Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1792
SUSE-SU-2019:1287-1 Security update for the Linux Kernel
20 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11486 CVE-2019-11091 CVE-2019-9503
CVE-2019-8564 CVE-2019-3882 CVE-2018-19407
CVE-2018-12130 CVE-2018-12127 CVE-2018-12126
CVE-2018-1129 CVE-2018-1128 CVE-2018-1120
CVE-2018-1091 CVE-2017-18174 CVE-2017-17741
CVE-2016-8636
Reference: ASB-2019.0138
ESB-2019.1777
ESB-2019.1774
ESB-2019.1754
Original Bulletin:
https://www.suse.com/support/update/announcement/2019/suse-su-20191287-1.html
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:1287-1
Rating: important
References: #1012382 #1024908 #1034113 #1043485 #1068032 #1073311
#1080157 #1080533 #1082632 #1087231 #1087659 #1087906
#1093158 #1094268 #1096748 #1100152 #1103186 #1106913
#1109772 #1111331 #1112178 #1113399 #1116841 #1118338
#1119019 #1122822 #1124832 #1125580 #1129279 #1131416
#1131427 #1131587 #1132673 #1132828 #1133188
Cross-References: CVE-2016-8636 CVE-2017-17741 CVE-2017-18174 CVE-2018-1091
CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-12126
CVE-2018-12127 CVE-2018-12130 CVE-2018-19407 CVE-2019-11091
CVE-2019-11486 CVE-2019-3882 CVE-2019-8564 CVE-2019-9503
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise High Availability 12-SP2
SUSE Enterprise Storage 4
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that solves 16 vulnerabilities and has 19 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security
and bugfixes.
Four new speculative execution information leak issues have been identified in
Intel CPUs. (bsc#1111331)
o CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
o CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
o CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
o CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
This kernel update contains software mitigations for these issues, which also
utilize CPU microcode updates shipped in parallel.
For more information on this set of information leaks, check out https://
www.suse.com/support/kb/doc/id=7023736
The following security bugs were fixed:
o CVE-2018-1128: It was found that cephx authentication protocol did not
verify ceph clients correctly and was vulnerable to replay attack. Any
attacker having access to ceph cluster network who is able to sniff packets
on network could use this vulnerability to authenticate with ceph service
and perform actions allowed by ceph service. (bnc#1096748).
o CVE-2018-1129: A flaw was found in the way signature calculation was
handled by cephx authentication protocol. An attacker having access to ceph
cluster network who is able to alter the message payload was able to bypass
signature checks done by cephx protocol. (bnc#1096748).
o CVE-2016-8636: Integer overflow in the mem_check_range function in drivers/
infiniband/sw/rxe/rxe_mr.c allowed local users to cause a denial of service
(memory corruption), obtain sensitive information or possibly have
unspecified other impact via a write or read request involving the "RDMA
protocol over infiniband" (aka Soft RoCE) technology (bnc#1024908).
o CVE-2017-18174: In the amd_gpio_remove function in drivers/pinctrl/
pinctrl-amd.c calls the pinctrl_unregister function, leading to a double
free (bnc#1080533).
o CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/
kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged
userspace during a core dump on a POWER host due to a missing processor
feature check and an erroneous use of transactional memory (TM)
instructions in the core dump path, leading to a denial of service (bnc#
1087231).
o CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory
containing command line arguments (or environment strings), an attacker can
cause utilities from psutils or procps (such as ps, w) or any other program
which made a read() call to the /proc/ /cmdline (or /proc/ /environ) files
to block indefinitely (denial of service) or for some controlled time (as a
synchronization primitive for other attacks) (bnc#1093158).
o CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/
n_r3964.c has multiple race conditions (bnc#1133188).
o CVE-2019-3882: A flaw was found in the vfio interface implementation that
permits violation of the user's locked memory limit. If a device is bound
to a vfio driver, such as vfio-pci, and the local attacker is
administratively granted ownership of the device, it may cause a system
memory exhaustion and thus a denial of service (DoS) (bsc#1131427).
o CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed
local users to cause a denial of service (NULL pointer dereference and BUG)
via crafted system calls that reach a situation where ioapic is
uninitialized (bnc#1116841).
o CVE-2017-17741: The KVM implementation allowed attackers to obtain
potentially sensitive information from kernel memory, aka a write_mmio
stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/
trace/events/kvm.h (bnc#1073311).
o CVE-2019-9503, CVE-2019-8564: Multiple brcmfmac frame validation bypasses
have been fixed (bnc#1132828, bnc#1132673).
