Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1490 Critical: dhcp security update 16 May 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dhcp Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Linux variants Impact/Access: Root Compromise -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-1111 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:1453 Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running dhcp check for an updated version of the software for their operating system. This bulletin contains nine (9) Red Hat security advisories. A proof of concept demonstrating remote code execution as root has been released. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1453-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1453 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: dhcp-4.2.5-68.el7_5.1.src.rpm x86_64: dhclient-4.2.5-68.el7_5.1.x86_64.rpm dhcp-common-4.2.5-68.el7_5.1.x86_64.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm dhcp-libs-4.2.5-68.el7_5.1.i686.rpm dhcp-libs-4.2.5-68.el7_5.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: dhcp-4.2.5-68.el7_5.1.x86_64.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm dhcp-devel-4.2.5-68.el7_5.1.i686.rpm dhcp-devel-4.2.5-68.el7_5.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: dhcp-4.2.5-68.el7_5.1.src.rpm x86_64: dhclient-4.2.5-68.el7_5.1.x86_64.rpm dhcp-common-4.2.5-68.el7_5.1.x86_64.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm dhcp-libs-4.2.5-68.el7_5.1.i686.rpm dhcp-libs-4.2.5-68.el7_5.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: dhcp-4.2.5-68.el7_5.1.x86_64.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm dhcp-devel-4.2.5-68.el7_5.1.i686.rpm dhcp-devel-4.2.5-68.el7_5.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: dhcp-4.2.5-68.el7_5.1.src.rpm ppc64: dhclient-4.2.5-68.el7_5.1.ppc64.rpm dhcp-4.2.5-68.el7_5.1.ppc64.rpm dhcp-common-4.2.5-68.el7_5.1.ppc64.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.ppc.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.ppc64.rpm dhcp-libs-4.2.5-68.el7_5.1.ppc.rpm dhcp-libs-4.2.5-68.el7_5.1.ppc64.rpm ppc64le: dhclient-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-common-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-libs-4.2.5-68.el7_5.1.ppc64le.rpm s390x: dhclient-4.2.5-68.el7_5.1.s390x.rpm dhcp-4.2.5-68.el7_5.1.s390x.rpm dhcp-common-4.2.5-68.el7_5.1.s390x.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.s390.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.s390x.rpm dhcp-libs-4.2.5-68.el7_5.1.s390.rpm dhcp-libs-4.2.5-68.el7_5.1.s390x.rpm x86_64: dhclient-4.2.5-68.el7_5.1.x86_64.rpm dhcp-4.2.5-68.el7_5.1.x86_64.rpm dhcp-common-4.2.5-68.el7_5.1.x86_64.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm dhcp-libs-4.2.5-68.el7_5.1.i686.rpm dhcp-libs-4.2.5-68.el7_5.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: dhcp-4.2.5-68.el7_5.1.src.rpm aarch64: dhclient-4.2.5-68.el7_5.1.aarch64.rpm dhcp-4.2.5-68.el7_5.1.aarch64.rpm dhcp-common-4.2.5-68.el7_5.1.aarch64.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.aarch64.rpm dhcp-libs-4.2.5-68.el7_5.1.aarch64.rpm ppc64le: dhclient-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-common-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-libs-4.2.5-68.el7_5.1.ppc64le.rpm s390x: dhclient-4.2.5-68.el7_5.1.s390x.rpm dhcp-4.2.5-68.el7_5.1.s390x.rpm dhcp-common-4.2.5-68.el7_5.1.s390x.