Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1984 Important: thunderbird security update 4 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 8 Red Hat Enterprise Linux WS/Desktop 8 Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-11698 CVE-2019-11693 CVE-2019-11692 CVE-2019-11691 CVE-2019-9820 CVE-2019-9819 CVE-2019-9817 CVE-2019-9800 CVE-2019-9797 CVE-2019-7317 CVE-2019-5798 CVE-2018-18511 Reference: ASB-2019.0082 ASB-2019.0079 ESB-2019.1979 ESB-2019.1972 Original Bulletin: https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310 Comment: This bulletin contains three (3) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2019:1308-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1308 Issue date: 2019-06-03 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: thunderbird-60.7.0-1.el8_0.src.rpm ppc64le: thunderbird-60.7.0-1.el8_0.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el8_0.ppc64le.rpm thunderbird-debugsource-60.7.0-1.el8_0.ppc64le.rpm x86_64: thunderbird-60.7.0-1.el8_0.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el8_0.x86_64.rpm thunderbird-debugsource-60.7.0-1.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXPWIstzjgjWX9erEAQhmvg//SGv8G0IE1cKX+OnFYTpPQJMqYYPqjlTS RUKg+Cou8Bw2H6tkO+Qy0ogpNEtBom85m3TRkSzl0KpTb4K85cq0YsKG8J6r/o2K eAZZy3/Lt69uegsjlXmSMUbeemqXgHt5ZrFL9nU01Wmawlwchvzfz2bijWvBbIbs BoKHfz0X+T+/fF64d3vAOG1J8Uj98nTgEMxmC+99oi2N4x6T+Q7O3DI8/drfPZ7e SqF9UtRBkyYjmzvx2HLFAZOc21sFxGjKZzNfkuALUSdDghpi9wBI6B1H713QIs2f LxOaleoxtpbUW7cEwHDVavGioQ8TD8IPUH+wBHRKAXoOMuDlgtxLOi90Qv02AXiF Z6DWQ+VNHuwfgmKhQkF/dk5qOFAouSX4ztjs05Tke/8V5+0uxPzuFKub3qTAqqMh 9gU3MbzgiSvyjZxv3w816QZsvpU3lJVZMGdTfAtT1HlnPvaGSV5yFNhJEaicU7Uh 27lKC+PLVD6Rscbyeo9BcgXaB0ZgPaLM6NlZKG6H4NC9+35D5ZInKtgbeRRYr75j UMqapFl81UgRilAC8JHrhV3eVZde46Gino8XXdtccAgA85ZXVxXqK/0kT+3zRjqS /UUS4aBYo64bDN5gw20ObI7eyVl9A8/Gdvtw1VunwovLHjh4Rit2OEvjp5oHiRmv 4CFyuGOSg2E= =1Wfl - -----END PGP SIGNATURE----- - --------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2019:1309-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1309 Issue date: 2019-06-03 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-60.7.0-1.el7_6.src.rpm x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-60.7.0-1.el7_6.src.rpm ppc64le: thunderbird-60.7.0-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: thunderbird-60.7.0-1.el7_6.src.rpm aarch64: thunderbird-60.7.0-1.el7_6.aarch64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.aarch64.rpm ppc64le: thunderbird-60.7.0-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-60.7.0-1.el7_6.src.rpm x86_64: thunderbird-60.7.0-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXPWIu9zjgjWX9erEAQg21w//Z7v1kJQho28efeI70LrXGp/n0Hlj5i2m JwhPrwWDnz5BH5WbYrPIch/2CTL7znXR6v5rjisXoFhtvoSme3LPStyijp+bMXGr FtKnWFJRVt87gWZ8NwvY/mtwCjpIXSOCkAdEe6Rk+crG4gtBRct32ZDfcH+6U1Km cPpoguI0Q4cd/KZ4yiyFgUG66k0vBZ/mqUch480+vtlNkiO5JhZzPapTMEr5C9Ay qKmn6A98z3eVOpligYZ/5nAC4HfY6AhQp4CWFPijmvobJzq1a9z0XH4L9KeQk6RA