Operating System:

[RedHat]

Published:

06 November 2019

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4143
               yum security, bug fix, and enhancement update
                              6 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          yum
Publisher:        Red Hat
Operating System: Red Hat Enterprise Linux Server 8
                  Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:    Denial of Service -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2019-3817 CVE-2018-20534 

Reference:        ESB-2019.3329
                  ESB-2019.2884
                  ESB-2019.2808
                  ESB-2019.0968

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: yum security, bug fix, and enhancement update
Advisory ID:       RHSA-2019:3583-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3583
Issue date:        2019-11-05
CVE Names:         CVE-2018-20534 CVE-2019-3817 
=====================================================================

1. Summary:

An update for yum is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Yum is a command-line utility that allows the user to check for updates and
automatically download and install updated RPM packages. Yum automatically
obtains and downloads dependencies, prompting the user for permission as
necessary. 

The following packages have been upgraded to a later upstream version: dnf
(4.2.7), dnf-plugins-core (4.0.8), libcomps (0.1.11), libdnf (0.35.1),
librepo (1.10.3), libsolv (0.7.4). (BZ#1690288, BZ#1690289, BZ#1690299,
BZ#1692402, BZ#1694019, BZ#1697946)

Security Fix(es):

* libcomps: use after free when merging two objmrtrees (CVE-2019-3817)

* libsolv: illegal address access in pool_whatprovides in src/pool.h
(CVE-2018-20534)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1650266 - microdnf - sockets not supported building layer on rhel8-beta/rhel-minimal image
1655605 - yum list available --showduplicates will list not only available packages but packages installed on the system.
1656584 - Add support for modular errata
1656801 - `dnf update`:  "Errors occurred during transaction" due to POSTUN scriptlet failures
1657703 - [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error
1657851 - yum  displays dnf  in -h
1658579 - Be explicite about the REPODIR used in the Error message.
1663533 - proxy bypass behavior incompatible with previous versions
1665538 - CVE-2018-20534 libsolv: illegal address access in pool_whatprovides in src/pool.h
1666325 - yum alias list does not work properly
1667898 - repoquery --whatrequires only accepts one pkgspec
1668005 - CVE-2019-3817 libcomps: use after free when merging two objmrtrees
1670835 - [manpage] yum2dnf incorrect and missing info
1671731 - dnf list showduplicates incorrect output
1671839 - dnf: Typo in es_US localization
1672649 - Add dnf.package.Package API for getting pkgid of package from repo in DNF plugin
1673278 - [manpage] inconsistent cmdline options docs: dnf --help/man page
1673289 - dnf enableplugin/disableplugin does not report unknown plugin
1673902 - missing yum-copr man page
1673913 - option tsflags missing in dnf.conf
1673920 - confusing yum-plugin-changelog documentation
1674562 - dnf not parsing default state of comps group correctly
1676418 - yum-utils manpage inconsistent with other yum compat manpages
1677199 - Fail to obtain the transaction lock after change of SELinux policy type
1677583 - yum-builddep tries to install content from non-active stream
1677640 - The module enable/disable works unexpectedly with slow/fast train virt module
1678593 - do not mention switching streams with module enable
1678596 - unable to install module content into nonstandard install root
1678598 - Net install caused /tmp to run out of space due to flood in dnf.librepo.log
1678689 - dnf module --help refers to module_spec while man page uses module-spec
1679008 - no auto completion with dnf
1679509 - [libdnf] Set skip_if_unavailable=false as default behavior for software management tools
1684270 - [hawkey] occasional segfault when interrupting (SIGINT) dnf process (may be caused by particular plugins in use, e.g. "leaves" ones in the past)
1686645 - Remove empty else block.
1686779 - yum-config-manager does not accept repo names
1688537 - reposync doesn't preserve timestamp from repo being synced
1688823 - dnf tracebacks on invalid modular deps
1689331 - packagekit doesn't honor skip_if_unavailable=False for local repositories
1689931 - global parameter to define skip_if_unavailable behavior for yum
1690288 - Rebase libsolv to >= 0.7.3
1690289 - Rebase dnf to >= 4.2.0
1690299 - Rebase libdnf to >= 0.28.0
1690414 - dnf continues despite an error code from test-transaction
1691315 - microdnf fails to install from repo which uses xml:base on location
1692402 - Rebase dnf-plugins-core to >= 4.0.6
1694019 - Rebase librepo to >= 1.9.5
1694709 - [dnf] docs: update description of skip_if_unavailable
1695720 - dnf logs excessively verbosely by default, cannot be configured, certain operations (e.g. reposync) lead to huge logs occupying excessive filesystem space
1697946 - Rebase libcomps to >= 0.1.10
1699348 - System upgrades, empty installroot, involving modular content require explicit --setopt=module_platform_id to work correctly
1700250 - Redundant â\x{128}\x{156}]â\x{128}\x{157} in dnf module info output
1700741 - When dnf plugin is upgraded via Obsolete, it is not run in the transaction phase
1702283 - microdnf leaks memory
1702678 - Settings are not saved with "yum config-manager --save --setopt=<repoid>.<option>=<value>"
1702690 - implement built-in log rotation
1703609 - Inconsistency between dnf-automatic command name and man page name
1706215 - using the @ module syntax for yum4 avoids the stream switching error protection
1707453 - dnf update  --allowerasing just removes a package, without installing a new package.
1709798 - DNF cannot work with installed modularity content if repo is disabled.
1712055 - Confusing Error message: Failed to synchronize cache for repo 'rhel'
1712460 - [microdnf] - UBI containers not "inherit" the subscription automatically from subscribed satellite content host
1713220 - Test object to None after use it
1714265 - libdnf ships /usr/lib64/libdnf/plugins/README but not the parent directories
1714788 - Reposync should sync the entire repository to include module information. reposync should download the packages regardless of whether a module is enabled or disabled
1716313 - libdnf context doesn't honor skip_if_unavailable=True for local repositories
1717429 - dnf install errors out when a non-existent package is provided together with existing ones
1719830 - dnf fails to do simple commands after adding epel-7
1722493 - gpgcheck=0 in a /etc/yum.repos.d/ .repo file is ignored
1724564 - dnf module install <module> - just enable it, without installing it.
1724668 - dnf builddep fails trying to parse specfile
1725213 - dnf: Can't handle being passed 35+ file names as input for downgrade operation
1726141 - dnf-sack.cpp:727: Assertion `fp_primary' failed.
1730224 - libdnf 0.35.1 crashes with "Assertion `repoImpl->libsolvRepo == repo' failed"
1737328 - [abrt] dnf: endTransaction(): transaction.py:758:endTransaction:RuntimeError: TransactionItem state is not set: nodejs-1:10.15.0-1.fc29.x86_64
1744979 - "microdnf --help" crashes (segfault)
1746349 - Incorrect parsing of "--setopt" with repositories with dots

