copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2007.0955 -- [Win][UNIX/Linux][Debian] -- New tk8.3 and tk8.4 packages fix arbitrary code execution

Date: 28 November 2007
References: AL-2008.0067  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                ESB-2007.0955 -- [Win][UNIX/Linux][Debian]
         New tk8.3 and tk8.4 packages fix arbitrary code execution
                             28 November 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              tk8.4
                      tk8.3
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
                      Debian GNU/Linux 3.1
                      UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-5378

Original Bulletin:    http://www.debian.org/security/2007/dsa-1416
                      http://www.debian.org/security/2007/dsa-1415

Comment: Note that this bulletin contains two Debian advisories - one for
         tk8.3 and one for tk8.4.
         
         This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that adminstrators
         running tk8.3 or tk8.4 check for an updated version of the software
         for their operating system.

Revision History:  November 28 2007: Added bulletin for tk8.4
                   November 28 2007: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1415-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 27, 2007                     http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : tk8.4
Vulnerability  : buffer overflow
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-5378

It was discovered that Tk, a cross-platform graphical toolkit for Tcl
performs insufficient input validation in the code used to load GIF
images, which may lead to the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 8.4.12-1etch1.

For the old stable distribution (sarge), this problem has been fixed
in version 8.4.9-1sarge1.

We recommend that you upgrade your tk8.4 packages. Updated packages for
sparc will be provided later.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- - ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1.diff.gz
    Size/MD5 checksum:    19132 8ded0a058cbe9140f905cbd769622d45
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9.orig.tar.gz
    Size/MD5 checksum:  3266500 1b64258abaf258e9a86f331d8de17a71
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1.dsc
    Size/MD5 checksum:      672 3a7de8981a9239e231c55486ee308de3

Architecture independent packages:

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.9-1sarge1_all.deb
    Size/MD5 checksum:   775182 df1628c1fadebdf2ce7d4ab138a0dcca

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_alpha.deb
    Size/MD5 checksum:   940380 984e7d1787ea4bf5df7d05be8feaee31
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_alpha.deb
    Size/MD5 checksum:  1031394 a68b8bd438ce30ad2899e893abbdf042

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_amd64.deb
    Size/MD5 checksum:   976380 299c8fca87bdbe6a162edea32d44c38d
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_amd64.deb
    Size/MD5 checksum:   810012 3b83261ac52a6a630958969f8b68f044

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_arm.deb
    Size/MD5 checksum:   945218 6f016ddd99884ffb1a7fa636d5c157fd
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_arm.deb
    Size/MD5 checksum:   823888 2c55586df75b8ce85b71f396aa511ce9

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_hppa.deb
    Size/MD5 checksum:   912732 100772a425baf8736ac2e59e11a111e4
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_hppa.deb
    Size/MD5 checksum:  1046506 ac02d6ea5b9249cfc8d8bd3f7905dd03

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_i386.deb
    Size/MD5 checksum:   956128 8508b0b84a8a8887903ee61096c85c39
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_i386.deb
    Size/MD5 checksum:   793304 9bc383580f29575f49035ec640595df4

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_ia64.deb
    Size/MD5 checksum:  1053280 c1684368d5bbdc14919cb11ad26bc726
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_ia64.deb
    Size/MD5 checksum:  1182358 2a0c99c93455876bf42867bc83620b00

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_m68k.deb
    Size/MD5 checksum:   909088 ccece33fe08dc605e03044dad3a43661
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_m68k.deb
    Size/MD5 checksum:   696326 0ab235f58988c18975e43089c3e10af0

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_mips.deb
    Size/MD5 checksum:   836414 48299e087ae5dc67625b27d7f0854e32
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_mips.deb
    Size/MD5 checksum:   974766 f39594e6990da6263c3bdba7ee4aea86

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_mipsel.deb
    Size/MD5 checksum:   971980 1c4ef565e11e47071ea107f141170512
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_mipsel.deb
    Size/MD5 checksum:   834546 4597a7304dd446b7925e2c063545624c

