Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0185 -- [Win][UNIX/Linux][Debian]
New curl packages fix potential security problem
13 March 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: curl
Publisher: Debian
Operating System: Debian GNU/Linux 3.1
Debian GNU/Linux 3.0
UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2005-4077
Ref: ESB-2005.0869
Original Bulletin: http://www.debian.org/security/2006/dsa-919
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running curl check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 919-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
Marth 10th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : curl
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-4077
BugTraq ID : 15756
Debian Bugs : 342339 342696
The upstream developer of curl, a multi-protocol file transfer
library, informed us that the former correction to several off-by-one
errors are not sufficient. For completeness please find the original
bug description below:
Stefan Esser discovered several off-by-one errors that allows
local users to trigger a buffer overflow and cause a denial of
service or bypass PHP security restrictions via certain URLs.
For the old stable distribution (woody) these problems have been fixed in
version 7.9.5-1woody2.
For the stable distribution (sarge) these problems have been fixed in
version 7.13.2-2sarge5.
For the unstable distribution (sid) these problems have been fixed in
version 7.15.1-1.
We recommend that you upgrade your libcurl packages.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2.dsc
Size/MD5 checksum: 603 62a08f0dff0d09e2cfb773c04ec9cb39
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2.diff.gz
Size/MD5 checksum: 16679 4f4699069b8b03a75561c00ae346266c
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5.orig.tar.gz
Size/MD5 checksum: 682397 a4df6bb5aa8962c204e73c8f98077928
Alpha architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_alpha.deb
Size/MD5 checksum: 118546 80578b5149b1f85908250d189ffe4fc1
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_alpha.deb
Size/MD5 checksum: 195952 762e8471239a92b0c45b44e0379877f4
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_alpha.deb
Size/MD5 checksum: 116624 fe65a65b7ec0529ee5778f703f45de3d
ARM architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_arm.deb
Size/MD5 checksum: 114494 568f2949df218f0bdc77315eca6bcdc9
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_arm.deb
Size/MD5 checksum: 172996 7d0e29244038b8587dc4f393b800a19e
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_arm.deb
Size/MD5 checksum: 101892 36ded7c5e5844d79bb53b64b0a1e70c6
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_i386.deb
Size/MD5 checksum: 113024 0a4bea4409c4b15554af6d063deff9e6
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_i386.deb
Size/MD5 checksum: 163738 c91953e3083d813d51bc7d28c21cbb26
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_i386.deb
Size/MD5 checksum: 100544 860e88b6f23f13beb96d1adb7e23ccc3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_ia64.deb
Size/MD5 checksum: 122108 feb536a863d0d317a7fa2ddd05c91ccd
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_ia64.deb
Size/MD5 checksum: 210346 d371446a9efe8b55b22a891599ca0e34
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_ia64.deb
Size/MD5 checksum: 139470 6b282c866dc3d439b54565a85672f73e
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_hppa.deb
Size/MD5 checksum: 116474 6def03bfd72095d967e130947160e149
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_hppa.deb
Size/MD5 checksum: 186410 8a92f7a10893e0e870c3de0008fdb7fb
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_hppa.deb
Size/MD5 checksum: 113016 a1c4e05ee3a19ceb7c501e7a15c79472
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_m68k.deb
Size/MD5 checksum: 112814 fe14e982348adcd471dac277c64318d7
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_m68k.deb
Size/MD5 checksum: 159174 101573ffa60ada3919244812c3e549a4
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_m68k.deb
Size/MD5 checksum: 97210 a679640f9f2a15ebc4cf7ecaab294b17
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_mips.deb
Size/MD5 checksum: 115508 e64d4b2a5f2ca190b5c6d2c35c612875
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_mips.deb
Size/MD5 checksum: 183998 fe09a440ee83320deb8c87e145d5dd1c
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_mips.deb
Size/MD5 checksum: 105278 0a986bde9d964600488d46f86cc13796
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_mipsel.deb
Size/MD5 checksum: 115536 0a953c3fb64b1c2a717bbbedc4590930
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_mipsel.deb
Size/MD5 checksum: 183894 28c9494b916c4f5930fb36a24a9cb15d
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_mipsel.deb
Size/MD5 checksum: 105362 fa9855c9c542dfe80279debbd5c8fe58
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_powerpc.deb
Size/MD5 checksum: 115104 fdd19cc3dc041b832f1400b3095e3272
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_powerpc.deb
Size/MD5 checksum: 181524 ec2f58f83023187dacb2dc28732db05f
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_powerpc.deb
Size/MD5 checksum: 106436 b64010ddab81b1658992b226a644b7b8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_s390.deb
Size/MD5 checksum: 114424 a5651846cf7bbda1fe3bc7a7da2283e2
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_s390.deb
Size/MD5 checksum: 167550 dabb8ea718530f9dbdd8858619c53157
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_s390.deb
Size/MD5 checksum: 104400 81aa237a8b00e4e418d5a0a85d35e32b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_sparc.deb
Size/MD5 checksum: 114254 9df1a25a6dccea83b7a6cc7868c37247
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_sparc.deb
Size/MD5 checksum: 173320 948d75e0202f6fda494d6fae9d122940
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_sparc.deb
Size/MD5 checksum: 107996 2d5dade7d687ac5391bdca26016dd28e
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5.dsc
Size/MD5 checksum: 810 5189493504485c0048f38809d1f71eb2
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5.diff.gz
Size/MD5 checksum: 172234 344704b789a63e17795dd47475af6519
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2.orig.tar.gz
Size/MD5 checksum: 2201086 b3bd4a303f35f9a2a3ed3671cedf8329
Alpha architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 150912 bb6f21223e11353d7d1b373e3d832395