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
createrepo_c-0.11.0-3.el8.src.rpm

aarch64:
createrepo_c-0.11.0-3.el8.aarch64.rpm
createrepo_c-debuginfo-0.11.0-3.el8.aarch64.rpm
createrepo_c-debugsource-0.11.0-3.el8.aarch64.rpm
createrepo_c-devel-0.11.0-3.el8.aarch64.rpm
createrepo_c-libs-0.11.0-3.el8.aarch64.rpm
createrepo_c-libs-debuginfo-0.11.0-3.el8.aarch64.rpm
python3-createrepo_c-0.11.0-3.el8.aarch64.rpm
python3-createrepo_c-debuginfo-0.11.0-3.el8.aarch64.rpm

ppc64le:
createrepo_c-0.11.0-3.el8.ppc64le.rpm
createrepo_c-debuginfo-0.11.0-3.el8.ppc64le.rpm
createrepo_c-debugsource-0.11.0-3.el8.ppc64le.rpm
createrepo_c-devel-0.11.0-3.el8.ppc64le.rpm
createrepo_c-libs-0.11.0-3.el8.ppc64le.rpm
createrepo_c-libs-debuginfo-0.11.0-3.el8.ppc64le.rpm
python3-createrepo_c-0.11.0-3.el8.ppc64le.rpm
python3-createrepo_c-debuginfo-0.11.0-3.el8.ppc64le.rpm

s390x:
createrepo_c-0.11.0-3.el8.s390x.rpm
createrepo_c-debuginfo-0.11.0-3.el8.s390x.rpm
createrepo_c-debugsource-0.11.0-3.el8.s390x.rpm
createrepo_c-devel-0.11.0-3.el8.s390x.rpm
createrepo_c-libs-0.11.0-3.el8.s390x.rpm
createrepo_c-libs-debuginfo-0.11.0-3.el8.s390x.rpm
python3-createrepo_c-0.11.0-3.el8.s390x.rpm
python3-createrepo_c-debuginfo-0.11.0-3.el8.s390x.rpm