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_powerpc.deb
    Size/MD5 checksum:   809966 12bcccfa9063c8a62f0dd7057dfe8504
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_powerpc.deb
    Size/MD5 checksum:   972248 f0bd560ab2cee8d267e9dbb9094058a3

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_s390.deb
    Size/MD5 checksum:   807346 ecd93447c67c3699fd208103d816978c
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_s390.deb
    Size/MD5 checksum:   979828 d1bac5275945a17ed5367dda901430f8

Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1.diff.gz
    Size/MD5 checksum:    21554 9ebdf19de1ed8568cd28c25eb972e2d3
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1.dsc
    Size/MD5 checksum:      673 61cb74d2fb34540869e30d14ea1e40d9
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
    Size/MD5 checksum:  3245547 316491cb82d898b434842353aed1f0d6

Architecture independent packages:

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.12-1etch1_all.deb
    Size/MD5 checksum:   788108 6f9d55cb28c45666ae3b32df3c1ca795

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_alpha.deb
    Size/MD5 checksum:   967902 85a3c359c59496341cec367587b900a0
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_alpha.deb
    Size/MD5 checksum:  1050782 2fc3f31072e99d2353bbb8dccf96855e

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_amd64.deb
    Size/MD5 checksum:   839242 de732d67838526d3226e8fde45371f03
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_amd64.deb
    Size/MD5 checksum:  1008782 a7835d6d302380cce9d052ce84aa7bd5

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_arm.deb
    Size/MD5 checksum:   971456 2a559e222eeaa8a98adbda09313d834d
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_arm.deb
    Size/MD5 checksum:   793800 030853f33c20183d311aa847c36b1701

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_hppa.deb
    Size/MD5 checksum:   931586 ce5bdcac2f3accf51c0f5c06ef3482fe
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_hppa.deb
    Size/MD5 checksum:  1073338 f4e3cd09a5b8a06703831fe5854484bb

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_i386.deb
    Size/MD5 checksum:   818374 4a7b6492c3442378f328f3eb0fe1601f
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_i386.deb
    Size/MD5 checksum:   977082 87f0b6134d507238444463e55e38fec7

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_ia64.deb
    Size/MD5 checksum:  1259516 20ddea5e9bcd3bb35763572e38c4361d
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_ia64.deb
    Size/MD5 checksum:  1136186 9fc4e609f181584adf0236898ddf8f4c

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_mips.deb
    Size/MD5 checksum:  1000718 3622d0943aae361891aedebf76d76ad8
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_mips.deb
    Size/MD5 checksum:   876670 3d2c3888b2d52647f81c85a4deb756c0

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_mipsel.deb
    Size/MD5 checksum:   999140 5012f47d29bd963cc8b3bb25015deba3
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_mipsel.deb
    Size/MD5 checksum:   875762 541b3137f5bca84dcb5cb2e7cac949bf

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_powerpc.deb
    Size/MD5 checksum:   807006 cd8b98b18b585b658812050315a0cb73
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_powerpc.deb
    Size/MD5 checksum:   998832 f69d8b6c7ed360dcba77fada3d39ad3a

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_s390.deb
    Size/MD5 checksum:   847076 c9fb6468ecd528584dadc67888f897ed
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_s390.deb
    Size/MD5 checksum:  1016808 5eefee6032b8d4109796e68b78f16bd6

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_sparc.deb
    Size/MD5 checksum:   826552 ba502e25a2a6c811ee609216d3483bf8
  http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_sparc.deb
    Size/MD5 checksum:   978866 aadde6fd7e0713a4c6d52f95c352382c


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTIMRXm3vHE4uyloRAv2HAKCExv3bKZmNEajHyjLHKX2eAk9AygCgklvL
+IE9W+yttsJz4MiKD3hasaI=
=ZPdF
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1416-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 27, 2007                     http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : tk8.3
Vulnerability  : buffer overflow
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-5378

It was discovered that Tk, a cross-platform graphical toolkit for Tcl
performs insufficient input validation in the code used to load GIF
images, which may lead to the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 8.3.5-6etch1.

