Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0251 Low: sssd security, bug fix and enhancement update 22 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sssd Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Linux variants Impact/Access: Root Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-0220 CVE-2013-0219 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2013-0508.html Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running sssd check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix and enhancement update Advisory ID: RHSA-2013:0508-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0508.html Issue date: 2013-02-21 CVE Names: CVE-2013-0219 CVE-2013-0220 ===================================================================== 1. Summary: Updated sssd packages that fix two security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user. (CVE-2013-0219) Multiple out-of-bounds memory read flaws were found in the way the autofs and SSH service responders parsed certain SSSD packets. An attacker could spend a specially-crafted packet that, when processed by the autofs or SSH service responders, would cause SSSD to crash. This issue only caused a temporary denial of service, as SSSD was automatically restarted by the monitor process after the crash. (CVE-2013-0220) The CVE-2013-0219 and CVE-2013-0220 issues were discovered by Florian Weimer of the Red Hat Product Security Team. These updated sssd packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All SSSD users are advised to upgrade to these updated packages, which upgrade SSSD to upstream version 1.9 to correct these issues, fix these bugs and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 743505 - [RFE] Implement "AD friendly" schema mapping 761573 - [RFE] Integrate with SUDO utility 766000 - [RFE]Add support for central management of the SELinux user mappings 768165 - [RFE] Support range retrievals 768168 - [RFE] Allow Constructing uid from Active Directory objectSid 789470 - [RFE] Introduce the concept of a Primary Server in SSSD 789507 - [RFE] SSSD should provide fast in memory cache to provide similar functionality as NSCD currently provides 790105 - Filter out inappropriate IP addresses from IPA dynamic DNS update 790107 - Document sss_tools better 799009 - Warn to syslog when dereference requests fail 799928 - [RFE] Hash the hostname/port information in the known_hosts file. 801431 - [RFE] sudo: send username and uid while requesting default options 801719 - "Error looking up public keys" while ssh to replica using IP address. 802718 - Unable to lookup user aliases with proxy provider. 805920 - [RFE] Introduce concept of Ghost User instead of using Fake User 805921 - Document the expectations about ghost users showing in the lookups 808307 - No info in sssd manpages for "ldap_sasl_minssf" 811987 - autofs: maximum key name must be PATH_MAX 813327 - [RFE] support looking up autofs maps via SSSD 814249 - [RFE] for faster SSSD startup 822404 - sssd does not provide maps for automounter when custom schema is being used 824244 - sssd does not warn into sssd.log for broken configurations 827036 - Add support for terminating idle connections in sssd_nss 829740 - Init script reports complete before sssd is actually working 832103 - [RFE] Optimize memberOf search criteria with AD 832120 - [RFE] Add AD provider 845251 - sssd does not try another server when unable to resolve hostname 845253 - Fail over does not work correctly when IPA server is establishing a GSSAPI-encrypted LDAP connection 848547 - [TECH PREVIEW] Support DIR: credential caches for multiple TGT support 852948 - ldap_chpass_update_last_change is not included in the manual page 854619 - SSSD cannot cope with empty naming context coming from Novell eDirectory 854997 - Add details about TGT validation to sssd-krb5 man page 857047 - [abrt] sssd-1.8.4-13.fc16: __GI_exit: Process /usr/libexec/sssd/sssd_pam was killed by signal 6 (SIGABRT) 860667 - [man sssd-ldap] 'ldap_access_filter' description needs to be updated 861075 - SSSD_NSS failure to gracefully restart after sbus failure 861076 - Flip the default value of ldap_initgroups_use_matching_rule_in_chain 861079 - Collect Krb5 Trace on High Debug Levels 861082 - Manpage has ldap_autofs_search_base as experimental feature 861091 - pam_sss report System Error on wrong password 863131 - sssd_nss process hangs, stuck in loop; "self restart" does recover, but old process hangs around using 100% CPU 866542 - sssd_be crashes while looking up users 867932 - Selinuxusermap rule is not honoured 867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running 869013 - Sudo smart refresh doesn't occur on time 869071 - Password authentication for users from trusted domains does not work 869150 - ldap_child crashes on using invalid keytab during gssapi connection 869443 - The sssd_nss process grows the memory consumption over time 869678 - sssd not granting access for AD trusted user in HBAC rule 870039 - sss_cache says 'Wrong DB version' 870045 - always reread the master map from LDAP 870060 - SSH host keys are not being removed from the cache 870238 - IPA client cannot change AD Trusted User password 870278 - ipa client setup should configure host properly in a trust is in place 870280 - ipa reconfigure functionality needed for fixing clients to support trusts 870505 - sss_cache: Multiple domains not handled properly 871160 - sudo failing for ad trusted user in IPA environment 871576 - sssd does not resolve group names from AD 871843 - Nested groups are not retrieved appropriately from cache 872110 - User appears twice on looking up a nested group 872180 - subdomains: Invalid sub-domain request type. 872324 - pam: fd leak when writing the selinux login file in the pam responder 872683 - sssd_be segfaults with enumeration enabled and anonymous LDAP access disabled 873032 - Move sss_cache to the main subpackage 873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section 874579 - sssd caching not working as expected for selinux usermap contexts 874616 - Silence the DEBUG messages when ID mapping code skips a built-in group 874618 - sss_cache: fqdn not accepted 874673 - user id lookup fails using proxy provider 875677 - password expiry warning message doesn't appear during auth 875738 - offline authentication failure always returns System Error 875740 - "defaults" entry ignored 875851 - sysdb upgrade failed converting db to 0.11 876531 - sss_cache does not work for automount maps 877126 - subdomains code does not save the proper user/group name 877130 - LDAP provider fails to save empty groups 877354 - ldap_connection_expire_timeout doesn't expire ldap connections 877972 - ldap_sasl_authid no longer accepts full principal 877974 - updating top-level group does not reflect ghost members correctly 878262 - ipa password auth failing for user principal name when shorter than IPA Realm name 878419 - sss_userdel doesn't remove entries from in-memory cache 878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set 878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent 880140 - sssd hangs at startup with broken configurations 880159 - delete operation is not implemented for ghost users 880176 - memberUid required for primary groups to match sudo rule 880546 - krb5_kpasswd failover doesn't work 880956 - Primary server status is not always reset after failover to backup server happened 881773 - mmap cache needs update after db changes 882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update 882221 - Offline sudo denies access with expired entry_cache_timeout 882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds 882923 - Negative cache timeout is not working for proxy provider 883336 - sssd crashes during start if id_provider is not mentioned 883408 - Make it clear that ldap_sudo_include_regexp can only handle wildcards 884254 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees 884480 - user is not removed from group membership during initgroups 884600 - ldap_chpass_uri failover fails on using same hostname 884601 - CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders 884666 - sudo: if first full refresh fails, schedule another first full refresh 885078 - sssd_nss