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.s390.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.s390x.rpm dhcp-libs-4.2.5-68.el7_5.1.s390.rpm dhcp-libs-4.2.5-68.el7_5.1.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: dhcp-debuginfo-4.2.5-68.el7_5.1.ppc.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.ppc64.rpm dhcp-devel-4.2.5-68.el7_5.1.ppc.rpm dhcp-devel-4.2.5-68.el7_5.1.ppc64.rpm ppc64le: dhcp-debuginfo-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-devel-4.2.5-68.el7_5.1.ppc64le.rpm s390x: dhcp-debuginfo-4.2.5-68.el7_5.1.s390.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.s390x.rpm dhcp-devel-4.2.5-68.el7_5.1.s390.rpm dhcp-devel-4.2.5-68.el7_5.1.s390x.rpm x86_64: dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm dhcp-devel-4.2.5-68.el7_5.1.i686.rpm dhcp-devel-4.2.5-68.el7_5.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: dhcp-debuginfo-4.2.5-68.el7_5.1.aarch64.rpm dhcp-devel-4.2.5-68.el7_5.1.aarch64.rpm ppc64le: dhcp-debuginfo-4.2.5-68.el7_5.1.ppc64le.rpm dhcp-devel-4.2.5-68.el7_5.1.ppc64le.rpm s390x: dhcp-debuginfo-4.2.5-68.el7_5.1.s390.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.s390x.rpm dhcp-devel-4.2.5-68.el7_5.1.s390.rpm dhcp-devel-4.2.5-68.el7_5.1.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: dhcp-4.2.5-68.el7_5.1.src.rpm x86_64: dhclient-4.2.5-68.el7_5.1.x86_64.rpm dhcp-4.2.5-68.el7_5.1.x86_64.rpm dhcp-common-4.2.5-68.el7_5.1.x86_64.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm dhcp-libs-4.2.5-68.el7_5.1.i686.rpm dhcp-libs-4.2.5-68.el7_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm dhcp-devel-4.2.5-68.el7_5.1.i686.rpm dhcp-devel-4.2.5-68.el7_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIUAwUBWvsEBtzjgjWX9erEAQi31A/427zadT/VscmjjbmNYddiFvQkL1L22csF xH/ayNsnZzNUaNeIuVO1qfnGG1AySgCdZlbB9Zver181qd9YuCvrjq+RseSWHLRA pWCrJPVHx2S309B++I5EkueF/LUNseZNYHumkaoqOLoB9nLt6BnI25sZer2bPZN9 H1lWHC0x/EDfr3/TS40h5O/qs7/Go48E6wQbCMQDEHtHlWHATCXmKVRMKLaqf5lX p+r7Bet0sA3YP7iiWLKiMGHoQv9CX7SpfkHX1ahww3atg0ZmH/xpNzB4w/0x1Zky XQ65msPxj9lbgwm2P4axSlJUwdNw1q8u8tMICVhxAjpV764tV8Ev06wdUlx0hG4d VjZdAvHw7RIVF+1W1b6DHJR/8T8OqrNluwJ79rE3nntDNel3bd8PmfzNd1Wtb2gw DrxOTqa621uzmhjZzR4oLQCcqJp0vvTSmQAJMnuLoC28iLjhq0NKG9hyAVNAsUty 3zIF+IlJvXZ0Mr4cwfZdvR0IsN1q44j/2tqes8hm3yfNbqL5MMqX4UUI0a2doFwk NPV6DZYXn+KXl5Aml/Z0jHPpVGyA674Qs88tfC3wSaWJf5g7mkVQAF5q8xjgcB7T 3Z78EckdkXeJxakYLQez0UHW4xRTnOeVjUVOf3Cue3t02wfKeu78GdrK4xQhsl13 y5LW4AYWIQ== =ODBZ - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1454-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1454 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: dhcp-4.1.1-53.P1.el6_9.4.src.rpm i386: dhclient-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm x86_64: dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: dhcp-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm x86_64: dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: dhcp-4.1.1-53.P1.el6_9.4.src.rpm x86_64: dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: dhcp-4.1.1-53.P1.el6_9.4.src.rpm i386: dhclient-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm ppc64: dhclient-4.1.1-53.P1.el6_9.4.ppc64.rpm dhcp-4.1.1-53.P1.el6_9.4.ppc64.rpm dhcp-common-4.1.1-53.P1.el6_9.4.ppc64.