laW0+rzw9NcsSk4c5WMWlcl9YzzYSr663av26VIKwgUnMEGjmBKstSUfgYIBgu3j ROMrVlHl2BTPJNrGtW0arWLo2pC0qCKEwcMGo8aisyNBLMc9QXFP4CCjf6uVtpU7 VYfHz3bwfokj7R9dFDh3dDTmyrLeAWkoDckEmo59XEfXaA1u7E/QEAnxA4h9wCb3 TU1frVhktXSh4lPO5JYIE4cpT50MJEyt2FPsSfQaL+q2EUMNlxR5IckSDx+sFicn jSelaqnOEpJQSle2bLWAQmGgWeMMkyHbRReCjRMBYPt0F/qbFiKIvRJISEYlVb9L xpnYw8aTMn5OFxH2BCT/+mVniOhZYqPK8CfEF2dTKZ7hYtzammrzndSZf2ifG574 3/xegYaen8Q= =TKs0 - -----END PGP SIGNATURE----- - --------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2019:1310-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1310 Issue date: 2019-06-03 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-60.7.0-1.el6_10.src.rpm i386: thunderbird-60.7.0-1.el6_10.i686.rpm thunderbird-debuginfo-60.7.0-1.el6_10.i686.rpm x86_64: thunderbird-60.7.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-60.7.0-1.el6_10.src.rpm i386: thunderbird-60.7.0-1.el6_10.i686.rpm thunderbird-debuginfo-60.7.0-1.el6_10.i686.rpm ppc64: thunderbird-60.7.0-1.el6_10.ppc64.rpm thunderbird-debuginfo-60.7.0-1.el6_10.ppc64.rpm s390x: thunderbird-60.7.0-1.el6_10.s390x.rpm thunderbird-debuginfo-60.7.0-1.el6_10.s390x.rpm x86_64: thunderbird-60.7.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-60.7.0-1.el6_10.src.rpm i386: thunderbird-60.7.0-1.el6_10.i686.rpm thunderbird-debuginfo-60.7.0-1.el6_10.i686.rpm x86_64: thunderbird-60.7.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-60.7.0-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXPWIwNzjgjWX9erEAQhz6Q/+Mk6McBpD9bPsmEcdACbjpV+V1ygpi/c5 IPXCWh37tpHkXmu5GLtx7EzrCAvKoo/zoyUSxupaMs3AY1rnE1MJPIV+SCGfvLkM ObYcsSqEmepRw7SaQ848inF1Krx0XOzHpNrKii8xWe9yHe2yeYf3HjBfmAou7NC5 94xOHU6z/bAukxtfU/33pxledWXykqySe82d2zE4kmDkL6ZraKNtcfRTXps4Volx 6+7AghqT9GdPMqlvQ+wMWmJWwc8Zy3tMPm6hyzvug9i+WfDS0HQ6aEehWhI6SKy6 sDewW4p04Wlqk1wb4CVRpX+7XefJsLc9aioUvs45JpIHco62bcZKZxsRZ16FRxAx cow6VwgcBk2Y/PuxZsvZZK10Ea+p3fzLJTeD/u1n4zpvv5OYS1YdlesecburqUYZ +ThjzflSqts8MIV7jbNiXEPCj8Cdv/XXC2peQLU0jtpa9MxOCCqxeiOm1wcUmBXf gtA7wgXU5ieSgDeDUrWtiISkTQSrXmpFLDxfMX3UQ7fyn4FOidV8emxkgcsr+MUA VxW2+r91Fc1oDKXreRhScbXXc41MtGKxPjToWh2emLkl2Mj81EbpWKBpv4eoTLpT CaVeAtPo5gNoKFgEtAa6PJZtdZcf93WdGrKJtHygqwDh1AbJ3LhRqgK/V1GspWTd DYJCE4Fu6wY= =YI5G - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXPW602aOgq3Tt24GAQip0xAAnJInwgFkaFh8KEa3Lz1EJZSKXd1Vcvd7 ABcB4eFKtwiLcCJ6Cd+e+RKrRip+qtmEpJ3H7fK8kLksBPY6gOZE5zdM4mCGQD1g eBkYTyeXYs4mfnmi1c9fz1SoDeG/ksyl3zkzUg/b3wCydTFxdFONEgt4++47Fjhb wWtyVcLCijpZJY6k4hrRvWOYQdyYXY5QgAqdRFDyrxs9Z9cay+8OZ1QoM7G8XnLQ aa1aIOmD4MR0npRJ8GY1QUYMF6JNDBmjkbSnGh8PBVMAy3OQ9GCXCUv0TBEu0Jk8 I1tNHOSTLGBtF+cxGqCIWFFL7kW9m6hBqs/u09yqs96eRdQWhdqmU6WRfzcluR25 uieKRIYt2KBh1NiW1mFYYDWKKmC0eeePRJ0KfSqEX5CGHh16D0c0rnUdbryAfjVL HYO+sXwJjmUo7UdllEZZkmw0+Hh7wHXfeyqya3ky+bPg4RzvUq+F37kYpvPYmFC+ mNlDuNcKhOks10BSix1XIG5gA/TMGpiBfEiVzv6tYBmuwelhuulipyWnDj/ywtBV SeO0QinrZrYVTXEmRH5XjkC+OHoO5y788YralDfmBUxVp8d86YIxpBLTNegHAs4W 8Ef87ITLG0d2AldAN2iTMfmjr/zYMvRNjQX5aFggFaoXXEyP1q12gEQP0ISHdt+s XnYxHqV0E0U= =Zsxb -----END PGP SIGNATURE-----