Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2923 libsndfile security updates 31 August 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libsndfile Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-3246 Reference: ESB-2021.2903 ESB-2021.2786 ESB-2021.2653 ESB-2021.2570 ESB-2021.2546 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:3295 https://access.redhat.com/errata/RHSA-2021:3297 https://access.redhat.com/errata/RHSA-2021:3298 Comment: This bulletin contains three (3) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libsndfile security update Advisory ID: RHSA-2021:3295-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3295 Issue date: 2021-08-30 CVE Names: CVE-2021-3246 ===================================================================== 1. Summary: An update for libsndfile is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution (CVE-2021-3246) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1984319 - CVE-2021-3246 libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libsndfile-1.0.25-12.el7_9.1.src.rpm x86_64: libsndfile-1.0.25-12.el7_9.1.i686.rpm libsndfile-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.i686.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libsndfile-debuginfo-1.0.25-12.el7_9.1.i686.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-devel-1.0.25-12.el7_9.1.i686.rpm libsndfile-devel-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-utils-1.0.25-12.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libsndfile-1.0.25-12.el7_9.1.src.rpm x86_64: libsndfile-1.0.25-12.el7_9.1.i686.rpm libsndfile-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.i686.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libsndfile-debuginfo-1.0.25-12.el7_9.1.i686.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-devel-1.0.25-12.el7_9.1.i686.rpm libsndfile-devel-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-utils-1.0.25-12.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libsndfile-1.0.25-12.el7_9.1.src.rpm ppc64: libsndfile-1.0.25-12.el7_9.1.ppc.rpm libsndfile-1.0.25-12.el7_9.1.ppc64.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.ppc.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.ppc64.rpm ppc64le: libsndfile-1.0.25-12.el7_9.1.ppc64le.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.ppc64le.rpm s390x: libsndfile-1.0.25-12.el7_9.1.s390.rpm libsndfile-1.0.25-12.el7_9.1.s390x.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.s390.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.s390x.rpm x86_64: libsndfile-1.0.25-12.el7_9.1.i686.rpm libsndfile-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.i686.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libsndfile-debuginfo-1.0.25-12.el7_9.1.ppc.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.ppc64.rpm libsndfile-devel-1.0.25-12.el7_9.1.ppc.rpm libsndfile-devel-1.0.25-12.el7_9.1.ppc64.rpm libsndfile-utils-1.0.25-12.el7_9.1.ppc64.rpm ppc64le: libsndfile-debuginfo-1.0.25-12.el7_9.1.ppc64le.rpm libsndfile-devel-1.0.25-12.el7_9.1.ppc64le.rpm libsndfile-utils-1.0.25-12.el7_9.1.ppc64le.rpm s390x: libsndfile-debuginfo-1.0.25-12.el7_9.1.s390.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.s390x.rpm libsndfile-devel-1.0.25-12.el7_9.1.s390.rpm libsndfile-devel-1.0.25-12.el7_9.1.s390x.rpm libsndfile-utils-1.0.25-12.el7_9.1.s390x.rpm x86_64: libsndfile-debuginfo-1.0.25-12.el7_9.1.i686.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-devel-1.0.25-12.el7_9.1.i686.rpm libsndfile-devel-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-utils-1.0.25-12.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libsndfile-1.0.25-12.el7_9.1.src.rpm x86_64: libsndfile-1.0.25-12.el7_9.1.i686.rpm libsndfile-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.i686.