Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2267
OpenShift Container Platform 4.2.36
ose-machine-config-operator-container security update
2 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat OpenShift Enterprise
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Console/Physical
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Existing Account
Access Confidential Data -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-10749 CVE-2020-8617 CVE-2020-8616
CVE-2020-8555 CVE-2020-1750 CVE-2019-18874
CVE-2019-14891
Reference: ESB-2020.2173.2
ESB-2020.2095
ESB-2020.1975
ESB-2020.1905
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:2595
https://access.redhat.com/errata/RHSA-2020:2594
https://access.redhat.com/errata/RHSA-2020:2592
https://access.redhat.com/errata/RHSA-2020:2776
https://access.redhat.com/errata/RHSA-2020:2593
Comment: This bulletin contains five (5) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security update
Advisory ID: RHSA-2020:2595-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2595
Issue date: 2020-07-01
CVE Names: CVE-2020-1750 CVE-2020-8616 CVE-2020-8617
=====================================================================
1. Summary:
An update for ose-machine-config-operator-container is now available for
Red Hat OpenShift Container Platform 4.2.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* machine-config-operator-container: mmap stressor made the cluster
unresponsive (CVE-2020-1750)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.2 see the following documentation, which
will be updated shortly for release 4.2.36, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.2/updating/updating-cluster
- - -cli.html.
4. Bugs fixed (https://bugzilla.redhat.com/):
1808130 - CVE-2020-1750 machine-config-operator-container: mmap stressor makes the cluster unresponsive
5. References:
https://access.redhat.com/security/cve/CVE-2020-1750
https://access.redhat.com/security/cve/CVE-2020-8616
https://access.redhat.com/security/cve/CVE-2020-8617
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXvy08dzjgjWX9erEAQj2Xw//ccQwQsGI9OlPP5ezTRgNXlRjHIjHYM4B
XE3NU+hsvP278LAi5ifrrlh9sSJY/xrlzdb6+LvtQ8wnFOF/SvOlp/KhAJdVSp5O
4vZet2udroUJQ7lb3m096e5uya6/tCD4IglTHOzBDORpQ5jnggseq2V6tDeeOLpA
usU6E8+A43H5McuYb2gPnS80IjXwRe6O9kBykC2xBBgQuww/EYpkuzdFcPbGvHtQ
4EZSiv35O+Xr3olfd6Q/QiSwYTlwnQgkXTJ00XlcHoZbak4WBLcA1LudBs4NCGIG
zTiJsUFV5NsKMg3KvvbvsvvmkeohzIBoBiS2NEPpO1oLtTdb/k9qWooksqXD+Rj+
40IbOQDiTVp4Ch4oC+4umnl1rpW2hBiT1yFJovUz/TNoiVyJ0kzMKmPgu0pW7wGl
apK25xee2eHfza+nRyEWmXskjmV+g+s1TGYL4gpIq9zh7L5tK5G5QMB/kJyAmKy8
V0n5ZxRZwGNaGDFM+OL0L48NPKoNnOe1hD2W+SqMiw8vkuyMhvHf9nsmOf6gB22q
oF01z8Nbjmo3ecKOVvrBF0a1Bst+GMUH2Nr/iur7PsAcE9tLEk7NzByqaAc0SdT/
V2z5iQdnE3earAOrR/pTF8gGojZytqXPzGhj9pchw/IlMOeJdg6nwIcMYztevUqj
O8FnwPv074Q=
=wTI+
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.2.36 openshift security update
Advisory ID: RHSA-2020:2594-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2594
Issue date: 2020-07-01
CVE Names: CVE-2020-8555
=====================================================================
1. Summary:
An update for openshift is now available for Red Hat OpenShift Container
Platform 4.2.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenShift Container Platform 4.2 - s390x, x86_64
3. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* kubernetes: Server side request forgery (SSRF) in kube-controller-manager
allows users to leak secret information (CVE-2020-8555)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For OpenShift Container Platform 4.2 see the following documentation, which
will be updated shortly for release 4.2.36, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.2/updating/updating-cluster
- - -cli.html.
