Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1060
thunderbird security update
26 March 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23987 CVE-2021-23984 CVE-2021-23982
CVE-2021-23981
Reference: ESB-2021.1055
ESB-2021.1034
ESB-2021.1004
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:0993
https://access.redhat.com/errata/RHSA-2021:0994
https://access.redhat.com/errata/RHSA-2021:0995
https://access.redhat.com/errata/RHSA-2021:0996
Comment: This bulletin contains four (4) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:0993-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0993
Issue date: 2021-03-25
CVE Names: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984
CVE-2021-23987
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.9.0.
Security Fix(es):
* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)
* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)
* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)
* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer
resulted in an out-of-bound read
1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed
by a malicious webpage
1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
thunderbird-78.9.0-3.el8_3.src.rpm
aarch64:
thunderbird-78.9.0-3.el8_3.aarch64.rpm
thunderbird-debuginfo-78.9.0-3.el8_3.aarch64.rpm
thunderbird-debugsource-78.9.0-3.el8_3.aarch64.rpm
ppc64le:
thunderbird-78.9.0-3.el8_3.ppc64le.rpm
thunderbird-debuginfo-78.9.0-3.el8_3.ppc64le.rpm
thunderbird-debugsource-78.9.0-3.el8_3.ppc64le.rpm
x86_64:
thunderbird-78.9.0-3.el8_3.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el8_3.x86_64.rpm
thunderbird-debugsource-78.9.0-3.el8_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-23981
https://access.redhat.com/security/cve/CVE-2021-23982
https://access.redhat.com/security/cve/CVE-2021-23984
https://access.redhat.com/security/cve/CVE-2021-23987
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYFyJP9zjgjWX9erEAQgHhw/+MeSbv23PGyUuJiudJOexW1n5gjh+sTaM
etnt8tQ90dA8coPvFPU7w3OC1sG6r1fg4T4ySoQ0kTkgWFApT0t4FG5n6bWNa0Un
Ji57jOG62ImSFz+TWPz96BPXh781z5yX94mWR0ZTHkk+Gj/ncTglLBv/NuFSzEro
DH+0TW5NJExppw+sN/vs+3dVRY/72Mm55MX+FFGEKyyErW9Mu8xwqeN4bId2PDiQ
Z/xcrJv2xE+rta87Zw7UvTd4ls9SD2lebNGpov1aFabFd2bPyS6o2qy0YkIbio8l
oOnrs9YdTJ334lLTz8v9g0OuxgMgEUZYaR0/hZQbcjvh86tzUW6XSYlJyI0qzYdI
wYqkJyaTzVcKa3Osta4wDiv9/EVzktxGgL5qU8nWbuFr37L1A6lrM1MekZhV4wTg
JX/+D92u8O66/ietVmCelI135frKGBNhNl4gbpqkMEf99neCYm8KeQ4aMxovjcY8
ycPm2bD3uIwPPZQVo64JGvURJHd+AEk++GTO/6FSs4R2paZjuQ3b5/aYuqXoNbYE
NnnfD0VnlwjmDoK5rVBNRd9wxOnLS2A6eLuvNuY5uuKq+V9/QaFV983KEO2Uka81
RRnKjtPtrh4RzQbH9HhNP4vh4t0NzMACH0GFaiSB7f//L/tADnjRq8Tg5esL2vK1
KJ+MGJfeFyQ=
=7qFM
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:0994-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0994
Issue date: 2021-03-25
CVE Names: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984
CVE-2021-23987
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.9.0.
