj8dVo7InF57I2L8UCsVNy
mFzCdgiVTo0=3D
=3DSBbn
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXctaaGaOgq3Tt24GAQihew//UvY8IdPVJqRm+stOsF/LS6nAHg/5rdLV
PUQ1VGuRjj2qcMSqvd4QTd0KsVwDKhViunRrSAtJ2Sn3/5GByuv0bFcpQPqnoBdH
cTaoEFd8OaiSwxHlmd54GYY2qta9gS3xbihAL4GNRzGTPdcMURr18HnMX92p/eCV
F8vmQw7Ds186uCXYMutM9e/pIywhd7Ga+8IgHHXEvV1TyFkhpC9YAZ80xdHtZzhx
Uynr8xlPascTbFppZgnE4XqeQ5RJfrR6baqZFSV6y1C5vX6UW5GouakaWkmiUWlk
yzuQ05l1PENUf5NTY5Ughjv3DAUAXwMiis6lNR3xsKZxI9q2eMqSoO1koqXFUfFJ
YsWdzXbuaHgRN6ei1WZoAE8BjdSv6x6fb4BypIw7uyO4qSDTwySSp53Cc8UkXpMn
AQ9Fhz3q7FnJIYPRd5syn8GZVLPKzRxfUrKBAhlT0ISX7Cd9H3ko2bX9u4OeRtbT
HBjb4FshAPqjk7fmGnq5NOPiK8cvFnDNrUtZuoXwGM1YQLf1/OgFwUfGwe3u75RV
hiWnxN9L+ZALcfkes7ZkikS/53KpIQay28WSHfHMyM54fG/P9D4uHn9tSdb+vl/C
7qCNUesfz7ZXUkkr/kRPN2w+rbggzk8oLwYV99ePfvELVLfnd/OQLuv7letYTkzu
CNCZybN8QWM=
=JhIX
-----END PGP SIGNATURE-----