Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0814 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite 28 March 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Publisher: Apple Operating System: OS X Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Access Privileged Data -- Remote with User Interaction Modify Permissions -- Existing Account Modify Arbitrary Files -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-6974 CVE-2017-5486 CVE-2017-5485 CVE-2017-5484 CVE-2017-5483 CVE-2017-5482 CVE-2017-5342 CVE-2017-5341 CVE-2017-5205 CVE-2017-5204 CVE-2017-5203 CVE-2017-5202 CVE-2017-2487 CVE-2017-2486 CVE-2017-2485 CVE-2017-2483 CVE-2017-2482 CVE-2017-2478 CVE-2017-2474 CVE-2017-2473 CVE-2017-2472 CVE-2017-2467 CVE-2017-2462 CVE-2017-2461 CVE-2017-2458 CVE-2017-2457 CVE-2017-2456 CVE-2017-2451 CVE-2017-2450 CVE-2017-2449 CVE-2017-2448 CVE-2017-2443 CVE-2017-2441 CVE-2017-2440 CVE-2017-2439 CVE-2017-2438 CVE-2017-2437 CVE-2017-2436 CVE-2017-2435 CVE-2017-2432 CVE-2017-2431 CVE-2017-2430 CVE-2017-2429 CVE-2017-2428 CVE-2017-2427 CVE-2017-2426 CVE-2017-2425 CVE-2017-2423 CVE-2017-2422 CVE-2017-2421 CVE-2017-2420 CVE-2017-2418 CVE-2017-2417 CVE-2017-2416 CVE-2017-2413 CVE-2017-2410 CVE-2017-2409 CVE-2017-2408 CVE-2017-2407 CVE-2017-2406 CVE-2017-2403 CVE-2017-2402 CVE-2017-2401 CVE-2017-2398 CVE-2017-2392 CVE-2017-2390 CVE-2017-2388 CVE-2017-2381 CVE-2017-2379 CVE-2016-10161 CVE-2016-10160 CVE-2016-10159 CVE-2016-10158 CVE-2016-10012 CVE-2016-10011 CVE-2016-10010 CVE-2016-10009 CVE-2016-9935 CVE-2016-9586 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9533 CVE-2016-8743 CVE-2016-8740 CVE-2016-8575 CVE-2016-8574 CVE-2016-7993 CVE-2016-7992 CVE-2016-7986 CVE-2016-7985 CVE-2016-7984 CVE-2016-7983 CVE-2016-7975 CVE-2016-7974 CVE-2016-7973 CVE-2016-7940 CVE-2016-7939 CVE-2016-7938 CVE-2016-7937 CVE-2016-7936 CVE-2016-7935 CVE-2016-7934 CVE-2016-7933 CVE-2016-7932 CVE-2016-7931 CVE-2016-7930 CVE-2016-7929 CVE-2016-7928 CVE-2016-7927 CVE-2016-7926 CVE-2016-7925 CVE-2016-7924 CVE-2016-7923 CVE-2016-7922 CVE-2016-7585 CVE-2016-7056 CVE-2016-5636 CVE-2016-5387 CVE-2016-3619 CVE-2016-2161 CVE-2016-0736 Reference: ASB-2017.0021 ASB-2017.0014 ASB-2016.0108 ESB-2016.1766 ESB-2016.1765 ESB-2016.1764 Original Bulletin: https://support.apple.com/en-au/HT207615 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite are now available and address the following: apache Available for: macOS Sierra 10.12.3 Impact: A remote attacker may be able to cause a denial of service Description: Multiple issues existed in Apache before 2.4.25. These were addressed by updating LibreSSL to version 2.4.25. CVE-2016-0736: an anonymous researcher CVE-2016-2161: an anonymous researcher CVE-2016-5387: an anonymous researcher CVE-2016-8740: an anonymous researcher CVE-2016-8743: an anonymous researcher apache_mod_php Available for: macOS Sierra 10.12.3 Impact: Multiple issues existed in PHP before 5.6.30 Description: Multiple issues existed in PHP before 5.6.30. These were addressed by updating PHP to version 5.6.30. CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-9935 AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved memory handling. CVE-2017-2421: @cocoahuke AppleRAID Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2438: sss and Axis of 360Nirvanteam Audio Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2430: an anonymous researcher working with Trend Micro’s Zero Day Initiative CVE-2017-2462: an anonymous researcher working with Trend Micro’s Zero Day Initiative Bluetooth Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2420: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group Bluetooth Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2427: Axis and sss of Qihoo 360 Nirvan Team Bluetooth Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2449: sss and Axis from 360NirvanTeam Carbon Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2017-2379: riusksk (泉哥) of Tencent Security Platform Department, John Villamil, Doyensec CoreGraphics Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted image may lead to a denial of service Description: An infinite recursion was addressed through improved state management. CVE-2017-2417: riusksk (泉哥) of Tencent Security Platform Department CoreMedia Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted .mov file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .mov files. This issue was addressed through improved memory management. CVE-2017-2431: kimyok of Tencent Security Platform Department CoreText Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2435: John Villamil, Doyensec CoreText Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2450: John Villamil, Doyensec CoreText Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher curl Available for: macOS Sierra 10.12.3 Impact: Maliciously crafted user input to libcurl API may allow arbitrary code execution Description: A buffer overflow was addressed through improved