Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0067 Wireshark 2.4.12 and 2.6.6 security updates 9 January 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Wireshark Publisher: Wireshark Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-5719 CVE-2019-5718 CVE-2019-5717 CVE-2019-5716 Original Bulletin: https://www.wireshark.org/docs/relnotes/wireshark-2.4.12.html https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html Comment: This bulletin contains two (2) Wireshark security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- I'm proud to announce the release of Wireshark 2.4.12. __________________________________________________________________ What is Wireshark? Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. __________________________________________________________________ What's New Bug Fixes The following vulnerabilities have been fixed: * [1]wnpa-sec-2019-02 The P_MUL dissector could crash. [2]Bug 15337. [3]CVE-2019-5717. * [4]wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. [5]Bug 15373. [6]CVE-2019-5718. * [7]wnpa-sec-2019-04 The ISAKMP dissector could crash. [8]Bug 15374 [9]CVE-2019-5719. * [10]wnpa-sec-2019-05 The ISAKMP dissector could crash. [11]Bug 14470. The following bugs have been fixed: * console.lua not found in a folder with non-ASCII characters in its name. [12]Bug 15118. * Disabling Update list of packets in real time. will generally trigger crash after three start capture, stop capture cycles. [13]Bug 15263. * UDP Multicast Stream double counts. [14]Bug 15271. * text2pcap et al. set snaplength to 64kiB-1, while processing frames of 256kiB. [15]Bug 15292. * Builds without libpcap fail if the libpcap headers aren't installed. [16]Bug 15317. * TCAP AnalogRedirectRecord parameter incorrectly coded as mandatory in QualReq_rr message. [17]Bug 15350. * Wireshark jumps behind other windows when opening UAT dialogs. [18]Bug 15366. * Pathnames containing non-ASCII characters are mangled in error dialogs on Windows. [19]Bug 15367. * Executing -z http,stat -r file.pcapng throws a segmentation fault. [20]Bug 15369. * IS-41 TCAP RegistrationNotification Invoke has borderCellAccess parameter coded as tag 50 (as denyAccess) but should be 58. [21]Bug 15372. * GTPv2 APN dissect problem. [22]Bug 15383. New and Updated Features There are no new features in this release. New Protocol Support There are no new protocols in this release. Updated Protocol Support ANSI MAP, ENIP, GSM A, GTPv2, IMF, ISAKMP, P_MUL, RTSE, and TCAP New and Updated Capture File Support There is no new or updated capture file support in this release. New and Updated Capture Interfaces support There are no new or updated capture interfaces supported in this release. __________________________________________________________________ Getting Wireshark Wireshark source code and installation packages are available from [23]https://www.wireshark.org/download.html. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the [24]download page on the Wireshark web site. __________________________________________________________________ File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system. __________________________________________________________________ Known Problems Dumpcap might not quit if Wireshark or TShark crashes. ([25]Bug 1419) The BER dissector might infinitely loop. ([26]Bug 1516) Capture filters aren't applied when capturing from named pipes. ([27]Bug 1814) Filtering tshark captures with read filters (-R) no longer works. ([28]Bug 2234) Application crash when changing real-time option. ([29]Bug 4035) Wireshark and TShark will display