-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.3321
                  Important: ghostscript security updates
                             3 September 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ghostscript
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Red Hat Enterprise Linux Server 8
                   Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-14817 CVE-2019-14813 CVE-2019-14812
                   CVE-2019-14811  

Reference:         ESB-2019.3284

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2019:2586
   https://access.redhat.com/errata/RHSA-2019:2591

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: ghostscript security update
Advisory ID:       RHSA-2019:2586-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2586
Issue date:        2019-09-02
CVE Names:         CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 
                   CVE-2019-14817 
=====================================================================

1. Summary:

An update for ghostscript is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The Ghostscript suite contains utilities for rendering PostScript and PDF
documents. Ghostscript translates PostScript code to common bitmap formats
so that the code can be displayed or printed.

Security Fix(es):

* ghostscript: Safer mode bypass by .forceput exposure in
.pdf_hook_DSC_Creator (701445) (CVE-2019-14811)

* ghostscript: Safer mode bypass by .forceput exposure in setuserparams
(701444) (CVE-2019-14812)

* ghostscript: Safer mode bypass by .forceput exposure in setsystemparams
(701443) (CVE-2019-14813)

* ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and
other procedures (701450) (CVE-2019-14817)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1743737 - CVE-2019-14813 ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)
1743754 - CVE-2019-14812 ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)
1743757 - CVE-2019-14811 ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)
1744042 - CVE-2019-14817 ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
ghostscript-9.25-2.el7_7.2.src.rpm

x86_64:
ghostscript-9.25-2.el7_7.2.i686.rpm
ghostscript-9.25-2.el7_7.2.x86_64.rpm
ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm
libgs-9.25-2.el7_7.2.i686.rpm
libgs-9.25-2.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
ghostscript-doc-9.25-2.el7_7.2.noarch.rpm

x86_64:
ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm
ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm
libgs-devel-9.25-2.el7_7.2.i686.rpm
libgs-devel-9.25-2.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
ghostscript-9.25-2.el7_7.2.src.rpm

x86_64:
ghostscript-9.25-2.el7_7.2.i686.rpm
ghostscript-9.25-2.el7_7.2.x86_64.rpm
ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm
libgs-9.25-2.el7_7.2.i686.rpm
libgs-9.25-2.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
ghostscript-doc-9.25-2.el7_7.2.noarch.rpm

x86_64:
ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm
ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm
libgs-devel-9.25-2.el7_7.2.i686.rpm
libgs-devel-9.25-2.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
ghostscript-9.25-2.el7_7.2.src.rpm

ppc64:
ghostscript-9.25-2.el7_7.2.ppc.rpm
ghostscript-9.25-2.el7_7.2.ppc64.rpm
ghostscript-cups-9.25-2.el7_7.2.ppc64.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.ppc.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.ppc64.rpm
libgs-9.25-2.el7_7.2.ppc.rpm
libgs-9.25-2.el7_7.2.ppc64.rpm

ppc64le:
ghostscript-9.25-2.el7_7.2.ppc64le.rpm
ghostscript-cups-9.25-2.el7_7.2.ppc64le.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.ppc64le.rpm
libgs-9.25-2.el7_7.2.ppc64le.rpm

s390x:
ghostscript-9.25-2.el7_7.2.s390.rpm
ghostscript-9.25-2.el7_7.2.s390x.rpm
ghostscript-cups-9.25-2.el7_7.2.s390x.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.s390.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.s390x.rpm
libgs-9.25-2.el7_7.2.s390.rpm
libgs-9.25-2.el7_7.2.s390x.rpm

x86_64:
ghostscript-9.25-2.el7_7.2.i686.rpm
ghostscript-9.25-2.el7_7.2.x86_64.rpm
ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm
libgs-9.25-2.el7_7.2.i686.rpm
libgs-9.25-2.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
ghostscript-doc-9.25-2.el7_7.2.noarch.rpm