x86_64:
createrepo_c-0.11.0-3.el8.x86_64.rpm
createrepo_c-debuginfo-0.11.0-3.el8.i686.rpm
createrepo_c-debuginfo-0.11.0-3.el8.x86_64.rpm
createrepo_c-debugsource-0.11.0-3.el8.i686.rpm
createrepo_c-debugsource-0.11.0-3.el8.x86_64.rpm
createrepo_c-devel-0.11.0-3.el8.i686.rpm
createrepo_c-devel-0.11.0-3.el8.x86_64.rpm
createrepo_c-libs-0.11.0-3.el8.i686.rpm
createrepo_c-libs-0.11.0-3.el8.x86_64.rpm
createrepo_c-libs-debuginfo-0.11.0-3.el8.i686.rpm
createrepo_c-libs-debuginfo-0.11.0-3.el8.x86_64.rpm
python3-createrepo_c-0.11.0-3.el8.x86_64.rpm
python3-createrepo_c-debuginfo-0.11.0-3.el8.i686.rpm
python3-createrepo_c-debuginfo-0.11.0-3.el8.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
dnf-4.2.7-6.el8.src.rpm
dnf-plugins-core-4.0.8-3.el8.src.rpm
libcomps-0.1.11-2.el8.src.rpm
libdnf-0.35.1-8.el8.src.rpm
librepo-1.10.3-3.el8.src.rpm
librhsm-0.0.3-3.el8.src.rpm
libsolv-0.7.4-3.el8.src.rpm
microdnf-3.0.1-3.el8.src.rpm

aarch64:
libcomps-0.1.11-2.el8.aarch64.rpm
libcomps-debuginfo-0.1.11-2.el8.aarch64.rpm
libcomps-debugsource-0.1.11-2.el8.aarch64.rpm
libcomps-devel-0.1.11-2.el8.aarch64.rpm
libdnf-0.35.1-8.el8.aarch64.rpm
libdnf-debuginfo-0.35.1-8.el8.aarch64.rpm
libdnf-debugsource-0.35.1-8.el8.aarch64.rpm
librepo-1.10.3-3.el8.aarch64.rpm
librepo-debuginfo-1.10.3-3.el8.aarch64.rpm
librepo-debugsource-1.10.3-3.el8.aarch64.rpm
librhsm-0.0.3-3.el8.aarch64.rpm
librhsm-debuginfo-0.0.3-3.el8.aarch64.rpm
librhsm-debugsource-0.0.3-3.el8.aarch64.rpm
libsolv-0.7.4-3.el8.aarch64.rpm
libsolv-debuginfo-0.7.4-3.el8.aarch64.rpm
libsolv-debugsource-0.7.4-3.el8.aarch64.rpm
libsolv-demo-debuginfo-0.7.4-3.el8.aarch64.rpm
libsolv-tools-debuginfo-0.7.4-3.el8.aarch64.rpm
microdnf-3.0.1-3.el8.aarch64.rpm
microdnf-debuginfo-3.0.1-3.el8.aarch64.rpm
microdnf-debugsource-3.0.1-3.el8.aarch64.rpm
perl-solv-debuginfo-0.7.4-3.el8.aarch64.rpm
python3-hawkey-0.35.1-8.el8.aarch64.rpm
python3-hawkey-debuginfo-0.35.1-8.el8.aarch64.rpm
python3-libcomps-0.1.11-2.el8.aarch64.rpm
python3-libcomps-debuginfo-0.1.11-2.el8.aarch64.rpm
python3-libdnf-0.35.1-8.el8.aarch64.rpm
python3-libdnf-debuginfo-0.35.1-8.el8.aarch64.rpm
python3-librepo-1.10.3-3.el8.aarch64.rpm
python3-librepo-debuginfo-1.10.3-3.el8.aarch64.rpm
python3-solv-debuginfo-0.7.4-3.el8.aarch64.rpm
ruby-solv-debuginfo-0.7.4-3.el8.aarch64.rpm

