Operating System:

Published:

15 April 2004

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

   ESB-2004.0271 -- Debian Security Advisories DSA 479-1, DSA 479-2, DSA
                        480-1, DSA 481-1, DSA 482-1
          New Linux 2.4.18/2.4.17 packages fix local root exploit
                               15 April 2004

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                kernel 2.4.17
                        kernel 2.4.18
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux
Platform:               Alpha
                        IA-32
                        IA-64
                        PowerPC
                        PA-RISC
                        S/390
Impact:                 Root Compromise
                        Increased Privileges
                        Denial of Service
Access Required:        Existing Account
CVE Names:              CAN-2004-0003 CAN-2004-0010 CAN-2004-0109
                        CAN-2004-0177 CAN-2004-0178

Comment: This ESB combines five related Debian Security Advisories (DSA
         479-1, DSA 479-2, DSA 480-1, DSA 481-1 and DSA 482-1) for
         various platforms.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 479-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 14th, 2004                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc
Vulnerability  : several vulnerabilities
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc
architectures.  The Common Vulnerabilities and Exposures project
identifies the following problems that will be fixed with this update:

CAN-2004-0003

    A vulnerability has been discovered in the R128 drive in the Linux
    kernel which could potentially lead an attacker to gain
    unauthorised privileges.  Alan Cox and Thomas Biege developed a
    correction for this

CAN-2004-0010

    Arjan van de Ven discovered a stack-based buffer overflow in the
    ncp_lookup function for ncpfs in the Linux kernel, which could
    lead an attacker to gain unauthorised privileges.  Petr Vandrovec
    developed a correction for this.

CAN-2004-0109

    zen-parse discovered a buffer overflow vulnerability in the
    ISO9660 filesystem component of Linux kernel which could be abused
    by an attacker to gain unauthorised root access.  Sebastian
    Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

    Solar Designer discovered an information leak in the ext3 code of
    Linux.  In a worst case an attacker could read sensitive data such
    as cryptographic keys which would otherwise never hit disk media.
    Theodore Ts'o developed a correction for this.

CAN-2004-0178

    Andreas Kies discovered a denial of service condition in the Sound
    Blaster driver in Linux.  He also developed a correction.

These problems will also be fixed by upstream in Linux 2.4.26 and
future versions of 2.6.

The following security matrix explains which kernel versions for which
architecture are already fixed.  Kernel images in the unstable Debian
distribution (sid) will be fixed soon.

Architecture    stable (woody)     unstable (sid)    removed in sid
source          2.4.18-14.3        2.4.25-3          --
alpha           2.4.18-15          soon              --
i386            2.4.18-13          soon              --
i386bf          2.4.18-5woody8     soon              --
powerpc         2.4.18-1woody5     2.4.25-8          2.4.22

We recommend that you upgrade your kernel packages immediately, either
with a Debian provided kernel or with a self compiled one.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.3.dsc
      Size/MD5 checksum:      664 a9d96cc8553c3a9085bad09e071c5814
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.3.diff.gz
      Size/MD5 checksum:    70724 4de077af92c196a6af7797d1ceea4004
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
      Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-15.dsc
      Size/MD5 checksum:      876 453a2a47eb3c6b748e75e0cb65bdd6bb
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-15.tar.gz
      Size/MD5 checksum:    24922 f822e7999659ddcfd53dee73894afdc1

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.dsc
      Size/MD5 checksum:     1327 d37593f6e47c2b9809530eb54deeae3e
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.tar.gz
      Size/MD5 checksum:    70213 c795ba781adbd8a19202d8d986a3d0da

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody8.dsc
      Size/MD5 checksum:      656 278af48a357187864c52382eeb13451d
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody8.tar.gz
      Size/MD5 checksum:    26780 1f0c2eba8d3d90eef1a183f6b27f1fff

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody5.dsc
      Size/MD5 checksum:      713 77511f3afefed1dd71c1f73e2e036000
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody5.tar.gz
      Size/MD5 checksum:    79970 2720d9864cdd05bfc6b3bd7228ca9083

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.3_all.deb
      Size/MD5 checksum:  1720106 f25772ce2d398adc25509a1ae040c76f
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.3_all.deb
      Size/MD5 checksum: 24138244 d63666d64cb91f59f2feded30ef8ea70