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libsndfile-debuginfo-1.0.25-12.el7_9.1.i686.rpm libsndfile-debuginfo-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-devel-1.0.25-12.el7_9.1.i686.rpm libsndfile-devel-1.0.25-12.el7_9.1.x86_64.rpm libsndfile-utils-1.0.25-12.el7_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3246 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYSyjO9zjgjWX9erEAQhXvQ/+Lc7dLGqal7SF07mvQMHKNeOaRcZ5m6y4 p1GN/UQM+maSmP/2RZoW1Bv8JaP72AohNZv4c4sAICQ/Yer2JCFnYn7sKkX+czu7 E9sknfTDAahPPiYkEKJD2WgsINV6WNPCNwbwkhpBx2el3ZsaIesreBu0YmNTSfqe 6angJpmMQZ+6pjbvA4UffnaYAymHN/PhOpJFQ/Q6toHxCyuRvH7sVDnb4+du1XYi HfQ2Vb4B0VihpWooeelbqAULGNUfoOpfVhvIK8285x1/AU2xXUekMLMtFRHHug2D FRQlSFwwnavuEBhzW8ADOVoli+KHw+I84rBbHB5w9gOfn+1AUFMDbg5dC5sJYyhS wP+6ruuNaDXJCQjzrvSNv5rNecsl0Jbgbt4l5ux0cdGybjntzOomUVDtd6WXU8o4 U918F9Bcnvey6mFLt72Gx7stcm/EiUE64suMNQW2iPhlIZSclmi4wzDLVU2dvb+9 6OwgAjCgsCVkgTPkvl7d1sZf2KlWYklayOtR8N46qUtmtP77FSaR+NgHdrRo7Qmr qtsL380AgY2AGSrYjEIPIkZ0wJRG9tCnz5u2mjJmSUbL6XMy/bPt3i05PGNuuKWf rKmPABZ5KT0DN+A5R1BJg8yC10ERu1NhUWwwC5Gm8g1enm+atlhE7TF35x7N1xM4 RJrhosmWpLI= =8Fqe - -----END PGP SIGNATURE----- - --------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libsndfile security update Advisory ID: RHSA-2021:3297-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3297 Issue date: 2021-08-30 CVE Names: CVE-2021-3246 ===================================================================== 1. Summary: An update for libsndfile is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution (CVE-2021-3246) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1984319 - CVE-2021-3246 libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: libsndfile-1.0.28-8.el8_1.1.src.rpm aarch64: libsndfile-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.aarch64.rpm ppc64le: libsndfile-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.ppc64le.rpm s390x: libsndfile-1.0.28-8.el8_1.1.s390x.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.s390x.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.s390x.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.s390x.rpm x86_64: libsndfile-1.0.28-8.el8_1.1.i686.rpm libsndfile-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.i686.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.i686.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.i686.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.1): aarch64: libsndfile-debuginfo-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-devel-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.aarch64.rpm ppc64le: libsndfile-debuginfo-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-devel-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.ppc64le.rpm s390x: libsndfile-debuginfo-1.0.28-8.el8_1.1.s390x.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.s390x.rpm libsndfile-devel-1.0.28-8.el8_1.1.s390x.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.s390x.rpm x86_64: libsndfile-debuginfo-1.0.28-8.el8_1.1.i686.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.i686.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-devel-1.0.28-8.el8_1.1.i686.rpm libsndfile-devel-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.i686.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3246 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYSyTS9zjgjWX9erEAQg/VQ/+KMoXuKcGMjY0X9EsLJFLbnAaOtdHRGp0 DyS6UGZH+2SGTHid5Mp0DMXP2HfChrG2MMgbWNe79HqlMozLIB/FU+ebp4Xc7bdg gieCAlSMjUWBcrcpWYPbkE420sVhuSOiEACMRMQOsvAj5+JH1Z7ZibAoELNhrJHO SBGnSrmoqwwDzqG+oqxa3UDwL8MJac/CzhsjiDrSlyfGTgbtPG/h0+bmUAZo9MiO NlA3KunpoI4Yycp9JAklY/0O9NWFa+g/b/dJNmQ/BGZcu52VLcw4vQ8PcqSBO18q eV93zd+1veg7PT8KhubLBXD2ossthJBvenXp7RnesBTepn+4jvrsYDmgzM24zMfh 2UeOiTLuz+aPO4OzOIXiLwz3BPIlXsgfEP282dSaId8Y87e8k1SCexgqRJ5wNxCw iuNRowmz+mEc1ArM/qdsJaZ2JEB9jOYZXuiRXCIzTlyrTI0k/lhuWTHdj9bbfbSv 1/O2nSPIXiEr2DwfUiUvSUAh6phD27BNn7DdN7HiT+HDZAlS1BZxsYMGCw+Jj0yw TwxX/G5g0ur4Wyiw26if2377p1w5LcFvqZO2jweqnXRhLzLs/vb+7zaBZ13skMJ8 fc+yiB9AQclsxEa6HW6qDJjdVl8x42GAv5AoCI60ae5n5oYXjBG+OcJmZPVCyEwy TwipvCnksnU= =3vVA - -----END PGP SIGNATURE----- - --------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libsndfile security update Advisory ID: RHSA-2021:3298-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3298 Issue date: 2021-08-30 CVE Names: CVE-2021-3246 ===================================================================== 1. Summary: An update for libsndfile is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution (CVE-2021-3246) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1984319 - CVE-2021-3246 libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: libsndfile-1.0.28-10.el8_2.1.src.rpm aarch64: libsndfile-1.0.28-10.el8_2.1.aarch64.rpm libsndfile-debuginfo-1.0.28-10.el8_2.1.aarch64.