Operating System:

[RedHat]

Published:

21 September 2022

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.4671
              mysql security, bug fix, and enhancement update
                             21 September 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mysql
Publisher:         Red Hat
Operating System:  Red Hat
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-21569 CVE-2022-21556 CVE-2022-21553
                   CVE-2022-21547 CVE-2022-21539 CVE-2022-21538
                   CVE-2022-21537 CVE-2022-21534 CVE-2022-21531
                   CVE-2022-21530 CVE-2022-21529 CVE-2022-21528
                   CVE-2022-21527 CVE-2022-21526 CVE-2022-21525
                   CVE-2022-21522 CVE-2022-21517 CVE-2022-21515
                   CVE-2022-21509 CVE-2022-21479 CVE-2022-21478
                   CVE-2022-21462 CVE-2022-21460 CVE-2022-21459
                   CVE-2022-21457 CVE-2022-21455 CVE-2022-21454
                   CVE-2022-21452 CVE-2022-21451 CVE-2022-21444
                   CVE-2022-21440 CVE-2022-21438 CVE-2022-21437
                   CVE-2022-21436 CVE-2022-21435 CVE-2022-21427
                   CVE-2022-21425 CVE-2022-21423 CVE-2022-21418
                   CVE-2022-21417 CVE-2022-21415 CVE-2022-21414
                   CVE-2022-21413 CVE-2022-21412 

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2022:6590

Comment: CVSS (Max):  6.5 CVE-2022-21569 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
         CVSS Source: Red Hat
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: mysql security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:6590-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6590
Issue date:        2022-09-20
CVE Names:         CVE-2022-21412 CVE-2022-21413 CVE-2022-21414 
                   CVE-2022-21415 CVE-2022-21417 CVE-2022-21418 
                   CVE-2022-21423 CVE-2022-21425 CVE-2022-21427 
                   CVE-2022-21435 CVE-2022-21436 CVE-2022-21437 
                   CVE-2022-21438 CVE-2022-21440 CVE-2022-21444 
                   CVE-2022-21451 CVE-2022-21452 CVE-2022-21454 
                   CVE-2022-21455 CVE-2022-21457 CVE-2022-21459 
                   CVE-2022-21460 CVE-2022-21462 CVE-2022-21478 
                   CVE-2022-21479 CVE-2022-21509 CVE-2022-21515 
                   CVE-2022-21517 CVE-2022-21522 CVE-2022-21525 
                   CVE-2022-21526 CVE-2022-21527 CVE-2022-21528 
                   CVE-2022-21529 CVE-2022-21530 CVE-2022-21531 
                   CVE-2022-21534 CVE-2022-21537 CVE-2022-21538 
                   CVE-2022-21539 CVE-2022-21547 CVE-2022-21553 
                   CVE-2022-21556 CVE-2022-21569 
=====================================================================

1. Summary:

An update for mysql is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

The following packages have been upgraded to a later upstream version:
mysql (8.0.30). (BZ#2122589)

Security Fix(es):

* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr
2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436,
CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452,
CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2022)
(CVE-2022-21413)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2022)
(CVE-2022-21415)

* mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2022)
(CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21423)

* mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2022)
(CVE-2022-21425, CVE-2022-21444)

* mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)
(CVE-2022-21427)

* mysql: Server: Group Replication Plugin unspecified vulnerability (CPU
Apr 2022) (CVE-2022-21454)

* mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022)
(CVE-2022-21455)

* mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)
(CVE-2022-21457)

* mysql: Server: Logging unspecified vulnerability (CPU Apr 2022)
(CVE-2022-21460)

* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jul
2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527,
CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531,
CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)

* mysql: Server: Options unspecified vulnerability (CPU Jul 2022)
(CVE-2022-21515)

* mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2022)
(CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)

* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CPU
Jul 2022) (CVE-2022-21522, CVE-2022-21534)

