-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2196
Security Bulletin: Multiple vulnerabilities affect IBM Rational ClearQuest
                             16 September 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Rational ClearQuest
Publisher:         IBM
Operating System:  AIX
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Access Privileged Data         -- Remote/Unauthenticated      
                   Increased Privileges           -- Existing Account            
                   Provide Misleading Information -- Remote with User Interaction
                   Access Confidential Data       -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-3426 CVE-2016-2107 CVE-2016-0702
                   CVE-2013-0513  

Reference:         ASB-2016.0074
                   ASB-2016.0043
                   ESB-2016.1076
                   ESB-2016.0543.2

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg21990134
   http://www.ibm.com/support/docview.wss?uid=swg21990141
   http://www.ibm.com/support/docview.wss?uid=swg21990151
   http://www.ibm.com/support/docview.wss?uid=swg21990130

Comment: This bulletin contains four (4) IBM security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin:  Vulnerability in IBM Java Runtime affects IBM Rational
ClearQuest (CVE-2016-3426)

Security Bulletin

Document information

More support for:

Rational ClearQuest

Software version:

7.1, 7.1.0.1, 7.1.0.2, 7.1.1, 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.1.5,
7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.1.2, 7.1.2.1, 7.1.2.2, 7.1.2.3,
7.1.2.4, 7.1.2.5, 7.1.2.6, 7.1.2.7, 7.1.2.8, 7.1.2.9, 7.1.2.10, 7.1.2.11,
7.1.2.12, 7.1.2.13, 7.1.2.14, 7.1.2.15, 7.1.2.16, 7.1.2.17, 7.1.2.18,
7.1.2.19, 8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.0.6, 8.0.0.7,
8.0.0.8, 8.0.0.9, 8.0.0.10, 8.0.0.11, 8.0.0.12, 8.0.0.13, 8.0.0.14, 8.0.0.15,
8.0.0.16, 8.0.0.17, 8.0.0.18, 8.0.1, 8.0.1.1, 8.0.1.2, 8.0.1.3, 8.0.1.4,
8.0.1.5, 8.0.1.6, 8.0.1.7, 8.0.1.8, 8.0.1.9, 8.0.1.10, 8.0.1.11, 9.0, 9.0.0.1

Operating system(s):

AIX, Linux, Solaris, Windows

Reference #:

1990134

Modified date:

2016-09-15

Summary

There is a vulnerability in IBM Runtime Environment Java Technology Edition,
Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. This issue
was disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID:

CVE-2016-3426

DESCRIPTION:

An unspecified vulnerability related to the JCE component could allow a
remote attacker to obtain sensitive information, resulting in a partial
confidentiality impact using unknown attack vectors.

CVSS Base Score: 4.3

CVSS Temporal Score: See

https://exchange.xforce.ibmcloud.com/vulnerabilities/112457

for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM Rational ClearQuest, versions 7.1.0.x, 7.1.1.x, 7.1.2.x, 8.0.0.x,
8.0.1.x, and 9.0.0.x in the following components:

ClearQuest Web/CQ OSLC server/CM Server component, when configured to use
SSL.

ClearQuest Eclipse clients that use Report Designer, run remote reports on
servers using secure connections, or use the embedded browser to connect to
secure web sites. If you do not use the ClearQuest Eclipse client in this
way, then you are not affected.

ClearQuest version                             Status
9.0 through 9.0.0.01                           Affected
8.0.1 through 8.0.1.11                         Affected
8.0 through 8.0.0.18                           Affected
7.1.0.x                                        Affected
7.1.1.x
7.1.2.x
(all versions and fix packs)

Remediation/Fixes

The solution is to install a fix that includes an updated Java Virtual
Machine with fixes for the issues, and to apply fixes for WebSphere
Application Server (WAS).

ClearQuest Eclipse Client and Report Designer fixes

Apply the relevant fixes as listed in the table below.

