Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3008
kernel-rt security and bug fix updates
8 September 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel-rt
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Administrator Compromise -- Existing Account
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-38201 CVE-2021-3715 CVE-2021-0512
Reference: ESB-2021.2514
ESB-2021.2513
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:3439
https://access.redhat.com/errata/RHSA-2021:3440
https://access.redhat.com/errata/RHSA-2021:3445
Comment: This bulletin contains three (3) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: kernel-rt security and bug fix update
Advisory ID: RHSA-2021:3439-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3439
Issue date: 2021-09-07
CVE Names: CVE-2021-3715
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: use-after-free in route4_change() in net/sched/cls_route.c
(CVE-2021-3715)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1995878)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c
6. Package List:
Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source:
kernel-rt-3.10.0-1160.42.2.rt56.1182.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1160.42.2.rt56.1182.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 7):
Source:
kernel-rt-3.10.0-1160.42.2.rt56.1182.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1160.42.2.rt56.1182.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.42.2.rt56.1182.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3715
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYTd9+9zjgjWX9erEAQjyDRAAhNk0ikviP/O0qXyF4V3Ix6pKk0Jb7yIV
8MjfpKAlJyyL0Q+eUALLYE9Zrd74G7QQf/irji9ISUhZIt5Ct2+8BDC+t4NLDE4S
VyY0Wq7j9JfsDQMEEJmRpk95JbwT92EXZaSFPeRTv6RA6RE/G61R8U+52SWLXi0Y
dOQlyUui6i5Hh3wHvePZAMvWm2xbHbYQPLoHcF5zlBINKbZ4Onnm5NZJVND7j/t6
t470Jqdscwu6wunbcbJGXaF2MKtHOYWsbrg9PN013v+JzosSIaryPgZvGcP/C/qO
+OLZ5+1vxz8tA/zBs/71anC+VP3CHHy26eKG2ncCxT+BmHFiHLEzEDBy8H9Nm8O+
eXh6y/vQILRVPBEzOIJXYzAxl70sA4K/EV5Qy6X9pmv1k40WaNSyHbmdhOk+cjZ9
jo43tq9DaPkhoz1D8S5nVya6Rx/fYnR1CcADDGU03SiaQL8L8aDtoY5YKRISKcd7
/LZu0QCAvkHc1DglUWDC3RcMF3duxfxbnGVPTRoXCQFqGLBhWh/r3pHtXi4v8u1X
dpHzvY3NeROVxffUJdkNp959dAfOU+4nui6pLGM1VUORt8enXU7UJTzHC008CEuI
JmUQaU+wRSQXqq2u+P+vKUuwEsiK5v2VjRbcA43qiJffzq6LmjsddY4T8LfXeHlO
0X1zoqsQras=
=HHSK
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: kernel-rt security and bug fix update
Advisory ID: RHSA-2021:3440-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3440
Issue date: 2021-09-07
CVE Names: CVE-2021-38201
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: slab-out-of-bounds access in xdr_set_page_base() in
net/sunrpc/xdr.c (CVE-2021-38201)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* OSLAT spikes on subset of cpus (BZ#1986063)
* kernel-rt: update RT source tree to the RHEL-8.4.z source tree
(BZ#1990013)
* Failure to enter full_nohz due to needless SCHED softirqs (BZ#1990272)
* kernel-rt: Make rcu_normal_after_boot writable (BZ#1995431)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1992731 - CVE-2021-38201 kernel: slab-out-of-bounds access in xdr_set_page_base() in net/sunrpc/xdr.c
6. Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source:
kernel-rt-4.18.0-305.17.1.rt7.89.el8_4.src.rpm
x86_64:
kernel-rt-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-core-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-core-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-devel-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-modules-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debuginfo-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-devel-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-kvm-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-modules-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-modules-extra-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source:
kernel-rt-4.18.0-305.17.1.rt7.89.el8_4.src.rpm
x86_64:
kernel-rt-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-core-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-core-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-devel-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-modules-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debuginfo-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-devel-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-modules-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
