Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.3214
Multiple vulnerabilities have been identified in IBM Informix Genero
23 December 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Informix Genero
Publisher: IBM
Operating System: AIX
HP-UX
Linux variants
OS X
Solaris
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-8317 CVE-2015-8242 CVE-2015-8241
CVE-2015-8035 CVE-2015-7500 CVE-2015-7499
CVE-2015-7498 CVE-2015-7497 CVE-2015-5312
CVE-2015-3196 CVE-2015-3195 CVE-2015-3194
CVE-2015-3193 CVE-2015-1819 CVE-2015-1794
CVE-2014-1346 CVE-2014-1294 CVE-2014-1293
CVE-2014-1292 CVE-2014-1291 CVE-2014-1290
CVE-2014-1289 CVE-2013-5228 CVE-2013-5225
CVE-2013-5199 CVE-2013-5198 CVE-2013-5197
CVE-2013-5196 CVE-2013-5195
Reference: ESB-2015.3201
ESB-2015.3138
ESB-2015.3133
ESB-2015.3115
ESB-2014.0313
ESB-2013.1803
ESB-2013.1802
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21972479
http://www-01.ibm.com/support/docview.wss?uid=swg21973201
http://www-01.ibm.com/support/docview.wss?uid=swg21973206
Comment: This bulletin contains three (3) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Multiple Vulnerabilities in Apple WebKit affect current
releases of Informix Genero
Document information
More support for:
Informix Tools
Informix Genero
Software version:
2.3, 2.4, 2.5
Operating system(s):
AIX, HP-UX, Linux, OS X, Solaris, Windows
Reference #:
1972479
Modified date:
2015-12-18
Security Bulletin
Summary
Memory corruption vulnerabilities in WebKit could affect Informix
Genero. Genero has addressed the applicable CVEs.
Vulnerability Details
CVE IDs: CVE-2013-5199, CVE-2013-5225, CVE-2013-5228, CVE-2013-5195,
CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2014-1291, CVE-2014-1293,
CVE-2014-1294, CVE-2014-1290, CVE-2014-1292, CVE-2014-1289, CVE-2014-1346
CVEID: CVE-2013-5199
DESCRIPTION: A memory corruption vulnerability in Apple WebKit could allow
a remote attacker to execute arbitrary code on the system or cause the
application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89788 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-5225
DESCRIPTION: A memory corruption vulnerability in Apple WebKit could allow
a remote attacker to execute arbitrary code on the system or cause the
application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89789 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-5228
DESCRIPTION: A memory corruption vulnerability in Apple WebKit could allow
a remote attacker to execute arbitrary code on the system or cause the
application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89790 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-5195
DESCRIPTION: A memory corruption vulnerability in Apple WebKit could allow
a remote attacker to execute arbitrary code on the system or cause the
application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89784 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-5196
DESCRIPTION: A memory corruption vulnerability in Apple WebKit could allow
a remote attacker to execute arbitrary code on the system or cause the
application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89785 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-5197
DESCRIPTION: A memory corruption vulnerability in Apple WebKit could allow
a remote attacker to execute arbitrary code on the system or cause the
application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89786 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-5198
DESCRIPTION: A memory corruption vulnerability in Apple iOS WebKit could
allow a remote attacker to execute arbitrary code on the system or cause
the application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89787 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-1291
DESCRIPTION: A memory corruption vulnerability in Apple iOS WebKit could
allow a remote attacker to execute arbitrary code on the system or cause
the application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91697 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-1293
DESCRIPTION: A memory corruption vulnerability in Apple iOS WebKit could
allow a remote attacker to execute arbitrary code on the system or cause
the application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91699 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-1294
DESCRIPTION: A memory corruption vulnerability in Apple iOS WebKit could
allow a remote attacker to execute arbitrary code on the system or cause
the application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91700 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-1290
DESCRIPTION: A memory corruption vulnerability in Apple iOS WebKit could
allow a remote attacker to execute arbitrary code on the system or cause
the application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91696 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-1292
DESCRIPTION: A memory corruption vulnerability in Apple iOS WebKit could
allow a remote attacker to execute arbitrary code on the system or cause
the application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91698 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-1289
DESCRIPTION: A memory corruption vulnerability in Apple iOS WebKit could
allow a remote attacker to execute arbitrary code on the system or cause
the application to crash using a specially-crafted Web site.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91695 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-1346
DESCRIPTION: An error in Apple WebKit related to a cross-origin issue
in the handling of unicode characters in a specially crafted URL could
allow an attacker to bypass security restrictions and send an incorrect
postMessage origin.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93337 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Products and Versions
Informix Genero v2.3x, v2.4x, and v2.5x
Remediation/Fixes
Please contact IBM Support for information on how to upgrade to a fixed,
supported version/release/platform of the product.
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v2 Guide
On-line Calculator v2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
18 December 2015: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency
and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT
WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING
THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: Vulnerabilities in LibXML2 affect Informix Genero
(CVE-2015-8035, CVE-2015-8241, CVE-2015-8242, CVE-2015-1819, CVE-2015-5312,
CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8317)
Document information
More support for:
Informix Tools
Informix Genero
Software version:
2.3, 2.4, 2.5
Operating system(s):
AIX, HP-UX, Linux, OS X, Solaris, Windows
Reference #:
1973201
Modified date:
2015-12-18
Security Bulletin
Summary
Various vulnerabilities in LibXML2 could affect Informix Genero. Genero
has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2015-8035
DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by an error
when xz support is enabled. By using a specially-crafted xml file, a local
attacker could exploit this vulnerability to cause the software to crash.
