Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.0692
Moderate: Red Hat Certificate System 7.3 security update
6 August 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat Certificate System 7.3
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 4
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Existing Account
Access Privileged Data -- Remote with User Interaction
Modify Arbitrary Files -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Denial of Service -- Existing Account
Provide Misleading Information -- Remote with User Interaction
Read-only Data Access -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2010-0434 CVE-2010-0407 CVE-2009-4902
CVE-2009-4901 CVE-2009-3095 CVE-2009-3094
CVE-2009-2412 CVE-2009-1956 CVE-2009-1955
CVE-2009-1891 CVE-2009-0580 CVE-2009-0033
CVE-2009-0023 CVE-2008-5515 CVE-2008-2939
CVE-2008-2370 CVE-2008-2364 CVE-2008-1927
CVE-2008-1232 CVE-2008-0128 CVE-2008-0005
CVE-2007-6388 CVE-2007-5461 CVE-2007-5333
CVE-2007-5116 CVE-2007-5000 CVE-2007-4465
CVE-2007-3847 CVE-2007-3385 CVE-2007-3382
CVE-2007-3304 CVE-2007-1863 CVE-2007-1358
CVE-2007-1349 CVE-2007-0450 CVE-2006-5752
CVE-2006-3918 CVE-2006-3835 CVE-2005-3510
CVE-2005-2090
Reference: ESB-2010.0620
ESB-2010.0277
ESB-2009.1515
ESB-2009.0576
ESB-2009.0530
ESB-2009.0155
ESB-2008.1036
ESB-2008.0941
ESB-2008.0901
ESB-2008.0624
ESB-2008.0071
ESB-2008.0056
ESB-2007.0866
ESB-2007.0843
ESB-2007.0726
ESB-2007.0468
ESB-2007.0444
ESB-2007.0417
ESB-2007.0339
ESB-2007.0319
ESB-2006.0567
ESB-2006.0175
ESB-2010.0527.2
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2010-0602.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Certificate System 7.3 security update
Advisory ID: RHSA-2010:0602-02
Product: Red Hat Certificate System
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0602.html
Issue date: 2010-08-04
CVE Names: CVE-2005-2090 CVE-2005-3510 CVE-2006-3835
CVE-2006-3918 CVE-2006-5752 CVE-2007-0450
CVE-2007-1349 CVE-2007-1358 CVE-2007-1863
CVE-2007-3304 CVE-2007-3382 CVE-2007-3385
CVE-2007-3847 CVE-2007-4465 CVE-2007-5000
CVE-2007-5116 CVE-2007-5333 CVE-2007-5461
CVE-2007-6388 CVE-2008-0005 CVE-2008-0128
CVE-2008-1232 CVE-2008-1927 CVE-2008-2364
CVE-2008-2370 CVE-2008-2939 CVE-2008-5515
CVE-2009-0023 CVE-2009-0033 CVE-2009-0580
CVE-2009-1891 CVE-2009-1955 CVE-2009-1956
CVE-2009-2412 CVE-2009-3094 CVE-2009-3095
CVE-2009-4901 CVE-2010-0407 CVE-2010-0434
=====================================================================
1. Summary:
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Certificate System 7.3 for 4AS - i386, noarch, x86_64
Red Hat Certificate System 7.3 for 4ES - i386, noarch, x86_64
3. Description:
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
200732 - CVE-2006-3918 Expect header XSS
237079 - CVE-2005-2090 tomcat multiple content-length header poisioning
237080 - CVE-2007-0450 tomcat directory traversal
237084 - CVE-2006-3835 tomcat directory listing issue
237085 - CVE-2005-3510 tomcat DoS
240423 - CVE-2007-1349 mod_perl PerlRun denial of service
244658 - CVE-2007-1863 httpd mod_cache segfault
244803 - CVE-2007-1358 tomcat accept-language xss flaw
245111 - CVE-2007-3304 httpd scoreboard lack of PID protection
