Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0880
Moderate: postgresql and postgresql84 security update
14 September 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: postgresql and postgresql84
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux WS/Desktop 5
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated
Create Arbitrary Files -- Remote/Unauthenticated
Read-only Data Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-3489 CVE-2012-3488
Reference: ESB-2012.0816
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2012-1263.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: postgresql and postgresql84 security update
Advisory ID: RHSA-2012:1263-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1263.html
Issue date: 2012-09-13
CVE Names: CVE-2012-3488 CVE-2012-3489
=====================================================================
1. Summary:
Updated postgresql84 and postgresql packages that fix two security issues
are now available for Red Hat Enterprise Linux 5 and 6 respectively.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
3. Description:
PostgreSQL is an advanced object-relational database management system
(DBMS).
It was found that the optional PostgreSQL xml2 contrib module allowed local
files and remote URLs to be read and written to with the privileges of the
database server when parsing Extensible Stylesheet Language Transformations
(XSLT). An unprivileged database user could use this flaw to read and write
to local files (such as the database's configuration files) and remote URLs
they would otherwise not have access to by issuing a specially-crafted SQL
query. (CVE-2012-3488)
It was found that the "xml" data type allowed local files and remote URLs
to be read with the privileges of the database server to resolve DTD and
entity references in the provided XML. An unprivileged database user could
use this flaw to read local files they would otherwise not have access to
by issuing a specially-crafted SQL query. Note that the full contents of
the files were not returned, but portions could be displayed to the user
via error messages. (CVE-2012-3489)
Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Peter Eisentraut as the original reporter of
CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.
These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the
PostgreSQL Release Notes for a list of changes:
http://www.postgresql.org/docs/8.4/static/release-8-4-13.html
All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
849172 - CVE-2012-3488 postgresql (xml2 contrib module): XXE by applying XSL stylesheet to the document
849173 - CVE-2012-3489 postgresql: File disclosure through XXE in xmlparse by DTD validation
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm
i386:
postgresql84-8.4.13-1.el5_8.i386.rpm
postgresql84-contrib-8.4.13-1.el5_8.i386.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm
postgresql84-docs-8.4.13-1.el5_8.i386.rpm
postgresql84-libs-8.4.13-1.el5_8.i386.rpm
postgresql84-python-8.4.13-1.el5_8.i386.rpm
postgresql84-tcl-8.4.13-1.el5_8.i386.rpm
x86_64:
postgresql84-8.4.13-1.el5_8.x86_64.rpm
postgresql84-contrib-8.4.13-1.el5_8.x86_64.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm
postgresql84-docs-8.4.13-1.el5_8.x86_64.rpm
postgresql84-libs-8.4.13-1.el5_8.i386.rpm
postgresql84-libs-8.4.13-1.el5_8.x86_64.rpm
postgresql84-python-8.4.13-1.el5_8.x86_64.rpm
postgresql84-tcl-8.4.13-1.el5_8.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm
i386:
postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm
postgresql84-devel-8.4.13-1.el5_8.i386.rpm
