Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

                   Security update for the Linux Kernel
                               19 April 2023


        AusCERT Security Bulletin Summary

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-28772 CVE-2023-28464 CVE-2023-28328
                   CVE-2023-23455 CVE-2023-1611 CVE-2023-1513
                   CVE-2023-1390 CVE-2023-1281 CVE-2023-1095
                   CVE-2023-1076 CVE-2022-20567 CVE-2021-3923
                   CVE-2020-36691 CVE-2017-5753 

Original Bulletin: 

Comment: CVSS (Max):  7.8 CVE-2023-23455 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update for the Linux Kernel

Announcement ID:  SUSE-SU-2023:1894-1
     Rating:      important
                    o #1065729
                    o #1109158
                    o #1142926
                    o #1181001
                    o #1193231
                    o #1199837
                    o #1203693
                    o #1206010
                    o #1207001
                    o #1207125
                    o #1207890
                    o #1208048
                    o #1208599
                    o #1208777
                    o #1208850
                    o #1209052
                    o #1209118
   References:      o #1209126
                    o #1209256
                    o #1209289
                    o #1209291
                    o #1209292
                    o #1209532
                    o #1209547
                    o #1209549
                    o #1209556
                    o #1209572
                    o #1209613
                    o #1209634
                    o #1209684
                    o #1209687
                    o #1209777
                    o #1209778
                    o #1209798

                    o CVE-2017-5753
                    o CVE-2020-36691
                    o CVE-2021-3923
                    o CVE-2022-20567
                    o CVE-2023-1076
                    o CVE-2023-1095
                    o CVE-2023-1281
Cross-References:   o CVE-2023-1390
                    o CVE-2023-1513
                    o CVE-2023-1611
                    o CVE-2023-23455
                    o CVE-2023-28328
                    o CVE-2023-28464
                    o CVE-2023-28772

                    o CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/
                    o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
                    o CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/
                    o CVE-2022-20567 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N
                    o CVE-2022-20567 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/
                    o CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/
                    o CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
  CVSS scores:      o CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R
                    o CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N
                    o CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/

    Affected        o SUSE Linux Enterprise High Performance Computing 12 SP5
    Products:       o SUSE Linux Enterprise Real Time 12 SP5
                    o SUSE Linux Enterprise Server 12 SP5

An update that solves 14 vulnerabilities and has 20 fixes can now be installed.


The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  o CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#
  o CVE-2020-36691: Fixed an issue which could allow attackers to cause a
    denial of service via a nested Netlink policy with a back reference (bsc#
  o CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/
    seq_buf.c (bsc#1209549).
  o CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs
    structure that could be copied to userspace, causing an information leak
  o CVE-2023-28464: Fixed user-after-free that could lead to privilege
    escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
  o CVE-2021-3923: Fixed stack information leak vulnerability that could lead
    to kernel protection bypass in infiniband RDMA (bsc#1209778).
  o CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#
  o CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue led by a
    type confusion (bsc#1207125).
  o CVE-2023-1281: Fixed use after free that could lead to privilege escalation
    in tcindex (bsc#1209634).
  o CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
  o CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
  o CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers
    /media/usb/dev-usb/az6027.c (bsc#1209291).
  o CVE-2022-20567: Fixed use after free that could lead to a local privilege
    escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
  o CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#
  o CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed
    list head (bsc#1208777).

The following non-security bugs were fixed:

  o applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
  o ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel()
  o arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
  o arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
  o arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798).
  o arm64: Do not forget syscall when starting a new thread. (git-fixes)
  o arm64: Fix compiler warning from pte_unmap() with (git-fixes)
  o arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes)
  o arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
  o arm64: kprobe: make page to RO mode when allocate it (git-fixes)
  o arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes)
  o arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes)
  o arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes)
  o arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes)
  o arm64: unwind: Prohibit probing on return_address() (git-fixes)
  o arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes)
  o arm64/alternatives: do not patch up internal branches (git-fixes)
  o arm64/alternatives: move length validation inside the subsection
  o arm64/alternatives: use subsections for replacement sequences (git-fixes)
  o arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
  o arm64/mm: fix variable 'pud' set but not used (git-fixes)
  o arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes)
  o arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes)
  o Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
  o Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave()
  o crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
  o dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
  o ftrace: Fix invalid address access in lookup_rec() when index is 0
  o ima: Fix function name error in comment (git-fixes).
  o Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes).
  o ipv4: route: fix inet_rtm_getroute induced crash (git-fixes).
  o kabi: PCI: endpoint: Fix for concurrent memory allocation in OB address
    region (git-fixes).
  o kfifo: fix ternary sign extension bugs (git-fixes).
  o kgdb: Drop malformed kernel doc comment (git-fixes).
  o KVM: arm64: Hide system instruction access to Trace registers (git-fixes)
  o net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
  o net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes).
  o net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
  o net: usb: smsc75xx: Move packet length check to prevent kernel panic in
    skb_pull (git-fixes).
  o net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
  o NFSv4: Fix hangs when recovering open state after a server reboot
  o ntp: Limit TAI-UTC offset (git-fixes)
  o PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only
    register (git-fixes).
  o PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
  o PCI: aardvark: Do not touch PCIe registers if no card connected
  o PCI: aardvark: Fix a leaked reference by adding missing of_node_put()
  o PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes).
  o PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
  o PCI: aardvark: Improve link training (git-fixes).
  o PCI: aardvark: Indicate error in 'val' when config read fails (git-fixes).
  o PCI: aardvark: Introduce an advk_pcie_valid_device() helper (git-fixes).
  o PCI: aardvark: Remove PCIe outbound window configuration (git-fixes).
  o PCI: aardvark: Train link immediately after enabling training (git-fixes).
  o PCI: aardvark: Wait for endpoint to be ready before training link
  o PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes).
  o PCI: Add ACS quirk for iProc PAXB (git-fixes).
  o PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).
  o PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).
  o PCI: endpoint: Cast the page number to phys_addr_t (git-fixes).
  o PCI: endpoint: Fix for concurrent memory allocation in OB address region
  o PCI: hv: Add a per-bus mutex state_lock (bsc#1207001).
  o PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#
  o PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#
  o PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#
  o PCI: Make ACS quirk implementations more uniform (git-fixes).
  o PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
  o PCI: PM: Avoid skipping bus-level PM on platforms without ACPI (git-fixes).
  o PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
  o PCI: tegra: Fix OF node reference leak (git-fixes).
  o PCI: Unify ACS quirk desired vs provided checking (git-fixes).
  o PCI: Use pci_update_current_state() in pci_enable_device_flags()
  o PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
  o PCI/MSI: Enforce MSI entry updates to be visible (git-fixes).
  o PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
  o PCI/MSI: Mask all unused MSI-X entries (git-fixes).
  o PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
  o PCI/PM: Always return devices to D0 when thawing (git-fixes).
  o PCI/PM: Avoid using device_may_wakeup() for runtime PM (git-fixes).
  o PM: hibernate: flush swap writer after marking (git-fixes).
  o powerpc/btext: add missing of_node_put (bsc#1065729).
  o powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#
  o powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158
    ltc#169177 git-fixes).
  o powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#
  o powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
  o powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1065729).
  o ppc64le: HWPOISON_INJECT=m (bsc#1209572).
  o ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
  o s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
  o sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
  o scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#
  o scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#
    1209684 bsc#1209556).
  o SUNRPC: Fix a server shutdown leak (git-fixes).
  o timekeeping: Prevent 32bit truncation in (git-fixes)
  o timers: Clear timer_base::must_forward_clk with (bsc#1207890)
  o timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze
    () (git-fixes).
  o tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
  o tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr
  o uprobes/x86: Fix detection of 32-bit user mode (git-fixes).
  o usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
  o usb: dwc3: exynos: Fix remove() function (git-fixes).
  o usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
  o usb: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
  o usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
  o x86, boot: Remove multiple copy of static function sanitize_boot_params()
  o x86/apic: Add name to irq chip (bsc#1206010).
  o x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191).
  o x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
  o x86/apic: Handle missing global clockevent gracefully (git-fixes bsc#
  o x86/apic: Soft disable APIC before initializing it (git-fixes).
  o x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes).
  o x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
  o x86/decoder: Add TEST opcode to Group3-2 (git-fixes).
  o x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes).
  o x86/ioapic: Force affinity setup before startup (bsc#1193231).
  o x86/ioapic: Prevent inconsistent state when moving an interrupt
  o x86/irq/64: Limit IST stack overflow check to #DB stack (git-fixes).
  o x86/lib/cpu: Address missing prototypes warning (git-fixes).
  o x86/mce: Lower throttling MCE messages' priority to warning (git-fixes).
  o x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault
    () (git-fixes).
  o x86/mm: Use the correct function type for native_set_fixmap() (git-fixes).
  o x86/paravirt: Fix callee-saved function ELF sizes (git-fixes).
  o x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes).
  o x86/power: Fix 'nosmt' vs hibernation triple fault during resume
  o x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
    fails (git-fixes).
  o x86/stacktrace: Prevent infinite loop in arch_stack_walk_user()
  o x86/sysfb: Fix check for bad VRAM size (git-fixes).
  o x86/uaccess, signal: Fix AC=1 bloat (git-fixes).
  o x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001 jsc#
  o x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
  o x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
  o xen/netfront: enable device after manual module load (git-fixes).
  o xen/netfront: Fix mismatched rtnl_unlock (git-fixes).
  o xen/netfront: Fix NULL sring after live migration (git-fixes).
  o xen/netfront: fix potential deadlock in xennet_remove() (git-fixes).
  o xen/netfront: Fix race between device setup and open (git-fixes).
  o xen/netfront: Update features after registering netdev (git-fixes).
  o xen/netfront: wait xenbus state change when load module manually
  o xen/netfront: fix waiting for xenbus state change (git-fixes).
  o xen/netfront: stop tx queues during live migration (git-fixes).
  o xen/platform-pci: add missing free_irq() in error path (git-fixes).