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.ppc64.rpm s390x: dhclient-4.1.1-53.P1.el6_9.4.s390x.rpm dhcp-4.1.1-53.P1.el6_9.4.s390x.rpm dhcp-common-4.1.1-53.P1.el6_9.4.s390x.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390x.rpm x86_64: dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm ppc64: dhcp-debuginfo-4.1.1-53.P1.el6_9.4.ppc.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.ppc64.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.ppc.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.ppc64.rpm s390x: dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390x.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.s390.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.s390x.rpm x86_64: dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: dhcp-4.1.1-53.P1.el6_9.4.src.rpm i386: dhclient-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm x86_64: dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm x86_64: dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWvsFr9zjgjWX9erEAQj9jw/7Bl2xf9ty+VYDfL7PiP+WhsoYR/dvrqzs /pXFaa0QMbWtixeK6YAYVzX/6MAnhftnjnYqA/WuyEC8Kbrci3u8PCECWvw9Ol1j kkQJtrNhio785gX2nFfYjgiZv6gV5/FcQmHQGg1ithV0VzRMQbhdbIHmzuZpXDwD yb+rdI0pGK5iNg1wdDTj0ote/oa/Mg6ic3VMMp0pxXPt1tnKTy887tkrKYdELiCG u4aJNjSI0K/rIUptVXXb3Moxvq8E1uQhEBLWrdj7J7U6qkwIPs7YrWqN/VqBCFRt t6KvgmTKr+wnLDvCs4mr2bKyIejJ4gY24qAIGYIVI7QTpEG0hVhFm/EYYZZdnhgz 9GcO5QMjlV/HAnnQh18SNKduLYuAk4n5V37qZEYAYVK7rMEyROfPU9QtrDoRvw2X Mtx78RSPhhp4pJ4ncg3ytSDSLmZKDUxmKOOr3y2SsGwOezE4qKM+n+BHgj97XFZG cr6q1ZgnukXEBlnvIlfSMtWTNzDkGC+/OF/Gydd/t7T6hPIjB51yOAyvoohE0kBF wtqkvU/88MLWbgcNlMDnQrf9y/7Ne3mLjFznNsDCzwyzgRh4F/PVeOwXQegyt7rU 5ke0VMSHcEZscbhjp/kSqFyFqeM1gj5owxc8JNCiAy8S7NVgLc3N25ivDqPuosu7 kq1cfKVVFDs= =NnqG - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1455-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1455 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, s390x, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.4): Source: dhcp-4.2.5-58.el7_4.4.src.rpm x86_64: dhclient-4.2.5-58.el7_4.4.x86_64.rpm dhcp-common-4.2.5-58.el7_4.4.x86_64.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm dhcp-libs-4.2.5-58.el7_4.4.i686.rpm dhcp-libs-4.2.5-58.el7_4.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4): x86_64: dhcp-4.2.5-58.el7_4.4.x86_64.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm dhcp-devel-4.2.5-58.el7_4.4.i686.rpm dhcp-devel-4.2.5-58.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.4): Source: dhcp-4.2.5-58.el7_4.4.src.rpm ppc64: dhclient-4.2.5-58.el7_4.4.ppc64.rpm dhcp-4.2.5-58.el7_4.4.ppc64.rpm dhcp-common-4.2.5-58.el7_4.4.ppc64.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.ppc.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64.rpm dhcp-libs-4.2.5-58.el7_4.4.ppc.rpm dhcp-libs-4.2.5-58.el7_4.4.ppc64.rpm ppc64le: dhclient-4.2.5-58.el7_4.4.ppc64le.rpm dhcp-4.2.5-58.el7_4.4.ppc64le.rpm dhcp-common-4.2.5-58.el7_4.4.ppc64le.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64le.rpm dhcp-libs-4.2.5-58.el7_4.4.ppc64le.rpm s390x: dhclient-4.2.5-58.el7_4.4.s390x.rpm dhcp-4.2.5-58.el7_4.4.s390x.rpm dhcp-common-4.2.5-58.el7_4.4.s390x.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.s390.