Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.6351
cgal security update
7 December 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: cgal
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2020-35636 CVE-2020-35635 CVE-2020-35634
CVE-2020-35633 CVE-2020-35632 CVE-2020-35631
CVE-2020-35630 CVE-2020-35629 CVE-2020-35628
CVE-2020-28636 CVE-2020-28635 CVE-2020-28634
CVE-2020-28633 CVE-2020-28632 CVE-2020-28631
CVE-2020-28630 CVE-2020-28629 CVE-2020-28628
CVE-2020-28627 CVE-2020-28626 CVE-2020-28625
CVE-2020-28624 CVE-2020-28623 CVE-2020-28622
CVE-2020-28621 CVE-2020-28620 CVE-2020-28619
CVE-2020-28618 CVE-2020-28617 CVE-2020-28616
CVE-2020-28615 CVE-2020-28614 CVE-2020-28613
CVE-2020-28612 CVE-2020-28611 CVE-2020-28610
CVE-2020-28609 CVE-2020-28608 CVE-2020-28607
CVE-2020-28606 CVE-2020-28605 CVE-2020-28604
CVE-2020-28603 CVE-2020-28602 CVE-2020-28601
Original Bulletin:
http://www.debian.org/lts/security/2022/dla-3226
Comment: CVSS (Max): 9.8 CVE-2020-35636 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3226-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Helmut Grohne
December 06, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : cgal
Version : 4.13-1+deb10u1
CVE ID : CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604
CVE-2020-28605 CVE-2020-28606 CVE-2020-28607 CVE-2020-28608
CVE-2020-28609 CVE-2020-28610 CVE-2020-28611 CVE-2020-28612
CVE-2020-28613 CVE-2020-28614 CVE-2020-28615 CVE-2020-28616
CVE-2020-28617 CVE-2020-28618 CVE-2020-28619 CVE-2020-28620
CVE-2020-28621 CVE-2020-28622 CVE-2020-28623 CVE-2020-28624
CVE-2020-28625 CVE-2020-28626 CVE-2020-28627 CVE-2020-28628
CVE-2020-28629 CVE-2020-28630 CVE-2020-28631 CVE-2020-28632
CVE-2020-28633 CVE-2020-28634 CVE-2020-28635 CVE-2020-28636
CVE-2020-35628 CVE-2020-35629 CVE-2020-35630 CVE-2020-35631
CVE-2020-35632 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635
CVE-2020-35636
Debian Bug : 985671
When parsing files containing Nef polygon data, several memory access
violations may happen. Many of these allow code execution.
CVE-2020-28601
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read.
An attacker can provide malicious input to trigger this
vulnerability.
CVE-2020-28602
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex()
Halfedge_of[].
CVE-2020-28603
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().
CVE-2020-28604
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().
CVE-2020-28605
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read exists in
Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge()
e->set_vertex().
CVE-2020-28606
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().
CVE-2020-28607
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().
CVE-2020-28608
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc().
CVE-2020-28609
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv().
CVE-2020-28610
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex()
set_face().
CVE-2020-28611
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex()
set_first_out_edge().
CVE-2020-28612
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
vh->svertices_begin().
CVE-2020-28613
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
vh->svertices_last().
CVE-2020-28614
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
vh->shalfedges_begin().
CVE-2020-28615
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
vh->shalfedges_last().
CVE-2020-28616
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
vh->sfaces_begin().
CVE-2020-28617
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
vh->sfaces_last().
CVE-2020-28618
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
vh->shalfloop().
CVE-2020-28619
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().
CVE-2020-28620
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge()
eh->center_vertex():.
CVE-2020-28621
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge()
eh->out_sedge().
CVE-2020-28622
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge()
eh->incident_sface().
CVE-2020-28623
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().
CVE-2020-28624
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet()
fh->boundary_entry_objects SEdge_of.
CVE-2020-28625
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet()
fh->boundary_entry_objects SLoop_of.
CVE-2020-28626
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet()
fh->incident_volume().
CVE-2020-28627
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume()
ch->shell_entry_objects().
CVE-2020-28628
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin().
CVE-2020-28629
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().
CVE-2020-28630
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().
CVE-2020-28631
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source().
CVE-2020-28632
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge()
seh->incident_sface().
CVE-2020-28633
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().
CVE-2020-28634
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().
CVE-2020-28635
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().
CVE-2020-28636
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An
attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35628
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop()
slh->incident_sface. An attacker can provide malicious input to
trigger this vulnerability.
CVE-2020-35629
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet().
CVE-2020-35630
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
sfh->center_vertex().
CVE-2020-35631
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
SD.link_as_face_cycle().
