Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2267 OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security update 2 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat OpenShift Enterprise Publisher: Red Hat Operating System: Red Hat Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Console/Physical Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Existing Account Access Confidential Data -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-10749 CVE-2020-8617 CVE-2020-8616 CVE-2020-8555 CVE-2020-1750 CVE-2019-18874 CVE-2019-14891 Reference: ESB-2020.2173.2 ESB-2020.2095 ESB-2020.1975 ESB-2020.1905 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:2595 https://access.redhat.com/errata/RHSA-2020:2594 https://access.redhat.com/errata/RHSA-2020:2592 https://access.redhat.com/errata/RHSA-2020:2776 https://access.redhat.com/errata/RHSA-2020:2593 Comment: This bulletin contains five (5) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security update Advisory ID: RHSA-2020:2595-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:2595 Issue date: 2020-07-01 CVE Names: CVE-2020-1750 CVE-2020-8616 CVE-2020-8617 ===================================================================== 1. Summary: An update for ose-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * machine-config-operator-container: mmap stressor made the cluster unresponsive (CVE-2020-1750) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.2 see the following documentation, which will be updated shortly for release 4.2.36, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.2/updating/updating-cluster - - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1808130 - CVE-2020-1750 machine-config-operator-container: mmap stressor makes the cluster unresponsive 5. References: https://access.redhat.com/security/cve/CVE-2020-1750 https://access.redhat.com/security/cve/CVE-2020-8616 https://access.redhat.com/security/cve/CVE-2020-8617 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvy08dzjgjWX9erEAQj2Xw//ccQwQsGI9OlPP5ezTRgNXlRjHIjHYM4B XE3NU+hsvP278LAi5ifrrlh9sSJY/xrlzdb6+LvtQ8wnFOF/SvOlp/KhAJdVSp5O 4vZet2udroUJQ7lb3m096e5uya6/tCD4IglTHOzBDORpQ5jnggseq2V6tDeeOLpA usU6E8+A43H5McuYb2gPnS80IjXwRe6O9kBykC2xBBgQuww/EYpkuzdFcPbGvHtQ 4EZSiv35O+Xr3olfd6Q/QiSwYTlwnQgkXTJ00XlcHoZbak4WBLcA1LudBs4NCGIG zTiJsUFV5NsKMg3KvvbvsvvmkeohzIBoBiS2NEPpO1oLtTdb/k9qWooksqXD+Rj+ 40IbOQDiTVp4Ch4oC+4umnl1rpW2hBiT1yFJovUz/TNoiVyJ0kzMKmPgu0pW7wGl apK25xee2eHfza+nRyEWmXskjmV+g+s1TGYL4gpIq9zh7L5tK5G5QMB/kJyAmKy8 V0n5ZxRZwGNaGDFM+OL0L48NPKoNnOe1hD2W+SqMiw8vkuyMhvHf9nsmOf6gB22q oF01z8Nbjmo3ecKOVvrBF0a1Bst+GMUH2Nr/iur7PsAcE9tLEk7NzByqaAc0SdT/ V2z5iQdnE3earAOrR/pTF8gGojZytqXPzGhj9pchw/IlMOeJdg6nwIcMYztevUqj O8FnwPv074Q= =wTI+ - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.2.36 openshift security update Advisory ID: RHSA-2020:2594-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:2594 Issue date: 2020-07-01 CVE Names: CVE-2020-8555 ===================================================================== 1. Summary: An update for openshift is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.2 - s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information (CVE-2020-8555) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.2 see the following documentation, which will be updated shortly for release 4.2.36, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.2/updating/updating-cluster - - -cli.html. 5. Bugs fixed (https://bugzilla.redhat.com/): 1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information 6. Package List: Red Hat OpenShift Container Platform 4.2: Source: openshift-4.2.36-202006211650.p0.git.0.1fe246f.el7.src.rpm s390x: openshift-hyperkube-4.2.36-202006211650.p0.git.0.1fe246f.el7.s390x.rpm x86_64: openshift-hyperkube-4.2.36-202006211650.p0.git.0.1fe246f.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.2: Source: openshift-4.2.36-202006211650.p0.git.0.1fe246f.el8.src.rpm s390x: openshift-hyperkube-4.2.36-202006211650.p0.git.0.1fe246f.el8.s390x.rpm x86_64: openshift-hyperkube-4.2.36-202006211650.p0.git.0.1fe246f.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8555 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvy0c9zjgjWX9erEAQjy8A//ZIw20sS8h7J4t5KV1Z5W3qUmrUgFHkS+ gG9FpmKjdS+NdaIwJdeNXw7MTDWneTme6eJqk1i1lVJkA2Dc/hnI3pwJrf7QLX7s 8vBTBrG+0FLoE2yJ3Hf035EPRiwB05dCft/GLYJ7yN6klOhEyS9IjTMqbUUVE9Zm Jwwl6wT5cT409xPrb+YTDqi685iVcoMTVLLeAx0YrJ7cIwaJlKOyYptu8kcfcPAF 2ZzBwyhWBMJaJuGj+EJPYF6zn/BIYq2jaWrjH+8k59KUnwnzY56w9iwEgCVcXTPq gb1hvqKUFzo55UCqMN3Q2zoNZmSWYNK4cDTWZLDBwCsZmbeTFim8HN8i5gSONDeC l4FPVrlHfrv5y0OTjXEJFLbGbLth67ddiVVnPo/wEkYTjcxuN4QUE456dKNOsY9S hzP+vQHSVdQvXvh8LdOk5XyLHPvVoU3o3BS5Y+pudhy5ND4ZXSZr9h9JeAAh9OcQ apByuBL/JuUAdL4YOrD7GJCEFm+a1dl5oAPnHXgxGj/kYOFCxYw3ZiSRMr+7AqQn yzRJPEcqeAwh4UUWOBZy2hFkErcs65YhCxIVEnv9B0CL8/fVu9xUKpiG51tY3rBx 1ANpLEn44Ztk9OyoJy1rbQj1riiqwshA/k3wNaMtxAC8v+9T6eC2bcgn6q51cmyE Ovjy3q1SoJw= =ShMs - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.2.36 containernetworking-plugins security update Advisory ID: RHSA-2020:2592-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:2592 Issue date: 2020-07-01 CVE Names: CVE-2020-10749 ===================================================================== 1. Summary: An update for containernetworking-plugins is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.2 - s390x, x86_64 3. Description: The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Security Fix(es): * containernetworking/plugins: IPv6 router advertisements allowed for MitM attacks on IPv4 clusters (CVE-2020-10749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.2 see the following documentation, which will be updated shortly for release 4.2.36, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.2/updating/updating-cluster - - -cli.html. 5. Bugs fixed (https://bugzilla.redhat.com/): 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 6. Package List: Red Hat OpenShift Container Platform 4.2: Source: containernetworking-plugins-0.8.6-1.rhaos4.2.el7.src.rpm s390x: containernetworking-plugins-0.8.6-1.rhaos4.2.el7.s390x.rpm containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.2.el7.s390x.rpm x86_64: containernetworking-plugins-0.8.6-1.rhaos4.2.el7.x86_64.rpm containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.2.