Affected Versions 	Applying the fix

9.0 through 9.0.0.01 	Install Rational ClearQuest Fix Pack 2 (9.0.0.02) for 9.0

8.0.1 through 8.0.1.11 	Install Rational ClearQuest Fix Pack 12 (8.0.1.12) for 8.0.1

8.0 through 8.0.0.18  	Install Rational ClearQuest Fix Pack 18 (8.0.0.19) for 8.0

7.1.2.x (all fix packs)	Customers on extended support contracts should contact Customer Support.
7.1.1.x (all fix packs)
7.1.0.x (all fix packs)

ClearQuest Web server fixes

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere
Application Server April 2016 CPU

Affected Versions                             Applying the fix
8.0.0.x                                       Apply the appropriate WebSphere Application Server fix directly to your ClearQuest Web server host. No ClearQuest-specific steps are necessary.
8.0.1.x
9.0
7.1.2.x (all fix packs)                       Customers on extended support contracts should contact customer support.
7.1.1.x (all fix packs)
7.1.0.x (all fix packs)

For 7.0.x and 7.1.x and earlier releases, IBM recommends upgrading to a
fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to

My Notifications

to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide

On-line Calculator v2

IBM Java SDK April 2016 Security Bulletin

Related information

IBM Secure Engineering Web Portal

IBM Product Security Incident Response Blog

Change History

* 15 September 2016: Originally published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- ---

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearQuest
(CVE-2016-2107)

Security Bulletin

Document information

More support for:

Rational ClearQuest

Software version:

7.1, 7.1.0.1, 7.1.0.2, 7.1.1, 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.1.5,
7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.1.2, 7.1.2.1, 7.1.2.2, 7.1.2.3,
7.1.2.4, 7.1.2.5, 7.1.2.6, 7.1.2.7, 7.1.2.8, 7.1.2.9, 7.1.2.10, 7.1.2.11,
7.1.2.12, 7.1.2.13, 7.1.2.14, 7.1.2.15, 7.1.2.16, 7.1.2.17, 7.1.2.18,
7.1.2.19, 8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.0.6, 8.0.0.7,
8.0.0.8, 8.0.0.9, 8.0.0.10, 8.0.0.11, 8.0.0.12, 8.0.0.13, 8.0.0.14, 8.0.0.15,
8.0.0.16, 8.0.0.17, 8.0.0.18, 8.0.1, 8.0.1.1, 8.0.1.2, 8.0.1.3, 8.0.1.4,
8.0.1.5, 8.0.1.6, 8.0.1.7, 8.0.1.8, 8.0.1.9, 8.0.1.10, 8.0.1.11, 9.0, 9.0.0.1

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Reference #:

1990141

Modified date:

2016-09-15

Summary

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project.
OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has
addressed the applicable CVEs.

Vulnerability Details

CVEID:

CVE-2016-2107

DESCRIPTION:

OpenSSL could allow a remote attacker to obtain sensitive information caused
by an error when the connection uses an AES CBC cipher and the server support
AES-NI. A remote user with the ability to conduct a man-in-the-middle attack
could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded
Legacy Encryption) attack to decrypt traffic.

CVSS Base Score: 4.3

CVSS Temporal Score: See

https://exchange.xforce.ibmcloud.com/vulnerabilities/112854

for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Rational ClearQuest versions:

Version                                   Status
9.0 through 9.0.0.01                      Affected
8.0.1 through 8.0.1.10                    Affected
8.0 through 8.0.0.17                      Affected
7.1.0.x, 7.1.1.x, 7.1.2.x (all versions)  Affected

Not all deployments of Rational ClearQuest use OpenSSL in a way that is 
affected by these vulnerabilities.

You are vulnerable if your use of Rational ClearQuest includes any of these
configurations: 

You use SSL connections in perl scripts run by ratlperl or cqperl, or by
ClearQuest hooks. In this situation, you should review all the fixes provided
by the OpenSSL project to see which ones apply to your use of OpenSSL. See
the references link below.

You integrate with ClearCase. See

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase
(CVE-2016-2107)

You connect to a ClearQuest database using SSL.

Remediation/Fixes

Apply a fix pack as listed in the table below. The fix pack includes OpenSSL

1.0.2h.

Affected Versions                             Applying the fix
9.0 through 9.0.0.01                          Install Rational ClearQuest Fix Pack 2 (9.0.0.02) for 9.0
8.0.1 through 8.0.1.11                        Install Rational ClearQuest Fix Pack 12 (8.0.1.12) for 8.0.1
8.0 through 8.0.0.18                          Install Rational ClearQuest Fix Pack 18 (8.0.0.19) for 8.0
7.1.2.x (all fix packs)                       Customers on extended support contracts should contact Customer Support.
7.1.1.x (all fix packs)
7.1.0.x (all fix packs)

For 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed,
supported version/release/platform of the product.

Workarounds and Mitigations

If exposure is due to hooks and scripts, disable the scripts that uses SSL
and runs in ratlperl, cqperl or ClearQuest hooks until you apply the fixes
listed above.

Get Notified about Future Security Bulletins

Subscribe to

My Notifications

to be notified of important product support alerts like this.

