Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1320 gnutls and nettle security update 20 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: gnutls and nettle Publisher: Red Hat Operating System: Red Hat Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-20305 Reference: ESB-2021.1279 ESB-2021.1226 ESB-2021.1198 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:1245 https://access.redhat.com/errata/RHSA-2021:1246 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: gnutls and nettle security update Advisory ID: RHSA-2021:1245-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1245 Issue date: 2021-04-19 CVE Names: CVE-2021-20305 ===================================================================== 1. Summary: An update for gnutls and nettle is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1942533 - CVE-2021-20305 nettle: Out of bounds memory access in signature verification 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): aarch64: gnutls-c++-3.6.8-10.el8_1.aarch64.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.aarch64.rpm gnutls-dane-3.6.8-10.el8_1.aarch64.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.aarch64.rpm gnutls-debuginfo-3.6.8-10.el8_1.aarch64.rpm gnutls-debugsource-3.6.8-10.el8_1.aarch64.rpm gnutls-devel-3.6.8-10.el8_1.aarch64.rpm gnutls-utils-3.6.8-10.el8_1.aarch64.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.aarch64.rpm nettle-debuginfo-3.4.1-2.el8_1.aarch64.rpm nettle-debugsource-3.4.1-2.el8_1.aarch64.rpm nettle-devel-3.4.1-2.el8_1.aarch64.rpm ppc64le: gnutls-c++-3.6.8-10.el8_1.ppc64le.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.ppc64le.rpm gnutls-dane-3.6.8-10.el8_1.ppc64le.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.ppc64le.rpm gnutls-debuginfo-3.6.8-10.el8_1.ppc64le.rpm gnutls-debugsource-3.6.8-10.el8_1.ppc64le.rpm gnutls-devel-3.6.8-10.el8_1.ppc64le.rpm gnutls-utils-3.6.8-10.el8_1.ppc64le.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.ppc64le.rpm nettle-debuginfo-3.4.1-2.el8_1.ppc64le.rpm nettle-debugsource-3.4.1-2.el8_1.ppc64le.rpm nettle-devel-3.4.1-2.el8_1.ppc64le.rpm s390x: gnutls-c++-3.6.8-10.el8_1.s390x.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.s390x.rpm gnutls-dane-3.6.8-10.el8_1.s390x.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.s390x.rpm gnutls-debuginfo-3.6.8-10.el8_1.s390x.rpm gnutls-debugsource-3.6.8-10.el8_1.s390x.rpm gnutls-devel-3.6.8-10.el8_1.s390x.rpm gnutls-utils-3.6.8-10.el8_1.s390x.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.s390x.rpm nettle-debuginfo-3.4.1-2.el8_1.s390x.rpm nettle-debugsource-3.4.1-2.el8_1.s390x.rpm nettle-devel-3.4.1-2.el8_1.s390x.rpm x86_64: gnutls-c++-3.6.8-10.el8_1.i686.rpm gnutls-c++-3.6.8-10.el8_1.x86_64.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.i686.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.x86_64.rpm gnutls-dane-3.6.8-10.el8_1.i686.rpm gnutls-dane-3.6.8-10.el8_1.x86_64.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.i686.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.x86_64.rpm gnutls-debuginfo-3.6.8-10.el8_1.i686.rpm gnutls-debuginfo-3.6.8-10.el8_1.x86_64.rpm gnutls-debugsource-3.6.8-10.el8_1.i686.rpm gnutls-debugsource-3.6.8-10.el8_1.x86_64.rpm gnutls-devel-3.6.8-10.el8_1.i686.rpm gnutls-devel-3.6.8-10.el8_1.x86_64.rpm gnutls-utils-3.6.8-10.el8_1.x86_64.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.i686.