Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1090 Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU January 2014 7 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Tivoli Storage Productivity Center Publisher: IBM Operating System: AIX Linux variants Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-0428 CVE-2014-0424 CVE-2014-0423 CVE-2014-0422 CVE-2014-0417 CVE-2014-0416 CVE-2014-0415 CVE-2014-0411 CVE-2014-0410 CVE-2014-0403 CVE-2014-0387 CVE-2014-0376 CVE-2014-0375 CVE-2014-0373 CVE-2014-0368 CVE-2013-5910 CVE-2013-5907 CVE-2013-5899 CVE-2013-5898 CVE-2013-5896 CVE-2013-5889 CVE-2013-5888 CVE-2013-5887 CVE-2013-5884 CVE-2013-5878 Reference: ASB-2014.0005 ESB-2014.0982 ESB-2014.0980 ESB-2014.0966 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21677588 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU January 2014 Security Bulletin Document information More support for: Tivoli Storage Productivity Center Software version: 5.1, 5.1.1, 5.2, 5.2.1 Operating system(s): AIX, Linux, Windows Reference #: 1677588 Modified date: 2014-07-01 Summary Multiple security vulnerabilities exist in IBM SDK Java Technology Edition, Version 6 that is shipped with Tivoli Storage Productivity Center. Vulnerability Details Tivoli Storage Productivity Center is shipped with IBM SDK Java Technology Edition, Version 6 that is based on the Oracle JDK. Oracle has released January 2014 critical patch updates (CPU) which contain security vulnerability fixes. The IBM SDK for Java has been updated to incorporate these fixes. Description: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. CVEID: CVE-2014-0411 CVSS Base Score: 4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90357 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) Description: An unspecified vulnerability related to the Deployment component could allow a remote attacker to cause a denial of service. CVEID: CVE-2013-5887 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90345 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Description: An unspecified vulnerability related to the Deployment component has partial confidentiality impact, partial integrity impact, and partial availability impact. CVEID: CVE-2013-5888 CVSS Base Score: 4.6 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90354 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) Description: An unspecified vulnerability related to the Deployment component has partial confidentiality impact, partial integrity impact, and no availability impact. CVEID: CVE-2013-5898 CVSS Base Score: 4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90356 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) Description: An unspecified vulnerability related to the CORBA component could allow a remote attacker to cause a denial of service. CVEID: CVE-2013-5896 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90347 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Description: An unspecified vulnerability related to the Deployment component could allow a remote attacker to obtain sensitive information. CVEID: CVE-2013-5899 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90346 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) Description: An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information. CVEID: CVE-2014-0368 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90351 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) Description: An unspecified vulnerability related to the Serviceability component has partial confidentiality impact, partial integrity impact, and partial availability impact. CVEID: CVE-2014-0373 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90334 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Description: An unspecified vulnerability related to the Deployment component has partial confidentiality impact, partial integrity impact, and no availability impact. CVEID: CVE-2014-0375 CVSS Base Score: 5.8 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90339 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) Description: An unspecified vulnerability related to the JAXP component has no confidentiality impact, partial integrity impact, and no availability impact. CVEID: CVE-2014-0376 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90350 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Description: An unspecified vulnerability related to the Deployment component has partial confidentiality impact, partial integrity impact, and no availability impact. CVEID: CVE-2014-0403 CVSS Base Score: 5.8 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90338 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) Description: An unspecified vulnerability related to the CORBA component could allow a remote attacker to execute arbitrary code on the system. CVEID: CVE-2014-0428 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90325 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) Description: An unspecified vulnerability related to the JNDI component could allow a remote attacker to execute arbitrary code on the system. CVEID: CVE-2014-0422 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90326 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) Description: This bulletin also covers all applicable CVEs published by Oracle as part of their January 2014 Java SE Critical Patch Update. These may apply if you have installed IBM SDK Java Technology Edition, Version 6 as the system JRE, such as for use with the Tivoli Storage Productivity Center Java WebStart GUI. For more information please refer to Oracle's January 2014 Java SE CPU Advisory. CVEID: CVE-2014-0428 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90325 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2014-0422 