bounds checking. CVE-2016-9586: Daniel Stenberg of Mozilla EFI Available for: macOS Sierra 10.12.3 Impact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password Description: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI. CVE-2016-7585: Ulf Frisk (@UlfFrisk) FinderKit Available for: macOS Sierra 10.12.3 Impact: Permissions may unexpectedly reset when sending links Description: A permission issue existed in the handling of the Send Link feature of iCloud Sharing. This issue was addressed through improved permission controls. CVE-2017-2429 FontParser Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2406: riusksk (泉哥) of Tencent Security Platform Department CVE-2017-2487: riusksk (泉哥) of Tencent Security Platform Department FontParser Available for: macOS Sierra 10.12.3 Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2407: riusksk (泉哥) of Tencent Security Platform Department FontParser Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2439: John Villamil, Doyensec HTTPProtocol Available for: macOS Sierra 10.12.3 Impact: A malicious HTTP/2 server may be able to cause undefined behavior Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating LibreSSL to version 1.17.0. CVE-2017-2428 Hypervisor Available for: macOS Sierra 10.12.3 Impact: Applications using the Hypervisor framework may unexpectedly leak the CR8 control register between guest and host Description: An information leakage issue was addressed through improved state management. CVE-2017-2418: Alex Fishman and Izik Eidus of Veertu Inc. iBooks Available for: macOS Sierra 10.12.3 Impact: Parsing a maliciously crafted iBooks file may lead to local file disclosure Description: An information leak existed in the handling of file URLs. This issue was addressed through improved URL handling. CVE-2017-2426: Craig Arendt of Stratum Security, Jun Kokatsu (@shhnjk) ImageIO Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2416: Qidan He (何淇丹, @flanker_hqd) of KeenLab, Tencent ImageIO Available for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative ImageIO Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2467 ImageIO Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted image may lead to unexpected application termination Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7. CVE-2016-3619 Intel Graphics Driver Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2443: Ian Beer of Google Project Zero IOATAFamily Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2408: Yangkang (@dnpushme) of Qihoo360 Qex Team IOFireWireAVC Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2436: Orr A, IBM Security IOFireWireAVC Available for: macOS Sierra 10.12.3 Impact: A local attacker may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2437: Benjamin Gnahm (@mitp0sh) of Blue Frost Security IOFireWireFamily Available for: macOS Sierra 10.12.3 Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2017-2388: Brandon Azad, an anonymous researcher Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-2017-2410: Apple Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2017-2440: an anonymous researcher Kernel Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A race condition was addressed through improved memory handling. CVE-2017-2456: lokihardt of Google Project Zero Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2472: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2473: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An off-by-one issue was addressed through improved bounds checking. CVE-2017-2474: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2478: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2482: Ian Beer of Google Project Zero CVE-2017-2483: Ian Beer of Google Project Zero Keyboards Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2458: Shashank (@cyberboyIndia) libarchive Available for: macOS Sierra 10.12.3 Impact: A local attacker may be able to change file system permissions on arbitrary directories Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2017-2390: Omer Medan of enSilo Ltd libc++abi Available for: macOS Sierra 10.12.3 Impact: Demangling a malicious C++ application may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2441 LibreSSL Available for: macOS Sierra 10.12.3, and OS X El Capitan v10.11.6 Impact: A local user may be able to leak sensitive user information Description: A timing side channel allowed an attacker to recover keys. This issue was addressed by introducing constant time computation. CVE-2016-7056: Cesar Pereida GarcÃÂa and Billy Brumley (Tampere University of Technology) MCX Client Available for: macOS Sierra 10.12.3 Impact: Removing a configuration profile with multiple payloads may not remove Active Directory certificate trust Description: An issue existed in profile uninstallation. This issue was addressed through improved cleanup. CVE-2017-2402: an anonymous researcher Menus Available for: macOS Sierra 10.12.3 Impact: An application