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.x86_64.rpm nettle-debuginfo-3.4.1-2.el8_1.i686.rpm nettle-debuginfo-3.4.1-2.el8_1.x86_64.rpm nettle-debugsource-3.4.1-2.el8_1.i686.rpm nettle-debugsource-3.4.1-2.el8_1.x86_64.rpm nettle-devel-3.4.1-2.el8_1.i686.rpm nettle-devel-3.4.1-2.el8_1.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS (v. 8.1): Source: gnutls-3.6.8-10.el8_1.src.rpm nettle-3.4.1-2.el8_1.src.rpm aarch64: gnutls-3.6.8-10.el8_1.aarch64.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.aarch64.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.aarch64.rpm gnutls-debuginfo-3.6.8-10.el8_1.aarch64.rpm gnutls-debugsource-3.6.8-10.el8_1.aarch64.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.aarch64.rpm nettle-3.4.1-2.el8_1.aarch64.rpm nettle-debuginfo-3.4.1-2.el8_1.aarch64.rpm nettle-debugsource-3.4.1-2.el8_1.aarch64.rpm ppc64le: gnutls-3.6.8-10.el8_1.ppc64le.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.ppc64le.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.ppc64le.rpm gnutls-debuginfo-3.6.8-10.el8_1.ppc64le.rpm gnutls-debugsource-3.6.8-10.el8_1.ppc64le.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.ppc64le.rpm nettle-3.4.1-2.el8_1.ppc64le.rpm nettle-debuginfo-3.4.1-2.el8_1.ppc64le.rpm nettle-debugsource-3.4.1-2.el8_1.ppc64le.rpm s390x: gnutls-3.6.8-10.el8_1.s390x.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.s390x.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.s390x.rpm gnutls-debuginfo-3.6.8-10.el8_1.s390x.rpm gnutls-debugsource-3.6.8-10.el8_1.s390x.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.s390x.rpm nettle-3.4.1-2.el8_1.s390x.rpm nettle-debuginfo-3.4.1-2.el8_1.s390x.rpm nettle-debugsource-3.4.1-2.el8_1.s390x.rpm x86_64: gnutls-3.6.8-10.el8_1.i686.rpm gnutls-3.6.8-10.el8_1.x86_64.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.i686.rpm gnutls-c++-debuginfo-3.6.8-10.el8_1.x86_64.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.i686.rpm gnutls-dane-debuginfo-3.6.8-10.el8_1.x86_64.rpm gnutls-debuginfo-3.6.8-10.el8_1.i686.rpm gnutls-debuginfo-3.6.8-10.el8_1.x86_64.rpm gnutls-debugsource-3.6.8-10.el8_1.i686.rpm gnutls-debugsource-3.6.8-10.el8_1.x86_64.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.i686.rpm gnutls-utils-debuginfo-3.6.8-10.el8_1.x86_64.rpm nettle-3.4.1-2.el8_1.i686.rpm nettle-3.4.1-2.el8_1.x86_64.rpm nettle-debuginfo-3.4.1-2.el8_1.i686.rpm nettle-debuginfo-3.4.1-2.el8_1.x86_64.rpm nettle-debugsource-3.4.1-2.el8_1.i686.rpm nettle-debugsource-3.4.1-2.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH1uPtzjgjWX9erEAQhFTQ/9F/npzehFXClyysl63EUSlShas0fZyoKV F7SBDdBC6lqTBR7JnpWDDEFaYLbdkFlqo3fenYdAj601ieRqntiCvoWdc5pW88wB PK0f5ip3VwFcLSTGFgTsVBVLxFqs0ZOKSGomFWLeX9h7toJM6R2Hp8lhxsfUKt79 PvtnULKXdPtg8LDYJNlkNibIlpM8I556UXCeJEmO3iYjk2wWiDBkCG8yCZbJcwA3 /gMG9qfxcgncMVsZsnQKbAH3rLnht0qkZQ0w63sxDX0BnNJl90q+3YxA2spuKJsA TsBitIaXi2E7yAkkVwjtVeYCo8yJvu523sO4Y9wRrN9K5mv+3iCFllbtzqkESkZH +EfUpZTAGSEeKONLX/IA86jXt4BrBVl36qoV1E0o1MbyDNyAKe+bcf3j6jEroB6g AR/7IJ//pDgWATFfGQR+/sSGVWLaXlYs2KOWFNBe7WLuSdf/W54eqRx56h0vIuDs sGzInpGvr1rYgIYrpCXW3Zj01aZapkyi7ujQ0xExootGFH+XtmwUgoRuPxMQZNcC 3E5wBZt2LE2J5QdkQf1imJgCSODKsxpgEQA9GwD51beJfp5ROfh2LpBZo7LwF2Yd kk4QbLmwCtjtCldhxTxCNFNFD1G5uZ6H0cITAKDcFTdEqtLpuoOPYIvo1ZcFYolK M+jMWwHvPFg= =eTEx - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: gnutls and nettle security update Advisory ID: RHSA-2021:1246-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1246 Issue date: 2021-04-19 CVE Names: CVE-2021-20305 ===================================================================== 1. Summary: An update for gnutls and nettle is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1942533 - CVE-2021-20305 nettle: Out of bounds memory access in signature verification 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): aarch64: gnutls-c++-3.6.8-12.el8_2.aarch64.