ppc64:
ghostscript-debuginfo-9.25-2.el7_7.2.ppc.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.ppc64.rpm
ghostscript-gtk-9.25-2.el7_7.2.ppc64.rpm
libgs-devel-9.25-2.el7_7.2.ppc.rpm
libgs-devel-9.25-2.el7_7.2.ppc64.rpm

ppc64le:
ghostscript-debuginfo-9.25-2.el7_7.2.ppc64le.rpm
ghostscript-gtk-9.25-2.el7_7.2.ppc64le.rpm
libgs-devel-9.25-2.el7_7.2.ppc64le.rpm

s390x:
ghostscript-debuginfo-9.25-2.el7_7.2.s390.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.s390x.rpm
ghostscript-gtk-9.25-2.el7_7.2.s390x.rpm
libgs-devel-9.25-2.el7_7.2.s390.rpm
libgs-devel-9.25-2.el7_7.2.s390x.rpm

x86_64:
ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm
ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm
libgs-devel-9.25-2.el7_7.2.i686.rpm
libgs-devel-9.25-2.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
ghostscript-9.25-2.el7_7.2.src.rpm

x86_64:
ghostscript-9.25-2.el7_7.2.i686.rpm
ghostscript-9.25-2.el7_7.2.x86_64.rpm
ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm
libgs-9.25-2.el7_7.2.i686.rpm
libgs-9.25-2.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
ghostscript-doc-9.25-2.el7_7.2.noarch.rpm

x86_64:
ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm
ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm
ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm
libgs-devel-9.25-2.el7_7.2.i686.rpm
libgs-devel-9.25-2.el7_7.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-14811
https://access.redhat.com/security/cve/CVE-2019-14812
https://access.redhat.com/security/cve/CVE-2019-14813
https://access.redhat.com/security/cve/CVE-2019-14817
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXWzK6dzjgjWX9erEAQieARAAj9VEk8setoJn7WvPLBs89InicBYbQW5R
fd3vdWh7Gmi6wegqmnR56cOAGKCyql/ChCblZ8Gbw9mjNDzr54wuv2u15FnNBLdv
Ymuy2MrINtpBMVkru/Wl/ov/EwOf3uWUCv+bgxJBw91b8PckjrokhtdKwtrONrzf
+eErm1SrTaQy0kCIwpKHn+j4ulW+UiW7LoGqJ51J2JYHJ+p3fLX26VRCOwPtITZA
Slh/5qjQ0bLfbrSqsW0AV+SzLD96JC19D1/5D+gVEy47tO3I+zDBU7c4/uLQyP1u
t+iRTVYpDIUKAzeXjLlAJgbiRLcAI9tnLUeSH38KEQY6GbdiEJiOtLxxkQpSWbK9
+DHxezTwa2mWIYt8yPdDbbkPZAvd3eYVCiV+8oP8LqLhKi15ask6lk7hYP6ftp3r
kou+D+Ys102RDkwYZDfKOiWON6NB2U3Y4dyMMb/1ZJXA5AhckAzpcfaVx+gh2Ptm
xYmkB7L5Vr+mQf44r/e5oqPUaHUmCOLJF2mxFkScNj59ZoIqH/Db7c1PHBW4md3J
5IEfGPC/si+LUU1duxiIxoti0EwhUKPXUuq3tzqM7OKIOkXe3z645daVKDbLA8ks
4DJzlBcEZ4P2JXY/Q2epYcslSo13D82MSa44htms0naRSu6GjrRssEuea2Qi+iAV
K2+XGyIJszc=
=fbCz
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: ghostscript security update
Advisory ID:       RHSA-2019:2591-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2591
Issue date:        2019-09-02
CVE Names:         CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 
                   CVE-2019-14817 
=====================================================================

1. Summary:

An update for ghostscript is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Ghostscript suite contains utilities for rendering PostScript and PDF
documents. Ghostscript translates PostScript code to common bitmap formats
so that the code can be displayed or printed.