noarch:
dnf-4.2.7-6.el8.noarch.rpm
dnf-automatic-4.2.7-6.el8.noarch.rpm
dnf-data-4.2.7-6.el8.noarch.rpm
dnf-plugins-core-4.0.8-3.el8.noarch.rpm
python3-dnf-4.2.7-6.el8.noarch.rpm
python3-dnf-plugin-versionlock-4.0.8-3.el8.noarch.rpm
python3-dnf-plugins-core-4.0.8-3.el8.noarch.rpm
yum-4.2.7-6.el8.noarch.rpm
yum-utils-4.0.8-3.el8.noarch.rpm

ppc64le:
libcomps-0.1.11-2.el8.ppc64le.rpm
libcomps-debuginfo-0.1.11-2.el8.ppc64le.rpm
libcomps-debugsource-0.1.11-2.el8.ppc64le.rpm
libcomps-devel-0.1.11-2.el8.ppc64le.rpm
libdnf-0.35.1-8.el8.ppc64le.rpm
libdnf-debuginfo-0.35.1-8.el8.ppc64le.rpm
libdnf-debugsource-0.35.1-8.el8.ppc64le.rpm
librepo-1.10.3-3.el8.ppc64le.rpm
librepo-debuginfo-1.10.3-3.el8.ppc64le.rpm
librepo-debugsource-1.10.3-3.el8.ppc64le.rpm
librhsm-0.0.3-3.el8.ppc64le.rpm
librhsm-debuginfo-0.0.3-3.el8.ppc64le.rpm
librhsm-debugsource-0.0.3-3.el8.ppc64le.rpm
libsolv-0.7.4-3.el8.ppc64le.rpm
libsolv-debuginfo-0.7.4-3.el8.ppc64le.rpm
libsolv-debugsource-0.7.4-3.el8.ppc64le.rpm
libsolv-demo-debuginfo-0.7.4-3.el8.ppc64le.rpm
libsolv-tools-debuginfo-0.7.4-3.el8.ppc64le.rpm
microdnf-3.0.1-3.el8.ppc64le.rpm
microdnf-debuginfo-3.0.1-3.el8.ppc64le.rpm
microdnf-debugsource-3.0.1-3.el8.ppc64le.rpm
perl-solv-debuginfo-0.7.4-3.el8.ppc64le.rpm
python3-hawkey-0.35.1-8.el8.ppc64le.rpm
python3-hawkey-debuginfo-0.35.1-8.el8.ppc64le.rpm
python3-libcomps-0.1.11-2.el8.ppc64le.rpm
python3-libcomps-debuginfo-0.1.11-2.el8.ppc64le.rpm
python3-libdnf-0.35.1-8.el8.ppc64le.rpm
python3-libdnf-debuginfo-0.35.1-8.el8.ppc64le.rpm
python3-librepo-1.10.3-3.el8.ppc64le.rpm
python3-librepo-debuginfo-1.10.3-3.el8.ppc64le.rpm
python3-solv-debuginfo-0.7.4-3.el8.ppc64le.rpm
ruby-solv-debuginfo-0.7.4-3.el8.ppc64le.rpm

s390x:
libcomps-0.1.11-2.el8.s390x.rpm
libcomps-debuginfo-0.1.11-2.el8.s390x.rpm
libcomps-debugsource-0.1.11-2.el8.s390x.rpm
libcomps-devel-0.1.11-2.el8.s390x.rpm
libdnf-0.35.1-8.el8.s390x.rpm
libdnf-debuginfo-0.35.1-8.el8.s390x.rpm
libdnf-debugsource-0.35.1-8.el8.s390x.rpm
librepo-1.10.3-3.el8.s390x.rpm
librepo-debuginfo-1.10.3-3.el8.s390x.rpm
librepo-debugsource-1.10.3-3.el8.s390x.rpm
librhsm-0.0.3-3.el8.s390x.rpm
librhsm-debuginfo-0.0.3-3.el8.s390x.rpm
librhsm-debugsource-0.0.3-3.el8.s390x.rpm
libsolv-0.7.4-3.el8.s390x.rpm
libsolv-debuginfo-0.7.4-3.el8.s390x.rpm
libsolv-debugsource-0.7.4-3.el8.s390x.rpm
libsolv-demo-debuginfo-0.7.4-3.el8.s390x.rpm
libsolv-tools-debuginfo-0.7.4-3.el8.s390x.rpm
microdnf-3.0.1-3.el8.s390x.rpm
microdnf-debuginfo-3.0.1-3.el8.s390x.rpm
microdnf-debugsource-3.0.1-3.el8.s390x.rpm
perl-solv-debuginfo-0.7.4-3.el8.s390x.rpm
python3-hawkey-0.35.1-8.el8.s390x.rpm
python3-hawkey-debuginfo-0.35.1-8.el8.s390x.rpm
python3-libcomps-0.1.11-2.el8.s390x.rpm
python3-libcomps-debuginfo-0.1.11-2.el8.s390x.rpm
python3-libdnf-0.35.1-8.el8.s390x.rpm
python3-libdnf-debuginfo-0.35.1-8.el8.s390x.rpm
python3-librepo-1.10.3-3.el8.s390x.rpm
python3-librepo-debuginfo-1.10.3-3.el8.s390x.rpm
python3-solv-debuginfo-0.7.4-3.el8.s390x.rpm
ruby-solv-debuginfo-0.7.4-3.el8.s390x.rpm