may be able to disclose process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2409: Sergey Bylokhov Multi-Touch Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2422: @cocoahuke OpenSSH Available for: macOS Sierra 10.12.3 Impact: Multiple issues in OpenSSH Description: Multiple issues existed in OpenSSH before version 7.4. These were addressed by updating OpenSSH to version 7.4. CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 OpenSSL Available for: macOS Sierra 10.12.3 Impact: A local user may be able to leak sensitive user information Description: A timing side channel issue was addressed by using constant time computation. CVE-2016-7056: Cesar Pereida GarcÃÂa and Billy Brumley (Tampere University of Technology) Printing Available for: macOS Sierra 10.12.3 Impact: Clicking a malicious IPP(S) link may lead to arbitrary code execution Description: An uncontrolled format string issue was addressed through improved input validation. CVE-2017-2403: beist of GrayHash python Available for: macOS Sierra 10.12.3 Impact: Processing maliciously crafted zip archives with Python may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of zip archives. This issue was addressed through improved input validation. CVE-2016-5636 QuickTime Available for: macOS Sierra 10.12.3 Impact: Viewing a maliciously crafted media file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickTime. This issue was addressed through improved memory handling. CVE-2017-2413: Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360 Security Available for: macOS Sierra 10.12.3 Impact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed Description: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation. CVE-2017-2423: an anonymous researcher Security Available for: macOS Sierra 10.12.3 Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Under certain circumstances, Secure Transport failed to validate the authenticity of OTR packets. This issue was addressed by restoring missing validation steps. CVE-2017-2448: Alex Radocea of Longterm Security, Inc. Security Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with root privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2451: Alex Radocea of Longterm Security, Inc. Security Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation. CVE-2017-2485: Aleksandar Nikolic of Cisco Talos SecurityFoundation Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A double free issue was addressed through improved memory management. CVE-2017-2425: kimyok of Tencent Security Platform Department sudo Available for: macOS Sierra 10.12.3 Impact: A user in an group named "admin" on a network directory server may be able to unexpectedly escalate privileges using sudo Description: An access issue existed in sudo. This issue was addressed through improved permissions checking. CVE-2017-2381 System Integrity Protection Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to modify protected disk locations Description: A validation issue existed in the handling of system installation. This issue was addressed through improved handling and validation during the installation process. CVE-2017-6974: Patrick Wardle of Synack tcpdump Available for: macOS Sierra 10.12.3 Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: Multiple issues existed in tcpdump before 4.9.0. These were addressed by updating tcpdump to version 4.9.0. CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 tiffutil Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted image may lead to unexpected application termination Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in AKCmds to version 4.0.7. CVE-2016-3619 CVE-2016-9533 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9539 CVE-2016-9540 WebKit Available for: macOS Sierra 10.12.3 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed through improved state management. CVE-2017-2486: redrain of light4freedom WebKit Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2392: Max Bazaliy of Lookout WebKit Available for: macOS Sierra 10.12.3 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2457: lokihardt of Google Project Zero Installation note: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWNnMiYx+lLeg9Ub1AQjJWg/+Ic096cL4G6ex8f7BEYh2SiOXHWnIq/K4 om73JFqcjcM5pogrlxx2m79udaIuUMWNQWWjWfqA+w/laJBnwB0aqgpeUbtagKBs tXwBf5B0vOIf6l/LN+j+9FDtcz/+bM6xNRos+UsqAUpMt9qNBAiDFBssdGP3Cjfv 90SBBu+HonWaqFWh6HOnOPWgMtPuvEeig6gXZ19UGMrnG+dwsmF+0MdUTnqnbwqD pYMztJJIJWXA+mGMazOtBHy04hjnV28h9jzWxWe6ALGdwOGvfJIkYFhxH2Yw4hUC ZZlbddqZER8oiKbeT+2+skUA9r4hELSg1O0b+8bnutMh7EtlRmk/ongBQIkUVOBH qEONepXH2k2s4o55ZA8Ry2fSe6UnCfov02V0R6YubhT0DmZWNzF5NClscNE2jy+e 73weEoiwUXVx7OQZWQXbUpSk3DMq9F2tYPVH3XFtblBh0n82PLTHSTooZTp9JYz0 0rij6i0crsijUJiWDgdPciUlYJRuLosk9OxCWV3ipJlgSJI1dLJEfIfuludDqf7i Zc45TTIH1vd6AHs57oMtopHfoVsXGLj8II3B2ey0OZSdZjzACwgyHiXWnf04OfEQ aYuay6G1ITTt+4TCDo9/eZ3Us4s/AgM2KEABxBoaR0oNMfvOoUxOqPAdydIoa1io 1aK8+TJDwYQ= =/Lae -----END PGP SIGNATURE-----