Security Fix(es):

* ghostscript: Safer mode bypass by .forceput exposure in
.pdf_hook_DSC_Creator (701445) (CVE-2019-14811)

* ghostscript: Safer mode bypass by .forceput exposure in setuserparams
(701444) (CVE-2019-14812)

* ghostscript: Safer mode bypass by .forceput exposure in setsystemparams
(701443) (CVE-2019-14813)

* ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and
other procedures (701450) (CVE-2019-14817)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1743737 - CVE-2019-14813 ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)
1743754 - CVE-2019-14812 ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)
1743757 - CVE-2019-14811 ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)
1744042 - CVE-2019-14817 ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
ghostscript-9.25-2.el8_0.3.src.rpm

aarch64:
ghostscript-9.25-2.el8_0.3.aarch64.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.aarch64.rpm
ghostscript-debugsource-9.25-2.el8_0.3.aarch64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.aarch64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.aarch64.rpm
libgs-9.25-2.el8_0.3.aarch64.rpm
libgs-debuginfo-9.25-2.el8_0.3.aarch64.rpm

ppc64le:
ghostscript-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-debugsource-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
libgs-9.25-2.el8_0.3.ppc64le.rpm
libgs-debuginfo-9.25-2.el8_0.3.ppc64le.rpm

s390x:
ghostscript-9.25-2.el8_0.3.s390x.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.s390x.rpm
ghostscript-debugsource-9.25-2.el8_0.3.s390x.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.s390x.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.s390x.rpm
libgs-9.25-2.el8_0.3.s390x.rpm
libgs-debuginfo-9.25-2.el8_0.3.s390x.rpm

x86_64:
ghostscript-9.25-2.el8_0.3.x86_64.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.x86_64.rpm
ghostscript-debugsource-9.25-2.el8_0.3.i686.rpm
ghostscript-debugsource-9.25-2.el8_0.3.x86_64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.x86_64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.x86_64.rpm
libgs-9.25-2.el8_0.3.i686.rpm
libgs-9.25-2.el8_0.3.x86_64.rpm
libgs-debuginfo-9.25-2.el8_0.3.i686.rpm
libgs-debuginfo-9.25-2.el8_0.3.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
ghostscript-debuginfo-9.25-2.el8_0.3.aarch64.rpm
ghostscript-debugsource-9.25-2.el8_0.3.aarch64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.aarch64.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.aarch64.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.aarch64.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.aarch64.rpm
ghostscript-x11-9.25-2.el8_0.3.aarch64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.aarch64.rpm
libgs-debuginfo-9.25-2.el8_0.3.aarch64.rpm
libgs-devel-9.25-2.el8_0.3.aarch64.rpm

noarch:
ghostscript-doc-9.25-2.el8_0.3.noarch.rpm

ppc64le:
ghostscript-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-debugsource-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-x11-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
libgs-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
libgs-devel-9.25-2.el8_0.3.ppc64le.rpm

s390x:
ghostscript-debuginfo-9.25-2.el8_0.3.s390x.rpm
ghostscript-debugsource-9.25-2.el8_0.3.s390x.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.s390x.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.s390x.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.s390x.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.s390x.rpm
ghostscript-x11-9.25-2.el8_0.3.s390x.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.s390x.rpm
libgs-debuginfo-9.25-2.el8_0.3.s390x.rpm
libgs-devel-9.25-2.el8_0.3.s390x.rpm

