Date: 12 March 2012
References: ESB-2011.0029 ESB-2010.1025 ESB-2010.1040 ESB-2010.1075 ESB-2010.1082 ESB-2010.1108 ESB-2010.1150 ESB-2011.0007 ESB-2011.0036 ESB-2011.0048
ESB-2011.0166 ESB-2011.0271 ESB-2011.0340 ESB-2011.0376 ESB-2011.0394 ESB-2011.0485 ESB-2011.0487 ESB-2011.1168 ESB-2012.0109.3
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.1038.4
VMware ESXi and ESX updates to third party libraries and ESX
Service Console
12 March 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware ESXi
VMware ESX
Publisher: VMWare
Operating System: VMWare ESX Server
Impact/Access: Administrator Compromise -- Existing Account
Access Privileged Data -- Existing Account
Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote with User Interaction
Unauthorised Access -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2011-1659 CVE-2011-1658 CVE-2011-1495
CVE-2011-1494 CVE-2011-1478 CVE-2011-1095
CVE-2011-1090 CVE-2011-1071 CVE-2011-1010
CVE-2011-0710 CVE-2011-0536 CVE-2011-0521
CVE-2011-0282 CVE-2011-0281 CVE-2010-4655
CVE-2010-4526 CVE-2010-4346 CVE-2010-4343
CVE-2010-4263 CVE-2010-4255 CVE-2010-4251
CVE-2010-4249 CVE-2010-4248 CVE-2010-4247
CVE-2010-4243 CVE-2010-4242 CVE-2010-4238
CVE-2010-4161 CVE-2010-4158 CVE-2010-4157
CVE-2010-4083 CVE-2010-4081 CVE-2010-4080
CVE-2010-4075 CVE-2010-4073 CVE-2010-4072
CVE-2010-3904 CVE-2010-3880 CVE-2010-3877
CVE-2010-3876 CVE-2010-3865 CVE-2010-3859
CVE-2010-3858 CVE-2010-3699 CVE-2010-3477
CVE-2010-3442 CVE-2010-3432 CVE-2010-3296
CVE-2010-3086 CVE-2010-3078 CVE-2010-3067
CVE-2010-3066 CVE-2010-3015 CVE-2010-2943
CVE-2010-2942 CVE-2010-2938 CVE-2010-2798
CVE-2010-2492 CVE-2010-1323 CVE-2010-1083
CVE-2010-0296
Reference: ESB-2011.0487
ESB-2011.0485
ESB-2011.0394
ESB-2011.0376
ESB-2011.0340
ESB-2011.0271
ESB-2011.0166
ESB-2011.0048
ESB-2011.0036
ESB-2011.0029
ESB-2011.0007
ESB-2010.1150
ESB-2010.1108
ESB-2010.1082
ESB-2010.1075
ESB-2010.1040
ESB-2010.1025
ESB-2010.1023
ESB-2010.0962
ESB-2010.0942
ESB-2010.0934
ESB-2010.0929
ESB-2010.0903
ESB-2010.0877
ESB-2010.0847
ESB-2010.0820
ESB-2010.0744
ESB-2010.0289
ESB-2011.0793.2
ESB-2010.0479.2
Revision History: March 12 2012: ESX 3.5 patches released
December 16 2011: Updated with the release of ESXi 5.0 patches.
October 28 2011: Update 2 for vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 released
October 13 2011: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0012.3
Synopsis: VMware ESXi and ESX updates to third party libraries
and ESX Service Console
Issue date: 2011-10-12
Updated on: 2012-03-08
CVE numbers: --- COS Kernel ---
CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938,
CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066,
CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296,
CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699,
CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876,
CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072,
CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081,
CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161,
CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247,
CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255,
CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526,
CVE-2010-4655, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010,
CVE-2011-1090, CVE-2011-1478
--- COS krb5 ---
CVE-2010-1323, CVE-2011-0281, CVE-2011-0282
--- glibc library ---
CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095,
CVE-2011-1658, CVE-2011-1659
--- mtp2sas ---
CVE-2011-1494, CVE-2011-1495
-----------------------------------------------------------------------
1. Summary
VMware ESXi and ESX updates to third party libraries and ESX Service
Console address several security issues.
2. Relevant releases
ESXi 5.0 without patch ESXi500-201112401-SG.