Special Instructions and Notes:

  o Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Real Time 12 SP5
    zypper in -t patch SUSE-SLE-RT-12-SP5-2023-1894=1

Package List:

  o SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
  o SUSE Linux Enterprise Real Time 12 SP5 (noarch)
  o SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)


  o https://www.suse.com/security/cve/CVE-2017-5753.html
  o https://www.suse.com/security/cve/CVE-2020-36691.html
  o https://www.suse.com/security/cve/CVE-2021-3923.html
  o https://www.suse.com/security/cve/CVE-2022-20567.html
  o https://www.suse.com/security/cve/CVE-2023-1076.html
  o https://www.suse.com/security/cve/CVE-2023-1095.html
  o https://www.suse.com/security/cve/CVE-2023-1281.html
  o https://www.suse.com/security/cve/CVE-2023-1390.html
  o https://www.suse.com/security/cve/CVE-2023-1513.html
  o https://www.suse.com/security/cve/CVE-2023-1611.html
  o https://www.suse.com/security/cve/CVE-2023-23455.html
  o https://www.suse.com/security/cve/CVE-2023-28328.html
  o https://www.suse.com/security/cve/CVE-2023-28464.html
  o https://www.suse.com/security/cve/CVE-2023-28772.html
  o https://bugzilla.suse.com/show_bug.cgiid=1065729
  o https://bugzilla.suse.com/show_bug.cgiid=1109158
  o https://bugzilla.suse.com/show_bug.cgiid=1142926
  o https://bugzilla.suse.com/show_bug.cgiid=1181001
  o https://bugzilla.suse.com/show_bug.cgiid=1193231
  o https://bugzilla.suse.com/show_bug.cgiid=1199837
  o https://bugzilla.suse.com/show_bug.cgiid=1203693
  o https://bugzilla.suse.com/show_bug.cgiid=1206010
  o https://bugzilla.suse.com/show_bug.cgiid=1207001
  o https://bugzilla.suse.com/show_bug.cgiid=1207125
  o https://bugzilla.suse.com/show_bug.cgiid=1207890
  o https://bugzilla.suse.com/show_bug.cgiid=1208048
  o https://bugzilla.suse.com/show_bug.cgiid=1208599
  o https://bugzilla.suse.com/show_bug.cgiid=1208777
  o https://bugzilla.suse.com/show_bug.cgiid=1208850
  o https://bugzilla.suse.com/show_bug.cgiid=1209052
  o https://bugzilla.suse.com/show_bug.cgiid=1209118
  o https://bugzilla.suse.com/show_bug.cgiid=1209126
  o https://bugzilla.suse.com/show_bug.cgiid=1209256
  o https://bugzilla.suse.com/show_bug.cgiid=1209289
  o https://bugzilla.suse.com/show_bug.cgiid=1209291
  o https://bugzilla.suse.com/show_bug.cgiid=1209292
  o https://bugzilla.suse.com/show_bug.cgiid=1209532
  o https://bugzilla.suse.com/show_bug.cgiid=1209547
  o https://bugzilla.suse.com/show_bug.cgiid=1209549
  o https://bugzilla.suse.com/show_bug.cgiid=1209556
  o https://bugzilla.suse.com/show_bug.cgiid=1209572
  o https://bugzilla.suse.com/show_bug.cgiid=1209613
  o https://bugzilla.suse.com/show_bug.cgiid=1209634
  o https://bugzilla.suse.com/show_bug.cgiid=1209684
  o https://bugzilla.suse.com/show_bug.cgiid=1209687
  o https://bugzilla.suse.com/show_bug.cgiid=1209777
  o https://bugzilla.suse.com/show_bug.cgiid=1209778
  o https://bugzilla.suse.com/show_bug.cgiid=1209798

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: https://auscert.org.au/gpg-key/