kernel-rt-modules-extra-4.18.0-305.17.1.rt7.89.el8_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-38201
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYTd6s9zjgjWX9erEAQhsJw/7BPQlTHcNNA4kV8oZE66GBGAlSsygYAMM
EXOGsAnSBnlo76FtwS1EwAfFn8w7JcmaXShils4LEaXMcQuTJ5+KVxzThgHTxg+0
lopfeQvf3ApC1OSMmm62aYSpYosLx4KWlNR7QPgbF9iOQcDi5sr5unfI4NcfVrxP
O/9kbiqUQiBXAz5g8M8ddzx49nCC+aYrIV7FF63sAtOy/k6bczaMcC6c+PT5+PC5
EEzcWb6aSThXId3I6YNADTlGUB/7p3VWOjADMQZm3Lft0NfuemdfZD+2NpYirK6M
4T1MpH9gSapbsxfU4yYxHi86+fq/zJISybzB2GnzjprQipCNl/LuVv5Jm1bch8DK
BF4mFN6sjwlCLD64A4pvpP8RmhDwSDVw+YdWeubguoJyGpaNUenzOJVmoiUTH7B8
2UJNpV8qJZFA2XjX4wab+I7to9F7OZNlIBfOH1BRm/vdtyr1FDnYefXxnrPdaa6/
lgo4rziDuNR2qdABXQQ911rmRALMhiN5XHiA3NiaUIjbXcF03EVs69m1+iFOKRWX
R3Eae+AhVWC6+UjfPWTOdJXZExRZZrOs7LowwcxVcrnAjo5k4dCAWGV2CGiuCO9E
GWfDpQ98baMgbZTq48sbxoMx/W3v0ETpzhbxJZS+c/BDtmCWp6u9A2qj+sNUUpGy
cePQOFuxlvY=
=Rt8R
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2021:3445-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3445
Issue date: 2021-09-07
CVE Names: CVE-2021-0512 CVE-2021-3715
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Real Time EUS (v. 8.2) - x86_64
Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: out-of-bounds write due to a heap buffer overflow in
__hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512)
* kernel: use-after-free in route4_change() in net/sched/cls_route.c
(CVE-2021-3715)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* OSLAT spikes on subset of cpus (BZ#1986064)
* Failure to enter full_nohz due to needless SCHED softirqs (BZ#1990273)
* kernel-rt: update RT source tree to the latest RHEL-8.2.z12 Batch source
tree (BZ#1997761)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1974491 - CVE-2021-0512 kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c
1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c
6. Package List:
Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2):
Source:
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.src.rpm
x86_64:
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-kvm-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
Red Hat Enterprise Linux Real Time EUS (v. 8.2):
Source:
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.src.rpm
x86_64:
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
kernel-rt-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-0512
https://access.redhat.com/security/cve/CVE-2021-3715
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYTeB9tzjgjWX9erEAQjJHg/+MJV9+h4M9OzTSDywcWY4OOGdmWEl9cYv
4Cr2LlTJC27t/oZ+tmG/xmYsranSvBkfwod16nUqdKttA13UiJLvFuoD0U85SNUx
AXsUuUJFt6QJZh3HMXZeiRmhtxpUWakxGjHyIoEjQC5+MIVspBRxYpembczwkT8l
t3FQCJrKR3jbT9yK4uSaGMfDDSP28cFzNuTmvJRvZVhE9sHY78nQ+b1RPT+kHahk
eh7Zp+qyhV/O4zBN2ShFrsyCT96wkEcT6nPgFfzBpL/I3t2nhn8MyBAIbyrZrawg
mjdEew34yzn1EFpFuecegVGaIn6AsLEEdJSJ3TRrhltf8RIgpsXOj4QQW9hNH57+
S10tj97Tyyvk18wvVwuQ3jQVY9BrRd/zaJ05GtkJ1PBvFICg1L9wkTve32EHD+5H
0v3Evz8e+knrxoSS1m1AWhZdRZWYNUOMx6ykm8+M6ebl7379MU+yRZi0kqs/gV45
JhEnUmpxeoZcj3PbaX0tNMcVWbnEk7mC9dFhuJBvgqkFJw1m5+Y9pyJz3lEimIyv
1grt7NIQb/4ojRBYpivKxFUVEXXbGfZoBXX2O5bbURexdA5t32f7YAypPkP0L6PT
MNtgjNTkOnw2+N3fByswS+BeOCAnGPZ1zbs1pHdDMNAVnIZQ4pnQwe90qC3et8QU
97EM466OoLs=
=/mEE
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYTgH4eNLKJtyKPYoAQgv0Q//V+b7D9TQ66r60MhqIWLN9ZzdIILwW9G0
WbWothGwwhLlewFWTxnN4InB5x9BBdUxxHdbtmtOwhwWO6EqgP25XvYx6xbtzgHd
8Rv+luPUJGdr0O2ONqvLOQl4UihYCgYHWu26EJHiAbOFT25080mD+qCXeHT5Hn4W
Ihndn3xH3ksx3MBMgU6wj3n0HBp3xJMl5tnWdsNEQH+8do/UYiF6PHDJEPza1xE4
2wRu9LpClua4wyYbGxrkMz80QuG0/y1tRuekBQAED46immDgm+N448Vijnj/u46v
Ng/UnYKF6feuh8KWlPQRg1gZZSsv18x0ufB7OoWEq4gkNkiwxK3e6FOmOnJ0z3zQ
K49/8KP0tcQduZVdbUtmAf7iyZEk/p+xvHixDRnSRyRODlgw/gbnCq9dc58SQH+S
+QW9NODGSBO1d87S9W+M8B4xLhsrQJH2UM9dELO0WwX9SwUtXMuv/y1byYsKPIai
bau1AOaaaEGJgMJX7qqCZS7JtnaAHAWX36f0FcqREYhmSiWmyFus09Iik3CmLKoP
kOQMWWTusoV1hprLTUkYylij4+eGFVUq0UDLH4U9c7mPhMHCNeBYhQO98vdCoTod
E/P3nzKQDrlfR0rG/ZyBceqkU6YSQFTdt0Bn+3SALYNaeA9TTdNdfx720IDLT7X0
RXxv7cVtgWI=
=EoO1
-----END PGP SIGNATURE-----