CVE-2020-35632
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
sfh->boundary_entry_objects Edge_of.
CVE-2020-35633
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
store_sm_boundary_item() Edge_of.A specially crafted malformed file
can lead to an out-of-bounds read and type confusion, which could
lead to code execution. An attacker can provide malicious input to
trigger this vulnerability.
CVE-2020-35634
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
sfh->boundary_entry_objects Sloop_of. A specially crafted malformed
file can lead to an out-of-bounds read and type confusion, which
could lead to code execution. An attacker can provide malicious input
to trigger this vulnerability.
CVE-2020-35635
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB
read. A specially crafted malformed file can lead to an out-of-bounds
read and type confusion, which could lead to code execution. An
attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35636
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() sfh->volume() OOB read. A specially
crafted malformed file can lead to an out-of-bounds read and type
confusion, which could lead to code execution. An attacker can
provide malicious input to trigger this vulnerability.
For Debian 10 buster, these problems have been fixed in version
4.13-1+deb10u1.
We recommend that you upgrade your cgal packages.
For the detailed security status of cgal please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cgal
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAmOPMN0ACgkQLRqqzyRE
RELMAQ//QDmGcdq76sbQbEIa/CmFC6ktpUpJr+Y2SHbWRrpq9eAx6kcXdD9gGLPt
iPj1wR+IvmUtehaL+IbzRIhrE/1Ss021U02guo8H1N06z7hdjiwtNwo91cfe9/B1
gJRt0M5gch62uPvDfGTrfdGyewNKnIs+AMMbgaXtP+cMC1ZTm47ScjStW0wAf5AS
SRPKXfqDl007bOUkgiYewxmcxk9gyueZmdy7c7STuccABiwQ2LJYl73qWOrmEpSP
USazAv+CwpdHK1lu3H5C3ylGUtjikRwwikTdkU4JoDHuFTiYOx30smqf8Cuk/OAK
8UUg/QDmGOb3XkMS5biATTNbUoXQH3tK1QZSdZRVdz2M5VeJft9FDs3Wprw1wDbW
D9Z7DxpiJBttZjVAjiXR0MFASbkUW6QS7FArOxAYbmcWCiPQ+H3qO4mchR/S3H9d
6LiAfJxcqmAgiDXrv5vg9jAEKElvIXDQHrHGRjl7wI8LMZyehrUchMWEc14RRSho
LspUHEWkoHzolQ2c0oMVf+mn5eyM4a3JXNeyI+mmatGQkopKNoNqx9GSmaZuScaP
bnxQixoMD5VdFeGY5oz4WjkrelytF0F924SaWNhbjIkb/PJWLkw5q525GNaev+O0
g6n+CRdJzOgh7uyhZWWYYhmyg24IUTGnYoav2ljggz0nefelUOc=
=CuJn
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY4/o9MkNZI30y1K9AQh2+A//Y67AfhGR+q/zo04gOLX9AqFCzfGaetuZ
78hbELOmtgXxou7OshmNwupQ3ZIQ6FRA/xqQmolq5qRggoJ6NwD5w7PbLZGMWCx5
8qgqG7mUoV4w8jOMwiq+jlMs+fpw6MvTVw7+UVikrZ0HdrKI6e5icVIFX3TT/Qin
e0UyxkQ5fiIOj/ZvB7I3nD2vHSpZMZDFmHmHGEAycITLIOtveWCa9eGOYqvU/pAf
xgGqh7ko5RGUvYS6BbqZJMB4vvmAgRdaqe7pBviU1XNQmUJUlv/DJtwtJuQLfMo2
W3/fgcj218CMjNdLNwixNbKfhfYFvReDJtdSw88Tdlf3UkuauzZrOeGT7tf6ty2s
rxDkzIuUJeddm+bOwyfzEWZXjsDNIKR9KcAGcJp6j9leCA8WueozJIvKOM3v3MEg
Lfubz2Ai3R390w3FuBAKyRi3uSpqiiV1ABiTRwSbFKY6X5hVqTDh1UdU9D+swoT5
MM6db2c/z8XdGCmBKf1yhFPKZxkRr+JDgGMba0Czhdi2vyH/qbjxUFTEeUHbj7se
oZ76qhTeLBXBbBtvOWOYo/vMD1YyZQRKEiMJIUwQ0GeJ2AiM0HvKtn6PolH65Zgn
YjmKXI6b4ulrnDjutdv3D3IFebAaHzO4/HuT5hsONfDs33AFV0FHa9aZYvitkicW
R2Kv4m6DHtc=
=lZ+Q
-----END PGP SIGNATURE-----