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.s390x.rpm dhcp-libs-4.2.5-58.el7_4.4.s390.rpm dhcp-libs-4.2.5-58.el7_4.4.s390x.rpm x86_64: dhclient-4.2.5-58.el7_4.4.x86_64.rpm dhcp-4.2.5-58.el7_4.4.x86_64.rpm dhcp-common-4.2.5-58.el7_4.4.x86_64.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm dhcp-libs-4.2.5-58.el7_4.4.i686.rpm dhcp-libs-4.2.5-58.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.4): ppc64: dhcp-debuginfo-4.2.5-58.el7_4.4.ppc.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64.rpm dhcp-devel-4.2.5-58.el7_4.4.ppc.rpm dhcp-devel-4.2.5-58.el7_4.4.ppc64.rpm ppc64le: dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64le.rpm dhcp-devel-4.2.5-58.el7_4.4.ppc64le.rpm s390x: dhcp-debuginfo-4.2.5-58.el7_4.4.s390.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.s390x.rpm dhcp-devel-4.2.5-58.el7_4.4.s390.rpm dhcp-devel-4.2.5-58.el7_4.4.s390x.rpm x86_64: dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm dhcp-devel-4.2.5-58.el7_4.4.i686.rpm dhcp-devel-4.2.5-58.el7_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWvsGa9zjgjWX9erEAQj89A//TyBm+jdcVzwBVaw763eQl+jTsJ3UvQKo WgSZ6QjrZJ4WIbUJwHL4HdCqHUdamKO+4zUaSl3QHQKo+00Z2yHuZ3YuywCcPed0 QOSgkZISZaH4ugSLrzU47bZYLAgOT2oq0x9G30lfjYCM9Ht45HUQlImoldpUbSHm QyD4E4TJgm1FBtMtpTakIYVupVR1neV3fua0q4w8+mTbGnBtA5XHysKcjiK2Ls2I UHqf0VN0wdshQ+l2AcoUfzv1ykjceX0Wl2UET/1rp9jpMKg8IlUgw+zubZmGsA0s 1ulWpihtAM0ei96cGFgmmzQ/JauHRpaYE9tYe0w/Xru88kf1zj4FsgK+0QF+IiHz Rrii88ZX5IQkNBtcqkZSG8BC7BlXpPQTMi7uv4SG7AfKVYn3fBoxTVWe+Rnqtxpr +rMXh5uthewdMi2Oh6KYQ5YZw85RayybRoq4MIZ3N6lwYBp3fnO+0dcbf8akUdZD 5FJmc+QRuvo7gsjjewN6wszttVO1vMn1/mR6lPuRkh3lYteX6MJwjg3L/WBpop8j IqNGrmy3cZJC25tD2JGvXh86PszOlXlADT7FijAp8E7W/sN9U7xcfYZdl1YPxz9u JTZoiBEQL9qVcZmjsgZpXzzyh3wya9niyybq/s32L3+mlw+StYtQfIN6uUzixXK/ fx4kBeu/FqQ= =vOpl - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1456-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1456 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: dhcp-4.2.5-47.el7_3.1.src.rpm x86_64: dhclient-4.2.5-47.el7_3.1.x86_64.rpm dhcp-common-4.2.5-47.el7_3.1.x86_64.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.i686.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.x86_64.rpm dhcp-libs-4.2.5-47.el7_3.1.i686.rpm dhcp-libs-4.2.5-47.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3): x86_64: dhcp-4.2.5-47.el7_3.1.x86_64.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.i686.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.x86_64.rpm dhcp-devel-4.2.5-47.el7_3.1.i686.rpm dhcp-devel-4.2.5-47.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.3): Source: dhcp-4.2.5-47.el7_3.1.src.rpm ppc64: dhclient-4.2.5-47.el7_3.1.ppc64.rpm dhcp-4.2.5-47.el7_3.1.ppc64.rpm dhcp-common-4.2.5-47.el7_3.1.ppc64.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.ppc.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.ppc64.rpm dhcp-libs-4.2.5-47.el7_3.1.ppc.rpm dhcp-libs-4.2.5-47.el7_3.1.ppc64.rpm ppc64le: dhclient-4.2.5-47.el7_3.1.ppc64le.rpm dhcp-4.2.5-47.el7_3.1.ppc64le.rpm dhcp-common-4.2.5-47.el7_3.1.ppc64le.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.ppc64le.rpm dhcp-libs-4.2.5-47.el7_3.1.ppc64le.rpm s390x: dhclient-4.2.5-47.el7_3.1.s390x.rpm dhcp-4.2.5-47.el7_3.1.s390x.rpm dhcp-common-4.2.5-47.el7_3.1.s390x.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.s390.