245112 - CVE-2006-5752 httpd mod_status XSS
247972 - CVE-2007-3382 tomcat handling of cookies
247976 - CVE-2007-3385 tomcat handling of cookie values
250731 - CVE-2007-3847 httpd out of bounds read
289511 - CVE-2007-4465 mod_autoindex XSS
323571 - CVE-2007-5116 perl regular expression UTF parsing errors
333791 - CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
419931 - CVE-2007-5000 mod_imagemap XSS
427228 - CVE-2007-6388 apache mod_status cross-site scripting
427739 - CVE-2008-0005 mod_proxy_ftp XSS
427766 - CVE-2007-5333 Improve cookie parsing for tomcat5
429821 - CVE-2008-0128 tomcat5 SSO cookie login information disclosure
443928 - CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters
451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server
457597 - CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call
457934 - CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability
458250 - CVE-2008-2939 httpd: mod_proxy_ftp globbing XSS
493381 - CVE-2009-0033 tomcat6 Denial-Of-Service with AJP connection
503928 - CVE-2009-0023 apr-util heap buffer underwrite
503978 - CVE-2009-0580 tomcat6 Information disclosure in authentication classes
504390 - CVE-2009-1956 apr-util single NULL byte buffer overflow
504555 - CVE-2009-1955 apr-util billion laughs attack
504753 - CVE-2008-5515 tomcat request dispatcher information disclosure vulnerability
509125 - CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate
515698 - CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management
521619 - CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
522209 - CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
570171 - CVE-2010-0434 httpd: request header information leak
596426 - CVE-2009-4901 CVE-2009-4902 CVE-2010-0407 pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages
6. Package List:
Red Hat Certificate System 7.3 for 4AS:
Source:
ant-1.6.5-1jpp_1rh.src.rpm
avalon-logkit-1.2-2jpp_4rh.src.rpm
axis-1.2.1-1jpp_3rh.src.rpm
classpathx-jaf-1.0-2jpp_6rh.src.rpm
classpathx-mail-1.1.1-2jpp_8rh.src.rpm
geronimo-specs-1.0-0.M4.1jpp_10rh.src.rpm
jakarta-commons-modeler-2.0-3jpp_2rh.src.rpm
log4j-1.2.12-1jpp_1rh.src.rpm
mx4j-3.0.1-1jpp_4rh.src.rpm
pcsc-lite-1.3.3-3.el4.src.rpm
tomcat5-5.5.23-0jpp_4rh.16.src.rpm
xerces-j2-2.7.1-1jpp_1rh.src.rpm
xml-commons-1.3.02-2jpp_1rh.src.rpm
i386:
pcsc-lite-1.3.3-3.el4.i386.rpm
pcsc-lite-debuginfo-1.3.3-3.el4.i386.rpm
pcsc-lite-doc-1.3.3-3.el4.i386.rpm
pcsc-lite-libs-1.3.3-3.el4.i386.rpm
rhpki-native-tools-7.3.0-6.el4.i386.rpm
noarch:
ant-1.6.5-1jpp_1rh.noarch.rpm
avalon-logkit-1.2-2jpp_4rh.noarch.rpm
axis-1.2.1-1jpp_3rh.noarch.rpm
classpathx-jaf-1.0-2jpp_6rh.noarch.rpm
classpathx-mail-1.1.1-2jpp_8rh.noarch.rpm
geronimo-ejb-2.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-j2ee-1.4-apis-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-j2ee-connector-1.5-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-j2ee-deployment-1.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-j2ee-management-1.0-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-jms-1.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-jsp-2.0-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-jta-1.0.1B-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-servlet-2.4-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-specs-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-specs-javadoc-1.0-0.M4.1jpp_10rh.noarch.rpm