CVSS Base Score: 4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/107845 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-8241
DESCRIPTION: libxml2 is vulnerable to a buffer overflow, caused by improper
bounds checking by the XML parser in xmlNextChar. By using a malformed XML
file, a local attacker could overflow a buffer and execute arbitrary code
on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108169 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-8242
DESCRIPTION: libxml2 is vulnerable to a stack-based buffer overflow,
caused by improper bounds checking by the HTML parser in push mode in
xmlSAX2TextNode. By using a malformed XML file, a local attacker could
overflow a buffer and execute arbitrary code on the system or cause the
application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108170 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-1819
DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML
External Entity Injection (XXE) error in the xmlreader when processing
XML data. A remote attacker could exploit this vulnerability to consume
all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/107272 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-5312
DESCRIPTION: An unspecified error in Libxml2 related to an entity expansion
flaw has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108319 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2015-7497
DESCRIPTION: Libxml2 is vulnerable to a denial of service, caused by a
heap-based buffer overflow in the xmlDictComputeFastQKey() function. A remote
attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108320 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-7498
DESCRIPTION: An unspecified error in Libxml2 related to the processing of
entities after encoding conversion failures have occured has an unknown
impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108321 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2015-7499
DESCRIPTION: An unspecified error in Libxml2 related to some parser errors
has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108322 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2015-7500
DESCRIPTION: Libxml2 is vulnerable to a denial of service, caused by a
memory access error when handling invalid entity boundaries. A remote
attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108323 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-8317
DESCRIPTION: libxml2 is vulnerable to a heap-based buffer overflow, caused
by improper bounds checking by the xmlParseXMLDecl function. By using a
malformed XML file, a local attacker could overflow a buffer and execute
arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108316 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
Informix Genero v2.3x, v2.4x, and v2.5x
Remediation/Fixes
Please contact IBM Support for information on how to upgrade to a fixed,
supported version/release/platform of the product.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
Change History
18 December 2015: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency
and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT
WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING
THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: Vulnerabilities in OpenSSL affect Informix Genero
(CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)
Document information
More support for:
Informix Tools
Informix Genero
Software version:
2.3, 2.4, 2.5
Operating system(s):
AIX, HP-UX, Linux, OS X, Solaris, Windows
Reference #:
1973206
Modified date:
2015-12-18
Security Bulletin
Summary
Various vulnerabilities in OpenSSL could affect Informix Genero. Genero
has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2015-3193
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an error in the x86_64 Montgomery squaring
procedure. An attacker with online access to an unpatched system could
exploit this vulnerability to obtain private key information.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108502 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2015-3194
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL
pointer dereference when verifying certificates via a malformed routine. An
attacker could exploit this vulnerability using signature verification
routines with an absent PSS parameter to cause any certificate verification
operation to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108503 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-3195
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a memory leak in a malformed X509_ATTRIBUTE
structure. An attacker could exploit this vulnerability to obtain CMS data
and other sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108504 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2015-3196
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a
race condition when PSK identity hints are received by a multi-threaded
client and the SSL_CTX structure is updated with the incorrect value. An
attacker could exploit this vulnerability to possibly corrupt memory and
cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108505 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-1794
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by
an error when a client receives a ServerKeyExchange for an anonymous DH
ciphersuite with the value of p set to 0. An attacker could exploit this
vulnerability to trigger a segfault and cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108539 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
Informix Genero v2.3x, v2.4x, and v2.5x
Remediation/Fixes
Please contact IBM Support for information on how to upgrade to a fixed,
supported version/release/platform of the product.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
Change History
18 December 2015: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency
and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT
WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING
THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVnnp8H6ZAP0PgtI9AQJCZQ//YpePdEBbnX1Ri3g/wOKZ7rstom0n69+s
esS8zA92opgiYibhQ4KpuxtgsJ5ULKW5KEAkdn2fCzvJcGg6fz8QsVpwIsfXehyD
S4UnF5X7qjDqsW9v+C3EVabqVMT4jwyTZfQlF04ymxs1tY9z9w/XqiGj8A+K7EWa
avEtF5SB9sUe0r4PBa34t6v+3gOj2OEleMkNygWja1UL9CPeOjuoFoQi2PGqBrW3
03mFGoMXUbQDbdb70sNaJxqOGFNHCgmHWp5YRhC31a6qyk1Q/+3WxZ4BK74k7hm6
7UfzaH7DC5pxrrC3zY7NaDaG7xM4WKiwNGMw7P4mWWeI6yx5IEOWNu6cABnDmJwC
wzN5XGsTix7DoEIueruZfwvFx40wAVBL0wld7xYbQKSjOU2O3ukAMaQnNAiuNapv
bochYBq9k+hjsjmLiqRnrXEdSjUq0ZKiK6jyeSCaTAhUr99PajPamFceYTD+XANx
D0ps8nCpvgVyxCep0KyEV5wjaxSSoUlB7ptomUqnRGdX3+g50qSZvLEIIhEC607w
FFGLymraUc5C5DnuG+Hbk8GXJHveSdhHjGuGYyGV2FOjfBmPXAgVdG6ROEUEUvls
gFA3McQ6c0GY7Y2VHBBUqhr6onHWInsTrbwdZC6J9SmbhToqW1qcj5STV4fq2QPB
VrF7yWECSJA=
=V1u/
-----END PGP SIGNATURE-----