Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.1465
Moderate: php54 security and bug fix update
5 June 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php54
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-4148 CVE-2015-4147 CVE-2015-2787
CVE-2015-2348 CVE-2015-2305 CVE-2015-2301
CVE-2015-1351 CVE-2015-0273 CVE-2015-0232
CVE-2015-0231 CVE-2014-9709 CVE-2014-9705
CVE-2014-9652 CVE-2014-9427 CVE-2014-8142
Reference: ASB-2015.0015
ESB-2015.1462
ESB-2015.0853
ESB-2015.0698.2
ESB-2015.0667
ESB-2015.0501
ESB-2015.0005
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2015-1066.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: php54 security and bug fix update
Advisory ID: RHSA-2015:1066-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1066.html
Issue date: 2015-06-04
CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652
CVE-2014-9705 CVE-2014-9709 CVE-2015-0231
CVE-2015-0232 CVE-2015-0273 CVE-2015-1351
CVE-2015-2301 CVE-2015-2305 CVE-2015-2348
CVE-2015-2787 CVE-2015-4147 CVE-2015-4148
=====================================================================
1. Summary:
Updated php54 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The php54 packages provide a recent stable release of PHP with
the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a
number of additional utilities.
The php54 packages have been upgraded to upstream version 5.4.40, which
provides a number of bug fixes over the version shipped in Red Hat Software
Collections 1. (BZ#1168193)
The following security issues were fixed in the php54-php component:
An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)
Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A heap buffer overflow flaw was found in PHP's regular expression
extension. An attacker able to make PHP process a specially crafted regular
expression pattern could cause it to crash and possibly execute arbitrary
code. (CVE-2015-2305)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
A use-after-free flaw was found in PHP's phar (PHP Archive) extension.
An attacker able to trigger certain error condition in phar archive
processing could possibly use this flaw to disclose certain portions of
server memory. (CVE-2015-2301)
An ouf-of-bounds read flaw was found in the way the File Information
(fileinfo) extension processed certain Pascal strings. A remote attacker
could cause a PHP application to crash if it used fileinfo to identify the
type of the attacker-supplied file. (CVE-2014-9652)
It was found that PHP move_uploaded_file() function did not properly handle
file names with a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348)
A flaw was found in the way PHP handled malformed source files when running
in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.
(CVE-2014-9427)
The following security issue was fixed in the php54-php-pecl-zendopcache
component:
A use-after-free flaw was found in PHP's OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory.
(CVE-2015-1351)
All php54 users are advised to upgrade to these updated packages, which
correct these issues. After installing the updated packages, the httpd
service must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1055927 - REBASE to pecl/zendopcache version 7.0.4
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1185900 - CVE-2015-1351 php: use after free in opcache extension
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
php54-2.0-1.el6.src.rpm
php54-php-5.4.40-1.el6.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
x86_64:
php54-2.0-1.el6.x86_64.rpm
php54-php-5.4.40-1.el6.x86_64.rpm
php54-php-bcmath-5.4.40-1.el6.x86_64.rpm
php54-php-cli-5.4.40-1.el6.x86_64.rpm
php54-php-common-5.4.40-1.el6.x86_64.rpm
php54-php-dba-5.4.40-1.el6.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm
php54-php-devel-5.4.40-1.el6.x86_64.rpm
php54-php-enchant-5.4.40-1.el6.x86_64.rpm
php54-php-fpm-5.4.40-1.el6.x86_64.rpm
php54-php-gd-5.4.40-1.el6.x86_64.rpm
php54-php-imap-5.4.40-1.el6.x86_64.rpm
php54-php-intl-5.4.40-1.el6.x86_64.rpm
php54-php-ldap-5.4.40-1.el6.x86_64.rpm
php54-php-mbstring-5.4.40-1.el6.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm
php54-php-odbc-5.4.40-1.el6.x86_64.rpm