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.aarch64.rpm gnutls-dane-3.6.8-12.el8_2.aarch64.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.aarch64.rpm gnutls-debuginfo-3.6.8-12.el8_2.aarch64.rpm gnutls-debugsource-3.6.8-12.el8_2.aarch64.rpm gnutls-devel-3.6.8-12.el8_2.aarch64.rpm gnutls-utils-3.6.8-12.el8_2.aarch64.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.aarch64.rpm nettle-debuginfo-3.4.1-2.el8_2.aarch64.rpm nettle-debugsource-3.4.1-2.el8_2.aarch64.rpm nettle-devel-3.4.1-2.el8_2.aarch64.rpm ppc64le: gnutls-c++-3.6.8-12.el8_2.ppc64le.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.ppc64le.rpm gnutls-dane-3.6.8-12.el8_2.ppc64le.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.ppc64le.rpm gnutls-debuginfo-3.6.8-12.el8_2.ppc64le.rpm gnutls-debugsource-3.6.8-12.el8_2.ppc64le.rpm gnutls-devel-3.6.8-12.el8_2.ppc64le.rpm gnutls-utils-3.6.8-12.el8_2.ppc64le.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.ppc64le.rpm nettle-debuginfo-3.4.1-2.el8_2.ppc64le.rpm nettle-debugsource-3.4.1-2.el8_2.ppc64le.rpm nettle-devel-3.4.1-2.el8_2.ppc64le.rpm s390x: gnutls-c++-3.6.8-12.el8_2.s390x.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.s390x.rpm gnutls-dane-3.6.8-12.el8_2.s390x.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.s390x.rpm gnutls-debuginfo-3.6.8-12.el8_2.s390x.rpm gnutls-debugsource-3.6.8-12.el8_2.s390x.rpm gnutls-devel-3.6.8-12.el8_2.s390x.rpm gnutls-utils-3.6.8-12.el8_2.s390x.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.s390x.rpm nettle-debuginfo-3.4.1-2.el8_2.s390x.rpm nettle-debugsource-3.4.1-2.el8_2.s390x.rpm nettle-devel-3.4.1-2.el8_2.s390x.rpm x86_64: gnutls-c++-3.6.8-12.el8_2.i686.rpm gnutls-c++-3.6.8-12.el8_2.x86_64.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.i686.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.x86_64.rpm gnutls-dane-3.6.8-12.el8_2.i686.rpm gnutls-dane-3.6.8-12.el8_2.x86_64.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.i686.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.x86_64.rpm gnutls-debuginfo-3.6.8-12.el8_2.i686.rpm gnutls-debuginfo-3.6.8-12.el8_2.x86_64.rpm gnutls-debugsource-3.6.8-12.el8_2.i686.rpm gnutls-debugsource-3.6.8-12.el8_2.x86_64.rpm gnutls-devel-3.6.8-12.el8_2.i686.rpm gnutls-devel-3.6.8-12.el8_2.x86_64.rpm gnutls-utils-3.6.8-12.el8_2.x86_64.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.i686.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.x86_64.rpm nettle-debuginfo-3.4.1-2.el8_2.i686.rpm nettle-debuginfo-3.4.1-2.el8_2.x86_64.rpm nettle-debugsource-3.4.1-2.el8_2.i686.rpm nettle-debugsource-3.4.1-2.el8_2.x86_64.rpm nettle-devel-3.4.1-2.el8_2.i686.rpm nettle-devel-3.4.1-2.el8_2.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: gnutls-3.6.8-12.el8_2.src.rpm nettle-3.4.1-2.el8_2.src.rpm aarch64: gnutls-3.6.8-12.el8_2.aarch64.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.aarch64.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.aarch64.rpm gnutls-debuginfo-3.6.8-12.el8_2.aarch64.rpm gnutls-debugsource-3.6.8-12.el8_2.aarch64.