The following non-security bugs were fixed:
o ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399).
o add mainline tags to four hyperv patches
o cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).
o Drivers: hv: vmbus: Define an API to retrieve virtual processor index (bsc#
1122822).
o Drivers: hv: vmbus: Define APIs to manipulate the event page (bsc#1122822).
o Drivers: hv: vmbus: Define APIs to manipulate the message page (bsc#
1122822).++ kernel-source.spec (revision 4)Release: <RELEASE>.gbd4498d
o Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt
controller (bsc#1122822).
o hv: v4.12 API for hyperv-iommu (bsc#1122822).
o iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822).
o jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#
1111331).
o kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331).
o locking/atomics, asm-generic: Move some macros from to a new file (bsc#
1111331).
o MDS: Add CVE refs
o net: ena: add functions for handling Low Latency Queues in ena_com (bsc#
1129279).
o net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#
1129279).
o net: ena: change rx copybreak default to reduce kernel memory pressure (bsc
#1129279).
o net: ena: complete host info to match latest ENA spec (bsc#1129279).
o net: ena: enable Low Latency Queues (bsc#1129279).
o net: ena: explicit casting and initialization, and clearer error handling
(bsc#1129279).
o net: ena: fix auto casting to boolean (bsc#1129279).
o net: ena: fix compilation error in xtensa architecture (bsc#1129279).
o net: ena: fix crash during ena_remove() (bsc#1129279).
o net: ena: fix crash during failed resume from hibernation (bsc#1129279).
o net: ena: fix indentations in ena_defs for better readability (bsc#
1129279).
o net: ena: Fix Kconfig dependency on X86 (bsc#1129279).
o net: ena: fix NULL dereference due to untimely napi initialization (bsc#
1129279).
o net: ena: fix race between link up and device initalization (bsc#1129279).
o net: ena: fix rare bug when failed restart/resume is followed by driver
removal (bsc#1129279).
o net: ena: fix warning in rmmod caused by double iounmap (bsc#1129279).
o net: ena: introduce Low Latency Queues data structures according to ENA
spec (bsc#1129279).
o net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#
1129279).
o net: ena: minor performance improvement (bsc#1129279).
o net: ena: remove ndo_poll_controller (bsc#1129279).
o net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1129279).
o net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1129279).
o net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129279).
o net: ena: update driver version to 2.0.1 (bsc#1129279).
o net: ena: use CSUM_CHECKED device indication to report skb's checksum
status (bsc#1129279).
o PCI: hv: Add vPCI version protocol negotiation (bnc#1043485, bsc#1122822).
o PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC (bnc#1034113, bsc#
1122822).
o PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg() (bnc#
1094268, bsc#1122822).
o PCI: hv: Do not sleep in compose_msi_msg() (bsc#1082632, bsc#1122822).
o PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#
1087906, bsc#1122822).
o PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659, bsc
#1122822).
o PCI: hv: Fix comment formatting and use proper integer fields (bnc#1043485,
bsc#1122822).
o PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary
(bsc#1087659, bsc#1122822).
o PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659, bsc#
1122822).
o PCI: hv: Serialize the present and eject work items (bsc#1087659, bsc#
1122822).
o PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs (bnc#
1043485, bsc#1122822).
o PCI: hv: Temporary own CPU-number-to-vCPU-number infra (bnc#1043485, bsc#
1122822).
o PCI: hv: Use effective affinity mask (bsc#1109772, bsc#1122822).
o PCI: hv: Use page allocation for hbus structure (bnc#1043485, bsc#1122822).
o PCI: hv: Use vPCI protocol version 1.2 (bnc#1043485, bsc#1122822).
o pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#
1122822).
o powerpc/64: Disable the speculation barrier from the command line (bsc#
1068032).
o powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032,
git-fixes).
o powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#
1068032, bsc#1080157, git-fixes).
o powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
o powerpc/tm: Add commandline option to disable hardware transactional memory
(bsc#1118338).
o powerpc/tm: Add TM Unavailable Exception (bsc#1118338).
o powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580).
o powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).
o powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#
1131587).
o s390: add explicit for jump label (bsc#1111331).
o sched/core: Optimize SCHED_SMT (bsc#1111331).
o sched/smt: Expose sched_smt_present static key (bsc#1106913).
o sched/smt: Make sched_smt_present track topology (bsc#1106913).
o sched/smt: Update sched_smt_present at runtime (bsc#1111331).
o scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git.
o scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#
1119019).
o scsi: storvsc: Reduce default ring buffer size to 128 Kbytes ().
o time: Introduce jiffies64_to_nsecs() (bsc#1113399).
o Use upstream variant of two pci-hyperv patches
o vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382
bsc#1100152).
o x86/apic: Provide apic_ack_irq() (bsc#1122822).
o x86/bugs: Add AMD's variant of SSB_NO (bsc#1111331).
o x86/bugs: Rename SSBD_NO to SSB_NO (bsc#1111331).
o x86/cpu: Rename Merrifield2 to Moorefield (bsc#1111331).
o x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).
o x86/Hyper-V: Set x2apic destination mode to physical when x2apic is
available (bsc#1122822).
o x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#
1109772, bsc#1122822).
o x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331).
o x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331).