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.2: Source: containernetworking-plugins-0.8.6-1.rhaos4.2.el8.src.rpm s390x: containernetworking-plugins-0.8.6-1.rhaos4.2.el8.s390x.rpm containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.2.el8.s390x.rpm containernetworking-plugins-debugsource-0.8.6-1.rhaos4.2.el8.s390x.rpm x86_64: containernetworking-plugins-0.8.6-1.rhaos4.2.el8.x86_64.rpm containernetworking-plugins-debuginfo-0.8.6-1.rhaos4.2.el8.x86_64.rpm containernetworking-plugins-debugsource-0.8.6-1.rhaos4.2.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvy0t9zjgjWX9erEAQjWmw/+MEtrAMwpGlx3LAF6aC/mn2oO5pzaIAIx vhuEDK6xaBBgMnwCrRvFxRoQV6aFOcPNgRU3rn/hRMx/4KZ/OvGhPXpu9WU9R8qa 0aNQjcg3arKLGBFyA6CWFGHGXS2t8G3OnurTvYgepBLMWPTsl6e3Ce90hvvm0gBa yf0oKfCr0pSRLp9Z3SxYuGSzIuxQq+soIlByKKWFXYGFabNKDDtrDV5MB18OQNxE 44SxdE6y5Rgkkv61EqhcbBeHQU6aqmTkWflghbimTh2C+EJSmD3mbsMAh6wGnbKM xxdqROFEwsTIgCOFA4HzoSoQ8HuqYlGH+3Z9WArj5nqVkvNH01lzPZnjenF4Lt7P O08cWa/Je4LdjWjhlI4eYn3lNap+Wj/8SjYEv2Jmbb6vpaEe+KJJ0lGpUJn/Vz5/ PJcAFa6A2kZ5TQUm+SmIrC40T6uzri4mmNglNdjPh9DudVHmRtVM9Jf5gFWgJBvt fUSm1U4XJueD0DMUAdbD0yoMc68jSB/khBRAmJ6Jb+o+RfTuepnPDzMhClR6Wkbf 7OoZscpYClNUOCHcAiGXjjdxDJZgJGtjKnX9xMiCBjHW8xPSfKuwuvnaybQWmQY2 UEa0fRQ6kJIGaxScyDEvkv9uBC8MkQ300ePkayBJhwguWFM0N0Nx7PpAQT8h8M3j 9h8khY3jZyY= =xiOg - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.2.36 cri-o security update Advisory ID: RHSA-2020:2776-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:2776 Issue date: 2020-07-01 CVE Names: CVE-2019-14891 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.2.36 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.2 - s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * cri-o: infra container reparented to systemd following OOM Killer killing its conmon (CVE-2019-14891) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.2 see the following documentation, which will be updated shortly for release 4.2.36, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.2/updating/updating-cluster - - -cli.html. 5. Bugs fixed (https://bugzilla.redhat.com/): 1772280 - CVE-2019-14891 cri-o: infra container reparented to systemd following OOM Killer killing it's conmon 6. Package List: Red Hat OpenShift Container Platform 4.2: Source: cri-o-1.14.12-24.dev.rhaos4.2.gita17905f.el7.src.rpm s390x: cri-o-1.14.12-24.dev.rhaos4.2.gita17905f.el7.s390x.rpm x86_64: cri-o-1.14.12-24.dev.rhaos4.2.gita17905f.el7.x86_64.rpm cri-o-debuginfo-1.14.12-24.dev.rhaos4.2.gita17905f.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.2: Source: cri-o-1.14.12-15.dev.rhaos4.2.gita17905f.el8.src.rpm s390x: cri-o-1.14.12-15.dev.rhaos4.2.gita17905f.el8.s390x.rpm x86_64: cri-o-1.14.12-15.dev.rhaos4.2.gita17905f.el8.x86_64.rpm cri-o-debuginfo-1.14.12-15.dev.rhaos4.2.gita17905f.el8.x86_64.rpm cri-o-debugsource-1.14.12-15.dev.rhaos4.2.gita17905f.