Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1168
Important: jasper security update
10 May 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: jasper
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-10251 CVE-2016-10249 CVE-2016-10248
CVE-2016-9600 CVE-2016-9591 CVE-2016-9583
CVE-2016-9560 CVE-2016-9394 CVE-2016-9393
CVE-2016-9392 CVE-2016-9391 CVE-2016-9390
CVE-2016-9389 CVE-2016-9388 CVE-2016-9387
CVE-2016-9262 CVE-2016-8885 CVE-2016-8884
CVE-2016-8883 CVE-2016-8693 CVE-2016-8692
CVE-2016-8691 CVE-2016-8690 CVE-2016-8654
CVE-2016-2116 CVE-2016-2089 CVE-2016-1867
CVE-2016-1577 CVE-2015-5221 CVE-2015-5203
Reference: ASB-2016.0042
ESB-2017.0921
ESB-2017.0057
ESB-2016.0592
Original Bulletin:
https://access.redhat.com/errata/RHSA-2017:1208
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: jasper security update
Advisory ID: RHSA-2017:1208-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2017:1208
Issue date: 2017-05-09
CVE Names: CVE-2015-5203 CVE-2015-5221 CVE-2016-10248
CVE-2016-10249 CVE-2016-10251 CVE-2016-1577
CVE-2016-1867 CVE-2016-2089 CVE-2016-2116
CVE-2016-8654 CVE-2016-8690 CVE-2016-8691
CVE-2016-8692 CVE-2016-8693 CVE-2016-8883
CVE-2016-8884 CVE-2016-8885 CVE-2016-9262
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389
CVE-2016-9390 CVE-2016-9391 CVE-2016-9392
CVE-2016-9393 CVE-2016-9394 CVE-2016-9560
CVE-2016-9583 CVE-2016-9591 CVE-2016-9600
=====================================================================
1. Summary:
An update for jasper is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
JasPer is an implementation of Part 1 of the JPEG 2000 image compression
standard.
Security Fix(es):
Multiple flaws were found in the way JasPer decoded JPEG 2000 image files.
A specially crafted file could cause an application using JasPer to crash
or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560,
CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690,
CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)
Multiple flaws were found in the way JasPer decoded JPEG 2000 image files.
A specially crafted file could cause an application using JasPer to crash.
(CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692,
CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390,
CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583,
CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)
Red Hat would like to thank Liu Bingchang (IIE) for reporting
CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo
Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting
CVE-2015-5221.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1254242 - CVE-2015-5203 jasper: integer overflow in jas_image_cmpt_create()
1255710 - CVE-2015-5221 jasper: use-after-free and double-free flaws in mif_process_cmpt()
1298135 - CVE-2016-1867 jasper: out-of-bounds read in jpc_pi_nextcprl()
1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
1314466 - CVE-2016-1577 jasper: double free issue in jas_iccattrval_destroy()
1314472 - CVE-2016-2116 jasper: memory leak in jas_iccprof_createfrombuf()
1385499 - CVE-2016-8690 CVE-2016-8884 CVE-2016-8885 jasper: missing jas_matrix_create() parameter checks
1385502 - CVE-2016-8691 CVE-2016-8692 jasper: missing SIZ marker segment XRsiz and YRsiz fields range check
1385507 - CVE-2016-8693 jasper: incorrect handling of bufsize 0 in mem_resize()
1388840 - CVE-2016-10249 jasper: integer overflow in jas_matrix_create()
1388870 - CVE-2016-8883 jasper: reachable asserts in jpc_dec_tiledecode()
1393882 - CVE-2016-9262 jasper: integer truncation in jas_image_cmpt_create()