postgresql84-plperl-8.4.13-1.el5_8.i386.rpm
postgresql84-plpython-8.4.13-1.el5_8.i386.rpm
postgresql84-pltcl-8.4.13-1.el5_8.i386.rpm
postgresql84-server-8.4.13-1.el5_8.i386.rpm
postgresql84-test-8.4.13-1.el5_8.i386.rpm
x86_64:
postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm
postgresql84-devel-8.4.13-1.el5_8.i386.rpm
postgresql84-devel-8.4.13-1.el5_8.x86_64.rpm
postgresql84-plperl-8.4.13-1.el5_8.x86_64.rpm
postgresql84-plpython-8.4.13-1.el5_8.x86_64.rpm
postgresql84-pltcl-8.4.13-1.el5_8.x86_64.rpm
postgresql84-server-8.4.13-1.el5_8.x86_64.rpm
postgresql84-test-8.4.13-1.el5_8.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm
i386:
postgresql84-8.4.13-1.el5_8.i386.rpm
postgresql84-contrib-8.4.13-1.el5_8.i386.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm
postgresql84-devel-8.4.13-1.el5_8.i386.rpm
postgresql84-docs-8.4.13-1.el5_8.i386.rpm
postgresql84-libs-8.4.13-1.el5_8.i386.rpm
postgresql84-plperl-8.4.13-1.el5_8.i386.rpm
postgresql84-plpython-8.4.13-1.el5_8.i386.rpm
postgresql84-pltcl-8.4.13-1.el5_8.i386.rpm
postgresql84-python-8.4.13-1.el5_8.i386.rpm
postgresql84-server-8.4.13-1.el5_8.i386.rpm
postgresql84-tcl-8.4.13-1.el5_8.i386.rpm
postgresql84-test-8.4.13-1.el5_8.i386.rpm
ia64:
postgresql84-8.4.13-1.el5_8.ia64.rpm
postgresql84-contrib-8.4.13-1.el5_8.ia64.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.ia64.rpm
postgresql84-devel-8.4.13-1.el5_8.ia64.rpm
postgresql84-docs-8.4.13-1.el5_8.ia64.rpm
postgresql84-libs-8.4.13-1.el5_8.ia64.rpm
postgresql84-plperl-8.4.13-1.el5_8.ia64.rpm
postgresql84-plpython-8.4.13-1.el5_8.ia64.rpm
postgresql84-pltcl-8.4.13-1.el5_8.ia64.rpm
postgresql84-python-8.4.13-1.el5_8.ia64.rpm
postgresql84-server-8.4.13-1.el5_8.ia64.rpm
postgresql84-tcl-8.4.13-1.el5_8.ia64.rpm
postgresql84-test-8.4.13-1.el5_8.ia64.rpm
ppc:
postgresql84-8.4.13-1.el5_8.ppc.rpm
postgresql84-8.4.13-1.el5_8.ppc64.rpm
postgresql84-contrib-8.4.13-1.el5_8.ppc.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.ppc.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.ppc64.rpm
postgresql84-devel-8.4.13-1.el5_8.ppc.rpm
postgresql84-devel-8.4.13-1.el5_8.ppc64.rpm
postgresql84-docs-8.4.13-1.el5_8.ppc.rpm
postgresql84-libs-8.4.13-1.el5_8.ppc.rpm
postgresql84-libs-8.4.13-1.el5_8.ppc64.rpm
postgresql84-plperl-8.4.13-1.el5_8.ppc.rpm
postgresql84-plpython-8.4.13-1.el5_8.ppc.rpm
postgresql84-pltcl-8.4.13-1.el5_8.ppc.rpm
postgresql84-python-8.4.13-1.el5_8.ppc.rpm
postgresql84-server-8.4.13-1.el5_8.ppc.rpm
postgresql84-tcl-8.4.13-1.el5_8.ppc.rpm
postgresql84-test-8.4.13-1.el5_8.ppc.rpm
s390x:
postgresql84-8.4.13-1.el5_8.s390x.rpm
postgresql84-contrib-8.4.13-1.el5_8.s390x.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.s390.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.s390x.rpm
postgresql84-devel-8.4.13-1.el5_8.s390.rpm
postgresql84-devel-8.4.13-1.el5_8.s390x.rpm
postgresql84-docs-8.4.13-1.el5_8.s390x.rpm
postgresql84-libs-8.4.13-1.el5_8.s390.rpm
postgresql84-libs-8.4.13-1.el5_8.s390x.rpm
postgresql84-plperl-8.4.13-1.el5_8.s390x.rpm
postgresql84-plpython-8.4.13-1.el5_8.s390x.rpm
postgresql84-pltcl-8.4.13-1.el5_8.s390x.rpm
postgresql84-python-8.4.13-1.el5_8.s390x.rpm
postgresql84-server-8.4.13-1.el5_8.s390x.rpm
postgresql84-tcl-8.4.13-1.el5_8.s390x.rpm
postgresql84-test-8.4.13-1.el5_8.s390x.rpm
x86_64:
postgresql84-8.4.13-1.el5_8.x86_64.rpm
postgresql84-contrib-8.4.13-1.el5_8.x86_64.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm
postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm
postgresql84-devel-8.4.13-1.el5_8.i386.rpm
postgresql84-devel-8.4.13-1.el5_8.x86_64.rpm
