-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2505
      container-tools:rhel8 security, bug fix, and enhancement update
                               22 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           container-tools
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 8
                   Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1983  

Reference:         ESB-2020.2236
                   ESB-2020.2086
                   ESB-2020.1832
                   ESB-2020.1450

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3053

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:3053-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3053
Issue date:        2020-07-21
CVE Names:         CVE-2020-1983 
=====================================================================

1. Summary:

An update for the container-tools:rhel8 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.

Security Fix(es):

* QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
(CVE-2020-1983)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1703261 - podman containers unable to communicate via IP to one container when use port forward on host
1782408 - [RFE] podman exec support for --env-file
1784950 - Podman support for FIPS Mode requires a bind mount inside the container
1785480 - podman reuses wrong cached image
1806044 - 'yum -y install buildah fuse-overlayfs --exclude container-selinux' throws error
1807379 - podman exec does not reads from stdin
1808483 - Workdir doesn't have correct ownership with podman build
1809648 - Pushing container image built with rootless podman fails with: "file integrity checksum failed"
1810874 - "podman container prune" cannot prune zombie container.
1811779 - RFE: skopeo sync command
1815170 - podman-docker seems packed with wrong path of podman manual.
1815991 - can't update named volume path
1822037 - buildah is not expanding env vars in file paths [stream-container-tools-rhel8-rhel-8.2.1/buildah]
1826486 - specfile: need to include and ship containers.conf
1829061 - Signature verification incorrectly uses mirrorâ\x{128}\x{153}s references
1829825 - CVE-2020-1983 QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
1833390 - Podman does not respect configuration in "/etc/containers/registries.conf.d"
1836440 - Signature verification incorrectly uses mirrorâ\x{128}\x{153}s references
1838991 - Need to fix bugs found by coverity.
1839065 - Privileged containers should be unconfined_t

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.src.rpm
cockpit-podman-17-1.module+el8.2.1+6636+bf4db4ab.src.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.src.rpm
container-selinux-2.135.0-1.module+el8.2.1+6849+893e4f4a.src.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.src.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.src.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.src.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.src.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.src.rpm
python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.1+6465+1a51e8b6.src.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.src.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.src.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.src.rpm
toolbox-0.0.7-1.module+el8.2.1+6465+1a51e8b6.src.rpm
udica-0.2.1-2.module+el8.2.1+6465+1a51e8b6.src.rpm

aarch64:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.aarch64.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.aarch64.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm
containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm
containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.aarch64.rpm
containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
crit-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm
libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm
libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm
libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.aarch64.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.aarch64.rpm
python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.aarch64.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.aarch64.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.aarch64.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm
slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm
slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.aarch64.rpm

noarch:
cockpit-podman-17-1.module+el8.2.1+6636+bf4db4ab.noarch.rpm
container-selinux-2.135.0-1.module+el8.2.1+6849+893e4f4a.noarch.rpm
podman-docker-1.9.3-2.module+el8.2.1+6867+366c07d6.noarch.rpm
python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.1+6465+1a51e8b6.noarch.rpm
toolbox-0.0.7-1.module+el8.2.1+6465+1a51e8b6.noarch.rpm
udica-0.2.1-2.module+el8.2.1+6465+1a51e8b6.noarch.rpm

ppc64le:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.ppc64le.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.ppc64le.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm
containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm
containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.ppc64le.rpm
containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
crit-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm
libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm
libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm
libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.ppc64le.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.ppc64le.rpm
python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.ppc64le.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.ppc64le.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.ppc64le.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm
slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm
slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.ppc64le.rpm

s390x:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.s390x.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.s390x.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm
containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm
containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.s390x.rpm
containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
crit-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm
fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm
fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.s390x.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm
libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm
libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm
libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.s390x.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.s390x.rpm
python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.s390x.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm
runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm
runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.s390x.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.s390x.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm
slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm
slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.s390x.rpm