5. Bugs fixed (https://bugzilla.redhat.com/):
1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
6. Package List:
Red Hat OpenShift Container Platform 4.2:
Source:
openshift-4.2.36-202006211650.p0.git.0.1fe246f.el7.src.rpm
s390x:
openshift-hyperkube-4.2.36-202006211650.p0.git.0.1fe246f.el7.s390x.rpm
x86_64:
openshift-hyperkube-4.2.36-202006211650.p0.git.0.1fe246f.el7.x86_64.rpm
Red Hat OpenShift Container Platform 4.2:
Source:
openshift-4.2.36-202006211650.p0.git.0.1fe246f.el8.src.rpm
s390x:
openshift-hyperkube-4.2.36-202006211650.p0.git.0.1fe246f.el8.s390x.rpm
x86_64:
openshift-hyperkube-4.2.36-202006211650.p0.git.0.1fe246f.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-8555
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXvy0c9zjgjWX9erEAQjy8A//ZIw20sS8h7J4t5KV1Z5W3qUmrUgFHkS+
gG9FpmKjdS+NdaIwJdeNXw7MTDWneTme6eJqk1i1lVJkA2Dc/hnI3pwJrf7QLX7s
8vBTBrG+0FLoE2yJ3Hf035EPRiwB05dCft/GLYJ7yN6klOhEyS9IjTMqbUUVE9Zm
Jwwl6wT5cT409xPrb+YTDqi685iVcoMTVLLeAx0YrJ7cIwaJlKOyYptu8kcfcPAF
2ZzBwyhWBMJaJuGj+EJPYF6zn/BIYq2jaWrjH+8k59KUnwnzY56w9iwEgCVcXTPq
gb1hvqKUFzo55UCqMN3Q2zoNZmSWYNK4cDTWZLDBwCsZmbeTFim8HN8i5gSONDeC
l4FPVrlHfrv5y0OTjXEJFLbGbLth67ddiVVnPo/wEkYTjcxuN4QUE456dKNOsY9S
hzP+vQHSVdQvXvh8LdOk5XyLHPvVoU3o3BS5Y+pudhy5ND4ZXSZr9h9JeAAh9OcQ
apByuBL/JuUAdL4YOrD7GJCEFm+a1dl5oAPnHXgxGj/kYOFCxYw3ZiSRMr+7AqQn
yzRJPEcqeAwh4UUWOBZy2hFkErcs65YhCxIVEnv9B0CL8/fVu9xUKpiG51tY3rBx
1ANpLEn44Ztk9OyoJy1rbQj1riiqwshA/k3wNaMtxAC8v+9T6eC2bcgn6q51cmyE
Ovjy3q1SoJw=
=ShMs
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.2.36 containernetworking-plugins security update
Advisory ID: RHSA-2020:2592-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2592
Issue date: 2020-07-01
CVE Names: CVE-2020-10749
=====================================================================
1. Summary:
An update for containernetworking-plugins is now available for Red Hat
OpenShift Container Platform 4.2.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenShift Container Platform 4.2 - s390x, x86_64
3. Description:
The Container Network Interface (CNI) project consists of a specification
and libraries for writing plug-ins for configuring network interfaces in
Linux containers, along with a number of supported plug-ins. CNI concerns
itself only with network connectivity of containers and removing allocated
resources when the container is deleted.
Security Fix(es):
* containernetworking/plugins: IPv6 router advertisements allowed for MitM
attacks on IPv4 clusters (CVE-2020-10749)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For OpenShift Container Platform 4.2 see the following documentation, which
will be updated shortly for release 4.2.36, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.2/updating/updating-cluster
- - -cli.html.
5. Bugs fixed (https://bugzilla.redhat.com/):
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
6. Package List:
Red Hat OpenShift Container Platform 4.2:
Source:
containernetworking-plugins-0.8.6-1.rhaos4.2.el7.src.rpm
s390x:
containernetworking-plugins-0.8.6-1.rhaos4.2.el7.s390x.rpm
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.2.el7.s390x.rpm
x86_64:
containernetworking-plugins-0.8.6-1.rhaos4.2.el7.x86_64.rpm
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.2.el7.x86_64.rpm
Red Hat OpenShift Container Platform 4.2:
Source:
containernetworking-plugins-0.8.6-1.rhaos4.2.el8.src.rpm
s390x:
containernetworking-plugins-0.8.6-1.rhaos4.2.el8.s390x.rpm
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.2.el8.s390x.rpm
containernetworking-plugins-debugsource-0.8.6-1.rhaos4.2.el8.s390x.rpm
x86_64:
containernetworking-plugins-0.8.6-1.rhaos4.2.el8.x86_64.rpm
containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.2.el8.x86_64.rpm
containernetworking-plugins-debugsource-0.8.6-1.rhaos4.2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-10749
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXvy0t9zjgjWX9erEAQjWmw/+MEtrAMwpGlx3LAF6aC/mn2oO5pzaIAIx
vhuEDK6xaBBgMnwCrRvFxRoQV6aFOcPNgRU3rn/hRMx/4KZ/OvGhPXpu9WU9R8qa
