Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0880 Moderate: postgresql and postgresql84 security update 14 September 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: postgresql and postgresql84 Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 5 Red Hat Enterprise Linux WS/Desktop 5 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated Create Arbitrary Files -- Remote/Unauthenticated Read-only Data Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-3489 CVE-2012-3488 Reference: ESB-2012.0816 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2012-1263.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql and postgresql84 security update Advisory ID: RHSA-2012:1263-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1263.html Issue date: 2012-09-13 CVE Names: CVE-2012-3488 CVE-2012-3489 ===================================================================== 1. Summary: Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database's configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query. (CVE-2012-3488) It was found that the "xml" data type allowed local files and remote URLs to be read with the privileges of the database server to resolve DTD and entity references in the provided XML. An unprivileged database user could use this flaw to read local files they would otherwise not have access to by issuing a specially-crafted SQL query. Note that the full contents of the files were not returned, but portions could be displayed to the user via error messages. (CVE-2012-3489) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Peter Eisentraut as the original reporter of CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489. These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.4/static/release-8-4-13.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 849172 - CVE-2012-3488 postgresql (xml2 contrib module): XXE by applying XSL stylesheet to the document 849173 - CVE-2012-3489 postgresql: File disclosure through XXE in xmlparse by DTD validation 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm i386: postgresql84-8.4.13-1.el5_8.i386.rpm postgresql84-contrib-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-docs-8.4.13-1.el5_8.i386.rpm postgresql84-libs-8.4.13-1.el5_8.i386.rpm postgresql84-python-8.4.13-1.el5_8.i386.rpm postgresql84-tcl-8.4.13-1.el5_8.i386.rpm x86_64: postgresql84-8.4.13-1.el5_8.x86_64.rpm postgresql84-contrib-8.4.13-1.el5_8.x86_64.rpm postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm postgresql84-docs-8.4.13-1.el5_8.x86_64.rpm postgresql84-libs-8.4.13-1.el5_8.i386.rpm postgresql84-libs-8.4.13-1.el5_8.x86_64.rpm postgresql84-python-8.4.13-1.el5_8.x86_64.rpm postgresql84-tcl-8.4.13-1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm i386: postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-devel-8.4.13-1.el5_8.i386.rpm postgresql84-plperl-8.4.13-1.el5_8.i386.rpm postgresql84-plpython-8.4.13-1.el5_8.i386.rpm postgresql84-pltcl-8.4.13-1.el5_8.i386.rpm postgresql84-server-8.4.13-1.el5_8.i386.rpm postgresql84-test-8.4.13-1.el5_8.i386.rpm x86_64: postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm postgresql84-devel-8.4.13-1.el5_8.i386.rpm postgresql84-devel-8.4.13-1.el5_8.x86_64.rpm postgresql84-plperl-8.4.13-1.el5_8.x86_64.rpm postgresql84-plpython-8.4.13-1.el5_8.x86_64.rpm postgresql84-pltcl-8.4.13-1.el5_8.x86_64.rpm postgresql84-server-8.4.13-1.el5_8.x86_64.rpm postgresql84-test-8.4.13-1.