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody5_all.deb
      Size/MD5 checksum:    79722 d822eaa6adcdd517d600d62c819db7b6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-15_alpha.deb
      Size/MD5 checksum:  3363486 862f6e8f85737dd13c6ca9b760384f1a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-15_alpha.deb
      Size/MD5 checksum:  3512910 935ef424b222d336a642b2e7cd291e4a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-15_alpha.deb
      Size/MD5 checksum:  3515528 6ef19a362ec019e79fdb057fea1c9fc2
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-15_alpha.deb
      Size/MD5 checksum: 12424690 725ff255cf8941cfb5c77581d8a518d4
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-15_alpha.deb
      Size/MD5 checksum: 12801130 8d15f05215223ffcf9b11b3f682667d3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-13_i386.deb
      Size/MD5 checksum:  3429534 1aac0648c6f5fdee84721799806ef07a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-13_i386.deb
      Size/MD5 checksum:  3446290 a13776eb95c3661696f86e06a6dbac48
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-13_i386.deb
      Size/MD5 checksum:  3446482 233230438756120878a4e4b96876e61b
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-13_i386.deb
      Size/MD5 checksum:  3446444 b5f8437bfd3279ed3f4b2f63fc2d75f5
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-13_i386.deb
      Size/MD5 checksum:  3446458 6dbbfba03667156316b184bd939d21e2
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-13_i386.deb
      Size/MD5 checksum:  3446350 ff76c153c3eb285b1f7b035223bc1e39
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-13_i386.deb
      Size/MD5 checksum:  3446324 dc2a142c75db787fdeb8a0c8e8941d1a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-13_i386.deb
      Size/MD5 checksum:  1154336 96f1e8262a5b11a8498d70643e87f546
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-13_i386.deb
      Size/MD5 checksum:  1154362 8b4bc947b6ab39a2deb0731f891889f3
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-13_i386.deb
      Size/MD5 checksum:  1154358 a6e7db160b30f90711be11260128a6bb
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-13_i386.deb
      Size/MD5 checksum:  1154414 cde845ca2c7b351ce79b66965a04a748
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-13_i386.deb
      Size/MD5 checksum:  1154338 407aa3a3a95aa5cd8aaf5b34b306b1a4
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb
      Size/MD5 checksum:  1154342 152aca9d4a2d7014a9834c239d754d0e
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-13_i386.deb
      Size/MD5 checksum:     5746 9a5675e9da37620b2b3c8dc1aebfa5d0
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-13_i386.deb
      Size/MD5 checksum:     5758 325071afd718f4c0c1ba8769aba9864d
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-13_i386.deb
      Size/MD5 checksum:     5778 212f47c992067729e8eb3da05c89c242
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-13_i386.deb
      Size/MD5 checksum:     5804 683e3a330cfde650ede99e8a6a771149
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-13_i386.deb
      Size/MD5 checksum:     5760 8a73b13a799928232f5028be37356ad2
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-13_i386.deb
      Size/MD5 checksum:     5762 be2713125a6111ab76458e07d42f3634

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody8_i386.deb
      Size/MD5 checksum:  3411032 c97ea4fcff846ac6d0dc945d601cb97c
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody8_i386.deb
      Size/MD5 checksum:  6425640 83dc812db817e703eaa21451d048f4f7

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody5_powerpc.deb
      Size/MD5 checksum:  3433044 0836b0d1fbcc5c9f440d5c75ff14f006
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody5_powerpc.deb
      Size/MD5 checksum:  9456688 4473c2577d3be988993219b82ed90eda
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody5_powerpc.deb
      Size/MD5 checksum: 10105472 ae0b1d57bfc8593d9aa4ad1403044607
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody5_powerpc.deb
      Size/MD5 checksum: 10351786 f84fe609d7192a51c4f091c1c0893680