crashes during enumeration if the enumeration is taking too long 885105 - sudo denies access with disabled ldap_sudo_use_host_filter 886038 - sssd components seem to mishandle sighup 886091 - Disallow root SSH public key authentication 886848 - user id lookup fails for case sensitive users using proxy provider 887961 - AD provider: getgrgid removes nested group memberships 888614 - Failure in memberof can lead to failed database update 888800 - MEmory leak in new memcache initgr cleanup function 889168 - krb5 ticket renewal does not read the renewable tickets from cache 889182 - crash in memory cache 890520 - Failover to krb5_backup_kpasswd doesn't work 891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP 892197 - Incorrect principal searched for in keytab 894302 - sssd fails to update to changes on autofs maps 894381 - memory cache is not updated after user is deleted from ldb cache 894428 - wrong filter for autofs maps in sss_cache 894738 - Failover to ldap_chpass_backup_uri doesn't work 894997 - sssd_be crashes looking up members with groups outside the nesting limit 895132 - Modifications using sss_usermod tool are not reflected in memory cache 895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform 896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute. 902436 - possible segfault when backend callback is removed 902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm ppc64: libipa_hbac-1.9.2-82.el6.ppc.rpm libipa_hbac-1.9.2-82.el6.ppc64.rpm libipa_hbac-python-1.9.2-82.el6.ppc64.rpm libsss_autofs-1.9.2-82.el6.ppc64.rpm libsss_idmap-1.9.2-82.el6.ppc64.rpm libsss_sudo-1.9.2-82.el6.ppc64.rpm sssd-1.9.2-82.el6.ppc64.rpm sssd-client-1.9.2-82.el6.ppc.rpm sssd-client-1.9.2-82.el6.ppc64.rpm sssd-debuginfo-1.9.2-82.el6.ppc.rpm sssd-debuginfo-1.9.2-82.el6.ppc64.rpm s390x: libipa_hbac-1.9.2-82.el6.s390.rpm libipa_hbac-1.9.2-82.el6.s390x.rpm libipa_hbac-python-1.9.2-82.el6.s390x.rpm libsss_autofs-1.9.2-82.el6.s390x.rpm libsss_idmap-1.9.2-82.el6.s390x.rpm libsss_sudo-1.9.2-82.el6.s390x.rpm sssd-1.9.2-82.el6.s390x.rpm sssd-client-1.9.2-82.el6.s390.rpm sssd-client-1.9.2-82.el6.s390x.rpm sssd-debuginfo-1.9.2-82.el6.s390.rpm sssd-debuginfo-1.9.2-82.el6.s390x.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm ppc64: libipa_hbac-devel-1.9.2-82.el6.ppc.rpm libipa_hbac-devel-1.9.2-82.el6.ppc64.rpm libsss_idmap-1.9.2-82.el6.ppc.rpm libsss_idmap-devel-1.9.2-82.el6.ppc.rpm libsss_idmap-devel-1.9.2-82.el6.ppc64.rpm libsss_sudo-devel-1.9.2-82.el6.ppc.rpm libsss_sudo-devel-1.9.2-82.el6.ppc64.rpm sssd-debuginfo-1.9.2-82.el6.ppc.rpm sssd-debuginfo-1.9.2-82.el6.ppc64.rpm sssd-tools-1.9.2-82.el6.ppc64.rpm s390x: libipa_hbac-devel-1.9.2-82.el6.s390.rpm libipa_hbac-devel-1.9.2-82.el6.s390x.rpm libsss_idmap-1.9.2-82.el6.s390.rpm libsss_idmap-devel-1.9.2-82.el6.s390.rpm libsss_idmap-devel-1.9.2-82.el6.s390x.rpm libsss_sudo-devel-1.9.2-82.el6.s390.rpm libsss_sudo-devel-1.9.2-82.el6.s390x.rpm sssd-debuginfo-1.9.2-82.el6.s390.rpm sssd-debuginfo-1.9.2-82.el6.s390x.rpm sssd-tools-1.9.2-82.el6.s390x.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2013-0220.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/sssd.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcDZXlSAg2UNWIIRAhnEAJ9XdwmO6Lj3pGoiRkr7pvnys8bNngCgjIdk YqzxidbE7UcfmsItAyPQUNY= =+H1I - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUSb0+e4yVqjM2NGpAQJs9Q/+PI/6U+tAyZgOZAjOTWN91oy+AVjKRFZL w2nBn9yiiLhD9Dls6xadyfLwJA+ChOYVCRBpsA07tXfW9yJhkPktW1gJSCk7NNm1 XmMNsc2B4PhE1WuU8OKfcx8wEfgI29CMpDjqnseKhS1PyF7EmrehQt5Y23OwXxpS yeptWGtoNJ1lvytOGHYsRRgdTxAyNAahKWYR7RDUjOdqOZ+w/9LVGqqRgMCm+V4G YFbmNGKVt4DQoxdpRQmlI5s3pTHne0xZR/+IlZA2Ba+aMStCm7CJaVA4y7xQwSTa 5MotdsOQx1bo/ON13s7LaDWc3y1wsRYjiiRYUqM7T8beX07UqHJvVVC+NvCpd4NG shOlB5xe35rWnTepNrInRhmN4Mfch/DP/ad/lx4O53MNySRJGvbaEqlAVMu2qPme D6lI2h53VXidOI1onSWpBIWlpI+eWmEy/BMb9fu+tq70qcJNmm9ijRtVH2TpQoH4 1XSTD92lnlU42d/SwToe7De5cfdCsaLQ4iF4ENLgVU010DOXU7w38XAUxu7RIXZF ly5YdsxXTf+9+oBVz6Uitt4+sKqdWoCwz7eUiklP/DmKsyEU/pONpX2Cy1db+zmo zlrRHaUqvX9RUCo0IVT9IdlLxOzCgBc71c0u8EbDIwmNNhBVJSHkS9DSUSsRW2ip H7UFfYo+2E8= =vtgC -----END PGP SIGNATURE-----