Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0833.2 VMware vSphere and vCOps updates to third party libraries 8 January 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware vCenter VMware ESX VMware ESXi VMware vCOps Publisher: VMware Operating System: Windows VMWare ESX Server Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-2110 CVE-2012-1583 CVE-2012-1573 CVE-2012-1569 CVE-2012-0864 CVE-2012-0841 CVE-2012-0815 CVE-2012-0394 CVE-2012-0393 CVE-2012-0392 CVE-2012-0391 CVE-2012-0207 CVE-2012-0061 CVE-2012-0060 CVE-2012-0050 CVE-2011-5057 CVE-2011-4619 CVE-2011-4609 CVE-2011-4577 CVE-2011-4576 CVE-2011-4325 CVE-2011-4324 CVE-2011-4132 CVE-2011-4128 CVE-2011-4110 CVE-2011-4109 CVE-2011-4108 CVE-2011-3597 CVE-2011-3363 CVE-2011-3209 CVE-2011-3188 CVE-2011-2699 CVE-2011-2496 CVE-2011-2484 CVE-2011-1833 CVE-2011-1089 CVE-2011-1020 CVE-2011-0014 CVE-2010-4410 CVE-2010-4252 CVE-2010-4180 CVE-2010-2761 CVE-2010-0830 CVE-2009-5064 CVE-2009-5029 Reference: ASB-2012.0103 ESB-2012.0388 ESB-2012.0338 ESB-2012.0314 ESB-2012.0313 ESB-2012.0201 ESB-2012.0174 ESB-2012.0080 ESB-2012.0074 ESB-2012.0027 ESB-2011.1102 ESB-2011.1097 ESB-2011.1062 ESB-2011.0771 ESB-2011.0374 ESB-2011.0247 ESB-2011.0169 ESB-2011.0149 ESB-2011.0087 ESB-2011.0013 ESB-2011.0923.2 ESB-2010.0479.2 Revision History: January 8 2013: pdated security advisory in conjunction with the release of vCenter Server, ESX 5.0 Update 2 on 2012-12-20. September 3 2012: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VMware Security Advisory Advisory ID: VMSA-2012-0013.2 Synopsis: VMware vSphere and vCOps updates to third party libraries Issue date: 2012-08-30 Updated on: 2012-12-20 CVE numbers: --- JRE --- See references --- OpenSSL (userworld) --- CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0050 --- OpenSSL (service console) --- CVE-2012-2110 --- kernel (service console) --- CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, CVE-2012-1583 --- Perl (service console) --- CVE-2010-2761, CVE-2010-4410, CVE-2011-3597 --- libxm2 (service console) --- CVE-2012-0841 --- glibc (service console) --- CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 --- GnuTLS (service console) --- CVE-2011-4128, CVE-2012-1569, CVE-2012-1573 --- popt and rpm (service console) --- CVE-2012-0060, CVE-2012-0061, CVE-2012-0815 --- Apache struts --- CVE-2012-0393 - - - ----------------------------------------------------------------------- 1. Summary VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities. 2. Relevant releases VMware vCenter 5.0 without Update 2 VMware vCenter 4.1 without Update 3 VMware vCenter 4.0 without Update 4a VMware vCenter Update Manager 4.1 without Update 3 VMware vCenter Update Manager 4.0 without Update 4a VMware ESX 4.1 without patches ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG VMware ESX 4.0 without patches ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG VMware ESXi 4.1 without patch ESXi410-201208101-SG VMware ESXi 5.0 without patch ESXi-5.0.0-20121201001 VMware vCOps 5.0.2 or earlier 3. Problem Description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter 5.0 Windows vCenter 5.0 Update 2 vCenter 4.1 Windows vCenter 4.1 Update 3 vCenter 4.0 Windows not applicable ** VirtualCenter 2.5 Windows not applicable ** Update Manager 5.0 Windows Patch pending Update Manager 4.1 Windows not applicable ** Update Manager 4.0 Windows not applicable ** hosted * any any not affected ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201208101-SG ESX 4.0 ESX not applicable ** ESX 3.5 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 5.0 Windows not applicable ** vCenter 4.1 Windows not applicable ** vCenter 4.0 Windows vCenter 4.0 Update 4a VirtualCenter 