incorrect delta times in some cases. ([30]Bug 4985) Wireshark should let you work with multiple capture files. ([31]Bug 10488) __________________________________________________________________ Getting Help Community support is available on [32]Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on [33]the web site. Official Wireshark training and certification are available from [34]Wireshark University. __________________________________________________________________ Frequently Asked Questions A complete FAQ is available on the [35]Wireshark web site. __________________________________________________________________ Last updated 2019-01-08 18:12:46 UTC References 1. https://www.wireshark.org/security/wnpa-sec-2019-02.html 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337 3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5717 4. https://www.wireshark.org/security/wnpa-sec-2019-03.html 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373 6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5718 7. https://www.wireshark.org/security/wnpa-sec-2019-04.html 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374 9. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5719 10. https://www.wireshark.org/security/wnpa-sec-2019-05.html 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15118 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15263 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15271 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15292 16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15317 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15350 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15366 19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15367 20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15369 21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15372 22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15383 23. https://www.wireshark.org/download.html 24. https://www.wireshark.org/download.html#thirdparty 25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419 26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516 27. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814 28. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035 30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985 31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488 32. https://ask.wireshark.org/ 33. https://www.wireshark.org/lists/ 34. http://www.wiresharktraining.com/ 35. https://www.wireshark.org/faq.html Digests wireshark-2.4.12.tar.xz: 29135844 bytes SHA256(wireshark-2.4.12.tar.xz)=1c1b05569b6dad161b8f1eb1e33d8e497c77462 2fcf5c8f2d487011d3238aaf1 RIPEMD160(wireshark-2.4.12.tar.xz)=4e3fdc5711bfde4e1dfd1d830a3ca58fe2cb 9972 SHA1(wireshark-2.4.12.tar.xz)=eae82e56d0e449531c81680da6cd1f9c481a6844 Wireshark-win64-2.4.12.exe: 58000928 bytes SHA256(Wireshark-win64-2.4.12.exe)=b8cab1f10f31beb1a29794713f9383d0f0be 10720306cfcf11a1478297f5c096 RIPEMD160(Wireshark-win64-2.4.12.exe)=6f8febea0d15206f9725b3351c6ea95ec ccdc789 SHA1(Wireshark-win64-2.4.12.exe)=7dc058842c9d6805b757f1f8b57fdfa1dab9d0 9a Wireshark-win32-2.4.12.exe: 52798176 bytes SHA256(Wireshark-win32-2.4.12.exe)=262d7c8190502c6c0648f638ed6e0e910a77 98846f18c53e76aaa331bd4f8d08 RIPEMD160(Wireshark-win32-2.4.12.exe)=c2adf8a34bdd279a0defbea2e40a8485a 2ce15e2 SHA1(Wireshark-win32-2.4.12.exe)=287e4d77388585f850f3aac9f90eb72325c36f b7 Wireshark-win64-2.4.12.msi: 47095808 bytes SHA256(Wireshark-win64-2.4.12.msi)=bfd0dfcdbe0f9486445ff650d869c08d55ac 7617ab4c6c360e811f3ba84f7230 RIPEMD160(Wireshark-win64-2.4.12.msi)=76bdf1f99dc0aca2469f824765bb10cd7 