php54-php-pdo-5.4.40-1.el6.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm
php54-php-pgsql-5.4.40-1.el6.x86_64.rpm
php54-php-process-5.4.40-1.el6.x86_64.rpm
php54-php-pspell-5.4.40-1.el6.x86_64.rpm
php54-php-recode-5.4.40-1.el6.x86_64.rpm
php54-php-snmp-5.4.40-1.el6.x86_64.rpm
php54-php-soap-5.4.40-1.el6.x86_64.rpm
php54-php-tidy-5.4.40-1.el6.x86_64.rpm
php54-php-xml-5.4.40-1.el6.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm
php54-runtime-2.0-1.el6.x86_64.rpm
php54-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
php54-2.0-1.el7.src.rpm
php54-php-5.4.40-1.el7.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm
x86_64:
php54-2.0-1.el7.x86_64.rpm
php54-php-5.4.40-1.el7.x86_64.rpm
php54-php-bcmath-5.4.40-1.el7.x86_64.rpm
php54-php-cli-5.4.40-1.el7.x86_64.rpm
php54-php-common-5.4.40-1.el7.x86_64.rpm
php54-php-dba-5.4.40-1.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm
php54-php-devel-5.4.40-1.el7.x86_64.rpm
php54-php-enchant-5.4.40-1.el7.x86_64.rpm
php54-php-fpm-5.4.40-1.el7.x86_64.rpm
php54-php-gd-5.4.40-1.el7.x86_64.rpm
php54-php-intl-5.4.40-1.el7.x86_64.rpm
php54-php-ldap-5.4.40-1.el7.x86_64.rpm
php54-php-mbstring-5.4.40-1.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm
php54-php-odbc-5.4.40-1.el7.x86_64.rpm
php54-php-pdo-5.4.40-1.el7.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-1.el7.x86_64.rpm
php54-php-process-5.4.40-1.el7.x86_64.rpm
php54-php-pspell-5.4.40-1.el7.x86_64.rpm
php54-php-recode-5.4.40-1.el7.x86_64.rpm
php54-php-snmp-5.4.40-1.el7.x86_64.rpm
php54-php-soap-5.4.40-1.el7.x86_64.rpm
php54-php-xml-5.4.40-1.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm
php54-runtime-2.0-1.el7.x86_64.rpm
php54-scldevel-2.0-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
php54-2.0-1.el7.src.rpm
php54-php-5.4.40-1.el7.src.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm
x86_64:
php54-2.0-1.el7.x86_64.rpm
php54-php-5.4.40-1.el7.x86_64.rpm
php54-php-bcmath-5.4.40-1.el7.x86_64.rpm
php54-php-cli-5.4.40-1.el7.x86_64.rpm
php54-php-common-5.4.40-1.el7.x86_64.rpm
php54-php-dba-5.4.40-1.el7.x86_64.rpm
php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm
php54-php-devel-5.4.40-1.el7.x86_64.rpm
php54-php-enchant-5.4.40-1.el7.x86_64.rpm
php54-php-fpm-5.4.40-1.el7.x86_64.rpm
php54-php-gd-5.4.40-1.el7.x86_64.rpm
php54-php-intl-5.4.40-1.el7.x86_64.rpm
php54-php-ldap-5.4.40-1.el7.x86_64.rpm
php54-php-mbstring-5.4.40-1.el7.x86_64.rpm
php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm
php54-php-odbc-5.4.40-1.el7.x86_64.rpm
php54-php-pdo-5.4.40-1.el7.x86_64.rpm
php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm
php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm
php54-php-pgsql-5.4.40-1.el7.x86_64.rpm
php54-php-process-5.4.40-1.el7.x86_64.rpm
php54-php-pspell-5.4.40-1.el7.x86_64.rpm
php54-php-recode-5.4.40-1.el7.x86_64.rpm
php54-php-snmp-5.4.40-1.el7.x86_64.rpm
php54-php-soap-5.4.40-1.el7.x86_64.rpm
php54-php-xml-5.4.40-1.el7.x86_64.rpm
php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm
php54-runtime-2.0-1.el7.x86_64.rpm
php54-scldevel-2.0-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9427
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-1351
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2305
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVcBYSXlSAg2UNWIIRAoT1AJ9XFBGeD9SIxEla6ub7VHSrmJAtcgCfSjPe
YJoyzmnxjsdToxpNcMlTQOw=
=BUIg
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVXDtFxLndAQH1ShLAQKZYxAAub5ncqoMcKDl1ohj/Tl9LEIEhFl3cmUP
l1jtqvGUqYr0Z2bN52W97E4PS3Fgj8RvW6RwQQiye/Z4OQD2+Rp0flUeC3G5eaxe
ucL1PiX1XVDN2zJNdimKe0EhZKJ/mHXhS9i4DFNiybVRNZY2DlUdNlKSn0aNU04K
cM35qwQPNUBArYMkT23x4jb5O0dL6R1d7rOGvG3hul852YDYiaK+AgYDfOOOYtXq
FFlN+iVxYfT1CuwfDOxT/sncAIpJOu/iRlN3AVAJoifp3MfHynh2dYKlBg19WDjk
GHt+CWDz2w08/G4rlR7HEVKlPovt0rnKDPz/+l+vUEdKgwj678O9jbozw5kVTpaT
gNvOTe81cYrpWY2vmnd42zx+a0AhR1cTmPGfRAWDBvug/5x9R9menfbYVIEs+1Dy
559lBkMREqWy0et78YXg1Jp5t+FHoDzdy08RIEKV8gbT8I11ILINCFfSDJxi/OC9
9itzGd0NwmUU1FnQvz9HzfekSqg9eeF0K5rbPeLMlvyXEZKB6EEmYgKAnOK4VQjG
kr89iRNhMJODm/YIk14PFvo3Bfy38D9dXom0l1LTpKymybGw93EbHZy3kH2ruM6o
uLFLaV3Lu1mbZqzvdfS+my05pMjUrSNVjp6vey8Gzg6v/8ISukTBTfvxLsby7tHv
dGPhbNx6fAc=
=FV4I
-----END PGP SIGNATURE-----