2.5 Windows patch pending Update Manager 5.0 Windows not applicable ** Update Manager 4.1 Windows Update Manager 4.1 Update 3 Update Manager 4.0 Windows Update Manager 4.0 Update 4a hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ** ESX 4.0 ESX ESX400-201209401-SG ESX 3.5 ESX patch pending * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi 5.0 ESXi ESXi-5.0.0-20121201001 ESXi 4.1 ESXi ESXi410-201208101-SG ESXi 4.0 ESXi patch pending ESXi 3.5 ESXi patch pending ESX 4.1 ESX ESX410-201208101-SG ESX 4.0 ESX patch pending ESX 3.5 ESX patch pending d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201208103-SG ESX 4.0 ESX ESX400-201209401-SG ESX 3.5 ESX not applicable e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201208101-SG ESX 4.0 ESX ESX400-201209401-SG * ESX 3.5 ESX not applicable * The service console kernel update on ESX 4.0 addresses CVEs that are labeled important. These are CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201208107-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201208102-SG ESX 4.0 ESX ESX400-201209402-SG ESX 3.5 ESX not applicable h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201208104-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201208106-SG ESX 4.0 ESX ESX400-201209401-SG ESX 3.5 ESX not applicable j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues: - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201208105-SG ESX 4.0 ESX ESX400-201209404-SG ESX 3.5 ESX not applicable k. Vulnerability in third party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well: CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= vCOps 5.0.2 Windows vCOps 5.0.3 vCOps 5.0.2 Linux vCOps 5.0.3 vCOps 1.0.x any affected, update to vCOps 5.0.3 vCO 4.2 Windows not affected vCO 4.1 Windows see VMSA-2011-0005 * vCO 4.0 Windows see VMSA-2011-0005 * * Update releases for vCO that came out in 2011 and that are documented in VMSA-2011-0005, already address the Apache struts CVEs listed above. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Server 5.0 Update 2 --------------------------- The download for vCenter Server includes vSphere Update Manager, vSphere Client and vCenter Orchestrator Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v sphere/5_0 Release Notes: vSphere vCenter Server https://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html https://www.vmware.com/support/pubs/vum_pubs.html vCenter Server 4.1 Update 3 --------------------------- The download for vCenter Server includes vSphere Update Manager, vSphere Client, and vCenter Orchestrator Download link http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v sphere/4_1 Release Notes https://www.vmware.com/support/vsphere4/doc/vsp_vc41_u3_rel_notes.html VMware-VIMSetup-all-4.1.0-816786.iso md5sum: c1fd9189783e615fec4864ff6b8c86bd sha1sum: 38c03ac195939bd23da666b9ee98ef7c9c912a55 VMware-VIMSetup-all-4.1.0-816786.zip md5sum: d20705520fc4b5bccd71b060283e5b59 sha1sum: ea2a84544cd6cd29447c4ce905111e7dfc62f4cd vCenter Server 4.0 Update 4a ---------------------------- The download for vCenter Server includes vSphere Update Manager, vSphere Client, and vCenter Orchestrator Download link http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v sphere/4_0 Release Notes https://www.vmware.com/support/vsphere4/doc/vsp_vc40_u4a_rel_notes.html VMware-VIMSetup-all-4.0.0-818020.iso md5sum: aa362485d8a9d4ad9dc4a647aba6701e sha1sum: c37c1e0983e5b3011a1d27fa58602150427dc466 VMware-VIMSetup-all-4.0.0-818020.zip md5sum: 531af0519e4c36fafab990447b55198b sha1sum: 8fb39414d034127de0052adf00e3356cc04593ed ESXi and ESX ------------ http://downloads.vmware.com/go/selfsupport-download ESXi 5.0 -------- File: update-from-esxi5.0-5.0_update02.zip