Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2400 Moderate: mariadb security and bug fix update 17 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mariadb Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Modify Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-2819 CVE-2018-2817 CVE-2018-2813 CVE-2018-2781 CVE-2018-2771 CVE-2018-2767 CVE-2018-2761 CVE-2018-2755 CVE-2018-2668 CVE-2018-2665 CVE-2018-2640 CVE-2018-2622 CVE-2018-2562 CVE-2017-10384 CVE-2017-10379 CVE-2017-10378 CVE-2017-10268 CVE-2017-3653 CVE-2017-3651 CVE-2017-3641 CVE-2017-3636 Reference: ASB-2018.0171 ESB-2018.1905 ESB-2018.1302 ESB-2018.1261 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:2439 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb security and bug fix update Advisory ID: RHSA-2018:2439-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2439 Issue date: 2018-08-16 CVE Names: CVE-2017-3636 CVE-2017-3641 CVE-2017-3651 CVE-2017-3653 CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 ===================================================================== 1. Summary: An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es): * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1472686 - CVE-2017-3636 mysql: Client programs unspecified vulnerability (CPU Jul 2017) 1472693 - CVE-2017-3641 mysql: Server: DML unspecified vulnerability (CPU Jul 2017) 1472708 - CVE-2017-3651 mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) 1472711 - CVE-2017-3653 mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) 1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) 1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) 1503685 - CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017) 1503686 - CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) 1535484 - CVE-2018-2562 mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) 1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) 1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1564965 - CVE-2018-2767 mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) 1568921 - CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) 1568924 - CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018) 1568931 - CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) 1568942 - CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) 1568951 - CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) 1568954 - CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) 1568956 - CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018) 1584023 - systemctl start mariadb - hangs if sock file is used by another process [rhel-7.5.z] 1584024 - MariaDB crashing due to specific SQL statement [rhel-7.5.z] 1584029 - MariaDB server segfaults with select query [rhel-7.5.z] 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.60-1.el7_5.src.rpm x86_64: mariadb-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-libs-5.5.60-1.el7_5.i686.rpm mariadb-libs-5.5.60-1.el7_5.x86_64.rpm mariadb-server-5.5.60-1.el7_5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-devel-5.5.60-1.el7_5.i686.rpm mariadb-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-5.5.60-1.el7_5.i686.rpm mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-test-5.5.60-1.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.60-1.el7_5.src.rpm x86_64: mariadb-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-libs-5.5.60-1.el7_5.i686.rpm mariadb-libs-5.5.60-1.