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.s390x.rpm dhcp-libs-4.2.5-47.el7_3.1.s390.rpm dhcp-libs-4.2.5-47.el7_3.1.s390x.rpm x86_64: dhclient-4.2.5-47.el7_3.1.x86_64.rpm dhcp-4.2.5-47.el7_3.1.x86_64.rpm dhcp-common-4.2.5-47.el7_3.1.x86_64.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.i686.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.x86_64.rpm dhcp-libs-4.2.5-47.el7_3.1.i686.rpm dhcp-libs-4.2.5-47.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.3): ppc64: dhcp-debuginfo-4.2.5-47.el7_3.1.ppc.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.ppc64.rpm dhcp-devel-4.2.5-47.el7_3.1.ppc.rpm dhcp-devel-4.2.5-47.el7_3.1.ppc64.rpm ppc64le: dhcp-debuginfo-4.2.5-47.el7_3.1.ppc64le.rpm dhcp-devel-4.2.5-47.el7_3.1.ppc64le.rpm s390x: dhcp-debuginfo-4.2.5-47.el7_3.1.s390.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.s390x.rpm dhcp-devel-4.2.5-47.el7_3.1.s390.rpm dhcp-devel-4.2.5-47.el7_3.1.s390x.rpm x86_64: dhcp-debuginfo-4.2.5-47.el7_3.1.i686.rpm dhcp-debuginfo-4.2.5-47.el7_3.1.x86_64.rpm dhcp-devel-4.2.5-47.el7_3.1.i686.rpm dhcp-devel-4.2.5-47.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWvsFkdzjgjWX9erEAQi15hAApyaFiLfmX1Tu3fZJ+/KYWOgRAkpVLeU1 AZn1C6fAhh0Or33eF3VU7Z8Gni8FwsfXvUgKPg1z2pEK7VxSvEVrVzIv49h/Mo3M 1AZw3AehDUOY1ylNB8pL3zAaO1rj2b1YEvR72g7jD+CKyn5SmlMqmFxlf3MLJ7VO 71Co3GUC5/jCe4OjlPq0aEk0AJdKEWFn1an+SSzOMKq0rRjh7D8cpMsLePk2IkYU Iege+4a3l4rjMobeMPXl6Dp6dJntgYtG8QgA9mbZ3/j6e5iWE0JNahmEr9xUBCby qgOyhLv5hixmL1oyCfbP1jpHMHZSEjJEnyWGHofDqJ/7opKxnUnhgRirFyPOUjFt 1kLGcnxGawpCoBML3QSZe5JlBXauGGu83MfSmk+bhEBK2QImuJX87ZS54wZp92x7 Xi2scIlPBFAnMyqQJrCAlsc46B3stdb9wcYqVZG0BomJmCn+RL7rP8OBwVV+EgwD u4PgaqwSDMvWolAdwFT8oTkQPEZjr06zDmOZcyBZ0h99v5rinGIgUy7PwOiPi8eP npahm+qH/RWLMA5OESrjeQkHIsBfqeR+fF9fUz/jK/5bjNUs/SNr8wNlw9SG9FGX 1QVJUjQc/Xnq4cM2SXbbT5/Kgn7eQEHtgxiaUMRUFTXcOoeHL2oo2wZw+i71ZWne OXaAaM69Q2k= =kcKi - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1457-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1457 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: dhcp-4.2.5-42.el7_2.1.src.rpm x86_64: dhclient-4.2.5-42.el7_2.1.x86_64.rpm dhcp-4.2.5-42.el7_2.1.x86_64.rpm dhcp-common-4.2.5-42.el7_2.1.x86_64.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.i686.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.x86_64.rpm dhcp-libs-4.2.5-42.el7_2.1.i686.rpm dhcp-libs-4.2.5-42.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: dhcp-4.2.5-42.el7_2.1.src.rpm x86_64: dhclient-4.2.5-42.el7_2.1.x86_64.rpm dhcp-4.2.5-42.el7_2.1.x86_64.rpm dhcp-common-4.2.5-42.el7_2.1.x86_64.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.i686.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.x86_64.rpm dhcp-libs-4.2.5-42.el7_2.1.i686.rpm dhcp-libs-4.2.5-42.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: dhcp-4.2.5-42.el7_2.1.src.rpm x86_64: dhclient-4.2.5-42.el7_2.1.x86_64.rpm dhcp-4.2.5-42.el7_2.1.x86_64.rpm dhcp-common-4.2.5-42.el7_2.1.x86_64.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.i686.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.x86_64.rpm dhcp-libs-4.2.5-42.el7_2.1.i686.rpm dhcp-libs-4.2.5-42.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: dhcp-debuginfo-4.2.5-42.el7_2.1.i686.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.x86_64.rpm dhcp-devel-4.2.5-42.el7_2.1.i686.rpm dhcp-devel-4.2.5-42.