ae30832 SHA1(Wireshark-win64-2.4.12.msi)=82bda355d2d531c678765419cfbee32ad8cf53 34 Wireshark-win32-2.4.12.msi: 42037248 bytes SHA256(Wireshark-win32-2.4.12.msi)=1fdc120d15dc63fc107c75a4de5f1991102d b95dfd0fd446a4b3d3ba00c565eb RIPEMD160(Wireshark-win32-2.4.12.msi)=e3ccb9186b0a0fc3edd541e49d3801fdf b0a50c4 SHA1(Wireshark-win32-2.4.12.msi)=a2830d77c3805959380eef142b467961d2597d 88 WiresharkPortable_2.4.12.paf.exe: 45453168 bytes SHA256(WiresharkPortable_2.4.12.paf.exe)=1971739068280b86a5b9b68bc713cc 0eadbdb42dbd618621ee3a2973597d1b1c RIPEMD160(WiresharkPortable_2.4.12.paf.exe)=3ed323429f55e6cb72f7fda289c ea1c5d5364abd SHA1(WiresharkPortable_2.4.12.paf.exe)=5d16c7e4b02c2f96a233f5272ecacd4e ec131954 Wireshark 2.4.12 Intel 64.dmg: 42582955 bytes SHA256(Wireshark 2.4.12 Intel 64.dmg)=b31c2f90316f1fc9f806406a9c7f4cc4ea2c9fa6b697d402eaf884a973fc4325 RIPEMD160(Wireshark 2.4.12 Intel 64.dmg)=766d2d1067d647ceb4103d2f64ed3d9c8381e2d4 SHA1(Wireshark 2.4.12 Intel 64.dmg)=8d352dddaa99cb241f45071fd41c71b14d2bee20 You can validate these hashes using the following commands (among others): Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" Other: openssl sha256 wireshark-x.y.z.tar.xz - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAlw1FdEACgkQgiRKeOb+ ruoDvA//U6fSyLO1oyAfwX4jHgst7SDBd11H3VYE18JOivc0ikwmKzpw61mPykm+ lD6CLbZ+FNkyLTumPFMon73tsL1ko6xwt2b0EmvAjfmnWmw39GFXHGFoKl7PG/iL mmj49ppTnumh60Wnrho0A9cvQo3xSMvO9kT89INm7nFsTeQyEntCpyttYHonzn6o cA1lCBaeu/MMB/yh1yIHb/ZR3rVl5X63CX+qnYMutX1EDtkY6x3XPKW6G19HU94Y LWa2EH0SPJ6RGIJL1ph3xP3ZYSjpv71pXeMYtWUkCJ4DGEJPMawD1s6aakfknDpJ ghAbFu51SAOEZBEv2bR8ck/9Ja1JNV08nvkD8K/2GRNECYGC2PdRMMy9qS2W+ONU Q/hd+w4SPIUP10W6uxYtJQzWY394AJqH4hPQ2V+2DXjaoQLPouM7CN+iDEeBKAvP FSX+Q5BXW9Xh6QoDX6DqOt3jk2VziQQX+Gp1LXBZj2YolH5LBBEoYSEZVmOzD5rA jKT/edb5sL3vgrvtjacxA2i//+VjmmzNnXhzBpQuq211VloOVsXvo5p6S4iVePxF GcTDD2MfgxZ3dFEwkKZVYG6mZgD6LlCFww2j+dXe/Hzu8+T8xX6mLB8NHlyihwC+ Sxxw12++h5hAjLOrLyNT7FExgpmRqmjz3HwEm6SeRlLbSpkVdGY= =ovu2 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- I'm proud to announce the release of Wireshark 2.6.6. What is Wireshark? Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What's New - The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5. Bug Fixes The following vulnerabilities have been fixed: - wnpa-sec-2019-01[1] The 6LoWPAN dissector could crash. Bug 15217[2]. CVE-2019-5716[3]. - wnpa-sec-2019-02[4] The P_MUL dissector could crash. Bug 15337[5]. CVE-2019-5717[6]. - wnpa-sec-2019-03[7] The RTSE dissector and other dissectors could crash. Bug 15373[8]. CVE-2019-5718[9]. - wnpa-sec-2019-04[10] The ISAKMP dissector could crash. Bug 15374[11]. CVE-2019-5719[12]. The following bugs have been fixed: - console.lua not found in a folder with non-ASCII characters in its name. Bug 15118[13]. - Disabling Update list of packets in real time. will generally trigger crash after three start capture, stop capture cycles. Bug 15263[14]. - UDP Multicast Stream double counts. Bug 15271[15]. - text2pcap et al. set snaplength to 64kiB-1, while processing frames of 256kiB. Bug 15292[16]. - Builds without libpcap fail if the libpcap headers aren't installed. Bug 15317[17]. - TCAP AnalogRedirectRecord parameter incorrectly coded as mandatory in QualReq_rr message. Bug 15350[18]. - macOS DMG appears to have duplicate files. Bug 15361[19]. - Wireshark jumps behind other windows when opening UAT dialogs. Bug 15366[20]. - Pathnames containing non-ASCII characters are mangled in error dialogs on Windows. Bug 15367[21]. - Executing -z http,stat -r file.pcapng throws a segmentation fault. Bug 15369[22]. - IS-41 