md5sum: 8c2a345b8950d31796d834058e462f88 sha1sum: b003c5231bfb96aa45d2b2621a6ac994c6ecaaa9 http://kb.vmware.com/kb/2033751 ESXi 4.1 -------- File: update-from-esxi4.1-4.1_update03.zip md5sum: b35267e3c96a8ebd2e3acac09538cdf5 sha1sum: 2b2d456e89964528f25c01ae5d84edbd2bbcdefb http://kb.vmware.com/kb/2020373 update-from-esxi4.1-4.1_update03 contains ESXi410-201208101-SG ESX 4.1 ------- File: update-from-esx4.1-4.1_update3.zip md5sum: a4a45aba880d64210badade8d7c81904 sha1sum: 4ed1ef2b56fa30deec999916367ab278dc5b1840 http://kb.vmware.com/kb/2020362 update-from-esx4.1-4.1_update03 contains ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG ESX 4.0 ------- File: ESX400-201209001 md5sum: 7faa79ea8d458e994db308933424a0ee sha1sum: 8f798a233cc28b203c3c8e0d44a1287af6c1ceb8 http://kb.vmware.com/kb/2019661 ESX400-201209001 contains ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG vCOps 5.0.3 ----------- Download link https://my.vmware.com/web/vmware/info/slug/infrastructure_operations_manage ment/vmware_vcenter_operations/5_0 Release Notes https://www.vmware.com/support/pubs/vcops-pubs.html 5. References --- JRE --- Oracle Java SE Critical Patch Update Advisory of February 2012 http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.htm l Oracle Java SE Critical Patch Update Advisory for June 2012 http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.ht ml --- OpenSSL (userworld) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050 --- OpenSSL (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 --- kernel (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1583 --- Perl (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3597 --- libxm2 (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841 --- glibc (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4609 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864 --- GnuTLS (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573 --- popt and rpm (service console) -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0060 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0815 --- Apache struts --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0393 - - - ----------------------------------------------------------------------- 6. Change log 2012-08-30 VMSA-2012-0013 Initial security advisory in conjunction with the release of vSphere 4.1 U3 and vCOps 5.0.3 on 2012-08-30. 2012-09-12 VMSA-2012-0013.1 Updated security advisory in conjunction with the release of vSphere 4.0 U4a on 2012-09-12 and ESX 4.0 patches on 2012-09-13. 2012-12-20 VMSA-2012-0013.2 Updated security advisory in conjunction with the release of vCenter Server, ESX 5.0 Update 2 on 2012-12-20. - - - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. - -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 2599) Charset: utf-8 wj8DBQFQ01eaDEcm8Vbi9kMRAtyHAJ44VMEL+wU07/fEqmsfRczVsa9tSwCfXy1J y+bjFPM+MM6Y3OptJPGRcEU= =V2Be - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUOu/pu4yVqjM2NGpAQJ4iRAAruuIjiKc64R5XzqWpC50ZaXU9dix9G3i IrOETPNRbKdY9Hz9Kly9VlCAUY8es9v/iO9ONDM3uUBPrsUWcQEBcAC4e2eHqmbU jIpGzi1Kz/NnOGhemxTaOVODlZob/jRjWzEIjA3HxfI+I2gFVoqZu6Q6g+uUNUAT aXbyn2M1WYRLo9zYCyBJ2QyMNo88EdpOG+MQVwwlYS9+WAts/MFWuUzcdPIg9k9e XQGB59MrJ6V70m5xvouh2aIs9MLCxjwYTZX1CBk0kPA9W4YBGHC2Kylus4bo7+Nk iHBME7W9wm5Sp9Bqruk03Fo2NKNVWSyuyb/gSS8wE2N8UTsUWuAaTA8Hx5SjEqXG XHWDzzKIaK8bQL/QvF7bEGVumhGt8hzXkB93e4PdqEvm3kk5NDCUWR/WcRlz3L0I p9LzuHsnm8AvqfnXW6HssFSv/Bw0dmaQaEvpBlxYww9N6p7ukQBxOem2ObTJ2sOu cE/GxqqaDkD8m/aQ0eORVefx3K5OJh833T3inwQM83+VbxKD19gzJE5EgR0Y/IQM iGpjrWiL48KAsMIoawWOSkTVvk2LIVzM0hG+dmUfVVoFXQkUsDcovh8oDAnvM0hx RT6QELNo/9TLMov5nPhYNGW427ie/3q0lRlwAGcRzk1HKKmQBpiNYrIiKinVFwYW /u79d1zRSw4= =RKId -----END PGP SIGNATURE-----