Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

                   Security update for the Linux Kernel
                               16 June 2022


        AusCERT Security Bulletin Summary

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-30594 CVE-2022-24448 CVE-2022-21499
                   CVE-2022-21180 CVE-2022-21166 CVE-2022-21127
                   CVE-2022-21125 CVE-2022-21123 CVE-2022-1975
                   CVE-2022-1974 CVE-2022-1966 CVE-2022-1734
                   CVE-2022-1729 CVE-2022-1652 CVE-2022-1184
                   CVE-2021-39711 CVE-2021-33061 CVE-2019-19377

Original Bulletin: 

Comment: CVSS (Max):  8.4 CVE-2022-30594 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel


Announcement ID:   SUSE-SU-2022:2080-1
Rating:            important
References:        #1024718 #1055117 #1061840 #1065729 #1129770 #1158266
                   #1162338 #1162369 #1173871 #1188885 #1194124 #1195612
                   #1195651 #1196426 #1196570 #1197219 #1197601 #1198438
                   #1198577 #1198899 #1198989 #1199035 #1199063 #1199237
                   #1199239 #1199314 #1199399 #1199426 #1199505 #1199507
                   #1199526 #1199602 #1199605 #1199606 #1199631 #1199650
                   #1199671 #1199839 #1200015 #1200045 #1200057 #1200143
                   #1200144 #1200173 #1200249
Cross-References:  CVE-2019-19377 CVE-2021-33061 CVE-2021-39711 CVE-2022-1184
                   CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1966
                   CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125
                   CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499
                   CVE-2022-24448 CVE-2022-30594
Affected Products:
                   SUSE Linux Enterprise Server 12-SP5

An update that solves 18 vulnerabilities and has 27 fixes is now available.


The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:

  o CVE-2019-19377: Fixed an user-after-free that could be triggered when an
    attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
  o CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash
    linux kernel by simulating nfc device from user-space. (bsc#1200143)
  o CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
  o CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
  o CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
  o CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
  o CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to
    speculatively/transiently disclose information via spectre like attacks.
  o CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
    simulating an nfc device from user-space. (bsc#1200144)
  o CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag,
    and tries to open a regular file, nfs_atomic_open() performs a regular
    lookup. If a regular file is found, ENOTDIR should have occured, but the
    server instead returned uninitialized data in the file descriptor (bsc#
  o CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter
    subsystem. This flaw allowed a local attacker with user access to cause a
    privilege escalation issue. (bnc#1200015)
  o CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
  o CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible
    out of bounds read due to Incorrect Size Value. This could lead to local
    information disclosure with System execution privileges needed. User
    interaction is not needed for exploitation (bnc#1197219).
  o CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
    mounting and operating on a corrupted image. (bsc#1198577)
  o CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been
    trivial to break out of it with kgdb or kdb. (bsc#1199426)
  o CVE-2022-1652: Fixed a statically allocated error counter inside the floppy
    kernel module (bsc#1199063).
  o CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
    cleanup routine and firmware download routine. (bnc#1199605)
  o CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP
    flag (bnc#1199505).
  o CVE-2021-33061: Fixed insufficient control flow management for the Intel(R)
    82599 Ethernet Controllers and Adapters that may have allowed an
    authenticated user to potentially enable denial of service via local access

The following non-security bugs were fixed:

  o ACPI: property: Release subnode properties with data nodes (git-fixes).
  o ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
  o arm64: set plt* section addresses to 0x0 (git-fixes)
  o arm64: Add missing ISB after invalidating TLB in __primary_switch
  o arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
  o arm64: avoid -Woverride-init warning (git-fixes)
  o arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default
    config too.
  o arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
  o arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
  o arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
  o arm64: compat: Reduce address limit (git-fixes)
  o arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
  o arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
  o arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
  o arm64: csum: Fix handling of bad packets (git-fixes)
  o arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug
  o arm64: debug: Ensure debug handlers check triggering exception level
  o arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
  o arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
  o arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
  o arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
  o arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
  o arm64: Fix size of __early_cpu_boot_status (git-fixes)
  o arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
  o arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
  o arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes)
  o arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
  o arm64: futex: Restore oldval initialization to work around buggy
  o arm64: hibernate: check pgd table allocation (git-fixes)
  o arm64: hugetlb: avoid potential NULL dereference (git-fixes)
  o arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes)
  o arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
  o arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
  o arm64: kgdb: Fix single-step exception handling oops (git-fixes)
  o arm64: kprobes: Recover pstate.D in single-step exception handler
  o arm64: module: remove (NOLOAD) from linker script (git-fixes)
  o arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
  o arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
  o arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
  o arm64: Relax GIC version check during early boot (git-fixes)
  o arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
  o arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
  o arm64: smp: fix smp_send_stop() behaviour (git-fixes)
  o arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess
  o arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
  o arm64: handle non-remapped addresses in ->mmap and (git-fixes)
  o arm64: avoid fixmap race condition when create pud mapping (git-fixes)
  o bonding: pair enable_port with slave_arr_updates (git-fixes).
  o btrfs: relocation: Only remove reloc rb_trees if reloc control has been
    initialized (bsc#1199399).
  o btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
  o cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
  o cputime, cpuacct: Include guest time in user time in (git-fixes)
  o crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes)
  o crypto: ixp4xx - dma_unmap the correct address (git-fixes).
  o crypto: qat - do not cast parameter in bit operations (git-fixes).
  o crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
  o crypto: virtio - deal with unsupported input sizes (git-fixes).
  o crypto: virtio: Fix dest length calculation in
    __virtio_crypto_skcipher_do_req() (git-fixes).
  o drbd: fix an invalid memory access caused by incorrect use of list iterator
  o drbd: Fix five use after free bugs in get_initial_state (git-fixes).
  o drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
  o drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
  o i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes).
  o i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
  o i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
  o i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes).
  o i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
  o i40e: Refactoring VF MAC filters counting to make more reliable
  o i40e: Remove scheduling while atomic possibility (git-fixes).
  o iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
  o Input: aiptek - properly check endpoint type (git-fixes).
  o Input: appletouch - initialize work before device registration (git-fixes).
  o Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
  o Input: spaceball - fix parsing of movement data packets (git-fixes).
  o Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
  o Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
  o Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
  o KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
  o KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
  o KVM: PPC: Propagate errors to the guest when failed instead of ignoring
    (bsc#1061840 git-fixes).
  o lpfc: drop driver update 14.2.0.x The amount of backport changes necessary
    for due to the refactoring is introducing to much code churn and is likely
    to introduce regressions. This ends the backport effort to keep the lpfc in
    sync with mainline.
  o lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
  o media: cpia2: fix control-message timeouts (git-fixes).
  o media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
  o media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
  o media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
  o media: em28xx: fix control-message timeouts.
  o media: flexcop-usb: fix control-message timeouts (git-fixes).
  o media: mceusb: fix control-message timeouts (git-fixes).
  o media: mtk-vpu: Fix a resource leak in the error handling path of
    'mtk_vpu_probe()' (git-fixes).
  o media: netup_unidvb: Do not leak SPI master in probe error path
  o media: pvrusb2: fix control-message timeouts (git-fixes).
  o media: redrat3: fix control-message timeouts (git-fixes).
  o media: s2255: fix control-message timeouts (git-fixes).
  o media: stk1160: fix control-message timeouts (git-fixes).
  o media: vim2m: Remove surplus name initialization (git-fixes).
  o mm, page_alloc: fix build_zonerefs_node() (git-fixes).
  o net: bcmgenet: Do not claim WOL when its not available (git-fixes).
  o net: mana: Add counter for packet dropped by XDP (bsc#1195651).
  o net: mana: Add counter for XDP_TX (bsc#1195651).
  o net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
  o net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
  o net: mana: Reuse XDP dropped page (bsc#1195651).
  o net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#
  o net: qlogic: check the return value of dma_alloc_coherent() in
    qed_vf_hw_prepare() (git-fixes).
  o net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
  o netfilter: conntrack: connection timeout after re-register (bsc#1199035).
  o netfilter: conntrack: move synack init code to helper (bsc#1199035).
  o netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#
  o netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#
  o netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
  o netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc
  o NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
  o NFSv4: Do not invalidate inode attributes on delegation return (git-fixes).
  o PCI / ACPI: Mark expected switch fall-through (git-fixes).
  o PCI: Do not enable AtomicOps on VFs (bsc#1129770)
  o PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#
  o powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#
  o powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
  o powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840
  o powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc
  o powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885
    ltc#193722 git-fixes).
  o powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885
    ltc#193722 git-fixes).
  o powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
    flushes (bsc#1188885 ltc#193722 git-fixes).
  o powerpc/xive: Add some error handling code to 'xive_spapr_init()'
  o powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
  o qed: display VF trust config (git-fixes).
  o qed: return status of qed_iov_get_link (git-fixes).
  o qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
  o revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
  o sched/core: Add __sched tag for io_schedule() (git-fixes)
  o sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
  o sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
  o scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
  o scsi: fnic: Fix a tracing statement (git-fixes).
  o scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
  o scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
  o scsi: pm8001: Fix abort all task initialization (git-fixes).
  o scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
  o scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
  o scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
  o scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
  o scsi: pm8001: Fix le32 values handling in
    pm80xx_set_sas_protocol_timer_config() (git-fixes).
  o scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
  o scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
  o scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
  o scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
  o scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
  o scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
  o scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
  o scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
  o scsi: sr: Do not leak information in ioctl (git-fixes).
  o scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
  o scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
  o smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
  o SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
  o SUNRPC: Ensure that the gssproxy client can start in a connected state
  o timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
  o tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#
  o USB: cdc-wdm: fix reading stuck on device close (git-fixes).
  o USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
  o USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
  o USB: hub: Fix locking issues with address0_mutex (git-fixes).
  o USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
  o USB: quirks: add a Realtek card reader (git-fixes).
  o USB: quirks: add STRING quirk for VCOM device (git-fixes).
  o USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
  o USB: serial: option: add Fibocom L610 modem (git-fixes).
  o USB: serial: option: add Fibocom MA510 modem (git-fixes).
  o USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
  o USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
  o USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
  o USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
  o USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
  o veth: Ensure eth header is in skb's linear part (git-fixes).
  o video: backlight: Drop maximum brightness override for brightness (bsc#
  o video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
  o vxlan: fix memleak of fdb (git-fixes).
  o xhci: stop polling roothubs after shutdown (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2080=1

