Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0691
OpenShift Container Platform 4.7 security and bug fix updates
25 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OpenShift Container Platform 4.7 Products
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3121 CVE-2020-27813 CVE-2020-25658
CVE-2020-25211 CVE-2020-24750 CVE-2020-24659
CVE-2020-15999 CVE-2020-15503 CVE-2020-15157
CVE-2020-14422 CVE-2020-14391 CVE-2020-14382
CVE-2020-14040 CVE-2020-13632 CVE-2020-13631
CVE-2020-13630 CVE-2020-11793 CVE-2020-10726
CVE-2020-10725 CVE-2020-10723 CVE-2020-10722
CVE-2020-10029 CVE-2020-10018 CVE-2020-9925
CVE-2020-9915 CVE-2020-9895 CVE-2020-9894
CVE-2020-9893 CVE-2020-9862 CVE-2020-9850
CVE-2020-9843 CVE-2020-9807 CVE-2020-9806
CVE-2020-9805 CVE-2020-9803 CVE-2020-9802
CVE-2020-9327 CVE-2020-8624 CVE-2020-8623
CVE-2020-8622 CVE-2020-8619 CVE-2020-8566
CVE-2020-8492 CVE-2020-7595 CVE-2020-6405
CVE-2020-3902 CVE-2020-3901 CVE-2020-3900
CVE-2020-3899 CVE-2020-3898 CVE-2020-3897
CVE-2020-3895 CVE-2020-3894 CVE-2020-3885
CVE-2020-3868 CVE-2020-3867 CVE-2020-3865
CVE-2020-3864 CVE-2020-3862 CVE-2020-1971
CVE-2020-1752 CVE-2020-1751 CVE-2020-1730
CVE-2019-20916 CVE-2019-20907 CVE-2019-20807
CVE-2019-20454 CVE-2019-20388 CVE-2019-20387
CVE-2019-20218 CVE-2019-19956 CVE-2019-19906
CVE-2019-19221 CVE-2019-17546 CVE-2019-17450
CVE-2019-16935 CVE-2019-16168 CVE-2019-15903
CVE-2019-15165 CVE-2019-14889 CVE-2019-13627
CVE-2019-13225 CVE-2019-13050 CVE-2019-8846
CVE-2019-8844 CVE-2019-8835 CVE-2019-8823
CVE-2019-8820 CVE-2019-8819 CVE-2019-8816
CVE-2019-8815 CVE-2019-8814 CVE-2019-8813
CVE-2019-8812 CVE-2019-8811 CVE-2019-8808
CVE-2019-8783 CVE-2019-8782 CVE-2019-8771
CVE-2019-8769 CVE-2019-8766 CVE-2019-8764
CVE-2019-8743 CVE-2019-8720 CVE-2019-8710
CVE-2019-8625 CVE-2019-5018 CVE-2019-3884
CVE-2018-20843
Reference: ESB-2021.0584
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:5364
https://access.redhat.com/errata/RHSA-2020:5635
Comment: This bulletin contains two (2) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7 low-latency extras security and bug fix update
Advisory ID: RHSA-2020:5364-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5364
Issue date: 2021-02-24
CVE Names: CVE-2018-20843 CVE-2019-5018 CVE-2019-13050
CVE-2019-13627 CVE-2019-14889 CVE-2019-15165
CVE-2019-15903 CVE-2019-16168 CVE-2019-16935
CVE-2019-17450 CVE-2019-19221 CVE-2019-19906
CVE-2019-19956 CVE-2019-20218 CVE-2019-20387
CVE-2019-20388 CVE-2019-20454 CVE-2019-20907
CVE-2019-20916 CVE-2020-1730 CVE-2020-1751
CVE-2020-1752 CVE-2020-1971 CVE-2020-6405
CVE-2020-7595 CVE-2020-8492 CVE-2020-9327
CVE-2020-10029 CVE-2020-10722 CVE-2020-10723
CVE-2020-10725 CVE-2020-10726 CVE-2020-13630
CVE-2020-13631 CVE-2020-13632 CVE-2020-14382
CVE-2020-14422 CVE-2020-24659 CVE-2020-25211
CVE-2020-27813
=====================================================================
1. Summary:
An update for cnf-tests-container, dpdk-base-container,
performance-addon-operator-bundle-registry-container,
performance-addon-operator-container, and
performance-addon-operator-must-gather-rhel8-container is now available for
Red Hat OpenShift Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the extra low-latency container images for Red Hat
OpenShift Container Platform 4.7. See the following advisory for the
container images for this release:
https://access.redhat.com/errata/RHSA-2020:5633
Security Fix(es):
* golang-github-gorilla-websocket: integer overflow leads to denial of
service (CVE-2020-27813)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Configuring the system with non-RT kernel will hang the system
(BZ#1923220)
3. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
