Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0688
thunderbird security update
25 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23978 CVE-2021-23973 CVE-2021-23969
CVE-2021-23968
Reference: ESB-2021.0676
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:0657
https://access.redhat.com/errata/RHSA-2021:0658
https://access.redhat.com/errata/RHSA-2021:0661
https://access.redhat.com/errata/RHSA-2021:0662
Comment: This bulletin contains four (4) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:0657-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0657
Issue date: 2021-02-24
CVE Names: CVE-2021-23968 CVE-2021-23969 CVE-2021-23973
CVE-2021-23978
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained
the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained
the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
(CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about
cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1932109 - CVE-2021-23969 Mozilla: Content Security Policy violation report could have contained the destination of a redirect
1932110 - CVE-2021-23968 Mozilla: Content Security Policy violation report could have contained the destination of a redirect
1932111 - CVE-2021-23973 Mozilla: MediaError message property could have leaked information about cross-origin resources
1932112 - CVE-2021-23978 Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
thunderbird-78.8.0-1.el8_3.src.rpm
aarch64:
thunderbird-78.8.0-1.el8_3.aarch64.rpm
thunderbird-debuginfo-78.8.0-1.el8_3.aarch64.rpm
thunderbird-debugsource-78.8.0-1.el8_3.aarch64.rpm
ppc64le:
thunderbird-78.8.0-1.el8_3.ppc64le.rpm
thunderbird-debuginfo-78.8.0-1.el8_3.ppc64le.rpm
thunderbird-debugsource-78.8.0-1.el8_3.ppc64le.rpm
x86_64:
thunderbird-78.8.0-1.el8_3.x86_64.rpm
thunderbird-debuginfo-78.8.0-1.el8_3.x86_64.rpm
thunderbird-debugsource-78.8.0-1.el8_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-23968
https://access.redhat.com/security/cve/CVE-2021-23969
https://access.redhat.com/security/cve/CVE-2021-23973
https://access.redhat.com/security/cve/CVE-2021-23978
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZyMNzjgjWX9erEAQjZARAAqDxsNL8uZYdi228ADiREMU2gnQO9ZYDJ
GNP1xxTZ9m2BM2FStBa3LviZb8aPylwffS+Z63O4w8OfV7/dCwF4cxtvTLEwu5dW
uJIHDTQX/Z3wnJmGasGwH86jN0vhDWCz+XHILjsR7rRFLPsKGBemOEBwWPYffU+y
GBzIHClzTIlc4Q/B3JDp/TzYB3hcUBHtmAhB37rwnt6QiS4yr8sMszfgYcD80UJ7
CxKHAs8rVyIRQC16bFIiPfj2nEpw+DSRFfs0rhlzkQjgthrlubwgpgUMPb56wHG+
mjZ7QIpQakgCtxcGM2U49K8DVk49D7R3VmHqruGu1MR5frb0RQfdsbSnu24ppqAy
bVgsQ4Ez1sr9XDk+uhdyWhrS2bTHO7/dEwxjE5hcdS/JqeW03P47lL8q/veCOPBy
xPgtEv0BnzOrzBhHsMBsmWcm62DJS5HHH8KBTRHgdLSm/uAhoEt1i0GWxrLJGo88
aCE5tebStb2tE9qYNrQt4W9yflsmKrJnlJzoqZJw6FLE4rAcUQ87UtXw45nrjiRy
WcGT9TXUbw8aHxbW/y4hVzGAbAInRY8E7LgLv/mfZz2iZRdSvnZVMgsrNPMJ/nGt
H46Z4f1duOdGp0Fes2I0J7kVTh7l6lb/BFYikE9sBPuWH3XST9utpCgRpEnrMM0s
A6YEQEblOuk=
=Nzip
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:0658-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0658
Issue date: 2021-02-24
CVE Names: CVE-2021-23968 CVE-2021-23969 CVE-2021-23973
CVE-2021-23978
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained
the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained
the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
(CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about
cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1932109 - CVE-2021-23969 Mozilla: Content Security Policy violation report could have contained the destination of a redirect
1932110 - CVE-2021-23968 Mozilla: Content Security Policy violation report could have contained the destination of a redirect