ESXi 4.1 without patch ESXi410-201110201-SG.
ESX 4.1 without patches ESX410-201110201-SG and ESX410-201110224-SG.
ESXi 4.0 without patch ESXi400-201110401-SG.
ESX 4.0 without patches ESX400-201110401-SG, ESX400-201110403-SG
and ESX400-201110409-SG.
ESXi 3.5 without patch ESXe350-201203401-I-SG.
ESX 3.5 without patch ESX350-201203403-SG.
3. Problem Description
a. ESX third party update for Service Console kernel
This update takes the console OS kernel package to
kernel-2.6.18-238.9.1 which resolves multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798,
CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015,
CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086,
CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477,
CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865,
CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904,
CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080,
CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158,
CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243,
CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251,
CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346,
CVE-2010-4526, CVE-2010-4655, CVE-2011-0521, CVE-2011-0710,
CVE-2011-1010, CVE-2011-1090 and CVE-2011-1478 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201110401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console krb5 RPMs
This patch updates the krb5-libs and krb5-workstation RPMs of the
console OS to version 1.6.1-55.el5_6.1, which resolves multiple
security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-1323, CVE-2011-0281, and CVE-2011-0282
to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201110403-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESXi and ESX update to third party component glibc
The glibc third-party library is updated to resolve multiple
security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-0296, CVE-2011-0536, CVE-2011-1071,
CVE-2011-1095, CVE-2011-1658, and CVE-2011-1659 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 ESXi ESXi500-201112401-SG
ESXi 4.1 ESXi ESXi410-201110201-SG
ESXi 4.0 ESXi ESXi400-201110401-SG
ESXi 3.5 ESXi patch pending
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201110401-SG
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX no patch planned
* hosted products are VMware Workstation, Player, ACE, Fusion.
d. ESX update to third party drivers mptsas, mpt2sas, and mptspi
The mptsas, mpt2sas, and mptspi drivers are updated which addresses
multiple security issues in the mpt2sas driver.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-1494 and CVE-2011-1495 to these issues.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 ESXi not applicable
ESXi 4.1 ESXi not applicable
ESXi 4.0 ESXi not applicable
ESXi 3.5 ESXi ESXe350-201203401-I-SG
ESX 4.1 ESX ESX410-201110224-SG
ESX 4.0 ESX ESX400-201110409-SG
ESX 3.5 ESX ESX350-201203403-SG
ESX 3.0.3 ESX no patch planned
* hosted products are VMware Workstation, Player, ACE, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware ESXi 5.0
---------------
ESXi500-201112001
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-325-20111212-924
952/ESXi500-201112001.zip
md5sum: 107ec1cf6ee1d5d5cb8ea5c05b05cc10
sha1sum: aff63c8a170508c8c0f21a60d1ea75ef1922096d
http://kb.vmware.com/kb/2007671
ESXi500-201112001 contains ESXi500-201112401-SG
VMware ESXi 4.1
---------------
VMware ESXi 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v
sphere/4_1
Release Notes:
https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html
File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso
md5sum: 0aa78790a336c5fc6ba3d9807c98bfea
sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce
File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip
md5sum: 459d9142a885854ef0fa6edd8d6a5677
sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33
File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip
md5sum: 3047fac78a4aaa05cf9528d62fad9d73
sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f
File: VMware-tools-linux-8.3.12-493255.iso
md5sum: 63028f2bf605d26798ac24525a0e6208
sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe
md5sum: dafd31619ae66da65115ac3900697e3a
sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.
VMware ESX 4.1
--------------
VMware ESX 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v
sphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File: ESX-4.1.0-update02-502767.iso
md5sum: 9a2b524446cbd756f0f1c7d8d88077f8
sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c
File: pre-upgrade-from-esx4.0-to-4.1-502767.zip
md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf
sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4
File: upgrade-from-esx4.0-to-4.1-update02-502767.zip
md5sum: 4b60f36ee89db8cb7e1243aa02cdb549
sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f
File: VMware-tools-linux-8.3.12-493255.iso
md5sum: 63028f2bf605d26798ac24525a0e6208
sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe
md5sum: dafd31619ae66da65115ac3900697e3a
sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESX 4.1 Update 2 contains ESX410-201110201-SG and
ESX410-201110224-SG.