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm i386: postgresql84-8.4.13-1.el5_8.i386.rpm postgresql84-contrib-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-devel-8.4.13-1.el5_8.i386.rpm postgresql84-docs-8.4.13-1.el5_8.i386.rpm postgresql84-libs-8.4.13-1.el5_8.i386.rpm postgresql84-plperl-8.4.13-1.el5_8.i386.rpm postgresql84-plpython-8.4.13-1.el5_8.i386.rpm postgresql84-pltcl-8.4.13-1.el5_8.i386.rpm postgresql84-python-8.4.13-1.el5_8.i386.rpm postgresql84-server-8.4.13-1.el5_8.i386.rpm postgresql84-tcl-8.4.13-1.el5_8.i386.rpm postgresql84-test-8.4.13-1.el5_8.i386.rpm ia64: postgresql84-8.4.13-1.el5_8.ia64.rpm postgresql84-contrib-8.4.13-1.el5_8.ia64.rpm postgresql84-debuginfo-8.4.13-1.el5_8.ia64.rpm postgresql84-devel-8.4.13-1.el5_8.ia64.rpm postgresql84-docs-8.4.13-1.el5_8.ia64.rpm postgresql84-libs-8.4.13-1.el5_8.ia64.rpm postgresql84-plperl-8.4.13-1.el5_8.ia64.rpm postgresql84-plpython-8.4.13-1.el5_8.ia64.rpm postgresql84-pltcl-8.4.13-1.el5_8.ia64.rpm postgresql84-python-8.4.13-1.el5_8.ia64.rpm postgresql84-server-8.4.13-1.el5_8.ia64.rpm postgresql84-tcl-8.4.13-1.el5_8.ia64.rpm postgresql84-test-8.4.13-1.el5_8.ia64.rpm ppc: postgresql84-8.4.13-1.el5_8.ppc.rpm postgresql84-8.4.13-1.el5_8.ppc64.rpm postgresql84-contrib-8.4.13-1.el5_8.ppc.rpm postgresql84-debuginfo-8.4.13-1.el5_8.ppc.rpm postgresql84-debuginfo-8.4.13-1.el5_8.ppc64.rpm postgresql84-devel-8.4.13-1.el5_8.ppc.rpm postgresql84-devel-8.4.13-1.el5_8.ppc64.rpm postgresql84-docs-8.4.13-1.el5_8.ppc.rpm postgresql84-libs-8.4.13-1.el5_8.ppc.rpm postgresql84-libs-8.4.13-1.el5_8.ppc64.rpm postgresql84-plperl-8.4.13-1.el5_8.ppc.rpm postgresql84-plpython-8.4.13-1.el5_8.ppc.rpm postgresql84-pltcl-8.4.13-1.el5_8.ppc.rpm postgresql84-python-8.4.13-1.el5_8.ppc.rpm postgresql84-server-8.4.13-1.el5_8.ppc.rpm postgresql84-tcl-8.4.13-1.el5_8.ppc.rpm postgresql84-test-8.4.13-1.el5_8.ppc.rpm s390x: postgresql84-8.4.13-1.el5_8.s390x.rpm postgresql84-contrib-8.4.13-1.el5_8.s390x.rpm postgresql84-debuginfo-8.4.13-1.el5_8.s390.rpm postgresql84-debuginfo-8.4.13-1.el5_8.s390x.rpm postgresql84-devel-8.4.13-1.el5_8.s390.rpm postgresql84-devel-8.4.13-1.el5_8.s390x.rpm postgresql84-docs-8.4.13-1.el5_8.s390x.rpm postgresql84-libs-8.4.13-1.el5_8.s390.rpm postgresql84-libs-8.4.13-1.el5_8.s390x.rpm postgresql84-plperl-8.4.13-1.el5_8.s390x.rpm postgresql84-plpython-8.4.13-1.el5_8.s390x.rpm postgresql84-pltcl-8.4.13-1.el5_8.s390x.rpm postgresql84-python-8.4.13-1.el5_8.s390x.rpm postgresql84-server-8.4.13-1.el5_8.s390x.rpm postgresql84-tcl-8.4.13-1.el5_8.s390x.rpm postgresql84-test-8.4.13-1.el5_8.s390x.rpm x86_64: postgresql84-8.4.13-1.el5_8.x86_64.rpm postgresql84-contrib-8.4.13-1.el5_8.x86_64.rpm postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm postgresql84-devel-8.4.13-1.el5_8.i386.rpm postgresql84-devel-8.4.13-1.el5_8.x86_64.rpm postgresql84-docs-8.4.13-1.el5_8.x86_64.rpm postgresql84-libs-8.4.13-1.el5_8.i386.rpm postgresql84-libs-8.4.13-1.el5_8.x86_64.rpm postgresql84-plperl-8.4.13-1.el5_8.x86_64.rpm postgresql84-plpython-8.4.13-1.el5_8.x86_64.rpm postgresql84-pltcl-8.4.13-1.el5_8.x86_64.rpm postgresql84-python-8.4.13-1.el5_8.x86_64.rpm postgresql84-server-8.4.13-1.el5_8.x86_64.rpm postgresql84-tcl-8.4.13-1.el5_8.x86_64.rpm postgresql84-test-8.4.13-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm i386: postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm x86_64: postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm i386: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-contrib-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-docs-8.4.13-1.el6_3.i686.rpm postgresql-plperl-8.4.13-1.el6_3.i686.rpm postgresql-plpython-8.4.13-1.el6_3.i686.rpm postgresql-pltcl-8.4.13-1.el6_3.i686.rpm postgresql-server-8.4.13-1.el6_3.i686.rpm postgresql-test-8.4.13-1.el6_3.i686.rpm x86_64: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-8.4.13-1.el6_3.x86_64.rpm postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.x86_64.rpm postgresql-docs-8.4.13-1.el6_3.x86_64.rpm postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm postgresql-server-8.4.13-1.el6_3.x86_64.rpm postgresql-test-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm x86_64: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm x86_64: postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.x86_64.rpm postgresql-docs-8.4.13-1.el6_3.x86_64.rpm postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm postgresql-server-8.4.13-1.el6_3.x86_64.rpm postgresql-test-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm i386: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-contrib-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-docs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-plperl-8.4.13-1.el6_3.i686.rpm postgresql-plpython-8.4.13-1.el6_3.i686.rpm postgresql-pltcl-8.4.13-1.el6_3.i686.rpm postgresql-server-8.4.13-1.el6_3.i686.rpm postgresql-test-8.4.13-1.el6_3.i686.rpm ppc64: postgresql-8.4.13-1.el6_3.ppc.rpm postgresql-8.4.13-1.el6_3.ppc64.rpm postgresql-contrib-8.4.13-1.el6_3.ppc64.rpm postgresql-debuginfo-8.4.13-1.el6_3.ppc.rpm postgresql-debuginfo-8.4.13-1.el6_3.ppc64.rpm postgresql-devel-8.4.13-1.el6_3.ppc.rpm postgresql-devel-8.4.13-1.el6_3.ppc64.rpm postgresql-docs-8.4.13-1.el6_3.ppc64.rpm postgresql-libs-8.4.13-1.el6_3.ppc.rpm postgresql-libs-8.4.13-1.el6_3.ppc64.rpm postgresql-plperl-8.4.13-1.el6_3.ppc64.rpm postgresql-plpython-8.4.13-1.el6_3.ppc64.rpm postgresql-pltcl-8.4.13-1.el6_3.ppc64.rpm postgresql-server-8.4.13-1.el6_3.ppc64.rpm postgresql-test-8.4.13-1.el6_3.ppc64.rpm s390x: postgresql-8.4.13-1.el6_3.s390.rpm postgresql-8.4.13-1.el6_3.s390x.rpm postgresql-contrib-8.4.13-1.el6_3.s390x.rpm postgresql-debuginfo-8.4.13-1.el6_3.s390.rpm postgresql-debuginfo-8.4.13-1.el6_3.s390x.rpm postgresql-devel-8.4.13-1.el6_3.s390.rpm postgresql-devel-8.4.13-1.el6_3.s390x.rpm postgresql-docs-8.4.13-1.el6_3.s390x.rpm postgresql-libs-8.4.13-1.el6_3.s390.rpm postgresql-libs-8.4.13-1.el6_3.s390x.rpm postgresql-plperl-8.4.13-1.el6_3.s390x.rpm postgresql-plpython-8.4.13-1.el6_3.s390x.rpm postgresql-pltcl-8.4.13-1.el6_3.s390x.rpm postgresql-server-8.4.13-1.el6_3.s390x.rpm postgresql-test-8.4.13-1.el6_3.s390x.rpm x86_64: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-8.4.13-1.el6_3.x86_64.rpm postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.x86_64.rpm postgresql-docs-8.4.13-1.el6_3.x86_64.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.x86_64.rpm postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm postgresql-server-8.4.13-1.el6_3.x86_64.rpm postgresql-test-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm i386: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-contrib-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-docs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-plperl-8.4.13-1.el6_3.i686.rpm postgresql-plpython-8.4.13-1.el6_3.i686.rpm postgresql-pltcl-8.4.13-1.el6_3.i686.rpm postgresql-server-8.4.13-1.el6_3.i686.rpm postgresql-test-8.4.13-1.el6_3.i686.rpm x86_64: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-8.4.13-1.el6_3.x86_64.rpm postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.x86_64.rpm postgresql-docs-8.4.13-1.el6_3.x86_64.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.x86_64.rpm postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm postgresql-server-8.4.13-1.el6_3.x86_64.rpm postgresql-test-8.4.13-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3488.html https://www.redhat.com/security/data/cve/CVE-2012-3489.html https://access.redhat.com/security/updates/classification/#moderate http://www.postgresql.org/docs/8.4/static/release-8-4-13.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUhZaXlSAg2UNWIIRAnFcAKCUV20Qg47ebYn8lbYdNrX7GchF9ACdGq2x nSm8XF7zfpwFhOqAQSVVrF4= =y5VZ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUFKwku4yVqjM2NGpAQKxNw//T7exQBp7ZPuASS9Be7udViE5UjbUDTqB j7px5i2U7suoMVjoTvZ7sS7rI77LWTr9NHu4XybGBWm9pcP97iIJdlykZ4S9Ts8p NBvbfn91PNR8odFZVth4+TJIgj+1LF4jSWNwrLCH4G3RRlaU55G3zVUKJLIL0gvA 8x/ZpSt0Wiu5h8IBVBgeAcw118GiPjTq9MHCXYTpjgoU7EaYLE3XbKEEfE6cGYVu 6giaNb9LpKxzsk7ss0y2ZIFBcH1lsbrDjwC+IE5Mo2N/U7PO78QrO2Zt0W4svmD3 qBneNpdCV86U8x9aEqgxe7uQK2CCU7gBQjBblGOoY330tNjPrvuz0mI+1QdhmFYi l4fwv2E2l6ejm12Tv+L0TgPScyTNVM/ZqhBpoYSy87Ur12/84r1bIHEMXcyvcyBS nZKgmYqRJBr1Aej0sUwIbOI1bc9Kllu2tqAwgIq2JTwrhk1u8DJtHL/3EqY2gwL8 znSQkpWGM/wpLIfdX5TYvQM4kZaA1bSYhL9z/2o988TAIQxmOhZ1OoMFJmX21RpE i0UGW0hUf2htYHg9HFHTkh3jfrZA5z6GqE1V8zLKeLQTKASLl5CEcDcl8KmHVbZa fz4rXxq0BnzEvcwZhispVz9lvzp39sGv6+kwDfdfJlGZksU/geUeDDmyG/gsknqa SBNAb50DCHs= =Omdd -----END PGP SIGNATURE-----