Security Fix(es):
* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)
* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)
* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)
* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer
resulted in an out-of-bound read
1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed
by a malicious webpage
1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source:
thunderbird-78.9.0-3.el8_2.src.rpm
aarch64:
thunderbird-78.9.0-3.el8_2.aarch64.rpm
thunderbird-debuginfo-78.9.0-3.el8_2.aarch64.rpm
thunderbird-debugsource-78.9.0-3.el8_2.aarch64.rpm
ppc64le:
thunderbird-78.9.0-3.el8_2.ppc64le.rpm
thunderbird-debuginfo-78.9.0-3.el8_2.ppc64le.rpm
thunderbird-debugsource-78.9.0-3.el8_2.ppc64le.rpm
x86_64:
thunderbird-78.9.0-3.el8_2.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el8_2.x86_64.rpm
thunderbird-debugsource-78.9.0-3.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-23981
https://access.redhat.com/security/cve/CVE-2021-23982
https://access.redhat.com/security/cve/CVE-2021-23984
https://access.redhat.com/security/cve/CVE-2021-23987
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYFyJedzjgjWX9erEAQjeuw/9H8p0l4MoVecNLJUPmlyXZ9cOenwDHt7h
YKgHPA8u0GxuH7rqjlgTjfUI1v7RR96Fpw8a4D+oxuM5OJLdse56LxTsWVzgLMwO
Q32Oiw8oamuFQivceT8kXUpfhM8KNLxHPGsvFowv4Kz0usAUMJF/crq/Fj9hr7eR
CsuAXCI4hI41rI+myN12UzVh+oL3yVbByVEhgMW9MVpM7+3VIA/cOgYC5yL8Dx9t
J5L33+9PDZJGAB31ApGv5PPLPb7xiWCPPadSREokcmz8VzH5udLn1/J633Laim7X
8l0ZgI9/zrIoVEgNjwis0ImjHDob6a4fBtYs7MFDVs1jFWWLvgxACW5ciuVSJIDj
aQz3t4cRtQfzbKg//81i80Z7bMrkNYemzTirQtddLyiv8woXzt+2Ot70BouX73bG
STR9QymYxzq58PHdRNnngFk4HnK6Q+VaYEeIvtnd/jGpfuXwqDOZEyBDfO+K8DeH
jTPAf7+N7QLPhp97eCAaR3IN/JiPuaoP1i0bEzB6g+7cEPkEHWmmAPPO0OinXf3V
gpgncojvry3cJRQtROAtc7BFPfJfT3+7O8nmRb2J0wKlGydvXPNb9KnmsIpPE8sN
CTday194uBFnwGn3fNdpbUfXvYa6sFAG4UqmT7JbPZf4rZ8ToAqjlNLy85nwfvy6
JCV1TEB3F0A=
=0GK5
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:0995-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0995
Issue date: 2021-03-25
CVE Names: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984
CVE-2021-23987
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.9.0.
Security Fix(es):
* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)
* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)
* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)
* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer
resulted in an out-of-bound read
1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed by
a malicious webpage
1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
thunderbird-78.9.0-3.el8_1.src.rpm
ppc64le:
thunderbird-78.9.0-3.el8_1.ppc64le.rpm
thunderbird-debuginfo-78.9.0-3.el8_1.ppc64le.rpm
thunderbird-debugsource-78.9.0-3.el8_1.ppc64le.rpm
x86_64:
thunderbird-78.9.0-3.el8_1.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el8_1.x86_64.rpm
thunderbird-debugsource-78.9.0-3.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-23981
https://access.redhat.com/security/cve/CVE-2021-23982
https://access.redhat.com/security/cve/CVE-2021-23984
https://access.redhat.com/security/cve/CVE-2021-23987
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYFyJJtzjgjWX9erEAQghhw//YBRmjw1a4apb22pFpGnEaqx2sD2TeSUY
k8OkwxdJVCZtlaT63q1zn0O4NfU1ZNRvrKakm/R48ZPQIg9X6FGPxLVg/lWPyqYc
Qdf0d983k9xsdeiWBY5U/aWtpFuiWSZtSfr5yg75Z5j5Yx5diMwSl+jR9YJp3YoR
+dG1zqnhLbsMHT9iGK2c8DDAd2jpNbFNbcB1tCBbkB3CSkeLvWfxEZSOWjaCVT5y
ts7SbBx6cvNpuERw5wfTmC8JoyHGEq6yWoSxSvYP4SNAzXdfLw7ZCqMd0FkDPhYg
cpcudDAb/BKjrk7rth3fCqkwCnA+zfLSrtSzb/wa/VbrxMjbvWcMSNCKq5wP5sni
A8O76eEQVvov5J4vAcooGVyesJ/wlR70iPynW3sE31XDb5tXWzYsjg8OXU+snvlX
suH6a5EtmDC5cXHopPb2jRR4vwPN0CIk6PXJrMO0Fug2rzsJHlRRysVUD6DR8XSq
Veg9Dsj1lufLS4fK/BMRvTWYbBHQjrqj7IJK89tr7e0vHwjrmN3qN4iX+g8tRCvt
AVOH3M3u25KQUaiJPIFwEVjHlUx/9Y5JFadS0PaatjWmFt+NOSDynreuZgbWBgEm
MdpWV7V1qbnjuPY13PDj6cHfY7xGgi94jr6he3Fa9ZqgBPnWEfYGiJOF0dVGdCTk
BlB9eaPWTEg=
=+g8m
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:0996-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0996
Issue date: 2021-03-25
CVE Names: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984
CVE-2021-23987
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.9.0.