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14891 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvy0WNzjgjWX9erEAQif+w//Rb3hXGnUociJjPyw5Cn9R3KJd5n98v0y xXBB1zMkLkbz2kkMIQqcqrrBWUTTps/VTDve2MdmkT6zPHCP9GKVN56deEnfrWpJ 2J7Jqm6KDz/8WjsN4xJNL+FSbihTWpQEc1S7NCfXF+DBds9xS61rmeWvSWZBAZ0d wRL8CRIC/eEFZXLi4qFv9YSkWxyaULt/otjr7vqd4oLsgFiMFYL10/eZ8eyMqWNV mFEVL8jj5JMMcMGKt+Db5TH8N5qz1gRZoozyOE8bv+1Ac5jP0ryP7HPYD26dtaU/ q+Nl0hFKzZUMxyrpUarePiM5e7WKUh2/pnGyks8tbPYHcDKKGhFyMdNzGOZ66JOj iZgRbyPZ9h86dbfrqmwW/s2RvJqF36FUuW+Vyd77l4bTu2538OLsO67B3BXOJXea 2QXJvj9RQWxDNM+t2hGLSsQesKqOPc7iPD4OVGx/mMu51gZDogoXu8OlPoSI6pg/ J4Lfxq0PbvF6xGvSX3nqd8HtGOgJtU0kNrCdCYiQ+mivpA2ps+xN5ovmdC63jZKY h8JW1+HQOEFf49HGjzPUR3IuHT+8KsHw6AOLuo4FKxIaX8876uPshmOI3UitNa9U icpfdKB8AcWUJXJEB/nVkNnJZh9pBIHna855NvQJjDf+MF7bHL0NkoNEb/2G9+OS mUrQ0l37duU= =GSc/ - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.2.36 python-psutil security update Advisory ID: RHSA-2020:2593-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:2593 Issue date: 2020-07-01 CVE Names: CVE-2019-18874 ===================================================================== 1. Summary: An update for python-psutil is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.2 - s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * python-psutil: double free because of refcount mishandling (CVE-2019-18874) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.2 see the following documentation, which will be updated shortly for release 4.2.36, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.2/updating/updating-cluster - - -cli.html. 5. Bugs fixed (https://bugzilla.redhat.com/): 1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling 6. Package List: Red Hat OpenShift Container Platform 4.2: Source: python-psutil-5.6.6-1.el7ar.src.rpm s390x: python-psutil-debuginfo-5.6.6-1.el7ar.s390x.rpm python2-psutil-5.6.6-1.el7ar.s390x.rpm x86_64: python-psutil-debuginfo-5.6.6-1.el7ar.x86_64.rpm python2-psutil-5.6.6-1.el7ar.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-18874 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvy0PtzjgjWX9erEAQjRVg/+OMVoVMgi1nLTzfBCOUf4uV59x4CmtMJJ DO/GP9Jd9yixjXigqz0x6O0C7sUE60RSecT1wsfyh/YsbUmOZDGVruuM7YD0KMJj HxV2FFDJWcqag1R1TFQFgGuU2/fY+3tDAFVY2ROnJGBVJ7nDTD4R7lLNV1GJ16Ep VYVhQrKagXC93ygjGJVK4fkKyqQAKg37iNxguo9ieWoPpv/KTQ6VRrylyfuQXxvy OX5BlnvU5L+plDRN6vfIguQIX5rf0tjIw+FS0jQXn8cE60vmwuKNeuh4+o+2QNGP eM6dOkVyw9wgKwEt4gl5txRQzm+q/eZ72EKSNsx4dh35f5tH86FhDExxp1x7kh20 SYW7pAObgYcW1A+63cBBsvaJUFHxYrU+e3fK28NTSYlYxP2ckoEHXvSjmMbRsPrW 6cbpp+q/tOdVK/XZM/XQIa2F12jvD7qSi7nD1JnUubFzgLt9FSGTIFqwRmxyZrTz 2Qj0Z4jrPQ0mzxrdgZovovqwIdGzNDJ9VG737yuC0qJGUSxWn4Y5Px8j9A/lX3cW 9iaS1CN0FPxO/1BLqD5v2LxuWE3F8VtwqBkuVjFZxyHEjjM02VrSSWzQdUB1fK3K fOx9KBkwit/4DWjhUUsJPevdNNi9kXGtSYT3fhAa2c0sgeiY9bnoFOkMcHxa3hCU uYlNQOoPuKc= =/P5C - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXv1J0eNLKJtyKPYoAQiJ4w//Zy+WEkgd4kPEHjFG87aDvQz14OkPd9cZ ycM+6wCTMNSG8RkqQelMTorRso1EAKbeH++VlYjqnF294hHOKLVV5nMaH79xHHfx LOy99v40raNJ2wOufYgSU7DdO4h2V19uY9YTUdN/DaRRNJEmweBWVigLeJLc01Vp fhwn/2pz0f9ac4C3YvSlmu+XOJFjwbPVyLgYK0vHzzR1+1LYgvbiAEaWrKqkZi8E Z68NKa1B37w1pH+pjA+DwtrLQtPxfNFeqshhr47rnLsaDJj0QHef3o6erRAFDoC5 YsZjgmq9zXDeHkJIb3DNHhIWX6X58j8wkW4d15KoQ0DySJ6gZHhVrHNHn53o9GSC Ss22PVBPp7+iojTfWIvJc9YpZsY01KOT9ny4BIYBT9FEAAewYZ7ho1AaS+8+GCkf gW+aSsls+iUpIsX3DxElsfQk6AA0/OJkwJLodTxGZTnMP9f6Q66SGMLk0L8bOclk qHHZ5hrHPB9qeW/Pv3gJOydgyEphLjHJDpe/Q+x43UqbCP3FeFjqFXIa1AlZWvxs us0dw/N2uL0fFGRnLjpFN6NtkMLHNjggmYRJySH3mmXDdA3gqeR6TTyrj27BGdOA W/YIlfBoS3qNRgCIiQuSkWt+xuiJBeyngdpYQLF36G8n5tjlUHQwnhH0vvX4BVhY 7ZgudCjSVGg= =Ywmk -----END PGP SIGNATURE-----