* mysql: Server: Federated unspecified vulnerability (CPU Jul 2022)
(CVE-2022-21547)

* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul
2022) (CVE-2022-21538)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Default logrotate set to wrong log file (BZ#2122592)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2082636 - CVE-2022-21412 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082637 - CVE-2022-21413 mysql: Server: DML unspecified vulnerability (CPU Apr 2022)
2082638 - CVE-2022-21414 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082639 - CVE-2022-21415 mysql: Server: Replication unspecified vulnerability (CPU Apr 2022)
2082640 - CVE-2022-21417 mysql: InnoDB unspecified vulnerability (CPU Apr 2022)
2082641 - CVE-2022-21418 mysql: InnoDB unspecified vulnerability (CPU Apr 2022)
2082642 - CVE-2022-21423 mysql: InnoDB unspecified vulnerability (CPU Apr 2022)
2082643 - CVE-2022-21425 mysql: Server: DDL unspecified vulnerability (CPU Apr 2022)
2082644 - CVE-2022-21427 mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)
2082645 - CVE-2022-21435 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082646 - CVE-2022-21436 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082647 - CVE-2022-21437 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082648 - CVE-2022-21438 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082649 - CVE-2022-21440 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082650 - CVE-2022-21444 mysql: Server: DDL unspecified vulnerability (CPU Apr 2022)
2082651 - CVE-2022-21451 mysql: InnoDB unspecified vulnerability (CPU Apr 2022)
2082652 - CVE-2022-21452 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082653 - CVE-2022-21454 mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022)
2082654 - CVE-2022-21457 mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)
2082655 - CVE-2022-21459 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082656 - CVE-2022-21460 mysql: Server: Logging unspecified vulnerability (CPU Apr 2022)
2082657 - CVE-2022-21462 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082658 - CVE-2022-21478 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2082659 - CVE-2022-21479 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
2115282 - CVE-2022-21455 mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022)
2115283 - CVE-2022-21509 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115284 - CVE-2022-21515 mysql: Server: Options unspecified vulnerability (CPU Jul 2022)
2115285 - CVE-2022-21517 mysql: InnoDB unspecified vulnerability (CPU Jul 2022)
2115286 - CVE-2022-21522 mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022)
2115287 - CVE-2022-21525 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115288 - CVE-2022-21526 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115289 - CVE-2022-21527 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115290 - CVE-2022-21528 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115291 - CVE-2022-21529 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115292 - CVE-2022-21530 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115293 - CVE-2022-21531 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115294 - CVE-2022-21534 mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022)
2115295 - CVE-2022-21537 mysql: InnoDB unspecified vulnerability (CPU Jul 2022)
2115296 - CVE-2022-21538 mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022)
2115297 - CVE-2022-21539 mysql: InnoDB unspecified vulnerability (CPU Jul 2022)
2115298 - CVE-2022-21547 mysql: Server: Federated unspecified vulnerability (CPU Jul 2022)
2115299 - CVE-2022-21553 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115300 - CVE-2022-21556 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2115301 - CVE-2022-21569 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
2122589 - [Tracker] Rebase to MySQL 8.0.30 [rhel-9.0.0.z]
2122592 - Default logrotate set to wrong log file [rhel-9.0.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
mysql-8.0.30-3.el9_0.src.rpm

aarch64:
mysql-8.0.30-3.el9_0.aarch64.rpm
mysql-common-8.0.30-3.el9_0.aarch64.rpm
mysql-debuginfo-8.0.30-3.el9_0.aarch64.rpm
mysql-debugsource-8.0.30-3.el9_0.aarch64.rpm
mysql-devel-debuginfo-8.0.30-3.el9_0.aarch64.rpm
mysql-errmsg-8.0.30-3.el9_0.aarch64.rpm
mysql-libs-debuginfo-8.0.30-3.el9_0.aarch64.rpm
mysql-server-8.0.30-3.el9_0.aarch64.rpm
mysql-server-debuginfo-8.0.30-3.el9_0.aarch64.rpm
mysql-test-debuginfo-8.0.30-3.el9_0.aarch64.rpm