1396959 - CVE-2016-9387 jasper: integer overflow in jpc_dec_process_siz()
1396962 - CVE-2016-9388 jasper: reachable assertions in RAS encoder/decoder
1396963 - CVE-2016-9389 jasper: reachable assertions caused by insufficient component domains checks in ICT/RCT in JPC codec
1396965 - CVE-2016-9390 jasper: insufficient SIZ marker tilexoff and tileyoff checks
1396967 - CVE-2016-9391 jasper: reachable assertions in the JPC bitstream code
1396971 - CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 jasper: insufficient SIZ marker segment data sanity checks
1398256 - CVE-2016-9560 jasper: stack-based buffer overflow in jpc_dec_tileinit()
1399167 - CVE-2016-8654 jasper: heap-based buffer overflow in QMFB code in JPC codec
1405148 - CVE-2016-9583 jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder
1406405 - CVE-2016-9591 jasper: use-after-free / double-free in JPC encoder
1410026 - CVE-2016-9600 jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
1434447 - CVE-2016-10248 jasper: NULL pointer dereference in jpc_tsfb_synthesize()
1434461 - CVE-2016-10251 jasper: integer overflow in jpc_pi_nextcprl(), leading to out-of-bounds read
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
jasper-1.900.1-21.el6_9.src.rpm
i386:
jasper-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
x86_64:
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-utils-1.900.1-21.el6_9.i686.rpm
x86_64:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
jasper-1.900.1-21.el6_9.src.rpm
x86_64:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
jasper-1.900.1-21.el6_9.src.rpm
i386:
jasper-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
ppc64:
jasper-1.900.1-21.el6_9.ppc64.rpm
jasper-debuginfo-1.900.1-21.el6_9.ppc.rpm
jasper-debuginfo-1.900.1-21.el6_9.ppc64.rpm
jasper-libs-1.900.1-21.el6_9.ppc.rpm
jasper-libs-1.900.1-21.el6_9.ppc64.rpm
s390x:
jasper-1.900.1-21.el6_9.s390x.rpm
jasper-debuginfo-1.900.1-21.el6_9.s390.rpm
jasper-debuginfo-1.900.1-21.el6_9.s390x.rpm
jasper-libs-1.900.1-21.el6_9.s390.rpm
jasper-libs-1.900.1-21.el6_9.s390x.rpm
x86_64:
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-utils-1.900.1-21.el6_9.i686.rpm
ppc64:
jasper-debuginfo-1.900.1-21.el6_9.ppc.rpm
jasper-debuginfo-1.900.1-21.el6_9.ppc64.rpm
jasper-devel-1.900.1-21.el6_9.ppc.rpm
jasper-devel-1.900.1-21.el6_9.ppc64.rpm
jasper-utils-1.900.1-21.el6_9.ppc64.rpm
s390x:
jasper-debuginfo-1.900.1-21.el6_9.s390.rpm
jasper-debuginfo-1.900.1-21.el6_9.s390x.rpm
jasper-devel-1.900.1-21.el6_9.s390.rpm
jasper-devel-1.900.1-21.el6_9.s390x.rpm
jasper-utils-1.900.1-21.el6_9.s390x.rpm
x86_64:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
jasper-1.900.1-21.el6_9.src.rpm
i386:
jasper-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
x86_64:
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-utils-1.900.1-21.el6_9.i686.rpm
x86_64:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
jasper-1.900.1-30.el7_3.src.rpm
x86_64:
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
jasper-1.900.1-30.el7_3.src.rpm
x86_64:
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
jasper-1.900.1-30.el7_3.src.rpm
aarch64:
jasper-debuginfo-1.900.1-30.el7_3.aarch64.rpm
jasper-libs-1.900.1-30.el7_3.aarch64.rpm
ppc64:
jasper-debuginfo-1.900.1-30.el7_3.ppc.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc64.rpm
jasper-libs-1.900.1-30.el7_3.ppc.rpm
jasper-libs-1.900.1-30.el7_3.ppc64.rpm
ppc64le:
jasper-debuginfo-1.900.1-30.el7_3.ppc64le.rpm
jasper-libs-1.900.1-30.el7_3.ppc64le.rpm
s390x:
jasper-debuginfo-1.900.1-30.el7_3.s390.rpm
jasper-debuginfo-1.900.1-30.el7_3.s390x.rpm