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.aarch64.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.aarch64.rpm ppc64le: libsndfile-1.0.28-10.el8_2.1.ppc64le.rpm libsndfile-debuginfo-1.0.28-10.el8_2.1.ppc64le.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.ppc64le.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.ppc64le.rpm s390x: libsndfile-1.0.28-10.el8_2.1.s390x.rpm libsndfile-debuginfo-1.0.28-10.el8_2.1.s390x.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.s390x.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.s390x.rpm x86_64: libsndfile-1.0.28-10.el8_2.1.i686.rpm libsndfile-1.0.28-10.el8_2.1.x86_64.rpm libsndfile-debuginfo-1.0.28-10.el8_2.1.i686.rpm libsndfile-debuginfo-1.0.28-10.el8_2.1.x86_64.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.i686.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.x86_64.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.i686.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: libsndfile-debuginfo-1.0.28-10.el8_2.1.aarch64.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.aarch64.rpm libsndfile-devel-1.0.28-10.el8_2.1.aarch64.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.aarch64.rpm ppc64le: libsndfile-debuginfo-1.0.28-10.el8_2.1.ppc64le.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.ppc64le.rpm libsndfile-devel-1.0.28-10.el8_2.1.ppc64le.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.ppc64le.rpm s390x: libsndfile-debuginfo-1.0.28-10.el8_2.1.s390x.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.s390x.rpm libsndfile-devel-1.0.28-10.el8_2.1.s390x.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.s390x.rpm x86_64: libsndfile-debuginfo-1.0.28-10.el8_2.1.i686.rpm libsndfile-debuginfo-1.0.28-10.el8_2.1.x86_64.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.i686.rpm libsndfile-debugsource-1.0.28-10.el8_2.1.x86_64.rpm libsndfile-devel-1.0.28-10.el8_2.1.i686.rpm libsndfile-devel-1.0.28-10.el8_2.1.x86_64.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.i686.rpm libsndfile-utils-debuginfo-1.0.28-10.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3246 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYSyVZtzjgjWX9erEAQip+RAAlPqpM0g5QsPiiiJUAL7fGvumt2upCSdz qpA0vjJvG3kCE1U6qH6241oBxcJrwwq5JutPT/UQfNYravUwcCMAx4Z1M4Ja+MqK Lr2wtz87hZOUvzhc/xkGSPhlAEe0C+fXKjxifSKrrJNWX1v/s0kM1cD11a+3CjzG 4GuWmu6oavOR1TR8TBDyW3NqAb/Rowx/NR8LXkPMx5x+yNUzstesLWQV6LjD77Eb nzPZKUjPyfnF+yZAOpUmaZknqEBsNhSaRjJkYfEBvR5r3X9D68kEiXmwYuU1fe9C AYLl6PEex20dw0kdgUq76fXA6pghXKVEeesl7MU9S5ztNBbbg8hXZWFJPHQPQVmQ MxEAmuReAWzZN0QlR+7Z68zNmdEoE/nmhoypHVEClKjAQu/aMEv8RBkA0YjkD9ZS ITsO9EHF3pTKlPg5E7CnbZ2dasGG3h+swRR3sl1v23JhxC/wjpcvwCYllCdYauNC x42ig8WiZcvgbpIcETZ/Z1JpR7VoBrAYmnaGJcHXOicc+KxahD1pHiGZOoONQqgx 30IMjMA7IKp8ceNPOw/w0dQ91juIotP3TkW7A5rQTae6rWqli6arIr8A2d5yXoMU I+57WAp4FcBoHwOTEXuoVVVG1LQIYc6io7lcFdGmHtzKZ/6m8+BaBP7+iKiW2hr3 YVUq+qwE86Q= =c0/J - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYS1l6ONLKJtyKPYoAQhF8A/9FRsKZ+NVV3pG2Qm6ApkVgFKs1YpQkdRP f7ZGQ4GCEw3p9ccjmiULXjIXRzcIkI9zc0dFJECG0uN7RDzCQFIY8Ed5KAGfL7Qe T0a9ebSFz+7AiPiQe8nOoMpJh4GNvreV20J6S6BYF+SesH4X4si1XVVv/ZzWtVZ4 AKPRscYnguQ8DX93B3RABjXw9nmNMhr3bnLq64ro38xPWNZktXlCzYL3MzOXikY2 xSYZc6hNH5a/i4ETxjRGcSbbNPOVbIQalmCBKDjruKTLS9ajbGlS41Nn/tVVSYpI AyrMFzL24xFII2g3ZQmGAmN35GShC2q+w1HPnMX7uJjXggiOVatIkEBTJiIYOArK dfbgSHXcSCPBvYBNu2vl0Z/kVRNzLAZVwG+wU+9zLZaXTg6oobN45P+TCaCHOsO4 935TZ5bDk26WfFXuUrX2gPSNjHpE+k8nmEmJGwwjLHAYZ+Bsc0MdDsw+RrknQq6s 9uSmNjrbXITANBEA6w0EjArfEuKiLucRif/Xyiad6OXv/Qyo3bfr7gFra/GVHjbl YWizwu9J0OxiM3twsq5G5zSLViCEbJ4TvzUzciS7LNmJHAklAPpZI8oWI03h8436 QdS80suiTH20l+GoF6j2itlACtjWhps3eqJa8hIkomU+bNhsJun778RBloSR3NkN xEz6QnAZrVI= =yPdH -----END PGP SIGNATURE-----