5. JIRA issues fixed (https://issues.jboss.org/):
CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs
CNF-854 - Performance tests in CNF Tests
6. References:
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15165
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-17450
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-10722
https://access.redhat.com/security/cve/CVE-2020-10723
https://access.redhat.com/security/cve/CVE-2020-10725
https://access.redhat.com/security/cve/CVE-2020-10726
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14382
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/cve/CVE-2020-24659
https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/cve/CVE-2020-27813
https://access.redhat.com/security/updates/classification/#moderate
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDaYLtzjgjWX9erEAQj4xA//WESmJ44vrFRO8of5+yK5YHcL9v7/mfsI
rOMeu/8rf0GbRMdx00BI28FUJY+gxZoE9od1HDh3XvsjgOSu5+jui+8ONZ7L7q6z
7fDG/xGFdkJk/5jM4W0Ll+Yaku3z32iG6T11wLZNJnijmp2zpS0QK1lfOOyZZDAW
ZmcptSY91qIsGafeeYTo/aJJKLHH2v/A7O2DYjpBjyf/LnNdVlfmDNPYND6n7YT8
o/LrdW6SvRlORS/1xYEYVYTg+8hQrarX6KwUWF8j+DuP929cimCFoujT1X9J7eGC
LygiTDmtFJaUI02iBHcE6TnCkXk+Zl8H16k7rcEmaMm71csQow+1hZOydtoi3UKO
J0ctqr6eI2dvc6hSB+fHvaNYVxv2I8GFdiFDKMe41VDuk/vrXc03w7IINnDlh5FJ
MU//reSkp6Gow2uKbyZ4BNSjG4XX39MLXWnxPaL8HXIiRqE9LjipIlOyFRNrbZes
8WkCdTaRfrcpJ7c1ocWPWAxDm6C5jW0PV09IjFobiHKkbfZhWCId0w699sAUNrUG
2tfofPrIYy9w8QrjNXccvp5rNg13URBC6k1ORJdxGVxFq6W9N0wEZ/A/YDpVXJ3x
6UbWw/UYbsVq5J6i4qRikluAd33skZk5RdeTARMQEUK7ckc1Eu65v8b2X7dYIy8F
mSI1ReZ0dBM=
=SQ8X
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 extras and security update
Advisory ID: RHSA-2020:5635-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5635
Issue date: 2021-02-24
CVE Names: CVE-2018-20843 CVE-2019-3884 CVE-2019-5018
CVE-2019-8625 CVE-2019-8710 CVE-2019-8720
CVE-2019-8743 CVE-2019-8764 CVE-2019-8766
CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
CVE-2019-8820 CVE-2019-8823 CVE-2019-8835
CVE-2019-8844 CVE-2019-8846 CVE-2019-13050
CVE-2019-13225 CVE-2019-13627 CVE-2019-14889
CVE-2019-15165 CVE-2019-15903 CVE-2019-16168
CVE-2019-16935 CVE-2019-17450 CVE-2019-17546
CVE-2019-19221 CVE-2019-19906 CVE-2019-19956
CVE-2019-20218 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20807 CVE-2019-20907
CVE-2019-20916 CVE-2020-1730 CVE-2020-1751
CVE-2020-1752 CVE-2020-1971 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3898
CVE-2020-3899 CVE-2020-3900 CVE-2020-3901
CVE-2020-3902 CVE-2020-6405 CVE-2020-7595
CVE-2020-8492 CVE-2020-8566 CVE-2020-8619
CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
CVE-2020-9327 CVE-2020-9802 CVE-2020-9803
CVE-2020-9805 CVE-2020-9806 CVE-2020-9807
CVE-2020-9843 CVE-2020-9850 CVE-2020-9862
CVE-2020-9893 CVE-2020-9894 CVE-2020-9895
CVE-2020-9915 CVE-2020-9925 CVE-2020-10018
CVE-2020-10029 CVE-2020-11793 CVE-2020-13630
CVE-2020-13631 CVE-2020-13632 CVE-2020-14040
CVE-2020-14382 CVE-2020-14391 CVE-2020-14422
CVE-2020-15157 CVE-2020-15503 CVE-2020-15999
CVE-2020-24659 CVE-2020-24750 CVE-2020-25211
CVE-2020-25658 CVE-2021-3121
=====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release also includes a security update for Red Hat OpenShift
Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* jackson-databind: Serialization gadgets in
com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.0. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHEA-2020:5633
All OpenShift Container Platform users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- - -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- - -minor.
3. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- - -cli.html.
