copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
Security Bul...
»
AusCERT Exte...
» ESB-2011.1038.4 - UPDATE [VMware ESX] VMware ESXi an...
ESB-2011.1038.4 - UPDATE [VMware ESX] VMware ESXi and ESX: Multiple vulnerabilities
Date:
12 March 2012
References
:
ESB-2011.0029
ESB-2010.1025
ESB-2010.1040
ESB-2010.1075
ESB-2010.1082
ESB-2010.1108
ESB-2010.1150
ESB-2011.0007
ESB-2011.0036
ESB-2011.0048
ESB-2011.0166
ESB-2011.0271
ESB-2011.0340
ESB-2011.0376
ESB-2011.0394
ESB-2011.0485
ESB-2011.0487
ESB-2011.1168
ESB-2012.0109.3
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.1038.4 VMware ESXi and ESX updates to third party libraries and ESX Service Console 12 March 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware ESXi VMware ESX Publisher: VMWare Operating System: VMWare ESX Server Impact/Access: Administrator Compromise -- Existing Account Access Privileged Data -- Existing Account Overwrite Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Unauthorised Access -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2011-1659 CVE-2011-1658 CVE-2011-1495 CVE-2011-1494 CVE-2011-1478 CVE-2011-1095 CVE-2011-1090 CVE-2011-1071 CVE-2011-1010 CVE-2011-0710 CVE-2011-0536 CVE-2011-0521 CVE-2011-0282 CVE-2011-0281 CVE-2010-4655 CVE-2010-4526 CVE-2010-4346 CVE-2010-4343 CVE-2010-4263 CVE-2010-4255 CVE-2010-4251 CVE-2010-4249 CVE-2010-4248 CVE-2010-4247 CVE-2010-4243 CVE-2010-4242 CVE-2010-4238 CVE-2010-4161 CVE-2010-4158 CVE-2010-4157 CVE-2010-4083 CVE-2010-4081 CVE-2010-4080 CVE-2010-4075 CVE-2010-4073 CVE-2010-4072 CVE-2010-3904 CVE-2010-3880 CVE-2010-3877 CVE-2010-3876 CVE-2010-3865 CVE-2010-3859 CVE-2010-3858 CVE-2010-3699 CVE-2010-3477 CVE-2010-3442 CVE-2010-3432 CVE-2010-3296 CVE-2010-3086 CVE-2010-3078 CVE-2010-3067 CVE-2010-3066 CVE-2010-3015 CVE-2010-2943 CVE-2010-2942 CVE-2010-2938 CVE-2010-2798 CVE-2010-2492 CVE-2010-1323 CVE-2010-1083 CVE-2010-0296 Reference: ESB-2011.0487 ESB-2011.0485 ESB-2011.0394 ESB-2011.0376 ESB-2011.0340 ESB-2011.0271 ESB-2011.0166 ESB-2011.0048 ESB-2011.0036 ESB-2011.0029 ESB-2011.0007 ESB-2010.1150 ESB-2010.1108 ESB-2010.1082 ESB-2010.1075 ESB-2010.1040 ESB-2010.1025 ESB-2010.1023 ESB-2010.0962 ESB-2010.0942 ESB-2010.0934 ESB-2010.0929 ESB-2010.0903 ESB-2010.0877 ESB-2010.0847 ESB-2010.0820 ESB-2010.0744 ESB-2010.0289 ESB-2011.0793.2 ESB-2010.0479.2 Revision History: March 12 2012: ESX 3.5 patches released December 16 2011: Updated with the release of ESXi 5.0 patches. October 28 2011: Update 2 for vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 released October 13 2011: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2011-0012.3 Synopsis: VMware ESXi and ESX updates to third party libraries and ESX Service Console Issue date: 2011-10-12 Updated on: 2012-03-08 CVE numbers: --- COS Kernel --- CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4655, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010, CVE-2011-1090, CVE-2011-1478 --- COS krb5 --- CVE-2010-1323, CVE-2011-0281, CVE-2011-0282 --- glibc library --- CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659 --- mtp2sas --- CVE-2011-1494, CVE-2011-1495 ----------------------------------------------------------------------- 1. Summary VMware ESXi and ESX updates to third party libraries and ESX Service Console address several security issues. 