x86_64:
libcomps-0.1.11-2.el8.i686.rpm
libcomps-0.1.11-2.el8.x86_64.rpm
libcomps-debuginfo-0.1.11-2.el8.i686.rpm
libcomps-debuginfo-0.1.11-2.el8.x86_64.rpm
libcomps-debugsource-0.1.11-2.el8.i686.rpm
libcomps-debugsource-0.1.11-2.el8.x86_64.rpm
libcomps-devel-0.1.11-2.el8.i686.rpm
libcomps-devel-0.1.11-2.el8.x86_64.rpm
libdnf-0.35.1-8.el8.i686.rpm
libdnf-0.35.1-8.el8.x86_64.rpm
libdnf-debuginfo-0.35.1-8.el8.i686.rpm
libdnf-debuginfo-0.35.1-8.el8.x86_64.rpm
libdnf-debugsource-0.35.1-8.el8.i686.rpm
libdnf-debugsource-0.35.1-8.el8.x86_64.rpm
librepo-1.10.3-3.el8.i686.rpm
librepo-1.10.3-3.el8.x86_64.rpm
librepo-debuginfo-1.10.3-3.el8.i686.rpm
librepo-debuginfo-1.10.3-3.el8.x86_64.rpm
librepo-debugsource-1.10.3-3.el8.i686.rpm
librepo-debugsource-1.10.3-3.el8.x86_64.rpm
librhsm-0.0.3-3.el8.i686.rpm
librhsm-0.0.3-3.el8.x86_64.rpm
librhsm-debuginfo-0.0.3-3.el8.i686.rpm
librhsm-debuginfo-0.0.3-3.el8.x86_64.rpm
librhsm-debugsource-0.0.3-3.el8.i686.rpm
librhsm-debugsource-0.0.3-3.el8.x86_64.rpm
libsolv-0.7.4-3.el8.i686.rpm
libsolv-0.7.4-3.el8.x86_64.rpm
libsolv-debuginfo-0.7.4-3.el8.i686.rpm
libsolv-debuginfo-0.7.4-3.el8.x86_64.rpm
libsolv-debugsource-0.7.4-3.el8.i686.rpm
libsolv-debugsource-0.7.4-3.el8.x86_64.rpm
libsolv-demo-debuginfo-0.7.4-3.el8.i686.rpm
libsolv-demo-debuginfo-0.7.4-3.el8.x86_64.rpm
libsolv-tools-debuginfo-0.7.4-3.el8.i686.rpm
libsolv-tools-debuginfo-0.7.4-3.el8.x86_64.rpm
microdnf-3.0.1-3.el8.x86_64.rpm
microdnf-debuginfo-3.0.1-3.el8.x86_64.rpm
microdnf-debugsource-3.0.1-3.el8.x86_64.rpm
perl-solv-debuginfo-0.7.4-3.el8.i686.rpm
perl-solv-debuginfo-0.7.4-3.el8.x86_64.rpm
python3-hawkey-0.35.1-8.el8.x86_64.rpm
python3-hawkey-debuginfo-0.35.1-8.el8.i686.rpm
python3-hawkey-debuginfo-0.35.1-8.el8.x86_64.rpm
python3-libcomps-0.1.11-2.el8.x86_64.rpm
python3-libcomps-debuginfo-0.1.11-2.el8.i686.rpm
python3-libcomps-debuginfo-0.1.11-2.el8.x86_64.rpm
python3-libdnf-0.35.1-8.el8.x86_64.rpm
python3-libdnf-debuginfo-0.35.1-8.el8.i686.rpm
python3-libdnf-debuginfo-0.35.1-8.el8.x86_64.rpm
