Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3321 Important: ghostscript security updates 3 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ghostscript Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 8 Red Hat Enterprise Linux WS/Desktop 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-14817 CVE-2019-14813 CVE-2019-14812 CVE-2019-14811 Reference: ESB-2019.3284 Original Bulletin: https://access.redhat.com/errata/RHSA-2019:2586 https://access.redhat.com/errata/RHSA-2019:2591 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ghostscript security update Advisory ID: RHSA-2019:2586-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2586 Issue date: 2019-09-02 CVE Names: CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 ===================================================================== 1. Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811) * ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444) (CVE-2019-14812) * ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) (CVE-2019-14813) * ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450) (CVE-2019-14817) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1743737 - CVE-2019-14813 ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) 1743754 - CVE-2019-14812 ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444) 1743757 - CVE-2019-14811 ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) 1744042 - CVE-2019-14817 ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ghostscript-9.25-2.el7_7.2.src.rpm x86_64: ghostscript-9.25-2.el7_7.2.i686.rpm ghostscript-9.25-2.el7_7.2.x86_64.rpm ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm libgs-9.25-2.el7_7.2.i686.rpm libgs-9.25-2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ghostscript-doc-9.25-2.el7_7.2.noarch.rpm x86_64: ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm libgs-devel-9.25-2.el7_7.2.i686.rpm libgs-devel-9.25-2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ghostscript-9.25-2.el7_7.2.src.rpm x86_64: ghostscript-9.25-2.el7_7.2.i686.rpm ghostscript-9.25-2.el7_7.2.x86_64.rpm ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm libgs-9.25-2.el7_7.2.i686.rpm libgs-9.25-2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ghostscript-doc-9.25-2.el7_7.2.noarch.rpm x86_64: ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm libgs-devel-9.25-2.el7_7.2.i686.rpm libgs-devel-9.25-2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ghostscript-9.25-2.el7_7.2.src.rpm ppc64: ghostscript-9.25-2.el7_7.2.ppc.rpm ghostscript-9.25-2.el7_7.2.ppc64.rpm ghostscript-cups-9.25-2.el7_7.2.ppc64.rpm ghostscript-debuginfo-9.25-2.el7_7.2.ppc.rpm ghostscript-debuginfo-9.25-2.el7_7.2.ppc64.rpm libgs-9.25-2.el7_7.2.ppc.rpm libgs-9.25-2.el7_7.2.ppc64.rpm ppc64le: ghostscript-9.25-2.el7_7.2.ppc64le.rpm ghostscript-cups-9.25-2.el7_7.2.ppc64le.rpm ghostscript-debuginfo-9.25-2.el7_7.2.ppc64le.rpm libgs-9.25-2.el7_7.2.ppc64le.rpm s390x: ghostscript-9.25-2.el7_7.2.s390.rpm ghostscript-9.25-2.el7_7.2.s390x.rpm ghostscript-cups-9.25-2.el7_7.2.s390x.rpm ghostscript-debuginfo-9.25-2.el7_7.2.s390.rpm ghostscript-debuginfo-9.25-2.el7_7.2.s390x.rpm