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-devel-5.5.60-1.el7_5.i686.rpm mariadb-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-5.5.60-1.el7_5.i686.rpm mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-server-5.5.60-1.el7_5.x86_64.rpm mariadb-test-5.5.60-1.el7_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.60-1.el7_5.src.rpm ppc64: mariadb-5.5.60-1.el7_5.ppc64.rpm mariadb-bench-5.5.60-1.el7_5.ppc64.rpm mariadb-debuginfo-5.5.60-1.el7_5.ppc.rpm mariadb-debuginfo-5.5.60-1.el7_5.ppc64.rpm mariadb-devel-5.5.60-1.el7_5.ppc.rpm mariadb-devel-5.5.60-1.el7_5.ppc64.rpm mariadb-libs-5.5.60-1.el7_5.ppc.rpm mariadb-libs-5.5.60-1.el7_5.ppc64.rpm mariadb-server-5.5.60-1.el7_5.ppc64.rpm mariadb-test-5.5.60-1.el7_5.ppc64.rpm ppc64le: mariadb-5.5.60-1.el7_5.ppc64le.rpm mariadb-bench-5.5.60-1.el7_5.ppc64le.rpm mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm mariadb-devel-5.5.60-1.el7_5.ppc64le.rpm mariadb-libs-5.5.60-1.el7_5.ppc64le.rpm mariadb-server-5.5.60-1.el7_5.ppc64le.rpm mariadb-test-5.5.60-1.el7_5.ppc64le.rpm s390x: mariadb-5.5.60-1.el7_5.s390x.rpm mariadb-bench-5.5.60-1.el7_5.s390x.rpm mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm mariadb-devel-5.5.60-1.el7_5.s390.rpm mariadb-devel-5.5.60-1.el7_5.s390x.rpm mariadb-libs-5.5.60-1.el7_5.s390.rpm mariadb-libs-5.5.60-1.el7_5.s390x.rpm mariadb-server-5.5.60-1.el7_5.s390x.rpm mariadb-test-5.5.60-1.el7_5.s390x.rpm x86_64: mariadb-5.5.60-1.el7_5.x86_64.rpm mariadb-bench-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-devel-5.5.60-1.el7_5.i686.rpm mariadb-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-libs-5.5.60-1.el7_5.i686.rpm mariadb-libs-5.5.60-1.el7_5.x86_64.rpm mariadb-server-5.5.60-1.el7_5.x86_64.rpm mariadb-test-5.5.60-1.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: mariadb-5.5.60-1.el7_5.src.rpm aarch64: mariadb-5.5.60-1.el7_5.aarch64.rpm mariadb-bench-5.5.60-1.el7_5.aarch64.rpm mariadb-debuginfo-5.5.60-1.el7_5.aarch64.rpm mariadb-devel-5.5.60-1.el7_5.aarch64.rpm mariadb-libs-5.5.60-1.el7_5.aarch64.rpm mariadb-server-5.5.60-1.el7_5.aarch64.rpm mariadb-test-5.5.60-1.el7_5.aarch64.rpm ppc64le: mariadb-5.5.60-1.el7_5.ppc64le.rpm mariadb-bench-5.5.60-1.el7_5.ppc64le.rpm mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm mariadb-devel-5.5.60-1.el7_5.ppc64le.rpm mariadb-libs-5.5.60-1.el7_5.ppc64le.rpm mariadb-server-5.5.60-1.el7_5.ppc64le.rpm mariadb-test-5.5.60-1.el7_5.ppc64le.rpm s390x: mariadb-5.5.60-1.el7_5.s390x.rpm mariadb-bench-5.5.60-1.el7_5.s390x.rpm mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm mariadb-devel-5.5.60-1.el7_5.s390.rpm mariadb-devel-5.5.60-1.el7_5.s390x.rpm mariadb-libs-5.5.60-1.el7_5.s390.rpm mariadb-libs-5.5.60-1.el7_5.s390x.rpm mariadb-server-5.5.60-1.el7_5.s390x.rpm mariadb-test-5.5.60-1.el7_5.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.60-1.el7_5.ppc.rpm mariadb-debuginfo-5.5.60-1.el7_5.ppc64.rpm mariadb-embedded-5.5.60-1.el7_5.ppc.rpm mariadb-embedded-5.5.60-1.el7_5.ppc64.rpm mariadb-embedded-devel-5.5.60-1.el7_5.ppc.rpm mariadb-embedded-devel-5.5.60-1.el7_5.ppc64.rpm ppc64le: mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm mariadb-embedded-5.5.60-1.el7_5.ppc64le.rpm mariadb-embedded-devel-5.5.60-1.el7_5.ppc64le.rpm s390x: mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm mariadb-embedded-5.5.60-1.el7_5.s390.rpm mariadb-embedded-5.5.60-1.el7_5.s390x.rpm mariadb-embedded-devel-5.5.60-1.el7_5.s390.rpm mariadb-embedded-devel-5.5.60-1.el7_5.s390x.rpm x86_64: mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-5.5.60-1.el7_5.i686.rpm mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: mariadb-debuginfo-5.5.60-1.el7_5.aarch64.rpm mariadb-embedded-5.5.60-1.el7_5.aarch64.rpm mariadb-embedded-devel-5.5.60-1.el7_5.aarch64.rpm ppc64le: mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm mariadb-embedded-5.5.60-1.el7_5.ppc64le.rpm mariadb-embedded-devel-5.5.60-1.el7_5.ppc64le.rpm s390x: mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm mariadb-embedded-5.5.60-1.el7_5.s390.rpm mariadb-embedded-5.5.60-1.el7_5.s390x.rpm mariadb-embedded-devel-5.5.60-1.el7_5.s390.rpm mariadb-embedded-devel-5.5.60-1.el7_5.