  These files will probably be moved into the stable distribution on
  its next revision.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAfVAvW5ql+IAeqTIRAl2ZAJ9iOjA7z+AE4QFETph/RgdpfKu3WwCfdBmo
l3YTSWUqfR8Uz29E6qhoitY=
=tRLO
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 479-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 14th, 2004                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : kernel-image-2.4.18-1-i386
Vulnerability  : several vulnerabilities
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.18 for the i386 architecture.
This advisory replaces the i386 part of DSA 479-1 (except for the
i386bf part).  An unfortunate build error caused some of the kernel
packages in DSA 479-1 to be broken.  They are updated with this
advisory.  For completeness below is the original advisory text:

The Common Vulnerabilities and Exposures project identifies the
following problems that will be fixed with this update:

CAN-2004-0003

    A vulnerability has been discovered in the R128 drive in the Linux
    kernel which could potentially lead an attacker to gain
    unauthorised privileges.  Alan Cox and Thomas Biege developed a
    correction for this

CAN-2004-0010

    Arjan van de Ven discovered a stack-based buffer overflow in the
    ncp_lookup function for ncpfs in the Linux kernel, which could
    lead an attacker to gain unauthorised privileges.  Petr Vandrovec
    developed a correction for this.

CAN-2004-0109

    zen-parse discovered a buffer overflow vulnerability in the
    ISO9660 filesystem component of Linux kernel which could be abused
    by an attacker to gain unauthorised root access.  Sebastian
    Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

    Solar Designer discovered an information leak in the ext3 code of
    Linux.  In a worst case an attacker could read sensitive data such
    as cryptographic keys which would otherwise never hit disk media.
    Theodore Ts'o developed a correction for this.

CAN-2004-0178

    Andreas Kies discovered a denial of service condition in the Sound
    Blaster driver in Linux.  He also developed a correction.

These problems will also be fixed by upstream in Linux 2.4.26 and
future versions of 2.6.

The following security matrix explains which kernel versions for which
architecture are already fixed.  Kernel images in the unstable Debian
distribution (sid) will be fixed soon.

Architecture    stable (woody)     unstable (sid)    removed in sid
source          2.4.18-14.3        2.4.25-3          --
alpha           2.4.18-15          soon              --
i386            2.4.18-13.1        soon              --
i386bf          2.4.18-5woody8     soon              --
powerpc         2.4.18-1woody5     2.4.25-8          2.4.22

We recommend that you upgrade your kernel packages immediately, either
with a Debian provided kernel or with a self compiled one.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.1.dsc
      Size/MD5 checksum:     1193 c5bea6e9e74b7bb8bf2dd6216cf1541d
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.1.tar.gz
      Size/MD5 checksum:    70555 035a589ccba3168c3d72d383bbec5dab

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  3413448 1b9c7a124b6411a0fcf6cc5778171a66
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  3504660 6696636adee7b176ab825d81e9165e4b
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  3506488 b4106b490093484664c43852856fa8bb
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  3505952 76dae7ea3d3101b360fb6698330c3398
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  3507012 4781cdd4b619bf98c3ad4f4161846d18
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  3506524 acc9deaf495f503d46914277197fbc77
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  3506410 42db7812cd1761f290166ab150b14adf
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  8798542 4a7e3724d38ff8d7b933e7a6f6bec4d5
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  8704574 0030a2640f9d718cd7c41940a38eae34
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  8704946 326af5dd4d0435cc3f63469f820ed42a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  8959734 486ac57669b4fc210093b27588644423
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  8660568 088f65b9b009fa3627219ba948a86d89
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-13.1_i386.deb
      Size/MD5 checksum:  8863282 235d52f69077f021308ef60284bfc384
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-13.1_i386.deb
      Size/MD5 checksum:   229040 8e22be3a469155ce4e7467c1ae4d0bfb
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-13.1_i386.deb
      Size/MD5 checksum:   228596 f505d3c1b47b335bf7ab6da711f20867
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-13.1_i386.deb
      Size/MD5 checksum:   228056 d48d609916ccf68d5c070e3f67e49a37
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-13.1_i386.deb
      Size/MD5 checksum:   231696 7080fb38ee24c31440bb29895ed926e6
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-13.1_i386.deb
      Size/MD5 checksum:   227698 10d849de08330f6031d56412410d80c3
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-13.1_i386.deb
      Size/MD5 checksum:   230956 3a274e8913ad16a8dc53a53e5c43f14b