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90326 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-5907 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90324 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2014-0415 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90323 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2014-0410 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90322 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-5889 CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90328 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2014-0417 CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90331 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2014-0387 CVSS Base Score: 7.6 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90332 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2014-0424 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90333 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2013-5878 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90335 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2014-0373 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90334 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2014-0375 CVSS Base Score: 5.8 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90339 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) CVEID: CVE-2014-0403 CVSS Base Score: 5.8 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90338 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) CVEID: CVE-2014-0423 CVSS Base Score: 5.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90340 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P) CVEID: CVE-2014-0376 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90350 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-5910 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90352 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-5884 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90348 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-5896 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90347 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2013-5899 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90346 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2014-0416 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90349 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-5887 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90345 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2014-0368 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90351 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-5888 CVSS Base Score: 4.6 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90354 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2013-5898 CVSS Base Score: 4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90356 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) CVEID: CVE-2014-0411 CVSS Base Score: 4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90357 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) Affected Products and Versions Tivoli Storage Productivity Center 5.2.0 through 5.2.1.1 Tivoli Storage Productivity Center 5.1.0 through 5.1.1.4 Tivoli Storage Productivity Center 4.2.0 through 4.2.2.178 Tivoli Storage Productivity Center 4.1.x The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine. System Storage Productivity Center is affected if it has one of the Tivoli Storage Productivity Center versions listed above installed on it. Remediation/Fixes The solution is to apply an appropriate Tivoli Storage Productivity Center fix pack for each named product and execute the manual steps listed below. The solution should be implemented as soon as practicable. Note: It is always recommended to have a current backup before applying any update procedure. Tivoli Storage Productivity Center V5 Apply the Tivoli Storage Productivity Center fix pack as soon as practicable. (See Latest Downloads.) Affected TPC Version APAR Fixed TPC Version Availability 5.2.0 IT02747 5.2.2 June 6, 2014 5.1.x IT02747 5.1.1.5 July 31, 2014* If you have downloaded and installed an IBM JRE from an older version of Tivoli Storage Productivity Center, you should download it again after applying the fix pack and reinstall the IBM JRE. Do not use the IBM JRE 1.6.0 or IBM SDK 1.6.0 links provided with the affected Tivoli Storage Productivity Center versions. Once you have upgraded your Tivoli Storage Productivity Center components to a level with the fix, you can use the links again as they will then allow you to download an updated version of IBM SDK Java Technology Edition, Version 6. * Until Tivoli Storage Productivity Center 5.1.1.5 is available, you can apply some of the updates manually. Apply WebSphere Application Server 7.0.0 interim fix PI08996 to Tivoli Integrated Portal. Download IBM SDK Java Technology Edition, Version 6 SR 15 FP1 (or higher) and install it on any system where you are running the Java WebStart GUI for Tivoli Storage Productivity Center. IBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from here or from Fix Central. Contact IBM Support if the version you need is not available. Note: The WebSphere Application Server V8 instance used by Tivoli Storage Productivity Center will not be updated until you have upgraded to Tivoli Storage Productivity Center 5.1.1.5. Tivoli Storage Productivity Center V4 Apply the Tivoli Storage Productivity Center fix pack as soon as practicable (See Latest Downloads.) and follow the manual steps provided. Affected TPC Version APAR Fixed TPC Version Availability 4.2.x 4.1.x IT02750 4.2.2 FP7 Manual update steps are required in addition to applying 4.2.2 FP7. July 31, 2014* Apply embedded WebSphere Application Server fix pack 