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 251302 5a594c2e2b9e0e5697ae933cc9710ff2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 1010904 9c1ae1862d7dbf45310c42ad1fb7bf29
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 1279442 0effd00cd0ec6d923e9694ceb7b8347b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_alpha.deb
Size/MD5 checksum: 132196 e09c305798f2ef2d5232fefc1138743b
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 148046 72b46b62bb3f3d461b4d6a5734098b9b
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 239294 121956fb9aae3348fa9a493cdea79740
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 1004132 0f8d808b09bd0ab935beb218a7e53630
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 1238024 a447b1dd774b1f4e07b4fc5fefccef5d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_amd64.deb
Size/MD5 checksum: 119350 fa2554b51b070c1d6fd2d3f76f5038d5
ARM architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 147080 7b4cfc50771d62e0a76ccb6209fe449a
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 232270 e81f1ce1b439ce7778abdf60248f9a21
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 1006548 eb5d3cd6e480e053c835bc4a0e94e45c
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 1236336 9552fc31cae7b84855459502c0f9185f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_arm.deb
Size/MD5 checksum: 112884 9c790872f1108c9de8ad03581515cd3b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 147610 950f7978ba6ee3b60416e9056438c6e0
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 237898 46d8c98384d1d545d3e4d58d26d0a94b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 1003424 fe85527c93e5859685e72cd28ecaa15f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 1232116 2756464635b53395cbfda1ead83bfb62
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_i386.deb
Size/MD5 checksum: 118554 a977c4931ccbd0d7ab855d4463edabbc
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 156722 f430eba0b5554535b21fa840baa0953b
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 279222 57772e931a766e8611b41de5dd82fc44
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 1014718 69aebd71a0c09184ee5745d38fbe5e57
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 1293798 072ac6f1e0b505991ded4340e71f3d2d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_ia64.deb
Size/MD5 checksum: 160790 df3faf481671c5efb79bb4e43df0cd0f
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 150554 dcf951b1cdc8a8b2808b4ef5a6ed7a06
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 251200 409ac37bb0adc4a4bd0542c1ac661ad3
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 1002064 903885cbc63e47e1cca7cafe64d9061d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 1253626 b09cfaed0c17cd06e69586d54d426256
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_hppa.deb
Size/MD5 checksum: 132284 33802a367e971182dfaac46ab2f2b3a0
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 144652 11be6a48cdb019c42852c2a29523c972
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 227858 b58a8fa28732754776e30b478649262e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 998546 3392e518130e36eba7a9598f6308e8f9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 1212010 5e901a9ab9336d22ce5bffec68ed3020
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_m68k.deb
Size/MD5 checksum: 108694 4f50040ed1dcb4a129b6cf5ef70196e2
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 149942 9c11cfcc6886af0114f97b2eddb428a7
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 237440 254e37aa6c1fcb96f53b3b38fb599142
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 1007564 fc4147e821a5908cd6b2a67f77fa55f4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 1246980 5e542160496f4cbe3475ad7f4c085f7e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_mips.deb
Size/MD5 checksum: 118470 41ca8bc0fb17a1922ab864790a0b583e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 150046 51a993203eefc459a63658dc80ff0fcc
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 238022 d52743d13cd115b6a893989af7aef032
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 1010958 d3158f45cf6e904681e90608fce6673c
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 1247246 5569e170ef9bda1d904b5e7e2b979ef4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_mipsel.deb
Size/MD5 checksum: 118942 d71e0823fadaeaafff74f3dfa0691621
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 150664 2b46df904ee41bfb43c3c375cecd97dd
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 243472 ae29ca3aaca1c7b031eea79102315945
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 1640526 f9fe8c3eda4eff4db90b3b8a93c10403
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 1245292 4fb803a4dba48d506d0aff115fa516de
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_powerpc.deb
Size/MD5 checksum: 124138 55b836d703e3d516fa2e75f018ddd8d8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 148640 bb07ba73b8e9d90b80fb1d36a1472db6
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 246640 93d40c902692d06f1d3a2d145b10474b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 1025438 c0778b7435b21cf277a2656f134d47d4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 1240744 6da2e87d0e60701d03f3da1cc4bf8905
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_s390.deb
Size/MD5 checksum: 127458 80cf6d496e27df3765257fd1303eceb9
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 147660 905b8cdc96289e709644da1addd5c7a3
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 236994 8385a7c13cc40517b179cf21689db383
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 996640 5d5cb641eca75a51659dad9f499673fa
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 1232354 c8f891808cc67cf1756fe68898baf607
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_sparc.deb
Size/MD5 checksum: 118006 5a4880af8b078ef38b148ba37ac4221a
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEEU9EW5ql+IAeqTIRAoZnAKCbJdVu6YN/j5Yk5rORoN5W/DwPAgCfaatc
46jnCRyvOFWkZx+EwTDaluI=
=GO2K
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRBTCUyh9+71yA2DNAQIBGgP9ET2YJ9nW4eq1NkmeEuQnIS4UB3B1yWlq
PlCrIQwiu4nBvusMkV8iGgXdsYXWJXAf0K5LN1Z0ic4lSSLIvEreJJQ9ke5awOe+
gsh2rj2b+kywRkS8ZsH8tkRrH0AaF2zaosEQ9I3i/IOBrjrD3AbTIE39sjMf7Dzj
urYiN/lMMcU=
=Ba8a
-----END PGP SIGNATURE-----