libgs-9.25-2.el7_7.2.s390.rpm libgs-9.25-2.el7_7.2.s390x.rpm x86_64: ghostscript-9.25-2.el7_7.2.i686.rpm ghostscript-9.25-2.el7_7.2.x86_64.rpm ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm libgs-9.25-2.el7_7.2.i686.rpm libgs-9.25-2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ghostscript-doc-9.25-2.el7_7.2.noarch.rpm ppc64: ghostscript-debuginfo-9.25-2.el7_7.2.ppc.rpm ghostscript-debuginfo-9.25-2.el7_7.2.ppc64.rpm ghostscript-gtk-9.25-2.el7_7.2.ppc64.rpm libgs-devel-9.25-2.el7_7.2.ppc.rpm libgs-devel-9.25-2.el7_7.2.ppc64.rpm ppc64le: ghostscript-debuginfo-9.25-2.el7_7.2.ppc64le.rpm ghostscript-gtk-9.25-2.el7_7.2.ppc64le.rpm libgs-devel-9.25-2.el7_7.2.ppc64le.rpm s390x: ghostscript-debuginfo-9.25-2.el7_7.2.s390.rpm ghostscript-debuginfo-9.25-2.el7_7.2.s390x.rpm ghostscript-gtk-9.25-2.el7_7.2.s390x.rpm libgs-devel-9.25-2.el7_7.2.s390.rpm libgs-devel-9.25-2.el7_7.2.s390x.rpm x86_64: ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm libgs-devel-9.25-2.el7_7.2.i686.rpm libgs-devel-9.25-2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ghostscript-9.25-2.el7_7.2.src.rpm x86_64: ghostscript-9.25-2.el7_7.2.i686.rpm ghostscript-9.25-2.el7_7.2.x86_64.rpm ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm libgs-9.25-2.el7_7.2.i686.rpm libgs-9.25-2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ghostscript-doc-9.25-2.el7_7.2.noarch.rpm x86_64: ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm libgs-devel-9.25-2.el7_7.2.i686.rpm libgs-devel-9.25-2.el7_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14811 https://access.redhat.com/security/cve/CVE-2019-14812 https://access.redhat.com/security/cve/CVE-2019-14813 https://access.redhat.com/security/cve/CVE-2019-14817 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXWzK6dzjgjWX9erEAQieARAAj9VEk8setoJn7WvPLBs89InicBYbQW5R fd3vdWh7Gmi6wegqmnR56cOAGKCyql/ChCblZ8Gbw9mjNDzr54wuv2u15FnNBLdv Ymuy2MrINtpBMVkru/Wl/ov/EwOf3uWUCv+bgxJBw91b8PckjrokhtdKwtrONrzf +eErm1SrTaQy0kCIwpKHn+j4ulW+UiW7LoGqJ51J2JYHJ+p3fLX26VRCOwPtITZA Slh/5qjQ0bLfbrSqsW0AV+SzLD96JC19D1/5D+gVEy47tO3I+zDBU7c4/uLQyP1u t+iRTVYpDIUKAzeXjLlAJgbiRLcAI9tnLUeSH38KEQY6GbdiEJiOtLxxkQpSWbK9 +DHxezTwa2mWIYt8yPdDbbkPZAvd3eYVCiV+8oP8LqLhKi15ask6lk7hYP6ftp3r kou+D+Ys102RDkwYZDfKOiWON6NB2U3Y4dyMMb/1ZJXA5AhckAzpcfaVx+gh2Ptm xYmkB7L5Vr+mQf44r/e5oqPUaHUmCOLJF2mxFkScNj59ZoIqH/Db7c1PHBW4md3J 5IEfGPC/si+LUU1duxiIxoti0EwhUKPXUuq3tzqM7OKIOkXe3z645daVKDbLA8ks 4DJzlBcEZ4P2JXY/Q2epYcslSo13D82MSa44htms0naRSu6GjrRssEuea2Qi+iAV K2+XGyIJszc= =fbCz - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ghostscript security update Advisory ID: RHSA-2019:2591-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2591 Issue date: 2019-09-02 CVE Names: CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 ===================================================================== 1. Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811) * ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444) (CVE-2019-14812) * ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) (CVE-2019-14813) * ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450) (CVE-2019-14817) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1743737 - CVE-2019-14813 ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) 1743754 - CVE-2019-14812 ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444) 1743757 - CVE-2019-14811 ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) 1744042 - CVE-2019-14817 ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: ghostscript-9.25-2.el8_0.3.src.rpm aarch64: ghostscript-9.25-2.el8_0.3.aarch64.rpm ghostscript-debuginfo-9.25-2.el8_0.3.aarch64.rpm ghostscript-debugsource-9.25-2.el8_0.3.aarch64.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.aarch64.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.aarch64.rpm libgs-9.25-2.el8_0.3.aarch64.rpm libgs-debuginfo-9.25-2.el8_0.3.aarch64.rpm ppc64le: ghostscript-9.25-2.el8_0.3.ppc64le.rpm ghostscript-debuginfo-9.25-2.el8_0.3.ppc64le.rpm ghostscript-debugsource-9.25-2.el8_0.3.ppc64le.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.ppc64le.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.ppc64le.rpm libgs-9.25-2.el8_0.3.ppc64le.rpm libgs-debuginfo-9.25-2.el8_0.3.ppc64le.rpm s390x: ghostscript-9.25-2.el8_0.3.s390x.rpm ghostscript-debuginfo-9.25-2.el8_0.3.s390x.rpm ghostscript-debugsource-9.25-2.el8_0.3.s390x.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.s390x.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.s390x.rpm libgs-9.25-2.el8_0.3.s390x.rpm libgs-debuginfo-9.25-2.el8_0.3.s390x.rpm x86_64: ghostscript-9.25-2.el8_0.3.x86_64.rpm ghostscript-debuginfo-9.25-2.el8_0.3.i686.rpm ghostscript-debuginfo-9.25-2.el8_0.3.x86_64.rpm ghostscript-debugsource-9.25-2.el8_0.3.i686.rpm ghostscript-debugsource-9.25-2.el8_0.3.x86_64.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.i686.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.x86_64.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.i686.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.x86_64.rpm libgs-9.25-2.el8_0.3.i686.rpm libgs-9.25-2.el8_0.3.x86_64.rpm libgs-debuginfo-9.25-2.el8_0.3.i686.rpm libgs-debuginfo-9.25-2.el8_0.3.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: ghostscript-debuginfo-9.25-2.el8_0.3.aarch64.rpm ghostscript-debugsource-9.25-2.el8_0.3.aarch64.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.aarch64.rpm ghostscript-tools-dvipdf-9.25-2.el8_0.3.aarch64.rpm ghostscript-tools-fonts-9.25-2.el8_0.3.aarch64.rpm ghostscript-tools-printing-9.25-2.el8_0.3.aarch64.rpm ghostscript-x11-9.25-2.el8_0.3.aarch64.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.aarch64.rpm libgs-debuginfo-9.25-2.el8_0.3.aarch64.rpm libgs-devel-9.25-2.el8_0.3.aarch64.rpm noarch: ghostscript-doc-9.25-2.el8_0.3.noarch.rpm ppc64le: ghostscript-debuginfo-9.25-2.el8_0.3.ppc64le.rpm ghostscript-debugsource-9.25-2.el8_0.3.ppc64le.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.ppc64le.rpm ghostscript-tools-dvipdf-9.25-2.el8_0.3.ppc64le.rpm ghostscript-tools-fonts-9.25-2.el8_0.3.ppc64le.rpm ghostscript-tools-printing-9.25-2.el8_0.3.ppc64le.rpm ghostscript-x11-9.25-2.el8_0.3.ppc64le.