6.1.0.47 to Tivoli Storage Productivity Center for Replication if you have not done so before. See Upgrade of embedded WebSphere Application Server fix pack installation procedure for IBM Tivoli Productivity Center for Replication V4.2.2.4 for directions. Apply WebSphere Application Server interim fix PI08999 to update the SDK for the Replication Server. See the WebSphere Application Server security bulletin for more info. If you have downloaded and installed an IBM JRE from an older version of Tivoli Storage Productivity Center, you should download it again after applying the fix pack and reinstall the IBM JRE. IBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from here. A minimum level of IBM SDK Java Technology Edition, Version 6 SR16 FP5 must be used. Do not use the IBM JRE 1.6.0 or IBM SDK 1.6.0 links provided with the affected Tivoli Storage Productivity Center versions. Once you have upgraded your Tivoli Storage Productivity Center components to a level with the fix, you can use the links again as they will then allow you to download an updated version of IBM SDK Java Technology Edition, Version 6 . * Until Tivoli Storage Productivity Center 4.2.2 FP7 is available, you can manually apply all of the updates. Apply WebSphere Application Server interim fix PI08999 to update the SDK for the Device Server. See the WebSphere Application Server security bulletin for more info. Note: You must request and receive the 32-bit version of the interim fix from support or it will not work, even if you are applying it on a 64-bit system. Download Update Installer for WebSphere Application Server. The packages are at the end of the page. http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24012718 Unzip the Update Installer for WebSphere Application server package and install it following the directions provided. Once Update Installer for WebSphere Application Server is installed, copy the *.pak file you downloaded for the interim fix to the maintenance directory in the Update Installer for WebSphere Application Server installation location. Stop the IBM Tivoli Storage Productivity Center Device Server process for WebSphere Application Server. Start Update Installer for WebSphere Application Server. When prompted for the location of WebSphere Application Server, enter the path to the Tivoli Storage Productivity Center location. Windows: <TPC_install_location>\device\apps\was e.g. C:\Program Files\IBM\TPC\device\apps\was AIX and Linux: <TPC_install_location>/device/apps/was e.g. /opt/IBM/TPC/device/apps/was Update Installer for WebSphere Application Server will handle the rest. Repeat steps 1-8 to apply the WebSphere Application Server interim fix update for the Tivoli Integrated Portal component location. Apply embedded WebSphere Application Server fix pack 6.1.0.47 to Tivoli Storage Productivity Center for Replication if you have not done so before. See Upgrade of embedded WebSphere Application Server fix pack installation procedure for IBM Tivoli Productivity Center for Replication V4.2.2.4 for directions. Apply WebSphere Application Server interim fix PI08999 to update the SDK for the Replication Server. See the WebSphere Application Server security bulletin for more info. If you have downloaded and installed an IBM JRE from an older version of Tivoli Storage Productivity Center, you should download it again after applying the fix pack and reinstall the IBM SDK Java Technology Edition, Version 6 JRE. IBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from here. A minimum level of IBM SDK Java Technology Edition, Version 6 SR16 FP5 must be used. Do not use the IBM SDK Java Technology Edition, Version 6 links provided with the affected Tivoli Storage Productivity Center versions. Once you have upgraded your Tivoli Storage Productivity Center components to a level with the fix, you can use the links again as they will then allow you to download an updated version of IBM SDK Java Technology Edition, Version 6. Note: If you are updating a System Storage Productivity Center (SSPC) appliance, use the IBM SDK Java Technology Edition, Version 6 JRE downloaded from your upgraded Tivoli Storage Productivity Center installation, as referenced in steps 3 and 11, to also update the IBM SDK Java Technology Edition, Version 6 JRE on that system. Workarounds and Mitigations None Important note IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk. References Complete CVSS Guide On-line Calculator V2 Oracle January 2014 Java SE Critical Patch Update Advisory IBM SDK, Java Technology Edition Security Alerts Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server January 2014 CPU Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 30 June 2014: Original Copy Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Cross reference information Segment Product Component Platform Version Edition Storage Management Tivoli Storage Productivity AIX, Linux, Windows 4.1, 4.1.1, 4.2, Center Standard Edition 4.2.1, 4.2.2 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU7n4xxLndAQH1ShLAQLFcxAAvTr5VyxWM2xppgGvJTe0MfGGpVFRRbZC Ti1EgcV8wYQqooz2q7ujt9M6gM6UzRi1DWyFmXxo1RsTB6fGqwquONm2wsu2b15Z rRPAjtUAK4J/g+B5A50ZoDJPoybl+7t5OqL+Iug/HNvuRQgnBoVjpRDTN3ntl9G8 RMp2lY1azXp4vUQRTR7GSEEc4Z/lX1lQATTGmpbJNxSf4XYpOXFLQnLhzJbJyFj+ Fg9JfO7nv/SJXL2IOZe1EyDAPup8d+xa0BFSiq8B1PcKlF0TaklijSQYcv33lSTk hUe3OV5RZdtiO6nwSEyPA6gTvm3m2gR8yEbX4tnnU7G+PMx3AgK6MIDrYweF6HNa +kfSe2gVeYVpkJ35cjG+LG7tXBkX1ZtqDLnQuRYXXB3KL42sOKJjoYk0YN1+3ila CkSrgaBLiRdpOyzsEq/RGC+afkRpGuFMfwpNKiNjoe/gR4XZONL26Ayc+0/DL48j f2Kjq/T2Xh1YSQM7CQHk9gSobzx2diEkutSE2jxg4V336ca20TLcbLnJVSxy8leK C+XLy7uueLaYg4yZEIOkWNw2SjzeYkoIQgw+ssD/7OXUUo6A31HoeUSZHWOom3Ca fRcYfyN9jDayzJl9J2gKwnB24mUNXiPXLeQyPVCjqpFpMQNjXSHCWoWHXxQNxee0 vb5vH4yOsdA= =MKje -----END PGP SIGNATURE-----