x86_64:
ghostscript-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.x86_64.rpm
ghostscript-debugsource-9.25-2.el8_0.3.i686.rpm
ghostscript-debugsource-9.25-2.el8_0.3.x86_64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.x86_64.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.x86_64.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.x86_64.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.x86_64.rpm
ghostscript-x11-9.25-2.el8_0.3.x86_64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.x86_64.rpm
libgs-debuginfo-9.25-2.el8_0.3.i686.rpm
libgs-debuginfo-9.25-2.el8_0.3.x86_64.rpm
libgs-devel-9.25-2.el8_0.3.i686.rpm
libgs-devel-9.25-2.el8_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-14811
https://access.redhat.com/security/cve/CVE-2019-14812
https://access.redhat.com/security/cve/CVE-2019-14813
https://access.redhat.com/security/cve/CVE-2019-14817
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXWzK29zjgjWX9erEAQhK4A//S73gbmNoOsxvXgkNduNQkkc4MNNAo0C/
0I1MXyNjsUj/8Ya/qL0OKZGrlSoXXQ6cavlvPTS5suklioA5r5RBGrWg8s0nAHGN
DMM9QI8yASkq6AjS/dK0nrVrCVq2c+oHS2791jupWDiYQc/kO8YF2Z7YuuxeM1c0
zusG5NVlgcS0ZN3f7kKdL6J64TkAkiVS+3jhPOKHQ33CI96Qx16FmaeXYFETs+Th
hh/1fk5qJNVQymTvYllLup8VFXrJusCKaMFtRXDziRwJGif8S9RkTtQsNsmJgZdB
IO2LbAVHK4qIF3d5Px+YRcDoKWM/ZoaYYAFwkzem7s+Y4yio77HpZ8edCh4LwRF5
KgCkfzinH6yiXT0D5goIQacoL8tt4xtplihUk/dUYtEjIehMLoeIhROd9yu/1Mdn
SvzEl09uvoToIxh4zEvqQoS17vEgtiduIbiOcHTM+KExgoaS76fXDGFxoed0T+Zm
W70ppieHS5PJPEYV9P/TSz5sIkZzrXOdntSYQoSV2Vqlhjlpq1jICmqQFSy7UKZF
3srZkwod8/xpf9MQfQwKUo1irOKUz2Piwx1w2U/xkoMkuRqbvnpf5RSAdqZiytDf
BlAxAVl0b7y+ZQNfKLyjUP+czhnJBGS90R3S27/ZmwDAftNXoUzhq40EhJ5medf6
4nUmw/cqzY8=
=8EMT
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXW20SWaOgq3Tt24GAQjIrxAAlZDtpXWF6bheHx+uxpBW4JI0dov24pcO
8GjBOj/y0PDVd9JUF79w8N5EW5kzJzNitye62DFpSY2awwnYyRSlfxBW1w1rPXHm
3JC1Wf+ozUZbpcylQjm6mclCXxxjUter4FUjYbPezULNudREkMGb+bA79yTgjDEG
AXURK7R7q5xQOdYD+g+UFpzhvfmB1h52CzzWKLLE6fSw0st9xUZW6qzCFOJxFgXH
842bHzJeoJj9xewj1A7LGhDK63JEVfCOvIivOcGl7KPjdY3YQzKox5V3zObgyx4Z
YVHuFr9xp8GFwygHICPFBcgbZ43F0SdorSNyrV/uKkJPlX72SfTy/YhkI9omCb3x
41yq1Og2PFXNzctnyFNHJlnwqQWUhMiFVD32FcF4KoVI9fBMqHbGkz72ahDIllhN
jSsMYbtsxUNuYeXjQd54LDt+PKMThjDRr6t9Zkr4C5aoBb1feUj6bfB5WtL1nKis
aO3tZdjrXTkgfiL3Glge0gBbQylhcsDATGVA1up+1SZjuOcZGr/9UeQ7HFdlkBrX
uJDyzKpuH+r5mlo60gTxUQrB7jfbMMiPck07oxWyx9oSv4vknpUOp7h4wjY+gFND
s/cZf5o00QAKEET72GyOV7tAJMNmwUSRXgRvgacLUV7STzaS7bGjfcwpsQlAdUTr
EV0USwyA5ag=
=ZTjb
-----END PGP SIGNATURE-----