jasper-libs-1.900.1-30.el7_3.s390.rpm
jasper-libs-1.900.1-30.el7_3.s390x.rpm
x86_64:
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64:
jasper-1.900.1-30.el7_3.aarch64.rpm
jasper-debuginfo-1.900.1-30.el7_3.aarch64.rpm
jasper-devel-1.900.1-30.el7_3.aarch64.rpm
jasper-utils-1.900.1-30.el7_3.aarch64.rpm
ppc64:
jasper-1.900.1-30.el7_3.ppc64.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc64.rpm
jasper-devel-1.900.1-30.el7_3.ppc.rpm
jasper-devel-1.900.1-30.el7_3.ppc64.rpm
jasper-utils-1.900.1-30.el7_3.ppc64.rpm
ppc64le:
jasper-1.900.1-30.el7_3.ppc64le.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc64le.rpm
jasper-devel-1.900.1-30.el7_3.ppc64le.rpm
jasper-utils-1.900.1-30.el7_3.ppc64le.rpm
s390x:
jasper-1.900.1-30.el7_3.s390x.rpm
jasper-debuginfo-1.900.1-30.el7_3.s390.rpm
jasper-debuginfo-1.900.1-30.el7_3.s390x.rpm
jasper-devel-1.900.1-30.el7_3.s390.rpm
jasper-devel-1.900.1-30.el7_3.s390x.rpm
jasper-utils-1.900.1-30.el7_3.s390x.rpm
x86_64:
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
jasper-1.900.1-30.el7_3.src.rpm
x86_64:
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-5203
https://access.redhat.com/security/cve/CVE-2015-5221
https://access.redhat.com/security/cve/CVE-2016-10248
https://access.redhat.com/security/cve/CVE-2016-10249
https://access.redhat.com/security/cve/CVE-2016-10251
https://access.redhat.com/security/cve/CVE-2016-1577
https://access.redhat.com/security/cve/CVE-2016-1867
https://access.redhat.com/security/cve/CVE-2016-2089
https://access.redhat.com/security/cve/CVE-2016-2116
https://access.redhat.com/security/cve/CVE-2016-8654
https://access.redhat.com/security/cve/CVE-2016-8690
https://access.redhat.com/security/cve/CVE-2016-8691
https://access.redhat.com/security/cve/CVE-2016-8692
https://access.redhat.com/security/cve/CVE-2016-8693
https://access.redhat.com/security/cve/CVE-2016-8883
https://access.redhat.com/security/cve/CVE-2016-8884
https://access.redhat.com/security/cve/CVE-2016-8885
https://access.redhat.com/security/cve/CVE-2016-9262
https://access.redhat.com/security/cve/CVE-2016-9387
https://access.redhat.com/security/cve/CVE-2016-9388
https://access.redhat.com/security/cve/CVE-2016-9389
https://access.redhat.com/security/cve/CVE-2016-9390
https://access.redhat.com/security/cve/CVE-2016-9391
https://access.redhat.com/security/cve/CVE-2016-9392
https://access.redhat.com/security/cve/CVE-2016-9393
https://access.redhat.com/security/cve/CVE-2016-9394
https://access.redhat.com/security/cve/CVE-2016-9560
https://access.redhat.com/security/cve/CVE-2016-9583
https://access.redhat.com/security/cve/CVE-2016-9591
https://access.redhat.com/security/cve/CVE-2016-9600
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFZEg4lXlSAg2UNWIIRAuyVAJ9P9L4mLFrCZVWixRk6fXMAasAhMQCgxG8K
H3IC3a7qUw4PxFoXoRVkR5U=
=YNRv
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWRKSj4x+lLeg9Ub1AQiw2g//ZasTYaNWKlZtXjdDAVqvhr0DbKXYkksM
vClA8b4M/JDFiSpbJrJsS12gNUCA8Jyce9QIVJwUgPqNk7W6KS0ixGnxgeyvvA/u
zOdD7JGH5FySfI/cGfFlNoWBwJ4Jd8voe0lzTJ9X+BsQtQRFzj7VbXrAmz4puAbx
jY7fJjUsKhdm9Z8+wnfLNOdYyAzLfK+F7I9MgYKf4Rofs+Lrn92O0ca6CbuBj5rK
h0Wi5bcGLQXVxx0HG4oAncxXTPPWCjQR90LKaZO+aeMxREHk+18uMVi5L/OZxWlF
l6T1wxz6VBiEVeibJ7rEfSmSyPA4aYGzMCDwN/wT8tX/DWSYE4/MeElQJaeYRaiF
x66ZXT4Wm8hENfFHqQdpmdQ0MFboFXtYvN5AFAG9FlQ0ZnjjbRZn5wIqkvGnzVSA
IQ/mLoH7Fec16eEOa/D3LjMNQ8mzLfV/F7PySvQ0FC5RXVmf4buKf6c5kNFdEDY8
3nzJP5Muk6UQcBN/f/mNq3xWP35WD0l+DoW9Sqf6379Q+OnEsWvnS96vrGFu8pAy
l3P4NPN69WXKZqP+WE54bXIJ+Y0XdZtgt0aVrLoFu0V2ekJUfE9pHnIJx6LKa7Bd
Xq8SUxQwyOCCjkGgFLTRBBX7yLR88fNrbEqvoFhtpHMbvWFJd35bDyGDPXhYwsim
H0hKCABxAVg=
=OMxQ
-----END PGP SIGNATURE-----