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): x86_64: dhcp-debuginfo-4.2.5-42.el7_2.1.i686.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.x86_64.rpm dhcp-devel-4.2.5-42.el7_2.1.i686.rpm dhcp-devel-4.2.5-42.el7_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.2): x86_64: dhcp-debuginfo-4.2.5-42.el7_2.1.i686.rpm dhcp-debuginfo-4.2.5-42.el7_2.1.x86_64.rpm dhcp-devel-4.2.5-42.el7_2.1.i686.rpm dhcp-devel-4.2.5-42.el7_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWvsFv9zjgjWX9erEAQiApw/9GcAToC+gcNjBNAm5zQLQA5FzT/y35t+B M+yHJamT9U1ymUmAxnW/Sou9ctLpTwaqaxp8qRxE3qeuGT2oCiYNqASm5nu2VwZ1 /xYkKq1GCJUJYHVtd5AG/eYND3VDYHamqmnXylFugcN5t6VIaW7c5LK12Ao4xIBG sK/+x433p47IkM1N4ATCWUHskmYSL58058j2z95adony+cyGT2ra21cRvo2MzsXe 2S07Ky2uv/SftOl20Q4Krnugvrfh/JBx0shFlRFbAP+p37jo5PDLUFwOFwyDcrU4 tO30VhOx91WUJ2mXJjhRs7twC9uj/5UM0+ePLEmPVVgjbgsVvZpF8NKqPcf3LR1w 1RYymGyBYdYDtCaWntnWya65dumKH3njp3ju76oSgn/9Dl674ZIj0TZ7rwkPANFd uVQFGdXJHJfhbUG908J1iBmUZqCjrOg3hXanpj83Z8NMLbZZMJ0kEVCBY7jQh2sO WcFkda3n9/vHRLKNVSirK4qHeSJMoOYNJEPyReK+ndPMhzmSiSAEXY9VuBgJLAX/ uM9LAoRGThwD6zhoKbhH4YPUrkBZUZzTel9iUGoVd7kuk3hjwKarLVD5ID0ONEGa n+EcpHIt1k3nWIeNzoXKzstgxRG3pMtPMCvidpem2wHBG56ifrHeJIq1BcH2IDu/ X9O0+orAUMo= =5Y0R - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1458-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1458 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: dhcp-4.1.1-49.P1.el6_7.1.src.rpm x86_64: dhclient-4.1.1-49.P1.el6_7.1.x86_64.rpm dhcp-common-4.1.1-49.P1.el6_7.1.x86_64.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: dhcp-4.1.1-49.P1.el6_7.1.x86_64.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.i686.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.x86_64.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.i686.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: dhcp-4.1.1-49.P1.el6_7.1.src.rpm i386: dhclient-4.1.1-49.P1.el6_7.1.i686.rpm dhcp-4.1.1-49.P1.el6_7.1.i686.rpm dhcp-common-4.1.1-49.P1.el6_7.1.i686.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.i686.rpm ppc64: dhclient-4.1.1-49.P1.el6_7.1.ppc64.rpm dhcp-4.1.1-49.P1.el6_7.1.ppc64.rpm dhcp-common-4.1.1-49.P1.el6_7.1.ppc64.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.ppc64.rpm s390x: dhclient-4.1.1-49.P1.el6_7.1.s390x.rpm dhcp-4.1.1-49.P1.el6_7.1.s390x.rpm dhcp-common-4.1.1-49.P1.el6_7.1.s390x.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.s390x.rpm x86_64: dhclient-4.1.1-49.P1.el6_7.1.x86_64.rpm dhcp-4.1.1-49.P1.el6_7.1.x86_64.rpm dhcp-common-4.1.1-49.P1.el6_7.1.x86_64.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: dhcp-debuginfo-4.1.1-49.P1.el6_7.1.i686.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.i686.rpm ppc64: dhcp-debuginfo-4.1.1-49.P1.el6_7.1.ppc.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.ppc64.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.ppc.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.ppc64.rpm s390x: dhcp-debuginfo-4.1.1-49.P1.el6_7.1.s390.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.s390x.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.s390.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.s390x.rpm x86_64: dhcp-debuginfo-4.1.1-49.P1.el6_7.1.i686.rpm dhcp-debuginfo-4.1.1-49.P1.el6_7.1.x86_64.