1932111 - CVE-2021-23973 Mozilla: MediaError message property could have leaked information about cross-origin resources
1932112 - CVE-2021-23978 Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
thunderbird-78.8.0-1.el8_1.src.rpm
ppc64le:
thunderbird-78.8.0-1.el8_1.ppc64le.rpm
thunderbird-debuginfo-78.8.0-1.el8_1.ppc64le.rpm
thunderbird-debugsource-78.8.0-1.el8_1.ppc64le.rpm
x86_64:
thunderbird-78.8.0-1.el8_1.x86_64.rpm
thunderbird-debuginfo-78.8.0-1.el8_1.x86_64.rpm
thunderbird-debugsource-78.8.0-1.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-23968
https://access.redhat.com/security/cve/CVE-2021-23969
https://access.redhat.com/security/cve/CVE-2021-23973
https://access.redhat.com/security/cve/CVE-2021-23978
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZyYtzjgjWX9erEAQiaug/+Kt/MvYjZb8KNycc0frK3y1iCF+oahuyU
iHbVZZ8OEk/dcLo3y5Losnfl1Z8TILN7HFVlSw+KYyn5vd29bvF9zdI6iCLiQbyA
2B+EMmW0zGo8fWDCbt94tVJwNA8vRt2B0U9Wul6/xdBxhU5/dxsw2cNmbpJmzDwu
WPwoH7cstcFkjdwUxLCTBCWBCeFjGUIJyIVJqiTWWGYRYjgLeH3rc2uCkuxlqfHK
Epg+StRr6siXnlpx23FDHTnhoHbERKtOfbQ40IxujjCD0YGwyve2RSHFV7xisZDz
vFLk/y+bv10dXRAy8LyGsp4gGiz3ElTRl2aeLv9uwxn/aiLuq9RbfIPo1U78vaQc
XUHBHdxJQlDZZy8IvLlMkOKcjfjdfqBpAK41GthQg7n0ywNFX/w2Dj1PAdQ3dRex
O+SdV5+Zgdlf22Rp1qjIOztTgUuQM5rJ+ych0x+r8sZhhWd/tAudsUnEw6mCIjRU
VPr+3PAtAF8aKhGfrDmAHOenENQG+2ZeW1lKTomD3rFoMpqQyZ9/B8LVbZXF3ROW
6x1U2//kdNrJQaKzi0rLlLFGREptIcYBRgk4odk5mBQ6EIO0qiipfLXMxRREvSIN
uQRvpTdtq5aHcddR7I9kCkc5gLFTfp3H5+5RLeAMU5KqdDE7KRR2jPkW9qrNkM3G
isNpTsd6r2M=
=zP5N
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:0661-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0661
Issue date: 2021-02-24
CVE Names: CVE-2021-23968 CVE-2021-23969 CVE-2021-23973
CVE-2021-23978
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained
the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained
the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
(CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about
cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1932109 - CVE-2021-23969 Mozilla: Content Security Policy violation report could have contained the destination of a redirect
1932110 - CVE-2021-23968 Mozilla: Content Security Policy violation report could have contained the destination of a redirect
1932111 - CVE-2021-23973 Mozilla: MediaError message property could have leaked information about cross-origin resources
1932112 - CVE-2021-23978 Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
thunderbird-78.8.0-1.el7_9.src.rpm
x86_64:
thunderbird-78.8.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.8.0-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source:
thunderbird-78.8.0-1.el7_9.src.rpm
ppc64le:
thunderbird-78.8.0-1.el7_9.ppc64le.rpm
thunderbird-debuginfo-78.8.0-1.el7_9.ppc64le.rpm
x86_64:
thunderbird-78.8.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.8.0-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
thunderbird-78.8.0-1.el7_9.src.rpm
x86_64:
thunderbird-78.8.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.8.0-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-23968
https://access.redhat.com/security/cve/CVE-2021-23969
https://access.redhat.com/security/cve/CVE-2021-23973
https://access.redhat.com/security/cve/CVE-2021-23978
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZ4E9zjgjWX9erEAQhj2A/+InFXkTs3DbcxgUJ3Y5gpV0dEH2Z5tTra
tWKLZNL2LH/TlGs9bg2N1C/ikaoT7u9/idRuQZYajXAJ9ATXVqinF55EzWUPw64J
NqOooyNphFjgE3udlemNOrjW02OM+eUgMnT3VPWRG/YQdHHsc65lbhA/aQOMUC2D
iGar5RkVnPx9gH99mrAVv+UjH2XOwo6y/GEiZgGlaELayWFZw3YYg4RFzN8VrAgt
MBMst4gP/6r7Fm/EhkQKOOS/dRvJlBUM+dIxEd2m0Q2uYKw4JEfnPJCCgdXzw6Va