  These files will probably be moved into the stable distribution on
  its next revision.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAfbPnW5ql+IAeqTIRAvmpAJsFLddUY41ffd81LqnP0d1V26G/lQCfRf8f
SgFGTu6tRVNBJ0skSkLogsE=
=h6zz
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 480-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 14th, 2004                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : kernel-image-2.4.17-hppa kernel-image-2.4.18-hppa
Vulnerability  : several vulnerabilities
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.17 and 2.4.18 for the hppa
(PA-RISC) architecture.  The Common Vulnerabilities and Exposures
project identifies the following problems that will be fixed with this
update:

CAN-2004-0003

    A vulnerability has been discovered in the R128 drive in the Linux
    kernel which could potentially lead an attacker to gain
    unauthorised privileges.  Alan Cox and Thomas Biege developed a
    correction for this

CAN-2004-0010

    Arjan van de Ven discovered a stack-based buffer overflow in the
    ncp_lookup function for ncpfs in the Linux kernel, which could
    lead an attacker to gain unauthorised privileges.  Petr Vandrovec
    developed a correction for this.

CAN-2004-0109

    zen-parse discovered a buffer overflow vulnerability in the
    ISO9660 filesystem component of Linux kernel which could be abused
    by an attacker to gain unauthorised root access.  Sebastian
    Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

    Solar Designer discovered an information leak in the ext3 code of
    Linux.  In a worst case an attacker could read sensitive data such
    as cryptographic keys which would otherwise never hit disk media.
    Theodore Ts'o developed a correction for this.

CAN-2004-0178

    Andreas Kies discovered a denial of service condition in the Sound
    Blaster driver in Linux.  He also developed a correction for this.

These problems will also be fixed by upstream in Linux 2.4.26 and
future versions of 2.6.

For the stable distribution (woody) these problems have been fixed in
version 32.4 for Linux 2.4.17 and in version 62.3 for Linux 2.4.18.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your kernel packages immediately, either
with a Debian provided kernel or with a self compiled one.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.dsc
      Size/MD5 checksum:      713 d6e475210d87586fafc91e1d557a1a81
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.tar.gz
      Size/MD5 checksum: 29958654 8357b4f2946cd1256a0ddf51395aaa1b

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.dsc
      Size/MD5 checksum:      713 a7dd8816219af9d8af30e0dd5d4933ae
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.tar.gz
      Size/MD5 checksum: 30341920 73ebcb15f4e1245792af77ab2edc8133

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.4_all.deb
      Size/MD5 checksum: 24111814 32a7c5a4b9b7f56f76a3810ee1c671bd

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-source-2.4.18-hppa_62.3_all.deb
      Size/MD5 checksum: 24403622 c5600ecd5365f4699e3937328536d997

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.4_hppa.deb
      Size/MD5 checksum:  3531374 1ace6b1a6f1575bb05cfa38eef8ae28e
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.4_hppa.deb
      Size/MD5 checksum:  2738008 7460b70d3551740b099f47cc00f75a9a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.4_hppa.deb
      Size/MD5 checksum:  2870152 3012e161b10a40ef75b5ca7dc99f646a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.4_hppa.deb
      Size/MD5 checksum:  3024374 dc9b851d809cbe09e4d4db58c905c8a8
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.4_hppa.deb
      Size/MD5 checksum:  3165848 b6b8cbf7f48fbf729c859350c7d09e11

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-headers-2.4.18-hppa_62.3_hppa.deb
      Size/MD5 checksum:  3545648 cdc19e048e49678e4f42bef608a24461
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32_62.3_hppa.deb
      Size/MD5 checksum:  2763774 f51ec93fcb6101a2e3ecf4d9767237c8
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32-smp_62.3_hppa.deb
      Size/MD5 checksum:  2903956 88e4ca002820f71fcc5101762f8b24e4
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64_62.3_hppa.deb
      Size/MD5 checksum:  3061206 9ef449c857ec8a57c505fdee26b7a936
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64-smp_62.3_hppa.deb
      Size/MD5 checksum:  3199070 e59926283c57ef868881e6cc1e501e6b