jakarta-commons-modeler-2.0-3jpp_2rh.noarch.rpm
log4j-1.2.12-1jpp_1rh.noarch.rpm
mx4j-3.0.1-1jpp_4rh.noarch.rpm
rhpki-ca-7.3.0-20.el4.noarch.rpm
rhpki-java-tools-7.3.0-10.el4.noarch.rpm
rhpki-kra-7.3.0-14.el4.noarch.rpm
rhpki-manage-7.3.0-19.el4.noarch.rpm
rhpki-ocsp-7.3.0-13.el4.noarch.rpm
rhpki-tks-7.3.0-13.el4.noarch.rpm
tomcat5-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-common-lib-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-jasper-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-server-lib-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.16.noarch.rpm
xerces-j2-2.7.1-1jpp_1rh.noarch.rpm
xml-commons-1.3.02-2jpp_1rh.noarch.rpm
xml-commons-apis-1.3.02-2jpp_1rh.noarch.rpm
x86_64:
pcsc-lite-1.3.3-3.el4.x86_64.rpm
pcsc-lite-debuginfo-1.3.3-3.el4.x86_64.rpm
pcsc-lite-doc-1.3.3-3.el4.x86_64.rpm
pcsc-lite-libs-1.3.3-3.el4.x86_64.rpm
rhpki-native-tools-7.3.0-6.el4.x86_64.rpm
Red Hat Certificate System 7.3 for 4ES:
Source:
ant-1.6.5-1jpp_1rh.src.rpm
avalon-logkit-1.2-2jpp_4rh.src.rpm
axis-1.2.1-1jpp_3rh.src.rpm
classpathx-jaf-1.0-2jpp_6rh.src.rpm
classpathx-mail-1.1.1-2jpp_8rh.src.rpm
geronimo-specs-1.0-0.M4.1jpp_10rh.src.rpm
jakarta-commons-modeler-2.0-3jpp_2rh.src.rpm
log4j-1.2.12-1jpp_1rh.src.rpm
mx4j-3.0.1-1jpp_4rh.src.rpm
pcsc-lite-1.3.3-3.el4.src.rpm
tomcat5-5.5.23-0jpp_4rh.16.src.rpm
xerces-j2-2.7.1-1jpp_1rh.src.rpm
xml-commons-1.3.02-2jpp_1rh.src.rpm
i386:
pcsc-lite-1.3.3-3.el4.i386.rpm
pcsc-lite-debuginfo-1.3.3-3.el4.i386.rpm
pcsc-lite-doc-1.3.3-3.el4.i386.rpm
pcsc-lite-libs-1.3.3-3.el4.i386.rpm
rhpki-native-tools-7.3.0-6.el4.i386.rpm
noarch:
ant-1.6.5-1jpp_1rh.noarch.rpm
avalon-logkit-1.2-2jpp_4rh.noarch.rpm
axis-1.2.1-1jpp_3rh.noarch.rpm
classpathx-jaf-1.0-2jpp_6rh.noarch.rpm
classpathx-mail-1.1.1-2jpp_8rh.noarch.rpm
geronimo-ejb-2.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-j2ee-1.4-apis-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-j2ee-connector-1.5-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-j2ee-deployment-1.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-j2ee-management-1.0-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-jms-1.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-jsp-2.0-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-jta-1.0.1B-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-servlet-2.4-api-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-specs-1.0-0.M4.1jpp_10rh.noarch.rpm
geronimo-specs-javadoc-1.0-0.M4.1jpp_10rh.noarch.rpm
jakarta-commons-modeler-2.0-3jpp_2rh.noarch.rpm
log4j-1.2.12-1jpp_1rh.noarch.rpm
mx4j-3.0.1-1jpp_4rh.noarch.rpm
rhpki-ca-7.3.0-20.el4.noarch.rpm
rhpki-java-tools-7.3.0-10.el4.noarch.rpm
rhpki-kra-7.3.0-14.el4.noarch.rpm
rhpki-manage-7.3.0-19.el4.noarch.rpm
rhpki-ocsp-7.3.0-13.el4.noarch.rpm
rhpki-tks-7.3.0-13.el4.noarch.rpm
tomcat5-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-common-lib-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-jasper-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-server-lib-5.5.23-0jpp_4rh.16.noarch.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.16.noarch.rpm