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.60-1.el7_5.src.rpm x86_64: mariadb-5.5.60-1.el7_5.x86_64.rpm mariadb-bench-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-devel-5.5.60-1.el7_5.i686.rpm mariadb-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-libs-5.5.60-1.el7_5.i686.rpm mariadb-libs-5.5.60-1.el7_5.x86_64.rpm mariadb-server-5.5.60-1.el7_5.x86_64.rpm mariadb-test-5.5.60-1.el7_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-5.5.60-1.el7_5.i686.rpm mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3636 https://access.redhat.com/security/cve/CVE-2017-3641 https://access.redhat.com/security/cve/CVE-2017-3651 https://access.redhat.com/security/cve/CVE-2017-3653 https://access.redhat.com/security/cve/CVE-2017-10268 https://access.redhat.com/security/cve/CVE-2017-10378 https://access.redhat.com/security/cve/CVE-2017-10379 https://access.redhat.com/security/cve/CVE-2017-10384 https://access.redhat.com/security/cve/CVE-2018-2562 https://access.redhat.com/security/cve/CVE-2018-2622 https://access.redhat.com/security/cve/CVE-2018-2640 https://access.redhat.com/security/cve/CVE-2018-2665 https://access.redhat.com/security/cve/CVE-2018-2668 https://access.redhat.com/security/cve/CVE-2018-2755 https://access.redhat.com/security/cve/CVE-2018-2761 https://access.redhat.com/security/cve/CVE-2018-2767 https://access.redhat.com/security/cve/CVE-2018-2771 https://access.redhat.com/security/cve/CVE-2018-2781 https://access.redhat.com/security/cve/CVE-2018-2813 https://access.redhat.com/security/cve/CVE-2018-2817 https://access.redhat.com/security/cve/CVE-2018-2819 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3WHqNzjgjWX9erEAQhEdw//el5ZzNUVdqWJhm1sgBuiu18mbsZxEgHb SlGFd7S0JTP/2P9W37Jbutm3gGBMUfb8QpmYDDCkpVxCTqoe5iOiV1gE5Kbr+xb9 cHZ3yZPiswNV6fXqahEKOwjwQBHVieEzskPBidRi8fRZA9TlUvYt+Hn23IDUrEZA 4RNw7hOELceHIoJidACz5zetpkl5t6Vvjj8kZiMm3zQFRmaCh1k7k/uP18wxCMgx 9PVo74St687MSeUPiXXmYTSLOMW4j2vXiO6a3pZ7D3iyafk23293dye0QE/tLV9L 54Tb9iLNUtB30F89tRgr9GFWIUVRdgbOg11TFP4HCXzPZFsamv2i7qMZKU9fbEko l/c9JOo/MwovWbZwTqyFQgjZ5lnAEthVGcprc3V4QRnF4dhFj0O3gcWqoUGgu9NP EyyKXnkyg1VrEo9pJxjVf89oCe9G/GY6hl8OdC3dV45VMwEZaHuabE4F69+fUPtw h5TrNPKY+QCf2eSuIoZSGM2YP74X847Liqa/ESSslNIIIUmZlaFhtiE2UANx52Z0 taoAH0fkDp4jICHSrhNphzxn0Ktkjm3plTiy9riA/ALjjFyTxy6iOPBTjg+TeXcI CwVedmSqfLeOGYSA5dwSXmejOy+9uwBye7AHS+jj/GHfwxZi4AlGLar0G+aH+PVq loAC4Ye7izk= =v8c6 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW3YpzWaOgq3Tt24GAQg5gQ/+Ma8EnSS3q51ajvrisfdlo8noczTroOg4 +OPHujMTDjWI5k4Tc9Obmi8uzZQbHsxUvDLqBX3/mPHWw8mjwb5LY4stYB0ht3bH vTj9R1YzHIqLYiIU4qGzSqzSTMJ+MxOG4dCl4qs7x4ICSOo+jWUChRJWAimj/Xtu 9lYNY/Ie8s27FHZq70/DoWNfbJ9i0wbCVZjuZjqW51eS2ufMC6sqocCqxM4KN+8s opHfSeo+J1Nx1YqUznu6+Ba++Jo3FSGGnc5Qu3c08Dmbua0b/O3lyYG+PgGcDJgo rfEmRSJLj1872bAv4E8wGKNFrobcR6UmczeKlmnl8xFbuuUZ/RdMGnVj685LBpNE I0ByoGrOEetBIrUuHSwXx5d7jkgYDJDuh5sNPNNMPbpc076KmJiNil68ljOKojUM PWLpoEx6krfQFu5v2FDrpz0IIaYLo2HI3uKX8apwUQfgOsMZ4hT+DMaWXm25E5mX Uk3duWqkBR19B2pp7mGeSHdTZ2S8zh7t3qZxThCMU32kYJsunrxGmqBlQUpR+CnR lg2dcI6/RNSlVGfVKVJ5GCRgYSJr1LBrOH6eddWaHn7mSuB8UXAa55fjYuWXY5U6 vHSAJwJcz7BGKWwWKppSPVq2t6gan76HQYb6G7yMKLbYwYEZGnU5QzLmKmiCEHBu Vwp60GpaY2Q= =wDEe -----END PGP SIGNATURE-----