ppc64le:
mysql-8.0.30-3.el9_0.ppc64le.rpm
mysql-common-8.0.30-3.el9_0.ppc64le.rpm
mysql-debuginfo-8.0.30-3.el9_0.ppc64le.rpm
mysql-debugsource-8.0.30-3.el9_0.ppc64le.rpm
mysql-devel-debuginfo-8.0.30-3.el9_0.ppc64le.rpm
mysql-errmsg-8.0.30-3.el9_0.ppc64le.rpm
mysql-libs-debuginfo-8.0.30-3.el9_0.ppc64le.rpm
mysql-server-8.0.30-3.el9_0.ppc64le.rpm
mysql-server-debuginfo-8.0.30-3.el9_0.ppc64le.rpm
mysql-test-debuginfo-8.0.30-3.el9_0.ppc64le.rpm

s390x:
mysql-8.0.30-3.el9_0.s390x.rpm
mysql-common-8.0.30-3.el9_0.s390x.rpm
mysql-debuginfo-8.0.30-3.el9_0.s390x.rpm
mysql-debugsource-8.0.30-3.el9_0.s390x.rpm
mysql-devel-debuginfo-8.0.30-3.el9_0.s390x.rpm
mysql-errmsg-8.0.30-3.el9_0.s390x.rpm
mysql-libs-debuginfo-8.0.30-3.el9_0.s390x.rpm
mysql-server-8.0.30-3.el9_0.s390x.rpm
mysql-server-debuginfo-8.0.30-3.el9_0.s390x.rpm
mysql-test-debuginfo-8.0.30-3.el9_0.s390x.rpm

x86_64:
mysql-8.0.30-3.el9_0.x86_64.rpm
mysql-common-8.0.30-3.el9_0.x86_64.rpm
mysql-debuginfo-8.0.30-3.el9_0.x86_64.rpm
mysql-debugsource-8.0.30-3.el9_0.x86_64.rpm
mysql-devel-debuginfo-8.0.30-3.el9_0.x86_64.rpm
mysql-errmsg-8.0.30-3.el9_0.x86_64.rpm
mysql-libs-debuginfo-8.0.30-3.el9_0.x86_64.rpm
mysql-server-8.0.30-3.el9_0.x86_64.rpm
mysql-server-debuginfo-8.0.30-3.el9_0.x86_64.rpm
mysql-test-debuginfo-8.0.30-3.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:
mysql-debuginfo-8.0.30-3.el9_0.aarch64.rpm
mysql-debugsource-8.0.30-3.el9_0.aarch64.rpm
mysql-devel-8.0.30-3.el9_0.aarch64.rpm
mysql-devel-debuginfo-8.0.30-3.el9_0.aarch64.rpm
mysql-libs-8.0.30-3.el9_0.aarch64.rpm
mysql-libs-debuginfo-8.0.30-3.el9_0.aarch64.rpm
mysql-server-debuginfo-8.0.30-3.el9_0.aarch64.rpm
mysql-test-8.0.30-3.el9_0.aarch64.rpm
mysql-test-debuginfo-8.0.30-3.el9_0.aarch64.rpm

ppc64le:
mysql-debuginfo-8.0.30-3.el9_0.ppc64le.rpm
mysql-debugsource-8.0.30-3.el9_0.ppc64le.rpm
mysql-devel-8.0.30-3.el9_0.ppc64le.rpm
mysql-devel-debuginfo-8.0.30-3.el9_0.ppc64le.rpm
mysql-libs-8.0.30-3.el9_0.ppc64le.rpm
mysql-libs-debuginfo-8.0.30-3.el9_0.ppc64le.rpm
mysql-server-debuginfo-8.0.30-3.el9_0.ppc64le.rpm
mysql-test-8.0.30-3.el9_0.ppc64le.rpm
mysql-test-debuginfo-8.0.30-3.el9_0.ppc64le.rpm