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.aarch64.rpm nettle-3.4.1-2.el8_2.aarch64.rpm nettle-debuginfo-3.4.1-2.el8_2.aarch64.rpm nettle-debugsource-3.4.1-2.el8_2.aarch64.rpm ppc64le: gnutls-3.6.8-12.el8_2.ppc64le.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.ppc64le.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.ppc64le.rpm gnutls-debuginfo-3.6.8-12.el8_2.ppc64le.rpm gnutls-debugsource-3.6.8-12.el8_2.ppc64le.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.ppc64le.rpm nettle-3.4.1-2.el8_2.ppc64le.rpm nettle-debuginfo-3.4.1-2.el8_2.ppc64le.rpm nettle-debugsource-3.4.1-2.el8_2.ppc64le.rpm s390x: gnutls-3.6.8-12.el8_2.s390x.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.s390x.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.s390x.rpm gnutls-debuginfo-3.6.8-12.el8_2.s390x.rpm gnutls-debugsource-3.6.8-12.el8_2.s390x.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.s390x.rpm nettle-3.4.1-2.el8_2.s390x.rpm nettle-debuginfo-3.4.1-2.el8_2.s390x.rpm nettle-debugsource-3.4.1-2.el8_2.s390x.rpm x86_64: gnutls-3.6.8-12.el8_2.i686.rpm gnutls-3.6.8-12.el8_2.x86_64.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.i686.rpm gnutls-c++-debuginfo-3.6.8-12.el8_2.x86_64.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.i686.rpm gnutls-dane-debuginfo-3.6.8-12.el8_2.x86_64.rpm gnutls-debuginfo-3.6.8-12.el8_2.i686.rpm gnutls-debuginfo-3.6.8-12.el8_2.x86_64.rpm gnutls-debugsource-3.6.8-12.el8_2.i686.rpm gnutls-debugsource-3.6.8-12.el8_2.x86_64.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.i686.rpm gnutls-utils-debuginfo-3.6.8-12.el8_2.x86_64.rpm nettle-3.4.1-2.el8_2.i686.rpm nettle-3.4.1-2.el8_2.x86_64.rpm nettle-debuginfo-3.4.1-2.el8_2.i686.rpm nettle-debuginfo-3.4.1-2.el8_2.x86_64.rpm nettle-debugsource-3.4.1-2.el8_2.i686.rpm nettle-debugsource-3.4.1-2.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH1vp9zjgjWX9erEAQhH/A//Tx0/41vt66DiHpQYrRht4YNwzykfgw0y 9ttB6OkRNEnbB7raS54UITWnaQY2rWP7h/5lEK7TFStaf8miQ6pDFbpFNVTnB9Si EUMbbmqtt0/TftADoyBZDAjtcEYmob3EmzTrGF16YOqowfkznm5kP0nn+MILMmTt +PKGlXKopGg2i8aPRqtSYe1Elsx8QV0xCJuymrjrfkPO+YvPreMUaObA4ghMA826 o2Vby0W7q/ZyIX+1DyhPBO3XNo2burjy0hQegbxaZstmiRYbXiNgQu5oMK3sw1HA h3/zQMeqm+jOnwriow/3qudzJIS755JoTUYxDadrOH1l0WA1ckmvTchytR9lqsW2 qCdWzm0BMZXE6fv/cLZL/ob0lAMdS5nB9qTNS3KdiFFiFUTpu9JLCcOUxygU9/vD gCKmloxgT8oob0z8fK5CFJUUTxWVpbm3vEJ0UtnEirorQWNWSUM+Mai2gkxFDxoS bo7gzp3sFLODOU3/Jdu+1XdcpwRRTuQlfjKran3k3Qbf3xiK/6e5cqS5LZYvEujd BB2zriOnlSuU7ZnZ0I7bbxyMRw6xGlKC17vvNmXyGDs/Ab6//kvMU/rgEsHpcrar Jp2vyIcRRLWiF7Kw1Ld483vI6bHRwqIqWD+nmKbGrRF0hChlOTeoCjzrbPiSMFzI dilVP7vZKcs= =ylVx - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYH5QB+NLKJtyKPYoAQgPdQ//VECoTdHtGdf0ScCqU0TBL7/b4UGHMOhY G/XV6zM28jTmOwHlQTVtSoW8S+QNKsfB7RdWIncBQRJRoSj8GrMWQBVJfr6JDgzN 4F5EVBC5Uo65/Aa0PMposhCbDBFUCeSU3Y7UqeDO7CGvY5IOM/YFJyBjgjVU391A 21tFTwfOOYOuNpHeISpesrctv76kLKNlOvX3XUteUVv8b/BpjJHZKVyaTI0ho3kK buU4+yTVmGsX6sd2omSp+T1SMQPDVhy0X60CxQViSy1shSiBdMrjlrGVseNsiVdc IRXFJNx0XfrdEMYwTDX7iiODHlIr5Wqiz6MxgnSbtoRr2QDehHWHr55+ZEGfmC1P dKwBpzYroeO7LQU4oLzBUq1XQs37ttoD4wUcNWWtp4CZQIcir3wWbhDndsnY9Ldo +cHuLz4imlYA8qQ72eoQiojwFciJdN1jpCDMJuYBtgq59AtclMONT0IUmxd6RizD f74KrezCvbccTwzzdvH9rMqQBMwF3Uug8nXOPzFw7U8QlQwDtPVCB5t77a6FM2jQ rlhZmvocWA5Biad3Y4LYuJq4RnSCvmV+XfLRLNt7gjzjg4dGLHniAarkSSM62TM/ 0eAAl9OR+9kjlAG1q3d7GUzs5UWx98tAgYTGsunZjek02X4ZxWXTowDOGuytC1IA DbkzIrlGKqE= =Abwr -----END PGP SIGNATURE-----