Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.1585
New openldap2.3/openldap packages fix SSL certificate verification weakness
3 December 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openldap
Publisher: Debian
Operating System: Debian GNU/Linux 4
Debian GNU/Linux 5
Impact/Access: Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2009-3767
Reference: ESB-2009.1525
Original Bulletin:
http://www.debian.org/security/2009/dsa-1943
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1943 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
December 02, 2009 http://www.debian.org/security/faq
- - ------------------------------------------------------------------------
Packages : openldap openldap2.3
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
Debian bug : 553432
CVE ID : CVE-2009-3767
It was discovered that OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0'
character in a domain name in the subject's Common Name (CN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification Authority.
For the oldstable distribution (etch), this problem has been fixed in version
2.3.30-5+etch3 for openldap2.3.
For the stable distribution (lenny), this problem has been fixed in version
2.4.11-1+lenny1 for openldap.
For the testing distribution (squeeze), and the unstable distribution (sid),
this problem has been fixed in version 2.4.17-2.1 for openldap.
We recommend that you upgrade your openldap2.3/openldap packages.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips,
mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc
Size/MD5 checksum: 1214 36efc1cf2a98c54d4b1da0910e273843
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz
Size/MD5 checksum: 315058 310ce752b78ff3227d78dcd8c1bd60a5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 293108 2172048d5f8b8b7f379b3414fc5c2e37
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 1280772 ab65f162a40607c1787f9b03783a7563
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 193768 602a6da790648dd8b0af7d9f386b5c6e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 285554 42480b47018eb1d70b9e62d05b925a5b
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 1244570 b88256f8259516b09c51f166ff6b4aea
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 184652 716cc53985a031d1fe03fede778d6ae5
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 1190314 8686c6a9a9240e6113f92c8bb20d7e1a
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 254828 49d9c9a250fb4a5a828de5791ee92380
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 155876 bb45d3104fe4b9811fdb3063da42d3b1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 1307146 698d7416e4cc544522ce2e25ac9c0fce
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 292798 eb9d6d19560a1153cc58ccae3f354a4e
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 182568 caade74265ee9d7b8ac77c844c23b413
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 1177552 f3ccf11b82474593af5e30a272f9edb9
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 148744 168e58797e74f9b3b6d3c337b6369ca7
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 266538 3be52b8402d06913624a3e808be58ecb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 239248 78d1537b3a106824ff5d076e828a0312
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 379904 dbc96e1a44dce4bb5f79b9c043823293
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 1660854 fcc2873ffd50e45c956d9bcc81d83c51
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 258210 298f5a83a1efd8c035644fd58df21f2c
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 185598 b6c67ee072f2de03820e7ce11edb39c3
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 1205768 3f312958af5ea129384513e5fab72208
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb
Size/MD5 checksum: 258852 d7ba57787989e3fb5035fce34b04965d
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb
Size/MD5 checksum: 187100 46910e3923926ac060c13a7a53f8cac4
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb
Size/MD5 checksum: 1188878 5698884b42d7206c2b0c134602861354
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb
Size/MD5 checksum: 188914 e03855167b8e13bdb72e47baa9644f86
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb
Size/MD5 checksum: 272378 f5741b7ac8f4172e7481f5c2e699231b
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb
Size/MD5 checksum: 1243754 2a8b933e956e5ac4bc29028688bb09ec
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb
Size/MD5 checksum: 291822 6b47ac5b7fbc269c1973c494d5dadbc2
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb
Size/MD5 checksum: 168716 f72b023d98d61565c624f7acbf953baf
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb
Size/MD5 checksum: 1241532 0167eb506b063de5435181f40c6cf809
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb
Size/MD5 checksum: 1177712 770a58d0c60ad11e5ca4cf25159fe2c7
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb
Size/MD5 checksum: 153682 d8bf20f2a94456451d4ea29d3237d280
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb
Size/MD5 checksum: 258560 4bfd77d56852608813f158ecfd91b42b
Debian GNU/Linux 5.0 alias lenny
- - --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz
Size/MD5 checksum: 148075 024b717169f42734ee5650ebe2978631
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc
Size/MD5 checksum: 1831 ca4cb86b4847a59f95275ff2f4d0e173
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz
Size/MD5 checksum: 4193523 d4e8669e2c9b8d981e371e97e3cf92d9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 3624752 5b4e467360ecd8cc897b03b5aca57dad
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 205526 3b083869976ab4d8d8df69d27fe9480e
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 280526 4ed333757fef7e98d89c5edda6589b04
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 1537448 98d6aeab748560a491e0b526d930fc0c
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 1013148 cc656603f7ae0eacc2b3c22dd1fae967
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 285128 e526e547a4af2c13bf3ae90dfdf023a2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 1493300 31c077d63cc2ff159927939cadb29808
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 299612 e148216f77a9136adb19acd8df026d6d
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 267470 f903f46433faa1d2b6b203e50aaed3d8
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 881074 de337737dd93af0b81bd90e3c6f23377
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 204896 c0dba3b62aa14392d29f831d6c87206d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 280140 ccaed923684d35304f50f27fc6b868b3
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 248918 a08cf9fd18ce8806be437c364179c2b3
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 877400 614df898211cc5311a62159f6ee21b93
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 1405962 5e1e62d6f0a5984486fa2eaa478eab38
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 180520 96b5fe5d50b9a1d59eb5ab03489a1b90
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 3572646 a8e804a9e966a57306a9229acd11ff80
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 1533292 8d5c2d83596b10c9d3ee7a4dcb692026
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 3619256 2ad8452962291b553fadc8bb6398f834
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 200874 27205d8a86701cb133f7507eeef5e76a
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 283816 1163f67e39b08c10cf492b24bd526f24
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 264158 905749f1e385f9d93c2358b05dc42dfb
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 999386 6a071952604a9c30483fca7f3a3754ec
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 189442 879dac84b581979646c49bde9743c630
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 286808 2dcb4f8e5514d9e4d9072b4853da322d
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 892068 449ba5d6037617e4e93dfd6bcb093549
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 3560322 c6a6fbc66944bd05585c1065ab012c93
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 244952 5a5b31ebb9098059e62eb57d209a6846
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 1404266 a3bffb93ec3b0d0d130a6a7e29091a9b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 3589108 d34afb06a3b21ad7267ef5d31b6ad322
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 932026 1194a002673f8a73cf382c2333c7882b
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 352020 e40c570396514fee0c6eee3920be2607
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 269084 1720388cc8102f33122375034a703a05
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 259018 658248f4329555e81896800709302575
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 2006532 6ad20563d8999759f32445576fd69856
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 3712752 8d48a2797c1f4e6b5dea203698e4b31c
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 180956 88613b463fcdba79539048ce681d4f5e
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 260240 f6fa5402a6fc03aef4b87735030969c5
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 854756 76ad64ab6fe85c5bfc654266101e024a
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 1394436 4930b2b56c642182c8ccd69d5bc53685
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 302106 3672bab4d2c0c037a1d9c0a61fa16139
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 3718584 7b120292ce66e7ea85b3ad623da0bb4e
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 295146 f131ea5cdbab25c2416ff06f6697bc08
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 199248 c683d506deb5fadabea906c9dec36c9f
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 1536614 b5c37ae6f72127bdf6910100edeb06e5
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 907106 6af4614c092e6ccda8580e6a73cb8728
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 284952 b75e2ddab46ddab036ef40b21cec63ee
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 872178 a7739e034d0df26a69e0cb569802d594
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 249022 334ecf73608e20ec6cff79716cf10fde
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 1387990 4935db487abd61e04adb3a846ed7aadc
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 260980 006fdd6b90293fdf1331442ccabde568
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 182822 73c3edfab6b52e772ed36c990c13f210
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 3502906 c19b8875ae915cec344bb74a5e462e44
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksW4AQACgkQNxpp46476aqFDwCfZRJ0eCTLZ7Wvra3eWlaVIVsK
mWIAniapjMkolimxTFStHJO6vlEk4Fnj
=WbVZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFLFwiPNVH5XJJInbgRAiAZAJ9KuIacIbZazDd6N55tMjgTfNXrgwCeMYgj
7Xts8zkFzvMtkDl0Cv7e45g=
=rk2w
-----END PGP SIGNATURE-----