s390x:
mysql-debuginfo-8.0.30-3.el9_0.s390x.rpm
mysql-debugsource-8.0.30-3.el9_0.s390x.rpm
mysql-devel-8.0.30-3.el9_0.s390x.rpm
mysql-devel-debuginfo-8.0.30-3.el9_0.s390x.rpm
mysql-libs-8.0.30-3.el9_0.s390x.rpm
mysql-libs-debuginfo-8.0.30-3.el9_0.s390x.rpm
mysql-server-debuginfo-8.0.30-3.el9_0.s390x.rpm
mysql-test-8.0.30-3.el9_0.s390x.rpm
mysql-test-debuginfo-8.0.30-3.el9_0.s390x.rpm

x86_64:
mysql-debuginfo-8.0.30-3.el9_0.x86_64.rpm
mysql-debugsource-8.0.30-3.el9_0.x86_64.rpm
mysql-devel-8.0.30-3.el9_0.x86_64.rpm
mysql-devel-debuginfo-8.0.30-3.el9_0.x86_64.rpm
mysql-libs-8.0.30-3.el9_0.x86_64.rpm
mysql-libs-debuginfo-8.0.30-3.el9_0.x86_64.rpm
mysql-server-debuginfo-8.0.30-3.el9_0.x86_64.rpm
mysql-test-8.0.30-3.el9_0.x86_64.rpm
mysql-test-debuginfo-8.0.30-3.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21412
https://access.redhat.com/security/cve/CVE-2022-21413
https://access.redhat.com/security/cve/CVE-2022-21414
https://access.redhat.com/security/cve/CVE-2022-21415
https://access.redhat.com/security/cve/CVE-2022-21417
https://access.redhat.com/security/cve/CVE-2022-21418
https://access.redhat.com/security/cve/CVE-2022-21423
https://access.redhat.com/security/cve/CVE-2022-21425
https://access.redhat.com/security/cve/CVE-2022-21427
https://access.redhat.com/security/cve/CVE-2022-21435
https://access.redhat.com/security/cve/CVE-2022-21436
https://access.redhat.com/security/cve/CVE-2022-21437
https://access.redhat.com/security/cve/CVE-2022-21438
https://access.redhat.com/security/cve/CVE-2022-21440
https://access.redhat.com/security/cve/CVE-2022-21444
https://access.redhat.com/security/cve/CVE-2022-21451
https://access.redhat.com/security/cve/CVE-2022-21452
https://access.redhat.com/security/cve/CVE-2022-21454
https://access.redhat.com/security/cve/CVE-2022-21455
https://access.redhat.com/security/cve/CVE-2022-21457
https://access.redhat.com/security/cve/CVE-2022-21459
https://access.redhat.com/security/cve/CVE-2022-21460
https://access.redhat.com/security/cve/CVE-2022-21462
https://access.redhat.com/security/cve/CVE-2022-21478
https://access.redhat.com/security/cve/CVE-2022-21479
https://access.redhat.com/security/cve/CVE-2022-21509
https://access.redhat.com/security/cve/CVE-2022-21515
https://access.redhat.com/security/cve/CVE-2022-21517
https://access.redhat.com/security/cve/CVE-2022-21522
https://access.redhat.com/security/cve/CVE-2022-21525