  These files will probably be moved into the stable distribution on
  its next revision.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAfVO+W5ql+IAeqTIRAiSeAJ93ehL1LmbRBheMrhISXJb2IcMRSQCgna2i
QZMFDWSgY4WZsGOz8HAYDcg=
=pO1N
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 481-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 14th, 2004                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : kernel-image-2.4.17-ia64
Vulnerability  : several vulnerabilities
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.17 for the IA-64 architecture.
The Common Vulnerabilities and Exposures project identifies the
following problems that will be fixed with this update:

CAN-2004-0003

    A vulnerability has been discovered in the R128 drive in the Linux
    kernel which could potentially lead an attacker to gain
    unauthorised privileges.  Alan Cox and Thomas Biege developed a
    correction for this

CAN-2004-0010

    Arjan van de Ven discovered a stack-based buffer overflow in the
    ncp_lookup function for ncpfs in the Linux kernel, which could
    lead an attacker to gain unauthorised privileges.  Petr Vandrovec
    developed a correction for this.

CAN-2004-0109

    zen-parse discovered a buffer overflow vulnerability in the
    ISO9660 filesystem component of Linux kernel which could be abused
    by an attacker to gain unauthorised root access.  Sebastian
    Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

    Solar Designer discovered an information leak in the ext3 code of
    Linux.  In a worst case an attacker could read sensitive data such
    as cryptographic keys which would otherwise never hit disk media.
    Theodore Ts'o developed a correction for this.

CAN-2004-0178

    Andreas Kies discovered a denial of service condition in the Sound
    Blaster driver in Linux.  He also developed a correction for this.

These problems will also be fixed by upstream in Linux 2.4.26 and
future versions of 2.6.

For the stable distribution (woody) these problems have been fixed in
version 011226.17 for Linux 2.4.17.

For the unstable distribution (sid) these problems have been fixed in
version 2.4.25-5 for Linux 2.4.25 and in version 2.6.5-1 for Linux
2.6.5.

We recommend that you upgrade your kernel packages immediately, either
with a Debian provided kernel or with a self compiled one.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.17.dsc
      Size/MD5 checksum:      736 2f8bdbd5d82c972dee55ae3eb3051ebf
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.17.tar.gz
      Size/MD5 checksum: 25407685 a4f251ad4275ee197e3f5b3aa76c45c9

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.17_all.deb
      Size/MD5 checksum: 24730726 c6133857bb4423ecec496517f212da70

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.17_ia64.deb
      Size/MD5 checksum:  3635930 ee77880f4ae85e0850115788e0bc18e6
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.17_ia64.deb
      Size/MD5 checksum:  7020714 942615101e2eb34833f53fa6eb7713d2
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.17_ia64.deb
      Size/MD5 checksum:  7169180 04d65a0c0eae8b01488383ada809a936
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.17_ia64.deb
      Size/MD5 checksum:  7011536 5388a3be55dfe67c54355d6974f26400
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.17_ia64.deb
      Size/MD5 checksum:  7161438 7fca8b5dbaf833e15810acde2ad678de


  These files will probably be moved into the stable distribution on
  its next revision.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAfVbRW5ql+IAeqTIRAjssAJ9w4ihJWW7GnXsc0rBSqRIEH0eOYACdF3MJ
iH4gpw77WONx4DS/zPRcrKQ=
=KaRw
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 482-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 14th, 2004                        http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : kernel-source-2.4.17 kernel-patch-2.4.17-apus kernel-patch-2.4.17-s390 kernel-image-2.4.17-s390
Vulnerability  : several vulnerabilities
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.17 for the PowerPC/apus and S/390
architectures.  The Common Vulnerabilities and Exposures project
identifies the following problems that will be fixed with this update:

CAN-2004-0003

    A vulnerability has been discovered in the R128 drive in the Linux
    kernel which could potentially lead an attacker to gain
    unauthorised privileges.  Alan Cox and Thomas Biege developed a
    correction for this

CAN-2004-0010

    Arjan van de Ven discovered a stack-based buffer overflow in the
    ncp_lookup function for ncpfs in the Linux kernel, which could
    lead an attacker to gain unauthorised privileges.  Petr Vandrovec
    developed a correction for this.