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.ppc64le.rpm libgs-debuginfo-9.25-2.el8_0.3.ppc64le.rpm libgs-devel-9.25-2.el8_0.3.ppc64le.rpm s390x: ghostscript-debuginfo-9.25-2.el8_0.3.s390x.rpm ghostscript-debugsource-9.25-2.el8_0.3.s390x.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.s390x.rpm ghostscript-tools-dvipdf-9.25-2.el8_0.3.s390x.rpm ghostscript-tools-fonts-9.25-2.el8_0.3.s390x.rpm ghostscript-tools-printing-9.25-2.el8_0.3.s390x.rpm ghostscript-x11-9.25-2.el8_0.3.s390x.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.s390x.rpm libgs-debuginfo-9.25-2.el8_0.3.s390x.rpm libgs-devel-9.25-2.el8_0.3.s390x.rpm x86_64: ghostscript-debuginfo-9.25-2.el8_0.3.i686.rpm ghostscript-debuginfo-9.25-2.el8_0.3.x86_64.rpm ghostscript-debugsource-9.25-2.el8_0.3.i686.rpm ghostscript-debugsource-9.25-2.el8_0.3.x86_64.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.i686.rpm ghostscript-gtk-debuginfo-9.25-2.el8_0.3.x86_64.rpm ghostscript-tools-dvipdf-9.25-2.el8_0.3.x86_64.rpm ghostscript-tools-fonts-9.25-2.el8_0.3.x86_64.rpm ghostscript-tools-printing-9.25-2.el8_0.3.x86_64.rpm ghostscript-x11-9.25-2.el8_0.3.x86_64.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.i686.rpm ghostscript-x11-debuginfo-9.25-2.el8_0.3.x86_64.rpm libgs-debuginfo-9.25-2.el8_0.3.i686.rpm libgs-debuginfo-9.25-2.el8_0.3.x86_64.rpm libgs-devel-9.25-2.el8_0.3.i686.rpm libgs-devel-9.25-2.el8_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14811 https://access.redhat.com/security/cve/CVE-2019-14812 https://access.redhat.com/security/cve/CVE-2019-14813 https://access.redhat.com/security/cve/CVE-2019-14817 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXWzK29zjgjWX9erEAQhK4A//S73gbmNoOsxvXgkNduNQkkc4MNNAo0C/ 0I1MXyNjsUj/8Ya/qL0OKZGrlSoXXQ6cavlvPTS5suklioA5r5RBGrWg8s0nAHGN DMM9QI8yASkq6AjS/dK0nrVrCVq2c+oHS2791jupWDiYQc/kO8YF2Z7YuuxeM1c0 zusG5NVlgcS0ZN3f7kKdL6J64TkAkiVS+3jhPOKHQ33CI96Qx16FmaeXYFETs+Th hh/1fk5qJNVQymTvYllLup8VFXrJusCKaMFtRXDziRwJGif8S9RkTtQsNsmJgZdB IO2LbAVHK4qIF3d5Px+YRcDoKWM/ZoaYYAFwkzem7s+Y4yio77HpZ8edCh4LwRF5 KgCkfzinH6yiXT0D5goIQacoL8tt4xtplihUk/dUYtEjIehMLoeIhROd9yu/1Mdn SvzEl09uvoToIxh4zEvqQoS17vEgtiduIbiOcHTM+KExgoaS76fXDGFxoed0T+Zm W70ppieHS5PJPEYV9P/TSz5sIkZzrXOdntSYQoSV2Vqlhjlpq1jICmqQFSy7UKZF 3srZkwod8/xpf9MQfQwKUo1irOKUz2Piwx1w2U/xkoMkuRqbvnpf5RSAdqZiytDf BlAxAVl0b7y+ZQNfKLyjUP+czhnJBGS90R3S27/ZmwDAftNXoUzhq40EhJ5medf6 4nUmw/cqzY8= =8EMT - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXW20SWaOgq3Tt24GAQjIrxAAlZDtpXWF6bheHx+uxpBW4JI0dov24pcO 8GjBOj/y0PDVd9JUF79w8N5EW5kzJzNitye62DFpSY2awwnYyRSlfxBW1w1rPXHm 3JC1Wf+ozUZbpcylQjm6mclCXxxjUter4FUjYbPezULNudREkMGb+bA79yTgjDEG AXURK7R7q5xQOdYD+g+UFpzhvfmB1h52CzzWKLLE6fSw0st9xUZW6qzCFOJxFgXH 842bHzJeoJj9xewj1A7LGhDK63JEVfCOvIivOcGl7KPjdY3YQzKox5V3zObgyx4Z YVHuFr9xp8GFwygHICPFBcgbZ43F0SdorSNyrV/uKkJPlX72SfTy/YhkI9omCb3x 41yq1Og2PFXNzctnyFNHJlnwqQWUhMiFVD32FcF4KoVI9fBMqHbGkz72ahDIllhN jSsMYbtsxUNuYeXjQd54LDt+PKMThjDRr6t9Zkr4C5aoBb1feUj6bfB5WtL1nKis aO3tZdjrXTkgfiL3Glge0gBbQylhcsDATGVA1up+1SZjuOcZGr/9UeQ7HFdlkBrX uJDyzKpuH+r5mlo60gTxUQrB7jfbMMiPck07oxWyx9oSv4vknpUOp7h4wjY+gFND s/cZf5o00QAKEET72GyOV7tAJMNmwUSRXgRvgacLUV7STzaS7bGjfcwpsQlAdUTr EV0USwyA5ag= =ZTjb -----END PGP SIGNATURE-----