Important note

IBM strongly suggests that all System z customers be subscribed to the System
z Security Portal to receive the latest critical System z security and
integrity service. If you are not subscribed, see the instructions on the

System z Security web site

Security and integrity APARs and associated fixes will be posted to this
portal. IBM suggests reviewing the CVSS scores and applying all security or
integrity fixes as soon as possible to minimize any potential risk.

References

Complete CVSS v3 Guide

On-line Calculator v3

OpenSSL Project vulnerability website

Related information

IBM Secure Engineering Web Portal

IBM Product Security Incident Response Blog

Change History

* 15 September 2016: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- ---

Security Bulletin:  Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
(CVE-2016-0702)

Security Bulletin

Document information

More support for:

Rational ClearQuest

Software version:

7.1, 7.1.0.1, 7.1.0.2, 7.1.1, 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.1.5,
7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.1.2, 7.1.2.1, 7.1.2.2, 7.1.2.3,
7.1.2.4, 7.1.2.5, 7.1.2.6, 7.1.2.7, 7.1.2.8, 7.1.2.9, 7.1.2.10, 7.1.2.11,
7.1.2.12, 7.1.2.13, 7.1.2.14, 7.1.2.15, 7.1.2.16, 7.1.2.17, 7.1.2.18,
7.1.2.19, 8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.0.6, 8.0.0.7,
8.0.0.8, 8.0.0.9, 8.0.0.10, 8.0.0.11, 8.0.0.12, 8.0.0.13, 8.0.0.14, 8.0.0.15,
8.0.0.16, 8.0.0.17, 8.0.0.18, 8.0.1, 8.0.1.1, 8.0.1.2, 8.0.1.3, 8.0.1.4,
8.0.1.5, 8.0.1.6, 8.0.1.7, 8.0.1.8, 8.0.1.9, 8.0.1.10, 8.0.1.11, 9.0, 9.0.0.1

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Reference #:

1990151

Modified date:

2016-09-15

Summary

An OpenSSL vulnerability was disclosed on March 1, 2016 by the OpenSSL
Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest
has addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2016-0702

DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive 
information, caused by a side-channel attack against a system based on the 
Intel Sandy-Bridge microarchitecture. An attacker could exploit this 
vulnerability to recover RSA keys.

CVSS Base Score: 2.9

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111144
for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Rational ClearQuest, versions 7.1.0.x, 7.1.1.x, 7.1.2.x, 8.0.0.x,
8.0.1.x, and 9.0 in the following component:

ClearQuest hooks and cqperl/ratlperl scripts that use SSL.

Database drivers configured to use SSL connections to the database.

ClearQuest version                             Status
9.0 through 9.0.0.1                            Affected
8.0.1 through 8.0.1.11                         Affected
8.0 through 8.0.0.18                           Affected
7.1.0.x                                        Affected
7.1.1.x
7.1.2.x
(all versions and fix packs)

Remediation/Fixes

Affected Versions                             Fixes
9.0 through 9.0.0.1                           Install Rational ClearQuest Fix Pack 2 (9.0.0.2) for 9.0
8.0.1 through 8.0.1.10                        Install Rational ClearQuest Fix Pack 12 (8.0.1.12) for 8.0.1
8.0 through 8.0.0.17                          Install Rational ClearQuest Fix Pack 19 (8.0.0.19) for 8.0
7.1.2.x (all fix packs)                       Customers on extended support contracts should contact customer support.
7.1.1.x (all fix packs)
7.1.0.x (all fix packs)

For 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed,
supported version/release/platform of the product.

Get Notified about Future Security Bulletins

Subscribe to

My Notifications

to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide

On-line Calculator v3

OpenSSL Project vulnerability website

Related information

IBM Secure Engineering Web Portal

IBM Product Security Incident Response Blog

Change History

* 15 September 2016: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- ---

Security Bulletin: Unquoted Service Path Enumeration vulnerability in IBM
Rational ClearQuest (CVE-2013-0513)

Security Bulletin

Document information

More support for:

Rational ClearQuest

Software version:

7.1, 7.1.0.1, 7.1.0.2, 7.1.1, 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.1.5,
7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.1.2, 7.1.2.1, 7.1.2.2, 7.1.2.3,
7.1.2.4, 7.1.2.5, 7.1.2.6, 7.1.2.7, 7.1.2.8, 7.1.2.9, 7.1.2.10, 7.1.2.11,
7.1.2.12, 7.1.2.13, 7.1.2.14, 7.1.2.15, 7.1.2.16, 7.1.2.17, 7.1.2.18,
7.1.2.19, 8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.0.6, 8.0.0.7,
8.0.0.8, 8.0.0.9, 8.0.0.10, 8.0.0.11, 8.0.0.12, 8.0.0.13, 8.0.0.14, 8.0.0.15,
8.0.0.16, 8.0.0.17, 8.0.0.18, 8.0.1, 8.0.1.1, 8.0.1.2, 8.0.1.3, 8.0.1.4,
8.0.1.5, 8.0.1.6, 8.0.1.7, 8.0.1.8, 8.0.1.9, 8.0.1.10, 8.0.1.11, 9.0, 9.0.0.1

Operating system(s):

Windows

Reference #:

1990130

Modified date:

2016-09-15

Summary

IBM Rational ClearQuest is vulnerable to an Unquoted Service Path Enumeration
vulnerability.

Vulnerability Details

CVEID:

CVE-2013-0513

DESCRIPTION:

IBM Rational AppScan, IBM Rational ClearCase, and IBM Rational ClearQuest
could allow a local attacker to gain elevated privileges on the system,
caused by the creation of a service during install that does not constrain
the service path in quotes and leaves it vulnerable to Microsoft Windows
Unquoted Service Path Enumeration issue. An attacker could gain elevated
privileges using the service. No specialized knowledge is necessary to
conduct this attack. The attacker will need local access to the AppScan
Enterprise, ClearCase, or ClearQuest machine in order to conduct the attack.
Authentication is not a requirement.

CVSS Base Score: 7.2

CVSS Temporal Score: See

https://exchange.xforce.ibmcloud.com/vulnerabilities/82594

for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Rational ClearQuest 7.1.x (all versions), 8.0 through 8.0.0.18, 8.0.1 through
8.0.1.11, and 9.0 through 9.0.0.01.

Remediation/Fixes

Install a fix pack containing fixes:

Affected version                             Fixes
9.0 through 9.0.0.01                         Install Rational ClearQuest Fix Pack 2 (9.0.0.02) for 9.0
8.0.1 through 8.0.1.11                       Install Rational ClearQuest Fix Pack 12 (8.0.1.12) for 8.0.1
8.0 through 8.0.0.18                         Install Rational ClearQuest Fix Pack 18 (8.0.0.19) for 8.0
7.1.x                                        Customers on extended support contracts for 7.1.x should contact Customer Support.

For 7.0.x and 7.1.x and earlier releases, IBM recommends upgrading to a
fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None.

Get Notified about Future Security Bulletins

Subscribe to

My Notifications

to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide

On-line Calculator v2

Related information

IBM Secure Engineering Web Portal

IBM Product Security Incident Response Blog

Change History

* 15 September 2016: Original Copy Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV9tssIx+lLeg9Ub1AQgmdRAAmEHWcVMrk2bsuUdHdsswUVDLeecAyLiI
B2HU8vqUn7Oa/8JLla+LiATH2lABPwwBS5rdF0fdpMggE7LHGFy8XfhTl+Gb2XNg
Ju+fDHAI9KZFRzLDSc7EXvCkEkrOrqCOvaK6eEVdraT6DkybAEffEeHdnxGMKR3a
NAChmdJdRXw2KKXDBHPCKlPV9+uYe1vV03lXs03PmZGQRLJlsp24pEfiMzB01mxV
LXCmxQG+zt8hnl0SvTa9xoQLah/tb86T8NSsg6j+54xHz8E95QNxGm7SnhMNouGC
x5UZQ2bC6vHFo9Bg5d43t4y1j0YdO7YpdRNHcD/dqk1EcenHKOSbS4MxRv3v4RrJ
tV3C4+LP/gW7NPtNv5ZlypXsUPg1lY+bCjwM1j/oEEfbCoxxv4Wj2fqNwiEz41b7
N4O+H5TwMyTmFS5GFb8zYXMDWHQmYs2vtRcC+o3LFJr5dIE8jA+s0wLt0hShPem0
0RgNZSEq+k8/RHe9Ul9hi+yVH+Hg52VgH9rKWpZbe5jYdP5M2oP65fzth9NvOaXl
N5aYuN+bTpPxX6YUrISNeOEGSGpjqVB9k2MZPPaW4G8sbsvvezcOkhePNmNaAwr7
PT6rOvlqfW5+VMcOyg4HheL+6LaumpZS6SjvsqcPNUKXJHYabdern/+7Hu9InELc
MFGxq5j+sNE=
=bu9m
-----END PGP SIGNATURE-----