postgresql84-docs-8.4.13-1.el5_8.x86_64.rpm
postgresql84-libs-8.4.13-1.el5_8.i386.rpm
postgresql84-libs-8.4.13-1.el5_8.x86_64.rpm
postgresql84-plperl-8.4.13-1.el5_8.x86_64.rpm
postgresql84-plpython-8.4.13-1.el5_8.x86_64.rpm
postgresql84-pltcl-8.4.13-1.el5_8.x86_64.rpm
postgresql84-python-8.4.13-1.el5_8.x86_64.rpm
postgresql84-server-8.4.13-1.el5_8.x86_64.rpm
postgresql84-tcl-8.4.13-1.el5_8.x86_64.rpm
postgresql84-test-8.4.13-1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm
i386:
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-libs-8.4.13-1.el6_3.i686.rpm
x86_64:
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm
postgresql-libs-8.4.13-1.el6_3.i686.rpm
postgresql-libs-8.4.13-1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm
i386:
postgresql-8.4.13-1.el6_3.i686.rpm
postgresql-contrib-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-devel-8.4.13-1.el6_3.i686.rpm
postgresql-docs-8.4.13-1.el6_3.i686.rpm
postgresql-plperl-8.4.13-1.el6_3.i686.rpm
postgresql-plpython-8.4.13-1.el6_3.i686.rpm
postgresql-pltcl-8.4.13-1.el6_3.i686.rpm
postgresql-server-8.4.13-1.el6_3.i686.rpm
postgresql-test-8.4.13-1.el6_3.i686.rpm
x86_64:
postgresql-8.4.13-1.el6_3.i686.rpm
postgresql-8.4.13-1.el6_3.x86_64.rpm
postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm
postgresql-devel-8.4.13-1.el6_3.i686.rpm
postgresql-devel-8.4.13-1.el6_3.x86_64.rpm
postgresql-docs-8.4.13-1.el6_3.x86_64.rpm
postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm
postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm
postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm
postgresql-server-8.4.13-1.el6_3.x86_64.rpm
postgresql-test-8.4.13-1.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm
x86_64:
postgresql-8.4.13-1.el6_3.i686.rpm
postgresql-8.4.13-1.el6_3.x86_64.rpm
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm
postgresql-libs-8.4.13-1.el6_3.i686.rpm
postgresql-libs-8.4.13-1.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm
x86_64:
postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm
postgresql-devel-8.4.13-1.el6_3.i686.rpm
postgresql-devel-8.4.13-1.el6_3.x86_64.rpm
postgresql-docs-8.4.13-1.el6_3.x86_64.rpm
postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm
postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm
postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm
postgresql-server-8.4.13-1.el6_3.x86_64.rpm
postgresql-test-8.4.13-1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm
i386:
postgresql-8.4.13-1.el6_3.i686.rpm
postgresql-contrib-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-devel-8.4.13-1.el6_3.i686.rpm
postgresql-docs-8.4.13-1.el6_3.i686.rpm
postgresql-libs-8.4.13-1.el6_3.i686.rpm
postgresql-plperl-8.4.13-1.el6_3.i686.rpm
postgresql-plpython-8.4.13-1.el6_3.i686.rpm
postgresql-pltcl-8.4.13-1.el6_3.i686.rpm
postgresql-server-8.4.13-1.el6_3.i686.rpm
postgresql-test-8.4.13-1.el6_3.i686.rpm
ppc64:
postgresql-8.4.13-1.el6_3.ppc.rpm
postgresql-8.4.13-1.el6_3.ppc64.rpm
postgresql-contrib-8.4.13-1.el6_3.ppc64.rpm
postgresql-debuginfo-8.4.13-1.el6_3.ppc.rpm
postgresql-debuginfo-8.4.13-1.el6_3.ppc64.rpm
postgresql-devel-8.4.13-1.el6_3.ppc.rpm
postgresql-devel-8.4.13-1.el6_3.ppc64.rpm
postgresql-docs-8.4.13-1.el6_3.ppc64.rpm
postgresql-libs-8.4.13-1.el6_3.ppc.rpm
postgresql-libs-8.4.13-1.el6_3.ppc64.rpm
postgresql-plperl-8.4.13-1.el6_3.ppc64.rpm
postgresql-plpython-8.4.13-1.el6_3.ppc64.rpm
postgresql-pltcl-8.4.13-1.el6_3.ppc64.rpm
postgresql-server-8.4.13-1.el6_3.ppc64.rpm
postgresql-test-8.4.13-1.el6_3.ppc64.rpm
s390x:
postgresql-8.4.13-1.el6_3.s390.rpm