0aNQjcg3arKLGBFyA6CWFGHGXS2t8G3OnurTvYgepBLMWPTsl6e3Ce90hvvm0gBa
yf0oKfCr0pSRLp9Z3SxYuGSzIuxQq+soIlByKKWFXYGFabNKDDtrDV5MB18OQNxE
44SxdE6y5Rgkkv61EqhcbBeHQU6aqmTkWflghbimTh2C+EJSmD3mbsMAh6wGnbKM
xxdqROFEwsTIgCOFA4HzoSoQ8HuqYlGH+3Z9WArj5nqVkvNH01lzPZnjenF4Lt7P
O08cWa/Je4LdjWjhlI4eYn3lNap+Wj/8SjYEv2Jmbb6vpaEe+KJJ0lGpUJn/Vz5/
PJcAFa6A2kZ5TQUm+SmIrC40T6uzri4mmNglNdjPh9DudVHmRtVM9Jf5gFWgJBvt
fUSm1U4XJueD0DMUAdbD0yoMc68jSB/khBRAmJ6Jb+o+RfTuepnPDzMhClR6Wkbf
7OoZscpYClNUOCHcAiGXjjdxDJZgJGtjKnX9xMiCBjHW8xPSfKuwuvnaybQWmQY2
UEa0fRQ6kJIGaxScyDEvkv9uBC8MkQ300ePkayBJhwguWFM0N0Nx7PpAQT8h8M3j
9h8khY3jZyY=
=xiOg
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.2.36 cri-o security update
Advisory ID: RHSA-2020:2776-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2776
Issue date: 2020-07-01
CVE Names: CVE-2019-14891
=====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 4.2.36 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenShift Container Platform 4.2 - s390x, x86_64
3. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* cri-o: infra container reparented to systemd following OOM Killer killing
its conmon (CVE-2019-14891)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For OpenShift Container Platform 4.2 see the following documentation, which
will be updated shortly for release 4.2.36, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.2/updating/updating-cluster
- - -cli.html.
5. Bugs fixed (https://bugzilla.redhat.com/):
1772280 - CVE-2019-14891 cri-o: infra container reparented to systemd following OOM Killer killing it's conmon
6. Package List:
Red Hat OpenShift Container Platform 4.2:
Source:
cri-o-1.14.12-24.dev.rhaos4.2.gita17905f.el7.src.rpm
s390x:
cri-o-1.14.12-24.dev.rhaos4.2.gita17905f.el7.s390x.rpm
x86_64:
cri-o-1.14.12-24.dev.rhaos4.2.gita17905f.el7.x86_64.rpm
cri-o-debuginfo-1.14.12-24.dev.rhaos4.2.gita17905f.el7.x86_64.rpm
Red Hat OpenShift Container Platform 4.2:
Source:
cri-o-1.14.12-15.dev.rhaos4.2.gita17905f.el8.src.rpm
s390x:
cri-o-1.14.12-15.dev.rhaos4.2.gita17905f.el8.s390x.rpm
x86_64:
cri-o-1.14.12-15.dev.rhaos4.2.gita17905f.el8.x86_64.rpm
cri-o-debuginfo-1.14.12-15.dev.rhaos4.2.gita17905f.el8.x86_64.rpm
cri-o-debugsource-1.14.12-15.dev.rhaos4.2.gita17905f.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14891
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXvy0WNzjgjWX9erEAQif+w//Rb3hXGnUociJjPyw5Cn9R3KJd5n98v0y
xXBB1zMkLkbz2kkMIQqcqrrBWUTTps/VTDve2MdmkT6zPHCP9GKVN56deEnfrWpJ
2J7Jqm6KDz/8WjsN4xJNL+FSbihTWpQEc1S7NCfXF+DBds9xS61rmeWvSWZBAZ0d
wRL8CRIC/eEFZXLi4qFv9YSkWxyaULt/otjr7vqd4oLsgFiMFYL10/eZ8eyMqWNV
mFEVL8jj5JMMcMGKt+Db5TH8N5qz1gRZoozyOE8bv+1Ac5jP0ryP7HPYD26dtaU/
q+Nl0hFKzZUMxyrpUarePiM5e7WKUh2/pnGyks8tbPYHcDKKGhFyMdNzGOZ66JOj
iZgRbyPZ9h86dbfrqmwW/s2RvJqF36FUuW+Vyd77l4bTu2538OLsO67B3BXOJXea
2QXJvj9RQWxDNM+t2hGLSsQesKqOPc7iPD4OVGx/mMu51gZDogoXu8OlPoSI6pg/
J4Lfxq0PbvF6xGvSX3nqd8HtGOgJtU0kNrCdCYiQ+mivpA2ps+xN5ovmdC63jZKY
h8JW1+HQOEFf49HGjzPUR3IuHT+8KsHw6AOLuo4FKxIaX8876uPshmOI3UitNa9U
icpfdKB8AcWUJXJEB/nVkNnJZh9pBIHna855NvQJjDf+MF7bHL0NkoNEb/2G9+OS
mUrQ0l37duU=
=GSc/
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.2.36 python-psutil security update
Advisory ID: RHSA-2020:2593-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2593
Issue date: 2020-07-01
CVE Names: CVE-2019-18874
=====================================================================
1. Summary:
An update for python-psutil is now available for Red Hat OpenShift
Container Platform 4.2.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenShift Container Platform 4.2 - s390x, x86_64
3. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* python-psutil: double free because of refcount mishandling
(CVE-2019-18874)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For OpenShift Container Platform 4.2 see the following documentation, which
will be updated shortly for release 4.2.36, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.2/updating/updating-cluster
- - -cli.html.