2. Relevant releases ESXi 5.0 without patch ESXi500-201112401-SG. ESXi 4.1 without patch ESXi410-201110201-SG. ESX 4.1 without patches ESX410-201110201-SG and ESX410-201110224-SG. ESXi 4.0 without patch ESXi400-201110401-SG. ESX 4.0 without patches ESX400-201110401-SG, ESX400-201110403-SG and ESX400-201110409-SG. ESXi 3.5 without patch ESXe350-201203401-I-SG. ESX 3.5 without patch ESX350-201203403-SG. 3. Problem Description a. ESX third party update for Service Console kernel This update takes the console OS kernel package to kernel-2.6.18-238.9.1 which resolves multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4655, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010, CVE-2011-1090 and CVE-2011-1478 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201110201-SG ESX 4.0 ESX ESX400-201110401-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console krb5 RPMs This patch updates the krb5-libs and krb5-workstation RPMs of the console OS to version 1.6.1-55.el5_6.1, which resolves multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1323, CVE-2011-0281, and CVE-2011-0282 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201110201-SG ESX 4.0 ESX ESX400-201110403-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESXi and ESX update to third party component glibc The glibc third-party library is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095, CVE-2011-1658, and CVE-2011-1659 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 ESXi ESXi500-201112401-SG ESXi 4.1 ESXi ESXi410-201110201-SG ESXi 4.0 ESXi ESXi400-201110401-SG ESXi 3.5 ESXi patch pending ESX 4.1 ESX ESX410-201110201-SG ESX 4.0 ESX ESX400-201110401-SG ESX 3.5 ESX patch pending ESX 3.0.3 ESX no patch planned * hosted products are VMware Workstation, Player, ACE, Fusion. d. ESX update to third party drivers mptsas, mpt2sas, and mptspi The mptsas, mpt2sas, and mptspi drivers are updated which addresses multiple security issues in the mpt2sas driver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1494 and CVE-2011-1495 to these issues. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 ESXi not applicable ESXi 4.1 ESXi not applicable ESXi 4.0 ESXi not applicable ESXi 3.5 ESXi ESXe350-201203401-I-SG ESX 4.1 ESX ESX410-201110224-SG ESX 4.0 ESX ESX400-201110409-SG ESX 3.5 ESX ESX350-201203403-SG ESX 3.0.3 ESX no patch planned * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware ESXi 5.0 --------------- ESXi500-201112001 Download link: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-325-20111212-924 952/ESXi500-201112001.zip md5sum: 107ec1cf6ee1d5d5cb8ea5c05b05cc10 sha1sum: aff63c8a170508c8c0f21a60d1ea75ef1922096d http://kb.vmware.com/kb/2007671 ESXi500-201112001 contains ESXi500-201112401-SG VMware ESXi 4.1 --------------- VMware ESXi 4.1 Update 2 Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v sphere/4_1 Release Notes: https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso md5sum: 0aa78790a336c5fc6ba3d9807c98bfea sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip md5sum: 459d9142a885854ef0fa6edd8d6a5677 sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33 File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip md5sum: 3047fac78a4aaa05cf9528d62fad9d73 sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG. VMware ESX 4.1 -------------- VMware ESX 4.1 Update 2 Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v sphere/4_1 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html File: ESX-4.1.0-update02-502767.iso md5sum: 9a2b524446cbd756f0f1c7d8d88077f8 sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c File: pre-upgrade-from-esx4.0-to-4.1-502767.zip md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4 File: upgrade-from-esx4.0-to-4.1-update02-502767.zip md5sum: 4b60f36ee89db8cb7e1243aa02cdb549 sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESX 4.1 Update 2 contains ESX410-201110201-SG and ESX410-201110224-SG. VMware ESXi 4.0 --------------- ESXi400-201110001 https://hostupdate.vmware.com/software/VUM/OFFLINE/release-315-20111006-920 880/ESXi400-201110001.zip md5sum: fd47b5e2b7ea1db79a2e0793d4c9d9d3 sha1sum: 759d4fa6da6eb49f41def68e3bd66e80c9a7032b http://kb.vmware.com/kb/1036397 ESXi400-201110001 contains ESXi400-201110401-SG VMware ESX 4.0 -------------- ESX400-201110001 https://hostupdate.vmware.com/software/VUM/OFFLINE/release-314-20111006-398 488/ESX400-201110001.zip md5sum: 0ce9cc285ea5c27142c9fdf273443d78 sha1sum: fdb5482b2bf1e9c97f2814255676e3de74512399 http://kb.vmware.com/kb/1036391 ESX400-201110001 contains ESX400-201110401-SG, ESX400-201110403-SG and ESX400-201110409-SG. VMware ESXi 3.5 --------------- ESXe350-201203401-O-SG http://downloads.vmware.com/go/selfsupport-download md5sum: 44124458684d6d1b957b4e39cbe97d77 sha1sum: 2255311bc6c27e127e075040eb1f98649b5ce8be http://kb.vmware.com/kb/2009160 ESXe350-201203401-O-SG contains ESXe350-201203401-I-SG. VMware ESX 3.5 -------------- ESX350-201203403-SG http://downloads.vmware.com/go/selfsupport-download md5sum: b568125dd3eb5d1b52d88a11164ade21 sha1sum: a10cbc7892a28a9dc714ddbc40a4232691ac321f http://kb.vmware.com/kb/2009157 5. References CVE numbers --- COS Kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3877 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4346 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4526 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1478 --- COS krb5 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282 --- glibc library --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659 --- mtp2sas --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495 ----------------------------------------------------------------------- 6. Change log 2011-10-12 VMSA-2011-0012 Initial security advisory in conjunction with the release of patches for ESX 4.0 and ESXi 4.0 on 2011-10-12. 2011-10-27 VMSA-2011-0012.1 Updated security advisory with the release of Update 2 for vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27. 2011-12-15 VMSA-2011-0012.2 Updated security advisory with the release of ESXi 5.0 patches on 2011-12-15. 2011-03-08 VMSA-2011-0010.3 Updated security advisory after the release of ESX 3.5 patches on 2012-03-08. ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. - -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFPWZ47DEcm8Vbi9kMRAtL7AKC7VxD6+KT2yPK3kehwwtuUWULeOQCcCsFY 4Ay5bgjwVC3Vyks6fNNWcBk= =qNzG - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT11yQO4yVqjM2NGpAQIjnxAAjaXAgHT/hymHeIXX2GEybMpr43BaGXx7 RlTKL5FMJam5xAg7sDMdrYaDUTr7q0HEC7ZoeARwCB0mrUnvmIooaObTPf5ctO7J ovwvPserMyISj2wrXFDbKCFp96DOiYGFnNLiH8KUwxfHppPzVpIL51o11JIPeNiA vGtTqpE0Lw7GLh0YGwK7aeMkeZY8nZr1WHwn7v40S987I0WoKKGtr41eU7snuUk2 Iou8n16+CUzG7puCI6pp5u2FCX9P30xPQaVXC6O8UyAzwMz+SHBTcwse1OTOk2jV IKPsCLonuXvLfdkIxtE65BHQvQgJU1CyUeWcghp+VzFKtr372APr2HzWSuQLRc90 J2UytXrgzwgdg2jlEjQl8c9xfW1+Hyr/2zGXYXlQqDIwJb7Z1YdR1VVVg4JLrSlE QJOGijTV9GomWHotaJKNFLusbtnyHslsXw2Qt67QtLfXesqCwxtCTtTvyYH9Dy+F DkAgB/p52IYrE49RRzKBJ9QKBqsiN064DuPtifQbKCLbOYYWPDBjTu8XYBcAHzhX YBaChcy7Abt6gEwwdmdKvRmmCtqoVVd2vdiiLwccvBQS98SKaQZszvswzAE8b6kp Ft/rcP3S4GiKxKrIEx5/oCRqz4HTllFmu19FL4OquVnWhUrPgp27BqX6RvUmnH+F gE++ABl4dyA= =wAso -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=1980&it=14965