x86_64:
buildah-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
buildah-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
buildah-debugsource-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
buildah-tests-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
buildah-tests-debuginfo-1.14.9-1.module+el8.2.1+6689+748e6520.x86_64.rpm
conmon-2.0.17-1.module+el8.2.1+6771+3533eb4c.x86_64.rpm
containernetworking-plugins-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm
containernetworking-plugins-debuginfo-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm
containernetworking-plugins-debugsource-0.8.6-1.module+el8.2.1+6626+598993b4.x86_64.rpm
containers-common-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
crit-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
criu-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
criu-debuginfo-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
criu-debugsource-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
fuse-overlayfs-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
fuse-overlayfs-debuginfo-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
fuse-overlayfs-debugsource-1.0.0-2.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
libslirp-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm
libslirp-debuginfo-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm
libslirp-debugsource-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm
libslirp-devel-4.3.0-3.module+el8.2.1+6816+bedf4f91.x86_64.rpm
podman-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-debugsource-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-remote-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-remote-debuginfo-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
podman-tests-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64.rpm
python3-criu-3.14-2.module+el8.2.1+6750+e53a300c.x86_64.rpm
runc-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
runc-debuginfo-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
runc-debugsource-1.0.0-66.rc10.module+el8.2.1+6465+1a51e8b6.x86_64.rpm
skopeo-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
skopeo-debuginfo-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
skopeo-debugsource-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
skopeo-tests-1.0.0-1.module+el8.2.1+6676+604e1b26.x86_64.rpm
slirp4netns-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm
slirp4netns-debuginfo-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm
slirp4netns-debugsource-1.0.1-1.module+el8.2.1+6595+03641d72.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-1983
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXxcLUdzjgjWX9erEAQhumg//e0mjaPnL4i8YaLQ90CIs3XO9WzMds5/K
moWIDjeZ5ni2QoSgUf+rXikr1O1qAEnZnmQ9ZKhmVe+EKBWp5K4ewlIanpaSqSpF
susTGjSO4vxwgWu1wD9emNSguquT6bzuKjlxIxUqhSX+4JBKnY1UQCV+5ekQwCPr
hGwDAFzpkJsArKY7Iev00j12D2ZPo7aBO13VHudn2PMMcdDfN/aTznfCrvNj7RLO
mBUWdrvhyaokPki2scJE8J4FNC3t/az5FkamOIsJzINNWNnnZ+QZmIs12ibRiRcg
judVJsGJPG4BImUUZ23pGt4SqSqYJACgp+C+rCa9h+aCpmPugVdkW6uZtwaiE3Xx
7Hc4rAx9aLEVyAF03brJGzUWQacAD/7l1HTUSV5K8W+4KAsLm6uiHf1gi/Kp68Zo
gTXAUBm/s/isoYlnpUx8WzoHLKn7500SwSkcLn/047FT97GUP/hFtnWbNAi1wrtW
3nCBnhqvt8nj0/TwcYld2Z72i+jFCweDJnibVk00lgWwOpqcR53w622JCegIkSjC
G9plRmgGfnPvPTVNz/9PfdzFscybz+Zf8ODU9vozoP4Exn1achLMlh5qP8KrDmkk
BUYrrDr2jnPr2pD5gLpqoeDAWvoVHhzWkGhI9hOlkrKB/yyj/KtyQLN90LjIHYXS
aJyM8UecZZA=
=MJGX
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXxfg0uNLKJtyKPYoAQiImg//S/PKGgOh6GVLzWDl3ligbO2TEx/O2ZVR
+coDEjGw+HrqM+PrF7XFbBt+uMIHMD/D8yNlsC69mheVlFkDO0aU/+5x097aAMWb
8aN0RF5znlbMtiOIxE1HN6AeRHTfwDMTgITk25ytAiuSmpOjLV9hdQG84IozK9OL
uJPBC9b/YNnUbC9JQlNbeTTzNDH5DzXL/VxVURkr4rFCRBSicf+3psb7Vzhx+F5K
9nw+N9tL0ScCXx7zaxyQflSb0hbYodah7WFveJYG2p4rcco+IgbddgMGKnlPo13o
t6MR+u4sdneOderW5i+Th2t3lZIzXiWNows7KaNBlAQBvC9A3CqrpsdtxMZzRXxz
/Gl5/Il8WK+nOZhsN20s40weqI51UyEFLTn1J1DjBgI9ZRW4MlG4ooGdQpfE8kEs
sjHNk3t+ZTAw0scx4bxPCyPshx6s6cnQh04Q8Tn2+YLiEH+DtnmU8TPGeV4W4/4f
UA2B6VJlD2WYGcBSJIO4Eg60zL+qAYsErSs0Q5CWjb1Sa8EtQBHvb4tgi+JN/rbB
wUBF97b+nEJX2uwyx1eIsRABgnJc4OrA4oacLtlDx/kKYwNMsf2+3t/WqTF0JpA+
XdvfOCn3RCdSRFW3efptv/iAE+GJ7Tl71aDH0yDJic0nVfQG4xiHRgQS/P4AEH8/
kewmBgQVGi8=
=xt4X
-----END PGP SIGNATURE-----