TCAP RegistrationNotification Invoke has borderCellAccess parameter coded as tag 50 (as denyAccess) but should be 58. Bug 15372[23]. - In DNS statistics, response times > 1 sec not included. Bug 15382[24]. - GTPv2 APN dissect problem. Bug 15383[25]. New and Updated Features There are no new features in this release. New Protocol Support There are no new protocols in this release. Updated Protocol Support 6LoWPAN, ANSI MAP, DNP3, DNS, GSM A, GTP, GTPv2, IMF, ISAKMP, ISObus VT, Kerberos, P_MUL, RTSE, S7COMM, and TCAP New and Updated Capture File Support There is no new or updated capture file support in this release. New and Updated Capture Interfaces support There is no new or updated capture file support in this release. Major API Changes - Lua: on Windows, file-related functions such as dofile now assume UTF-8 paths instead of the local code page. This is consistent with Linux and macOS and improves compatibility on non-English systems. (Bug 15118[26]) Getting Wireshark Wireshark source code and installation packages are available from https://www.wireshark.org/download.html[27]. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page[28] on the Wireshark web site. File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About - Folders to find the default locations on your system. Known Problems The BER dissector might infinitely loop. Bug 1516[29]. Capture filters aren't applied when capturing from named pipes. Bug 1814[30]. Filtering tshark captures with read filters (-R) no longer works. Bug 2234[31]. Application crash when changing real-time option. Bug 4035[32]. Wireshark and TShark will display incorrect delta times in some cases. Bug 4985[33]. Wireshark should let you work with multiple capture files. Bug 10488[34]. Getting Help Community support is available on [32]Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on [33]the web site. Official Wireshark training and certification are available from [34]Wireshark University. Frequently Asked Questions A complete FAQ is available on the Wireshark web site[38]. Last updated 2019-01-08 19:35:16 UTC References 1. https://www.wireshark.org/security/wnpa-sec-2019-01 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217 3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5716 4. https://www.wireshark.org/security/wnpa-sec-2019-02 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337 6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5717 7. https://www.wireshark.org/security/wnpa-sec-2019-03 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373 9. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5718 10. https://www.wireshark.org/security/wnpa-sec-2019-04 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374 12. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5719 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15118 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15263 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15271 16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15292 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15317 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15350 19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15361 20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15366 21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15367 22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15369 23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15372 24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15382 25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15383 26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15118 