4. Bugs fixed (https://bugzilla.redhat.com/):
1823765 - nfd-workers crash under an ipv6 environment
1838802 - mysql8 connector from operatorhub does not work with metering operator
1838845 - Metering operator can't connect to postgres DB from Operator Hub
1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1868294 - NFD operator does not allow customisation of nfd-worker.conf
1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
1890672 - NFD is missing a build flag to build correctly
1890741 - path to the CA trust bundle ConfigMap is broken in report operator
1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster
1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel
1900125 - FIPS error while generating RSA private key for CA
1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub
1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub
1913837 - The CI and ART 4.7 metering images are not mirrored
1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le
1916010 - olm skip range is set to the wrong range
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923998 - NFD Operator is failing to update and remains in Replacing state
5. References:
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-3884
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13225
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15165
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-17450
https://access.redhat.com/security/cve/CVE-2019-17546
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20807
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3898
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-8566
https://access.redhat.com/security/cve/CVE-2020-8619
https://access.redhat.com/security/cve/CVE-2020-8622
https://access.redhat.com/security/cve/CVE-2020-8623
https://access.redhat.com/security/cve/CVE-2020-8624
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-9802
https://access.redhat.com/security/cve/CVE-2020-9803
https://access.redhat.com/security/cve/CVE-2020-9805
https://access.redhat.com/security/cve/CVE-2020-9806
https://access.redhat.com/security/cve/CVE-2020-9807
https://access.redhat.com/security/cve/CVE-2020-9843
https://access.redhat.com/security/cve/CVE-2020-9850
https://access.redhat.com/security/cve/CVE-2020-9862
https://access.redhat.com/security/cve/CVE-2020-9893
https://access.redhat.com/security/cve/CVE-2020-9894
https://access.redhat.com/security/cve/CVE-2020-9895
https://access.redhat.com/security/cve/CVE-2020-9915
https://access.redhat.com/security/cve/CVE-2020-9925
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14382
https://access.redhat.com/security/cve/CVE-2020-14391
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/cve/CVE-2020-15157
https://access.redhat.com/security/cve/CVE-2020-15503
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/cve/CVE-2020-24659
https://access.redhat.com/security/cve/CVE-2020-24750
https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/cve/CVE-2020-25658
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZx29zjgjWX9erEAQiEgw/8DBuxuo7e4Ww4JhGygUbWXrPRpqJ7EJGr
drhHbl+7uxzEcIIPBh3yN41AHKAJDfdCrGglmGdqrtDjrO94T+yVOucl0wwFPOoY
0zSdNBgpQlgRIzbmtpsDFv3N09kP6rWiUMbCGWiGTPKTSzYKP1T7ugA2WeK5pwXR
QeEbmp4Ewbur3KOgdcj75++PgJ8OIQhZcN+u5q/6ThcKmXOUSflVp1U6V8X5vm6i
vyV91W2uQcbE3ttBp2n2utrDi1c2C6dQL8AcnApetB/Kz7tHxviW+ZV9hzOhQEtd
w4rMKx4HTntvWnvrETVTxYI4Zq+Zs4CAGVfemika/GzhM9z+BTsmeoNXEWVDcp3X
g+4ItofTYQON4WhPBzaPdCLFNbBIOxZpqFbVblVouwCw5e+QKOx0PJPtLk5XlePt
ofKaoxgu9OYonOafKvTncZu4gBL4vNHrggnDBB8TKxgojh6lELImxAndjuD8hmca
2WWhFDqANz4ib4ldVfPvLm6uwaXpqCNgYNYWMtzWTSYtr/K3emmKWDzfRn2UXFEB
aFeds0m0Z7DBMnlq2wEecaZMYW1r10AZs/MAlpTkeiRu7EGOlepiw5HKFBZFhkUB
vAHKSnP4VTZRNTG5xa5b4abWcYYAJo3dvvsLGTwy4aBM4j/zR01mDbXYE3+APfHS
uytAlyUdH6c=
=Ibze
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYDbb5uNLKJtyKPYoAQgDUA/+NMay2GmTCQc0OhtIRgCyI3/7CNaloNZo
lKWNBu09Wkl924++5H0WCXhdwKp4kH66wTPTLEsYYPXXsKsJK2kZFpzug1RwjjIJ
eGK3l59pa2TXCO6jckXaMy8SUzfcFiQNKj8DS3nAUAR1KAZwmN+ZR+9Mv/uif3nV
zEkCZJb35jE/Psl3Vg6WlorpPeRACQner/7Wf4Xd6Q394aQPFx0LI6MHSty6ZFJi
wxkRZmC7q6EfcGLnC1Z3PBYqtY6zdYxLl3ZV6oJBho5pyFXzky3GHrkPzgScTBYL
D579qdeT8cnG0FM+ZnLugP8s0Pc83Pq0wyZjK++rQLtCWXHOERrqU7homeqXXsAX
6b1d2OOZ8FtcLND/gZKhs//izgXvh2aYqCEOZW/w7bIGiIOd2y3KhDwaFducr/VG
HX6iv6pfgoT8+g/EyNwpjOkqiVKl/udCV+pq2+zZg5HSV+0KRaOejbESxiHl5lfT
9xggIndU7PBgJRSn0XBOtIkT2gTqns30za4VUWBvQu5M3UfxOSziZcrVtYWh7Axq
+8EZ5fs5VJivUSP4Bf2qf4WvTwfNj21OUqUnNYJjUph8h8KgctZ+m5zO7eUf3Zyn
JPsDIcumLd8MmacjCHog0euOhTH4I8JUe0CERxjf/3nhyQGZQlixyXNluMR3bavH
p2WT6Q4/KZ8=
=6qkQ
-----END PGP SIGNATURE-----