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.i686.rpm dhcp-devel-4.1.1-49.P1.el6_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWvsFytzjgjWX9erEAQjWfg/+LV8EsnDPkOSenQ0K1lNcFxYqdkgHch3Q hKXaiYhzjbSefEXR8W4eTgEJUUHSHbALLbTSxMu/8qcEpUCfOhbpmxOzDsipO1Ju yiok1pVaXEZPxafSxhSFNS3SeCiCVNeXs8fnS0WA6Pl+iVqNUEv5oVO9HPf4X29G 0RqoBFHRYifASbjIhG+cAgtH0vHNVqJAquLvpRu9IlI1sJ73EdPqzUpNcTVTV7Io syK56LWtNMFodHrdoMJ9KHVFHMvq9xLiy6P7vEJA7lS1je4alFYe6pfomZCLBxiZ e/uvFTXg7icFn/gWeUk56TYQmTZk8ZcV234rFPkFj2S+6g0kEXzb/9EdKTfhrNwM cXMSrwdX8RBSLnL5+QBJV7jkanKR7vctMhnzuKqE4D0HGPAZehg0LBKjgcRwuDPM vxDomCRb6jdr9l5NQDKy7HdC4GHW+oF7LeLwBwOa9TTVB+sxKNbEUUic/pu2TEkV JXjtFUMiAplFRleUqQSgChrmYSD9OS3NhoRTaBVXUDtWu6WkN7SYJKiuFU5+cpFw Osli3RFv+sXT5tNaQtXq8FZLynlI2E7PgkXuvrQMpWdYLY45wW0ez+k3RraZdty1 VdiheQg/izo4LSxGs7yRiPYVYndi6yRyA+IvFilxVLJB7rCHrMa/ym8+K2VyvyVg dKp97X1rGEA= =5Xw+ - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1459-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1459 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: dhcp-4.1.1-43.P1.el6_6.2.src.rpm x86_64: dhclient-4.1.1-43.P1.el6_6.2.x86_64.rpm dhcp-4.1.1-43.P1.el6_6.2.x86_64.rpm dhcp-common-4.1.1-43.P1.el6_6.2.x86_64.rpm dhcp-debuginfo-4.1.1-43.P1.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: dhcp-4.1.1-43.P1.el6_6.2.src.rpm x86_64: dhclient-4.1.1-43.P1.el6_6.2.x86_64.rpm dhcp-4.1.1-43.P1.el6_6.2.x86_64.rpm dhcp-common-4.1.1-43.P1.el6_6.2.x86_64.rpm dhcp-debuginfo-4.1.1-43.P1.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: dhcp-debuginfo-4.1.1-43.P1.el6_6.2.i686.rpm dhcp-debuginfo-4.1.1-43.P1.el6_6.2.x86_64.rpm dhcp-devel-4.1.1-43.P1.el6_6.2.i686.rpm dhcp-devel-4.1.1-43.P1.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: dhcp-debuginfo-4.1.1-43.P1.el6_6.2.i686.rpm dhcp-debuginfo-4.1.1-43.P1.el6_6.2.x86_64.rpm dhcp-devel-4.1.1-43.P1.el6_6.2.i686.rpm dhcp-devel-4.1.1-43.P1.el6_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWvsF2NzjgjWX9erEAQivTBAAjAqhbIu+/aW2AUUEb+kqmUNyS3If/Sn6 5KXpfJhKgUVJlPW1QHgoVID7O3g+kpifE0iARC8q4ISwzm1Vv9ZoZgP8TzT+/nf+ EMt0T1EQC7PDi+MVKqlL7DJGQqUR/9OxviNsSBexiP+uperdjkJs0Cj3PE87RsXz 1G3r2PeozeRSW5znLOBlhwwoTZpbmqh6h6dBFCAUlrDhHTJjDvons/4uojZY4zKK K8AdHkZpcJ2AGoeS8Gsy/6sgalE2B5qr67h2tgryUZBMJA/BYqHxWjz1FfvvFgZM XFBnI+uX7oF8iqynXz4IsF0ea8/hjE1CFVRGqh8+acqzr5guFFJCMuM38V2srTj1 ihzly1FQlObtsY+kF/u+tdLWLQ+2dpMmk/nWo23S5bZuOjd27HudotVhM5vmz5rm qyn11nbffJOR31RJccL2v6op2ppzQtd47xmEgRuCFvRXmtSTP5H6GdrW+falNABc L3ZIb+9BQQ7/kiBEn1+neQPaaTxh1vffII54S4U3Gv5fLxkVdPlULUxrM/3fp9Dm q46/8n/UJqmbPSXhAU8TCAYfR0yVBmvKp0eINHOmHc7UhTyXEMXx2rrFMqXXVhM6 v9ygCQRgE8Vb1XDBMie7ScxnZuF0Z3RtthwwdfyiVd5w/3sog/l4cRrpGL2NQMiH J7PBqzVWe5w= =oUm8 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1460-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1460 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: dhcp-4.1.1-38.P1.el6_5.1.src.rpm x86_64: dhclient-4.1.1-38.P1.el6_5.1.x86_64.rpm dhcp-4.1.1-38.P1.el6_5.1.x86_64.rpm dhcp-common-4.1.1-38.P1.el6_5.1.x86_64.rpm dhcp-debuginfo-4.1.1-38.P1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: dhcp-4.1.1-38.P1.el6_5.1.src.rpm x86_64: dhcp-debuginfo-4.1.1-38.P1.el6_5.1.i686.rpm dhcp-debuginfo-4.1.1-38.P1.el6_5.1.x86_64.rpm dhcp-devel-4.1.1-38.P1.el6_5.1.i686.rpm