27. https://www.wireshark.org/download.html 28. https://www.wireshark.org/download.html#thirdparty 29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516 30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814 31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035 33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985 34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488 35. https://ask.wireshark.org/ 36. https://www.wireshark.org/lists/ 37. http://www.wiresharktraining.com/ 38. https://www.wireshark.org/faq.html Digests wireshark-2.6.6.tar.xz: 28407404 bytes SHA256(wireshark-2.6.6.tar.xz)=487933ea075bdbb25d8df06017d9c4f49fc20eb7f6ec80af086718ed5550e863 RIPEMD160(wireshark-2.6.6.tar.xz)=5c5750e277e647a58916229f19d883a99e31046a SHA1(wireshark-2.6.6.tar.xz)=d3d2f45a85e6f43a69c745b5c733e70dbc8cc535 Wireshark-win64-2.6.6.exe: 60015792 bytes SHA256(Wireshark-win64-2.6.6.exe)=e440a059fba3572000b5695ca89438d5765b9d73d830556344d7e8cdad071617 RIPEMD160(Wireshark-win64-2.6.6.exe)=74c33427b0527fc05c4e97a94177f6895ad72beb SHA1(Wireshark-win64-2.6.6.exe)=597a32ada9c2c51dae6b6c1e881ca50f74081136 Wireshark-win32-2.6.6.exe: 54286272 bytes SHA256(Wireshark-win32-2.6.6.exe)=a76e70694b1914c3bf2c5267c234d44db58a605b88c274473368cb57b4262c1f RIPEMD160(Wireshark-win32-2.6.6.exe)=a5df535decec4304088c4f9b6c219e212ab0ba9a SHA1(Wireshark-win32-2.6.6.exe)=0826853320be66fc8afbc5f9d2520de5a96e92d3 Wireshark-win64-2.6.6.msi: 49385472 bytes SHA256(Wireshark-win64-2.6.6.msi)=9ca2a067f33f551da479a2b760a943f340e6996db155832ba1c486e3c3afe272 RIPEMD160(Wireshark-win64-2.6.6.msi)=e93c8fa321d521517b12bb0704e4c27df566243e SHA1(Wireshark-win64-2.6.6.msi)=d9b5558c052c6db9caa5bd294ff61965e0a79dce Wireshark-win32-2.6.6.msi: 43753472 bytes SHA256(Wireshark-win32-2.6.6.msi)=a700512870239f5b17311eab223eaf319e17c8d66d1676aa5327c2c5688b17c6 RIPEMD160(Wireshark-win32-2.6.6.msi)=285f2f2d8417e3730df84fcef556b77c993159e4 SHA1(Wireshark-win32-2.6.6.msi)=e7008b63cd6c7223a8456234dc49517ca7f40810 WiresharkPortable_2.6.6.paf.exe: 37492944 bytes SHA256(WiresharkPortable_2.6.6.paf.exe)=8003dd25e6971cc97350df4c715ad56be873930f08328dbeee253349808cc0ae RIPEMD160(WiresharkPortable_2.6.6.paf.exe)=58013de0b67d5c5cad6ae6d779aacfb53ce4b532 SHA1(WiresharkPortable_2.6.6.paf.exe)=624aa86801388b715db2cebfcd21376a6d75cbca Wireshark 2.6.6 Intel 64.dmg: 108149698 bytes SHA256(Wireshark 2.6.6 Intel 64.dmg)=71920bf98e2867703759b0c98395480f88dee1c332efd3f2bc6a91eaec75b0a3 RIPEMD160(Wireshark 2.6.6 Intel 64.dmg)=42a33054c01bbdd1834c93970b26967954053d42 SHA1(Wireshark 2.6.6 Intel 64.dmg)=45d4d188b151caf11724435640344c02f9746f9b You can validate these hashes using the following commands (among others): Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" Other: openssl sha256 wireshark-x.y.z.tar.xz - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXDU0E2aOgq3Tt24GAQh7CBAAmfQIkkBGSwPTJ/HZGoQI0Qx8GO2/WegK /QIpUuF92bJqrFRYx/dflOdcdymKNnv6Xxa+E4CV/TJSxBeTWj3zkG3DUWaOM7vp dlMbmoIaEbmKAQ8PDah/eLziTFfpMq3sypvrdrfD2aDqLNqqRETn9FrZIAECgIZy Aatv2Z0LFJSluX1a0nhGdbBkiVtZHTi3KJIZVmtuy+K36Z4NuZCyFhpw1AXiu9Y/ MI3yigXM+pIDSyoDluYviA6airSI78rFsejmaM+2j4BTiSfOhRy/Cs8UcwC7x81i t0VWlZ8xvKK6XtqRqIqtFAuNZ5cDfS01JMUHNGLVW0b1j9Y6Ll/NsOTfj/tFAihc 0dqwOluTt5+/Akr6bf55CKh+Pg3+wKJK1Uuo16BLn30MfXkOPh4WKKYK711gGtpl jNVoJU0KPY0WZesnxC0/gjT9AuMKwGdNK0tPPjhFPZy838oO4FG6idfMGkW67Qtl ZsAk5cbcCHTq1LwAS7ccXLJzChhQPj4TYE62M/+xeOthqZsXCUzjI7aIAF2m2gnW rGo9xAQ1FykyJOkRQhyswEsawnap9LJKy0sgKTGpF65im5B3c8sJtN0X2d99yWWk gLvl3aLgBj6A4CmXBD9WpOoDY4LJmFOxek2j2Vacs3BoOtF3IpFFiKfJAn15Vnx3 ZhFtL3ioir4= =rvJd -----END PGP SIGNATURE-----