postgresql-8.4.13-1.el6_3.s390x.rpm
postgresql-contrib-8.4.13-1.el6_3.s390x.rpm
postgresql-debuginfo-8.4.13-1.el6_3.s390.rpm
postgresql-debuginfo-8.4.13-1.el6_3.s390x.rpm
postgresql-devel-8.4.13-1.el6_3.s390.rpm
postgresql-devel-8.4.13-1.el6_3.s390x.rpm
postgresql-docs-8.4.13-1.el6_3.s390x.rpm
postgresql-libs-8.4.13-1.el6_3.s390.rpm
postgresql-libs-8.4.13-1.el6_3.s390x.rpm
postgresql-plperl-8.4.13-1.el6_3.s390x.rpm
postgresql-plpython-8.4.13-1.el6_3.s390x.rpm
postgresql-pltcl-8.4.13-1.el6_3.s390x.rpm
postgresql-server-8.4.13-1.el6_3.s390x.rpm
postgresql-test-8.4.13-1.el6_3.s390x.rpm
x86_64:
postgresql-8.4.13-1.el6_3.i686.rpm
postgresql-8.4.13-1.el6_3.x86_64.rpm
postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm
postgresql-devel-8.4.13-1.el6_3.i686.rpm
postgresql-devel-8.4.13-1.el6_3.x86_64.rpm
postgresql-docs-8.4.13-1.el6_3.x86_64.rpm
postgresql-libs-8.4.13-1.el6_3.i686.rpm
postgresql-libs-8.4.13-1.el6_3.x86_64.rpm
postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm
postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm
postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm
postgresql-server-8.4.13-1.el6_3.x86_64.rpm
postgresql-test-8.4.13-1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm
i386:
postgresql-8.4.13-1.el6_3.i686.rpm
postgresql-contrib-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-devel-8.4.13-1.el6_3.i686.rpm
postgresql-docs-8.4.13-1.el6_3.i686.rpm
postgresql-libs-8.4.13-1.el6_3.i686.rpm
postgresql-plperl-8.4.13-1.el6_3.i686.rpm
postgresql-plpython-8.4.13-1.el6_3.i686.rpm
postgresql-pltcl-8.4.13-1.el6_3.i686.rpm
postgresql-server-8.4.13-1.el6_3.i686.rpm
postgresql-test-8.4.13-1.el6_3.i686.rpm
x86_64:
postgresql-8.4.13-1.el6_3.i686.rpm
postgresql-8.4.13-1.el6_3.x86_64.rpm
postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm
postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm
postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm
postgresql-devel-8.4.13-1.el6_3.i686.rpm
postgresql-devel-8.4.13-1.el6_3.x86_64.rpm
postgresql-docs-8.4.13-1.el6_3.x86_64.rpm
postgresql-libs-8.4.13-1.el6_3.i686.rpm
postgresql-libs-8.4.13-1.el6_3.x86_64.rpm
postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm
postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm
postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm
postgresql-server-8.4.13-1.el6_3.x86_64.rpm
postgresql-test-8.4.13-1.el6_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-3488.html
https://www.redhat.com/security/data/cve/CVE-2012-3489.html
https://access.redhat.com/security/updates/classification/#moderate
http://www.postgresql.org/docs/8.4/static/release-8-4-13.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUhZaXlSAg2UNWIIRAnFcAKCUV20Qg47ebYn8lbYdNrX7GchF9ACdGq2x
nSm8XF7zfpwFhOqAQSVVrF4=
=y5VZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUFKwku4yVqjM2NGpAQKxNw//T7exQBp7ZPuASS9Be7udViE5UjbUDTqB
j7px5i2U7suoMVjoTvZ7sS7rI77LWTr9NHu4XybGBWm9pcP97iIJdlykZ4S9Ts8p
NBvbfn91PNR8odFZVth4+TJIgj+1LF4jSWNwrLCH4G3RRlaU55G3zVUKJLIL0gvA
8x/ZpSt0Wiu5h8IBVBgeAcw118GiPjTq9MHCXYTpjgoU7EaYLE3XbKEEfE6cGYVu
6giaNb9LpKxzsk7ss0y2ZIFBcH1lsbrDjwC+IE5Mo2N/U7PO78QrO2Zt0W4svmD3
qBneNpdCV86U8x9aEqgxe7uQK2CCU7gBQjBblGOoY330tNjPrvuz0mI+1QdhmFYi
l4fwv2E2l6ejm12Tv+L0TgPScyTNVM/ZqhBpoYSy87Ur12/84r1bIHEMXcyvcyBS
nZKgmYqRJBr1Aej0sUwIbOI1bc9Kllu2tqAwgIq2JTwrhk1u8DJtHL/3EqY2gwL8
znSQkpWGM/wpLIfdX5TYvQM4kZaA1bSYhL9z/2o988TAIQxmOhZ1OoMFJmX21RpE
i0UGW0hUf2htYHg9HFHTkh3jfrZA5z6GqE1V8zLKeLQTKASLl5CEcDcl8KmHVbZa
fz4rXxq0BnzEvcwZhispVz9lvzp39sGv6+kwDfdfJlGZksU/geUeDDmyG/gsknqa
SBNAb50DCHs=
=Omdd
-----END PGP SIGNATURE-----