dhcp-devel-4.1.1-38.P1.el6_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWvsFVtzjgjWX9erEAQhKfRAAnwv3WUpPuhtT0gpb++sAkbBj725ynZTX E531c+ExCFVkYPoLjuOHtgD5OSxEgdPnBDJ9Fts8UL05oOuxkiIIjp70H5cnHmot MzbfMeRcCFR4GCmrW6GX1s/D7FvYKJWUWxHBvAiCqVnJZTAB/NnuPf7UBPTVwLta zd17kePam7u/bi7LOWavg4GMngzgaQKHWygvTPVvhjzdCnnBsqCJK3cLuUqwuRJb SmJjwV4MO9N5V4VFbVOy8zevhhHOBbpO72KA4wQp0Ap7Zje3CE5vXgQyZJUOVamq 4+qr+bKo9TL663ZrzxOyP4UwBXyddflAO9ZPe7rBhYYm1cwxv77GsFI1I4wsLHzO nty/CWrB55wnly3iT/V9KGWr/myOhhix7VF/plrmfdXfCUKrHkkr1UnokGLO98s+ QFQkXNbpLRPuC411jii8bHY2LjshQjODS0yvXFaoM0SOBg1BfuUOE0bgdq1twxHk Fk7JyzdnwoIFaypj9wFAIhrx57wkIQsuihoPEG3e3md4OX7cN/+zPYRsIhASjhW/ yFNcv9ovJzlg2rA+v/W+oH4KEMiuly+YViqIEFkOOiF+tpV4zI5KtGb5OAAMnUnt hTnTZVcpQ/sAjN9brV8WbtroeCzmezqWiKJ91uz2mzyCmXicquL7i61ZdD7yvNMU th6g6HtjVC4= =nPXX - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: dhcp security update Advisory ID: RHSA-2018:1461-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1461 Issue date: 2018-05-15 CVE Names: CVE-2018-1111 ===================================================================== 1. Summary: An update for dhcp is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: dhcp-4.1.1-34.P1.el6_4.2.src.rpm x86_64: dhclient-4.1.1-34.P1.el6_4.2.x86_64.rpm dhcp-4.1.1-34.P1.el6_4.2.x86_64.rpm dhcp-common-4.1.1-34.P1.el6_4.2.x86_64.rpm dhcp-debuginfo-4.1.1-34.P1.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: dhcp-4.1.1-34.P1.el6_4.2.src.rpm x86_64: dhcp-debuginfo-4.1.1-34.P1.el6_4.2.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6_4.2.x86_64.rpm dhcp-devel-4.1.1-34.P1.el6_4.2.i686.rpm dhcp-devel-4.1.1-34.P1.el6_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1111 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3442151 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWvsFcNzjgjWX9erEAQhMOw/9H2swYCLEVSVwgDTSU18lTxgKeyKMgGk8 RGueH8lXihirufOkHcDQzBraOspixgcblSoPh0RQczReVDLMsl6ajhiegHdvphoj wqEoSXd1BQ0VgvmxuHQ1zQFEH7yIArTSf0jfNSVD6B84bwwBuZBDaC1WuGyZQERa ht4gEJQ9oToxcj9fYucKaPBo2sirALj29h7dGaf0Y7CoYVMfFg50daR8Z57ZLvi0 hyhQfZKpSyRHUpEo0B/zy1uM17WD215bpMEvv0ezMwFEapOrFNs3UKr7jrzxz5dh r5SRzBAKkPBjUrYzFy6cbTeXoBI6HjenLssRxOLP6RwgYjLF7JcCjzzEfopqxZnv vMpeaSy58geTpDJJuROKxQBttzOhatleLFim1YNNmPAi7XNmaghRJ+M3xIhrg8Ge oB8TmruM8imjEcpRIrRIpbsd+O0Matas+jOToUP0rLlpmcQAhlF7D6/K67c845L0 3E1ZeO/gohFxQZapMv+F7oHFWfzJ5mtqyzpMuI+TSDgkz70IBDNY4GaJ6XMk0e0Y RXvJBlr1FdlMpM35D9zGOsFNaWAGTfWEZftMPRdLj0ykA8jNfjwGOVdtk5tKOg85 lvpjubhSLhJzOy+N25QMabmO6TSwlMfuII0+HSHK6vlud7/hBA+qpYqGb5JQny3v /f1W+hqawn0= =hHs9 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWvuHEYx+lLeg9Ub1AQgryRAAm1XREP7h2n7WoEI2hwQFCvkVvFs4jbsK 7U1PwOV8N3wSCUXbgaOyCJBV5IvNVYZyN0LGfh/3wbFGcQOGsz3zKN5twflkBPkN +FWPsvxuVOK169tURUMkcDry6Uzvr3/QSpN8cCheLSKKTC9hMbFN9Drm25kGv7Wj dVuJoxIyMjQFhSsc4nuy7tw5Ie+xgTFcYKiOyXA7M4fI/XogpD1yHLk0NJOltslp xyPmGO68k6qIYQ6sTexPahc7i2SRoOVhUXv7/DVGMp8MPoR5AdPzCoO2O4Pb0boR JrZyW3xGj0BOFeXahwuA54vdwUAKLNXnuExy1kbRpGhCpCVbd7yGe+PmlZTHjgbE bmyAdgjdIZqeSKGpZCejRH0q0wfDxTi8Xkl/2Tgrxu6iTHXcu14lUwlfIdaS5fKe Nsp01k0mBujQ7SyJrsmdhOGvzj+5D1zvB99uJL5fIYzyp9zQgAqry8lOPPe22ANV WCl3Df1WBHx0E5cpEYQ/KuhUm7vfFqgnQiYl+HKjEXxBSlHqIX33l4cA4U5AwOhs laqXvGWjEFvMMCQG/fbDt5OSMvY7qtrHFpetXo0KNnXIIAPtckibQjERNPeA1NgM XNb5RTt+UkM7cAgoW4zslTJ4/fiQGb+fU39xwqGIpDj730TdD888mNQVpC5q15Vl qG4Bx1gh35E= =1irz -----END PGP SIGNATURE-----