xerces-j2-2.7.1-1jpp_1rh.noarch.rpm
xml-commons-1.3.02-2jpp_1rh.noarch.rpm
xml-commons-apis-1.3.02-2jpp_1rh.noarch.rpm
x86_64:
pcsc-lite-1.3.3-3.el4.x86_64.rpm
pcsc-lite-debuginfo-1.3.3-3.el4.x86_64.rpm
pcsc-lite-doc-1.3.3-3.el4.x86_64.rpm
pcsc-lite-libs-1.3.3-3.el4.x86_64.rpm
rhpki-native-tools-7.3.0-6.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2005-2090.html
https://www.redhat.com/security/data/cve/CVE-2005-3510.html
https://www.redhat.com/security/data/cve/CVE-2006-3835.html
https://www.redhat.com/security/data/cve/CVE-2006-3918.html
https://www.redhat.com/security/data/cve/CVE-2006-5752.html
https://www.redhat.com/security/data/cve/CVE-2007-0450.html
https://www.redhat.com/security/data/cve/CVE-2007-1349.html
https://www.redhat.com/security/data/cve/CVE-2007-1358.html
https://www.redhat.com/security/data/cve/CVE-2007-1863.html
https://www.redhat.com/security/data/cve/CVE-2007-3304.html
https://www.redhat.com/security/data/cve/CVE-2007-3382.html
https://www.redhat.com/security/data/cve/CVE-2007-3385.html
https://www.redhat.com/security/data/cve/CVE-2007-3847.html
https://www.redhat.com/security/data/cve/CVE-2007-4465.html
https://www.redhat.com/security/data/cve/CVE-2007-5000.html
https://www.redhat.com/security/data/cve/CVE-2007-5116.html
https://www.redhat.com/security/data/cve/CVE-2007-5333.html
https://www.redhat.com/security/data/cve/CVE-2007-5461.html
https://www.redhat.com/security/data/cve/CVE-2007-6388.html
https://www.redhat.com/security/data/cve/CVE-2008-0005.html
https://www.redhat.com/security/data/cve/CVE-2008-0128.html
https://www.redhat.com/security/data/cve/CVE-2008-1232.html
https://www.redhat.com/security/data/cve/CVE-2008-1927.html
https://www.redhat.com/security/data/cve/CVE-2008-2364.html
https://www.redhat.com/security/data/cve/CVE-2008-2370.html
https://www.redhat.com/security/data/cve/CVE-2008-2939.html
https://www.redhat.com/security/data/cve/CVE-2008-5515.html
https://www.redhat.com/security/data/cve/CVE-2009-0023.html
https://www.redhat.com/security/data/cve/CVE-2009-0033.html
https://www.redhat.com/security/data/cve/CVE-2009-0580.html
https://www.redhat.com/security/data/cve/CVE-2009-1891.html
https://www.redhat.com/security/data/cve/CVE-2009-1955.html
https://www.redhat.com/security/data/cve/CVE-2009-1956.html
https://www.redhat.com/security/data/cve/CVE-2009-2412.html
https://www.redhat.com/security/data/cve/CVE-2009-3094.html
https://www.redhat.com/security/data/cve/CVE-2009-3095.html
https://www.redhat.com/security/data/cve/CVE-2009-4901.html
https://www.redhat.com/security/data/cve/CVE-2010-0407.html
https://www.redhat.com/security/data/cve/CVE-2010-0434.html
http://www.redhat.com/security/updates/classification/#moderate
http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2010 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFMWsbTXlSAg2UNWIIRAuzwAKC/DlrNX1MWqd+JliAq0NQHwlsYaACfe9h6
GVFRiSJ0kyldp8T8TONIP18=
=Txu0
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFMW3tX/iFOrG6YcBERAuKzAKCyjWlTMsv7F1w8ShrsoxoA8hTuJwCgl61o
ohly5G1CnH5R6/xK0P3EHbo=
=ooaV
-----END PGP SIGNATURE-----