CAN-2004-0109

    zen-parse discovered a buffer overflow vulnerability in the
    ISO9660 filesystem component of Linux kernel which could be abused
    by an attacker to gain unauthorised root access.  Sebastian
    Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

    Solar Designer discovered an information leak in the ext3 code of
    Linux.  In a worst case an attacker could read sensitive data such
    as cryptographic keys which would otherwise never hit disk media.
    Theodore Ts'o developed a correction for this.

CAN-2004-0178

    Andreas Kies discovered a denial of service condition in the Sound
    Blaster driver in Linux.  He also developed a correction for this.

These problems will also be fixed by upstream in Linux 2.4.26 and
future versions of 2.6.

The following security matrix explains which kernel versions for which
architectures are already fixed.

Architecture    stable (woody)     unstable (sid)
source          2.4.17-1woody3     2.4.25-3
powerpc/apus    2.4.17-5           2.4.25-2
s390            2.4.17-2.woody.4   2.4.25-2 (and probably 2.4.21-3)

We recommend that you upgrade your kernel packages immediately, either
with a Debian provided kernel or with a self compiled one.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.dsc
      Size/MD5 checksum:      690 222d67d058984eef34ef3af56ad82720
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.diff.gz
      Size/MD5 checksum:    41918 dce13eeca598d548e390a72fed76728f
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
      Size/MD5 checksum: 29445154 d5de2a4dc49e32c37e557ef856d5d132

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-5.dsc
      Size/MD5 checksum:      673 f7a70b5e604e74feedba42eb41608a13
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-5.tar.gz
      Size/MD5 checksum:   490001 54f9f6b973b4c945d548510290cb122a

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.3.dsc
      Size/MD5 checksum:      754 d9b64c461d849aeab5a1bb71322f14ec
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.3.diff.gz
      Size/MD5 checksum:     6254 85fd6863f93bfa474b854f4dfbda4034
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816.orig.tar.gz
      Size/MD5 checksum:   338001 5979fbe7c3325033536dfd3914e22dbd

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.4.dsc
      Size/MD5 checksum:      799 51d3be5adf8d79e3a0f3045f2235c52a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.4.tar.gz
      Size/MD5 checksum:     8289 9b02431ce5f6741183b2614d5d9f9f4a


  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody3_all.deb
      Size/MD5 checksum:  1720294 3b6e8a510996bebd066d1cda8bac41eb
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3_all.deb
      Size/MD5 checksum: 23880582 542792a28d1fc90844f9b51abe84f90e

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.3_all.deb
      Size/MD5 checksum:   300768 c8116357d604508ff0e50cc8295005f0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-headers-2.4.17-apus_2.4.17-5_powerpc.deb
      Size/MD5 checksum:  3366150 3331dac5b42b3cd42e0dcdc7ad574f60
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-5_powerpc.deb
      Size/MD5 checksum:  2211544 f24006c8b07774bccb2ad22af4f95465
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-5_powerpc.deb
      Size/MD5 checksum:     4498 89ac0312fa91e6911ed366dd22bef2b9
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-5_powerpc.deb
      Size/MD5 checksum:   490786 228a12c3a523f86f089121dca964bac7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.4_s390.deb
      Size/MD5 checksum:  3335728 14f64e559f9ccb97876df9a0248b8069
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.4_s390.deb
      Size/MD5 checksum:  1343254 25bad4dcb964e713467344bf8a5fd31f


  These files will probably be moved into the stable distribution on
  its next revision.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAfVoJW5ql+IAeqTIRAgw/AJ9fYh78jsK9ZB8BdDr7Fz1zk8eXkQCdGh57
ERivghcig2W6Hqh+W+eO5fk=
=4NyG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQH3nhyh9+71yA2DNAQLgigP/S+/tdCIRAW/CI0Uzq3LrbLv++1a74tu5
jxINwqlrGQ4X1/Hn062/8bsaSh4mY4N9QKDSPmjGwuEjmn4q7NM3OrCHPKy4fzSI
LVOSOGRxhH63/PW1/tSfw/wEbmGw3kcILBbLqgXveg9zi6PdBT6sPGAqpJ+ZfGE9
BDBzjeoKjEg=
=eCTE
-----END PGP SIGNATURE-----