VMware ESXi 4.0
---------------
ESXi400-201110001
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-315-20111006-920
880/ESXi400-201110001.zip
md5sum: fd47b5e2b7ea1db79a2e0793d4c9d9d3
sha1sum: 759d4fa6da6eb49f41def68e3bd66e80c9a7032b
http://kb.vmware.com/kb/1036397
ESXi400-201110001 contains ESXi400-201110401-SG
VMware ESX 4.0
--------------
ESX400-201110001
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-314-20111006-398
488/ESX400-201110001.zip
md5sum: 0ce9cc285ea5c27142c9fdf273443d78
sha1sum: fdb5482b2bf1e9c97f2814255676e3de74512399
http://kb.vmware.com/kb/1036391
ESX400-201110001 contains ESX400-201110401-SG, ESX400-201110403-SG
and ESX400-201110409-SG.
VMware ESXi 3.5
---------------
ESXe350-201203401-O-SG
http://downloads.vmware.com/go/selfsupport-download
md5sum: 44124458684d6d1b957b4e39cbe97d77
sha1sum: 2255311bc6c27e127e075040eb1f98649b5ce8be
http://kb.vmware.com/kb/2009160
ESXe350-201203401-O-SG contains ESXe350-201203401-I-SG.
VMware ESX 3.5
--------------
ESX350-201203403-SG
http://downloads.vmware.com/go/selfsupport-download
md5sum: b568125dd3eb5d1b52d88a11164ade21
sha1sum: a10cbc7892a28a9dc714ddbc40a4232691ac321f
http://kb.vmware.com/kb/2009157
5. References
CVE numbers
--- COS Kernel ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1478
--- COS krb5 ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282
--- glibc library ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659
--- mtp2sas ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
-----------------------------------------------------------------------
6. Change log
2011-10-12 VMSA-2011-0012
Initial security advisory in conjunction with the release of patches
for ESX 4.0 and ESXi 4.0 on 2011-10-12.
2011-10-27 VMSA-2011-0012.1
Updated security advisory with the release of Update 2 for vSphere
Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.
2011-12-15 VMSA-2011-0012.2
Updated security advisory with the release of ESXi 5.0 patches on
2011-12-15.
2011-03-08 VMSA-2011-0010.3
Updated security advisory after the release of ESX 3.5 patches on
2012-03-08.
-----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFPWZ47DEcm8Vbi9kMRAtL7AKC7VxD6+KT2yPK3kehwwtuUWULeOQCcCsFY
4Ay5bgjwVC3Vyks6fNNWcBk=
=qNzG
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT11yQO4yVqjM2NGpAQIjnxAAjaXAgHT/hymHeIXX2GEybMpr43BaGXx7
RlTKL5FMJam5xAg7sDMdrYaDUTr7q0HEC7ZoeARwCB0mrUnvmIooaObTPf5ctO7J
ovwvPserMyISj2wrXFDbKCFp96DOiYGFnNLiH8KUwxfHppPzVpIL51o11JIPeNiA
vGtTqpE0Lw7GLh0YGwK7aeMkeZY8nZr1WHwn7v40S987I0WoKKGtr41eU7snuUk2
Iou8n16+CUzG7puCI6pp5u2FCX9P30xPQaVXC6O8UyAzwMz+SHBTcwse1OTOk2jV
IKPsCLonuXvLfdkIxtE65BHQvQgJU1CyUeWcghp+VzFKtr372APr2HzWSuQLRc90
J2UytXrgzwgdg2jlEjQl8c9xfW1+Hyr/2zGXYXlQqDIwJb7Z1YdR1VVVg4JLrSlE
QJOGijTV9GomWHotaJKNFLusbtnyHslsXw2Qt67QtLfXesqCwxtCTtTvyYH9Dy+F
DkAgB/p52IYrE49RRzKBJ9QKBqsiN064DuPtifQbKCLbOYYWPDBjTu8XYBcAHzhX
YBaChcy7Abt6gEwwdmdKvRmmCtqoVVd2vdiiLwccvBQS98SKaQZszvswzAE8b6kp
Ft/rcP3S4GiKxKrIEx5/oCRqz4HTllFmu19FL4OquVnWhUrPgp27BqX6RvUmnH+F
gE++ABl4dyA=
=wAso
-----END PGP SIGNATURE-----
|