https://access.redhat.com/security/cve/CVE-2022-21526
https://access.redhat.com/security/cve/CVE-2022-21527
https://access.redhat.com/security/cve/CVE-2022-21528
https://access.redhat.com/security/cve/CVE-2022-21529
https://access.redhat.com/security/cve/CVE-2022-21530
https://access.redhat.com/security/cve/CVE-2022-21531
https://access.redhat.com/security/cve/CVE-2022-21534
https://access.redhat.com/security/cve/CVE-2022-21537
https://access.redhat.com/security/cve/CVE-2022-21538
https://access.redhat.com/security/cve/CVE-2022-21539
https://access.redhat.com/security/cve/CVE-2022-21547
https://access.redhat.com/security/cve/CVE-2022-21553
https://access.redhat.com/security/cve/CVE-2022-21556
https://access.redhat.com/security/cve/CVE-2022-21569
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYypfs9zjgjWX9erEAQi29w/+IYQhWwETOzatTJhnrCzNRiXEOxbO6Jwe
QfESim2Fkw3RG0d8SESKBSQ++cHYHPKHIvHBvTzsQRwDXTNRl/MXbRrhsTEEo1Ph
JoLYIM3mi9kUgvzF+Hmbc+pUqsSoD189VpcJh/v9HQ77W9QsPuqGCgC4WEYeoMOe
JDWA3CHRRosCKxJhRxmXMyuR5HyY2b08h7zKydFu2kcMHCEjfMtgKTYwrCKDFzHi
HPTLyJyKYI3Kzj1msjQlRfmGvwY0Zu0Sp0O/Gt38C0kpZMKOjSsT9QSuLUUKDED0
6bXpGW+LrF1FKnJy39mMmeEsKpcusWlIaveD+VlHsd+0ZE2FspoAZD+6NlIHMgDb
S7cwLhkzRfdXsunveyzRYZFBhCRnAPYUqcTZuuXQb8HraLrdBOWPExH7maWy04F8
gYZDGxrJBnxJK5YJzGufGDsm1A5N84SOmkgecZZtcW6p4ssCI8gTH59DdzFukpmR
p57alaamiDccdEhFAnyh9yddpEllTTjQUHlT77zU661cKv57gjh+Op06/Y84uuDC
t0rMCKUro/xINyMq5y+YoXSTQ0502PMNZIGrSs6HDnNv7F8bUfXwAG6KUhByA+lv
vKYKtK4qTEV92vV6104ZboamOxdNNeIf/mQH4Gt8zwEId77RC0B0WXv01H1Ihc7C
lJEKP7MBI4E=
=Z91l
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYyp/h8kNZI30y1K9AQi4mQ/+ONmf1Wg575Uy45c1l6MwCRjHzAtjmra0
zOMsknSzKYoPp7B7UXJ6P6CeVAa5vEHgof7SfWhqEXBZFABBj3T232YmWe1sP5mK
H/aZz39A8SVYM3Yb6H1KNySkHOHWLQ22GMaF331G9QSnqo4hSPwZvozNtvCFO+Uk
SiYgkCCA0jSqc4Y3OGHqKz1DRGz4kIO27bZNKVO8kIsM0B6+8ZFwq+v/9xeXa0HF
jUzeu0NhH4YX5Csr+8wz8VfSFv7ZQvHSlnAgJwuKTwmPttD3Hv1cDSn/d94LZ0+t
sjLfTkRmB9NrRqAlNPX3ZPjqmJYHBLbP8p2vHkA/KNW8gxI+1JOZDU+Q/eZEC7+z
8eiYlcg5PyUkYc7Yz5cJLnpA25WqoIHWyxmVeTzdJMRZIl7TCpsezYaKH772vf6w
xQs6oT0/+CUFK7p4EKa9/BImk347/4QrH/awPjikWHIHjY1G3vo781MbqvaiLREf
e8otNi0M4yc7eh7cQEC3m5HKnhs//zrDJA8I5YPNQLjjQUGD8cQzS766RAR00ZzD
BvS3inc9TW+LEPrxjIkyiXvGv6vhKQLKocUZuEAfXZAZKD4T0yvvFCYRNScpGu8U
DjHCgci9dYzGGtrv3ObdMDXOzmFp+cD01ghWUqODtt335W/P+A14WwH9PAtKrM7f
Mu21v4lshzE=
=Aftw
-----END PGP SIGNATURE-----