4yPVTJiQefafOB2g/+42PuHKH8TP+Y/aNbUlddAdW7nuolyV744hwU+JpVSz8aku
bwkIuHK3X3Ezgaz6Pl6AgslvKtjNKnb4n/gbEoxwm7nAcC8OsSPJrifwMVKy8dcW
ApxA0W7IIFD9mWkFVshhKn6n4wZOBACHi1PV87iEQJaOFXnmNBQOTFYx1X31Pt/G
4dfdJ92ibNLuAysAYXl7ZGKInvHqK2+ikowKjU4CC2/9Cs2eNgrHY0n8BL7P2U+R
VTUunHsEnofKCB150Pg+/B3pgbyD9mENuel9BA8X0AUzKOorMw7Tr07Vs367bAs1
mJZHifAz+SYrhXuYZdKi+QMdpDpIERsauLg9fZb7UNwSbOJ7VvWt8oM8cf2lvuEc
nQgp3YsR7q0=
=E0zZ
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:0662-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0662
Issue date: 2021-02-24
CVE Names: CVE-2021-23968 CVE-2021-23969 CVE-2021-23973
CVE-2021-23978
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained
the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained
the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
(CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about
cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1932109 - CVE-2021-23969 Mozilla: Content Security Policy violation report could have contained the destination of a redirect
1932110 - CVE-2021-23968 Mozilla: Content Security Policy violation report could have contained the destination of a redirect
1932111 - CVE-2021-23973 Mozilla: MediaError message property could have leaked information about cross-origin resources
1932112 - CVE-2021-23978 Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source:
thunderbird-78.8.0-1.el8_2.src.rpm
aarch64:
thunderbird-78.8.0-1.el8_2.aarch64.rpm
thunderbird-debuginfo-78.8.0-1.el8_2.aarch64.rpm
thunderbird-debugsource-78.8.0-1.el8_2.aarch64.rpm
ppc64le:
thunderbird-78.8.0-1.el8_2.ppc64le.rpm
thunderbird-debuginfo-78.8.0-1.el8_2.ppc64le.rpm
thunderbird-debugsource-78.8.0-1.el8_2.ppc64le.rpm
x86_64:
thunderbird-78.8.0-1.el8_2.x86_64.rpm
thunderbird-debuginfo-78.8.0-1.el8_2.x86_64.rpm
thunderbird-debugsource-78.8.0-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-23968
https://access.redhat.com/security/cve/CVE-2021-23969
https://access.redhat.com/security/cve/CVE-2021-23973
https://access.redhat.com/security/cve/CVE-2021-23978
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZ1BtzjgjWX9erEAQjwQw/6ApBxQq3dkm2zOm8gGJIeC0oPSfs8Ysiq
86zNY1fQM4RSP8ybiGJrTHqhkhGq2Sl76gqE5xK1n7WH8qtSp+E5Rbp+KFO4fdmB
0Jay6IC7+uzm3wNiQEvhwVUGtrvbJj8IhQcpzZNoUp37CsvxiFQrhNL7ELBvkNbN
z4MHlTwvOb2TiE12WYDh7BXoB9HbL+wmW9oM+Zq8mtlU6ogiX2YOZfuQqIsFPqoZ
1UQfOkFKG7y4/7fwzThh/iL+S8zT1FSMXvbdrqg3ktqUrkyq+ndnaLqUO94oXXtr
leBhq4wNzxUE3knkINrbVw9+xYoP9zDEuccwbLS+QKfs3erwu10+Gr50EHLlXhk4
fA4LBsf5DvULFNSLd/G1VZjpFCgwqyREZ37w2W5tfYaASL8qtFkkGkHS05f9LiPR
xn3Oy2lTB6JKLfwypytRcspItyi/XzyDtoS36ujfEECJkIhSfC+wqyzByocJFetr
c/tXIaPkse7okJoFTZV+zwYL2tPveHz0jW+p+AoF08Bujo6VeyEv0kIcd1uOsBq0
j7Ywsx2dnSdt7RTQdqqRpGgUFoauXwtI3ne0chN6NHMKUxxHUY6j4k+xuHAy1XnG
uNoThlVmID83F48fkpp+znLUfaaknmTwgCMQkthjAJjMX2/f/0l89uNCBC2+XTVD
E21MxHdwATA=
=1hPn
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYDbbtuNLKJtyKPYoAQhPmQ//UKHUBqovDWpqCRbRI7sqxnO0yel6w9bz
bHgr3U+TP7+UIu54XVOqR9XMoYRxjRiBvKLnpVKU7qe6M/KWAg5ii1o9mrmVR1y+
zkKvBlANlZGXl8iOSVjI0mY7mbuMa/0sVg2FfhkQI/3ORllOPved+vu7G9kUpCc7
pZBdQoC+Dtq/mZ/MN0rYhMYK3/cSCCE05Fe/sXVPM/OngHDqFuniYPkkF0kFM0Nm
n53wlV+oT6Ob9zsyNP8IAgds8S0M6/SuH494BOiMU7vsVeN4WF5mP3OgcaZjFw8X
eC7eY5J4yPOG5reqh79tmwkK85dHGMVo1zSkBD0S978x5flw0fILsk74m9+Xb7aB
Eesm24z+/Er7Kk8srtxmmVbG6BVmovkG42aQrG2kKY+crKGC46Anj4MeukDvldSz
McmtmZUrU4Tbo2toDrhTslRmt+B1vh6bDCNhV/tbu4GSvXnMGFcufM0sHL98qaBA
YfNbrFVr1993H+og/GQJUPuY1/F0h4QQ+NaXzmBbZi0z8UzaTqHaUDXwOKoZT6LX
8rQocq4I6A3ulfLbGW83gFKTThVURGEANgax1p5hI5RKYOqeqMZ63d90qlmlmuVz
5EBhBvVYqMRNlB8WdyW1tfxKFtL6YRapaEBZVX6Z4t+g9VNG1Bk/SIHV9FDiQiHe
1sxb80AUjoY=
=c2O/
-----END PGP SIGNATURE-----