Due to the technical limitation in the Debian archive scripts the update
for the old stable distribution (sarge) cannot be released in sync with
the update for the stable distribution. It will be provided in the next
days.

We recommend that you upgrade your tk8.3 packages.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1.dsc
    Size/MD5 checksum:      672 de719ed8329448b60a2aa5222d94b4c5
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1.diff.gz
    Size/MD5 checksum:    28583 de9d57ab9820f98f01a71cab78b9a51c
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
    Size/MD5 checksum:  2598030 363a55d31d94e05159e9212074c68004

Architecture independent packages:

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-6etch1_all.deb
    Size/MD5 checksum:   656798 11b87b5e83e8adfa2e19dc93567c422f

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_alpha.deb
    Size/MD5 checksum:   808264 05534d541c67856fd7df57bee0b7448f
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_alpha.deb
    Size/MD5 checksum:   870224 c8f3c39de9dbdbe34afc0558653e97f2

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_amd64.deb
    Size/MD5 checksum:   691340 3aa055a50b0c1864712cad543240cab6
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_amd64.deb
    Size/MD5 checksum:   830790 50c07325658b74d25d06e239012da590

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_arm.deb
    Size/MD5 checksum:   649782 33621a77aaf49894dc7962d7579ae2c3
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_arm.deb
    Size/MD5 checksum:   802848 7619e44e0c07804307f3b3d59d97589a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_hppa.deb
    Size/MD5 checksum:   888990 d9eaf0227c0594236389bf877747744e
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_hppa.deb
    Size/MD5 checksum:   773376 c06fc4983e04a409811c6b070a7d0b4a

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_i386.deb
    Size/MD5 checksum:   670426 3bf93bae2527f043b01edb3018de4d90
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_i386.deb
    Size/MD5 checksum:   803736 99d6c8562e60a2648817db63555fcbc1

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_ia64.deb
    Size/MD5 checksum:  1057842 45e3159db424788b401d4a98c1dfb511
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_ia64.deb
    Size/MD5 checksum:   959436 9cce282e61e257655301ad47ddc03ac1

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_mips.deb
    Size/MD5 checksum:   824708 437a50b7cfd05d863b9a4a97b596969e
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_mips.deb
    Size/MD5 checksum:   725262 8a50f4b098e50fec648ce187139f8af8

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_mipsel.deb
    Size/MD5 checksum:   822976 3451e740c116b8fbf77c07e744624637
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_mipsel.deb
    Size/MD5 checksum:   725896 6c09774f07d8463251684f26c1bcda1f

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_powerpc.deb
    Size/MD5 checksum:   824230 2251a2ee8548aeeb72dd4a1f425fc2b0
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_powerpc.deb
    Size/MD5 checksum:   659860 d0332098901ff52792d9ab560b242b61

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_s390.deb
    Size/MD5 checksum:   693954 324775b60e7224a3aab44b895a3eb7b9
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_s390.deb
    Size/MD5 checksum:   838370 1a04c4abe7846022366f401a7049e83e

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_sparc.deb
    Size/MD5 checksum:   805234 9bc0cd3ac6d1a375ffe56d889d4967a7
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_sparc.deb
    Size/MD5 checksum:   680440 328ed71bd6147eb48d1843ad04d7406c


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTIQpXm3vHE4uyloRAu3YAJ9RDQkX0xRClWaEiZVkEU1A7/IHAgCdECYE
O227xjm2evaV0ZuE5krU8lU=
=ywra
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR0zNFSh9+71yA2DNAQLRzwP+NQXb1QfsbKiUL/h2JnQZMJHwHaEuMQLI
xxrm/P44xc+vbmPHAMIOtmS/VWiRV19uXjojOJYaHVqYTRF45MseN9Wo/FKUcx48
prMEs1gIUs7NUtlsCRckl3NU4tDZ4gL41GlbHumdoQQfWhDc7aCq09cgFwMM6C0O
ZaQHlQ0rQOY=
=3DEh
-----END PGP SIGNATURE-----