python3-librepo-1.10.3-3.el8.x86_64.rpm
python3-librepo-debuginfo-1.10.3-3.el8.i686.rpm
python3-librepo-debuginfo-1.10.3-3.el8.x86_64.rpm
python3-solv-debuginfo-0.7.4-3.el8.i686.rpm
python3-solv-debuginfo-0.7.4-3.el8.x86_64.rpm
ruby-solv-debuginfo-0.7.4-3.el8.i686.rpm
ruby-solv-debuginfo-0.7.4-3.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-20534
https://access.redhat.com/security/cve/CVE-2019-3817
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXcHqGtzjgjWX9erEAQjyNQ/+KBPwjd6ETBXYeV4yjZSiMTTkDcMDR8sI
GKWVV1DEavCWNJx77dUSm4S3rA+sdEYAt8MK+vyRsu6FcziOSq5LL+Xg+Oe9jn8o
ucqYTboEigCuof/wsZyN1vVQyT46ayrDz8kgwIm4f0ZKJJ4GWGtFiPKidkDAfiQ0
9y7nleG4eP3GEYM7yNVlCURRAIAoefzTjYdp+WFNJtyHyXe0yF4y8Fsg1oM38S7H
o2Jt67hEwugujx+NlSl9BmcpZD6Vy2VTb4nMqNT0/LSYaJOQIV5tWPpbbhSy8qbu
5O2LJ6fGB1XKT6Mk0jwk3vllG5+1SO8lLNzIKQynTejyZHdNtmDp8qQqU2bkssHh
SbQ8M1Edgn6dUPAKb2ET0dWToUuNMQjxyddi+ChwH4E1x9ETZjDbKlEg8HE5zA0s
KwTRHK4TKsq7FmgXwu59fgvOSsnzRy3/n4iulq3nN/vUkejsmY09C7XYAF2yy+Xg
o6Dg3sSToV3tI9anM0ZJG/w5UwNWq3bOuWmuIXVCUbXlgpMvqIDxKNGe280hmEw5
7YzO8uGvBVgl+JBl1kMsWHU+Gyu5BZvDKxdU67xaWBV6gsylD7sP/ZeykSpQvrJA
Qeu3+p8T0Wzg40f+sbCaKIPI7KulENc4+gcqhLV7yRs9TKl0XLHbqd8d8gZYqJIN
ND1R8aMSspc=
=NRNR
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXcJEQWaOgq3Tt24GAQjGqxAAtN+FWMnWYEra0oI0EyjjH6kN4QMdhaeC
MfuRB7g4FrqaXZdRSTLLCYOTOrsYC4vvN0iXmkHLUs/0FuWnoS53lw4+NshnaYGb
QPtB9H63B6o1TNWkQ+jQrVSsUQ8hD91kjjdrnqadiyu4nk4o3BTmy3geCYt5+T2r
Y8sDo8Qsc6pTumkO4Ma+shYPElM7MEwDDDn0VYFLPQzuNrY+y7n+Edx9ZhdgO3EM
0Q0DPngowVV9UvK+xVHEsF3Qrx1qYoEoZX6+55TJ6Gw7JMU/9/9O2IG13qzuPdLe
/L6oPwWvLfcjOrsbxB3sqi6gkfsu0enlNi7dEcQ7xHN+vFHHdnBhKuqqK27j97Vs
fP+nqN2RN/Ut5Rn4sun3mPRVM8MlBYJ1p46BWdW/uwgCoU1lyIg1t7NmPR+ar9fx
LzWrTjV2LLAUwPj5yjYqSFsJSXOQFnDlLjKruq6aBRqq5ZDlTce8LwdTjdGWDXJj
77lorCQTsT5zns8lf7UjVNNwBRHxYFNQ7Z9W1kzB7LE2CRM/+7L59q9VbfXVReGg
/oL/ROsbKaTDPJ99EfrazeR9gAx2gTJtOWh9ODI+1GqYSUaH6QgYh0FSR0xDW/8v
cHWLyXGwg7I54wXMke+0Rau4XIkn/EwpoWWCN6SKkvouXlZi99I1nn8Zwx5IJTNR
MpxrdE+zK2k=
=X95J
-----END PGP SIGNATURE-----