5. Bugs fixed (https://bugzilla.redhat.com/):
1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling
6. Package List:
Red Hat OpenShift Container Platform 4.2:
Source:
python-psutil-5.6.6-1.el7ar.src.rpm
s390x:
python-psutil-debuginfo-5.6.6-1.el7ar.s390x.rpm
python2-psutil-5.6.6-1.el7ar.s390x.rpm
x86_64:
python-psutil-debuginfo-5.6.6-1.el7ar.x86_64.rpm
python2-psutil-5.6.6-1.el7ar.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-18874
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXvy0PtzjgjWX9erEAQjRVg/+OMVoVMgi1nLTzfBCOUf4uV59x4CmtMJJ
DO/GP9Jd9yixjXigqz0x6O0C7sUE60RSecT1wsfyh/YsbUmOZDGVruuM7YD0KMJj
HxV2FFDJWcqag1R1TFQFgGuU2/fY+3tDAFVY2ROnJGBVJ7nDTD4R7lLNV1GJ16Ep
VYVhQrKagXC93ygjGJVK4fkKyqQAKg37iNxguo9ieWoPpv/KTQ6VRrylyfuQXxvy
OX5BlnvU5L+plDRN6vfIguQIX5rf0tjIw+FS0jQXn8cE60vmwuKNeuh4+o+2QNGP
eM6dOkVyw9wgKwEt4gl5txRQzm+q/eZ72EKSNsx4dh35f5tH86FhDExxp1x7kh20
SYW7pAObgYcW1A+63cBBsvaJUFHxYrU+e3fK28NTSYlYxP2ckoEHXvSjmMbRsPrW
6cbpp+q/tOdVK/XZM/XQIa2F12jvD7qSi7nD1JnUubFzgLt9FSGTIFqwRmxyZrTz
2Qj0Z4jrPQ0mzxrdgZovovqwIdGzNDJ9VG737yuC0qJGUSxWn4Y5Px8j9A/lX3cW
9iaS1CN0FPxO/1BLqD5v2LxuWE3F8VtwqBkuVjFZxyHEjjM02VrSSWzQdUB1fK3K
fOx9KBkwit/4DWjhUUsJPevdNNi9kXGtSYT3fhAa2c0sgeiY9bnoFOkMcHxa3hCU
uYlNQOoPuKc=
=/P5C
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXv1J0eNLKJtyKPYoAQiJ4w//Zy+WEkgd4kPEHjFG87aDvQz14OkPd9cZ
ycM+6wCTMNSG8RkqQelMTorRso1EAKbeH++VlYjqnF294hHOKLVV5nMaH79xHHfx
LOy99v40raNJ2wOufYgSU7DdO4h2V19uY9YTUdN/DaRRNJEmweBWVigLeJLc01Vp
fhwn/2pz0f9ac4C3YvSlmu+XOJFjwbPVyLgYK0vHzzR1+1LYgvbiAEaWrKqkZi8E
Z68NKa1B37w1pH+pjA+DwtrLQtPxfNFeqshhr47rnLsaDJj0QHef3o6erRAFDoC5
YsZjgmq9zXDeHkJIb3DNHhIWX6X58j8wkW4d15KoQ0DySJ6gZHhVrHNHn53o9GSC
Ss22PVBPp7+iojTfWIvJc9YpZsY01KOT9ny4BIYBT9FEAAewYZ7ho1AaS+8+GCkf
gW+aSsls+iUpIsX3DxElsfQk6AA0/OJkwJLodTxGZTnMP9f6Q66SGMLk0L8bOclk
qHHZ5hrHPB9qeW/Pv3gJOydgyEphLjHJDpe/Q+x43UqbCP3FeFjqFXIa1AlZWvxs
us0dw/N2uL0fFGRnLjpFN6NtkMLHNjggmYRJySH3mmXDdA3gqeR6TTyrj27BGdOA
W/YIlfBoS3qNRgCIiQuSkWt+xuiJBeyngdpYQLF36G8n5tjlUHQwnhH0vvX4BVhY
7ZgudCjSVGg=
=Ywmk
-----END PGP SIGNATURE-----