Package List:

  o SUSE Linux Enterprise Server 12-SP5 (noarch):
  o SUSE Linux Enterprise Server 12-SP5 (x86_64):


  o https://www.suse.com/security/cve/CVE-2019-19377.html
  o https://www.suse.com/security/cve/CVE-2021-33061.html
  o https://www.suse.com/security/cve/CVE-2021-39711.html
  o https://www.suse.com/security/cve/CVE-2022-1184.html
  o https://www.suse.com/security/cve/CVE-2022-1652.html
  o https://www.suse.com/security/cve/CVE-2022-1729.html
  o https://www.suse.com/security/cve/CVE-2022-1734.html
  o https://www.suse.com/security/cve/CVE-2022-1966.html
  o https://www.suse.com/security/cve/CVE-2022-1974.html
  o https://www.suse.com/security/cve/CVE-2022-1975.html
  o https://www.suse.com/security/cve/CVE-2022-21123.html
  o https://www.suse.com/security/cve/CVE-2022-21125.html
  o https://www.suse.com/security/cve/CVE-2022-21127.html
  o https://www.suse.com/security/cve/CVE-2022-21166.html
  o https://www.suse.com/security/cve/CVE-2022-21180.html
  o https://www.suse.com/security/cve/CVE-2022-21499.html
  o https://www.suse.com/security/cve/CVE-2022-24448.html
  o https://www.suse.com/security/cve/CVE-2022-30594.html
  o https://bugzilla.suse.com/1024718
  o https://bugzilla.suse.com/1055117
  o https://bugzilla.suse.com/1061840
  o https://bugzilla.suse.com/1065729
  o https://bugzilla.suse.com/1129770
  o https://bugzilla.suse.com/1158266
  o https://bugzilla.suse.com/1162338
  o https://bugzilla.suse.com/1162369
  o https://bugzilla.suse.com/1173871
  o https://bugzilla.suse.com/1188885
  o https://bugzilla.suse.com/1194124
  o https://bugzilla.suse.com/1195612
  o https://bugzilla.suse.com/1195651
  o https://bugzilla.suse.com/1196426
  o https://bugzilla.suse.com/1196570
  o https://bugzilla.suse.com/1197219
  o https://bugzilla.suse.com/1197601
  o https://bugzilla.suse.com/1198438
  o https://bugzilla.suse.com/1198577
  o https://bugzilla.suse.com/1198899
  o https://bugzilla.suse.com/1198989
  o https://bugzilla.suse.com/1199035
  o https://bugzilla.suse.com/1199063
  o https://bugzilla.suse.com/1199237
  o https://bugzilla.suse.com/1199239
  o https://bugzilla.suse.com/1199314
  o https://bugzilla.suse.com/1199399
  o https://bugzilla.suse.com/1199426
  o https://bugzilla.suse.com/1199505
  o https://bugzilla.suse.com/1199507
  o https://bugzilla.suse.com/1199526
  o https://bugzilla.suse.com/1199602
  o https://bugzilla.suse.com/1199605
  o https://bugzilla.suse.com/1199606
  o https://bugzilla.suse.com/1199631
  o https://bugzilla.suse.com/1199650
  o https://bugzilla.suse.com/1199671
  o https://bugzilla.suse.com/1199839
  o https://bugzilla.suse.com/1200015
  o https://bugzilla.suse.com/1200045
  o https://bugzilla.suse.com/1200057
  o https://bugzilla.suse.com/1200143
  o https://bugzilla.suse.com/1200144
  o https://bugzilla.suse.com/1200173
  o https://bugzilla.suse.com/1200249

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: https://auscert.org.au/gpg-key/