Security Fix(es):
* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)
* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)
* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)
* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer
esulted in an out-of-bound read
1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed
by a malicious webpage
1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
thunderbird-78.9.0-3.el7_9.src.rpm
x86_64:
thunderbird-78.9.0-3.el7_9.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source:
thunderbird-78.9.0-3.el7_9.src.rpm
ppc64le:
thunderbird-78.9.0-3.el7_9.ppc64le.rpm
thunderbird-debuginfo-78.9.0-3.el7_9.ppc64le.rpm
x86_64:
thunderbird-78.9.0-3.el7_9.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
thunderbird-78.9.0-3.el7_9.src.rpm
x86_64:
thunderbird-78.9.0-3.el7_9.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-23981
https://access.redhat.com/security/cve/CVE-2021-23982
https://access.redhat.com/security/cve/CVE-2021-23984
https://access.redhat.com/security/cve/CVE-2021-23987
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYFyRltzjgjWX9erEAQh7Pg/8DREHRukRlZVrAO9ExQgxl7pR4aSX/m1D
xeYaEG+fTyQZGslK+Q7BnbAspQfdNy54my1IV0ynUeUXOFDLiJt1v4W+RYXemNI+
ZgOqcrvRBXL1CXQMWRZjq5V/WHqlLNn8mYZCDFDpiTddVFijVNZM2tbR2I2de/rm
E87N9ioGT9ZKm0YkQIDvPIuRr/XhPBoHMnA2WvXXEkcCrUGwhC9xcSHvUu5X410r
ZO2F6U1jcjEpmwyCinpQqWraHabJ2ZJkT8hM1KK6X6GYOrFwkEknPSmtEbY0MfCQ
4dHmhmoyFykbjASoUxLhChHTH7KlRLIQY40QAIpX7MBx2z+uTHVTYGGSs8gIfGVc
TCJjElyZmVKZiKIn2k4mTScvYTxbpk97mFr2Ri5ZHXp7qRJSGyXcRCPzn/CIw+nC
xNvt66mfY1h/CyfsUfLs9YaYJBKAj7wRqs5Valr5h8Y2bD4daO0CAWvchdxlPhxD
ghDzUuOutodED0bBzdUZWO6uSMQIX1xPVHhCRdPM3bkQH/KTkpGMTsHkRsXFOhJV
JIytHWrLyGwcpISH2qgOHSec2p7pwe+fxWpNrVelXFagWfz8sptRSqQUbM/XRPef
3ixQMO/QhflYnJB2Uejm/rhVZ6G1OP6y42aRWhEZ9osh4vJMhlRO8Uuk8A3zNTmV
L8pklHF0naI=
=lEaO
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYF0qHuNLKJtyKPYoAQiR9A//VyhBcKnBXoIDzEBZTyeedkr4gwtZGWgD
cnMmZl++e2S1lT2Ipq/mnr8TbabLw3v1/Mov7YvcsDe0O8NgNGVCNxUm7Pn/ZteK
UnGPtwaQZ5M2ccDhN5h71C54bsx/pBTSXICf87j0yF5v76bBDRNZ3WQTEqjyy9+0
17kSTObB9lW5pp13JSM/bYjO6bGqqF8MgMgyL1JsKO8xfzw02ZOILOtQKN211QLo
2+DPTOpzdOP0m7UQJH2Zq+gO6rlUNX6vOO3rYXq0t0O0BDL7isefnfHC/70Bc+tj
P8KOiwihMJJvVkuImgxg/VW3T6Vh7ETsWn+oRpSOV1XUA8TtWTYz+1HIm6/MPCHP
2c/GBunMrKGEnL1RESwCjqLpZntnfZyuIiR5xpECtEybG3I8E0FmPP12wDSo1gZB
gTPUzYLnb8CgJCqbKrXnm9UszIcxrTn0oxVK28DUK11Hrt/hYgVIWe88xcWtN4hh
ivMWRs/XqmYa0TekMqFMeFBfMmB/A5imh5kbwKEp1i4eEROD9x0x3GdkYYIJDtxw
i8hZV0C2UA9R3mYoCRQbzKMr94yuRklSOulxUURq1zq8MZ5abpkdyjbvL9ei1F7d
1oToqqulDaEPdAnj/fMAxRKHoB2YdrgCneWviqLFCEROmQI14NO/tyqLqCD4ZiZo
JyXPyxQV7Wo=
=DJq8
-----END PGP SIGNATURE-----