o x86/msr-index: Cleanup bit defines (bsc#1111331).
o x86/speculation: Consolidate CPU whitelists (bsc#1111331).
o x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331).
o x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331).
o x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331).
o x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331).
o x86/speculation/mds: Add mitigation control for MDS (bsc#1111331).
o x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331).
o x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331).
o x86/speculation/mds: Add SMT warning message (bsc#1111331).
o x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331).
o x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331).
o x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#
1111331).
o x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
(bsc#1111331).
o x86/speculation: Move arch_smt_update() call to after mitigation decisions
(bsc#1111331).
o x86/speculation: Remove redundant arch_smt_update() invocation (bsc#
1111331).
o x86/speculation: Rework SMT state change (bsc#1111331).
o x86/speculation: Simplify the CPU bug detection logic (bsc#1111331).
o x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).
o x86: stop exporting msr-index.h to userland (bsc#1111331).
o xfrm6: call kfree_skb when skb is toobig (bnc#1012382 bsc#1100152).
o xfrm: fix missing dst_release() after policy blocking lbcast and multicast
(bnc#1012382 bsc#1100152).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1287=1
o SUSE Linux Enterprise Server for SAP 12-SP2:
zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1287=1
o SUSE Linux Enterprise Server 12-SP2-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1287=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1287=1
o SUSE Linux Enterprise High Availability 12-SP2:
zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1287=1
o SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2019-1287=1
o OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1287=1
Package List:
o SUSE OpenStack Cloud 7 (s390x x86_64):
kernel-default-4.4.121-92.109.2
kernel-default-base-4.4.121-92.109.2
kernel-default-base-debuginfo-4.4.121-92.109.2
kernel-default-debuginfo-4.4.121-92.109.2
kernel-default-debugsource-4.4.121-92.109.2
kernel-default-devel-4.4.121-92.109.2
kernel-syms-4.4.121-92.109.2
o SUSE OpenStack Cloud 7 (noarch):
kernel-devel-4.4.121-92.109.2
kernel-macros-4.4.121-92.109.2
kernel-source-4.4.121-92.109.2
o SUSE OpenStack Cloud 7 (x86_64):
kgraft-patch-4_4_121-92_109-default-1-3.5.2
o SUSE OpenStack Cloud 7 (s390x):
kernel-default-man-4.4.121-92.109.2
o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
kernel-default-4.4.121-92.109.2
kernel-default-base-4.4.121-92.109.2
kernel-default-base-debuginfo-4.4.121-92.109.2
kernel-default-debuginfo-4.4.121-92.109.2
kernel-default-debugsource-4.4.121-92.109.2
kernel-default-devel-4.4.121-92.109.2
kernel-syms-4.4.121-92.109.2
kgraft-patch-4_4_121-92_109-default-1-3.5.2
o SUSE Linux Enterprise Server for SAP 12-SP2 (noarch):
kernel-devel-4.4.121-92.109.2
kernel-macros-4.4.121-92.109.2
kernel-source-4.4.121-92.109.2
o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):
kernel-default-4.4.121-92.109.2
kernel-default-base-4.4.121-92.109.2
kernel-default-base-debuginfo-4.4.121-92.109.2
kernel-default-debuginfo-4.4.121-92.109.2
kernel-default-debugsource-4.4.121-92.109.2
kernel-default-devel-4.4.121-92.109.2
kernel-syms-4.4.121-92.109.2
o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):
kgraft-patch-4_4_121-92_109-default-1-3.5.2
o SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):
kernel-devel-4.4.121-92.109.2
kernel-macros-4.4.121-92.109.2
kernel-source-4.4.121-92.109.2
o SUSE Linux Enterprise Server 12-SP2-LTSS (s390x):
kernel-default-man-4.4.121-92.109.2
o SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
kernel-devel-4.4.121-92.109.2
kernel-macros-4.4.121-92.109.2
kernel-source-4.4.121-92.109.2
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
kernel-default-4.4.121-92.109.2
kernel-default-base-4.4.121-92.109.2
kernel-default-base-debuginfo-4.4.121-92.109.2
kernel-default-debuginfo-4.4.121-92.109.2
kernel-default-debugsource-4.4.121-92.109.2
kernel-default-devel-4.4.121-92.109.2
kernel-syms-4.4.121-92.109.2
o SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.4.121-92.109.2
cluster-md-kmp-default-debuginfo-4.4.121-92.109.2
cluster-network-kmp-default-4.4.121-92.109.2
cluster-network-kmp-default-debuginfo-4.4.121-92.109.2
dlm-kmp-default-4.4.121-92.109.2
dlm-kmp-default-debuginfo-4.4.121-92.109.2
gfs2-kmp-default-4.4.121-92.109.2
gfs2-kmp-default-debuginfo-4.4.121-92.109.2
kernel-default-debuginfo-4.4.121-92.109.2
kernel-default-debugsource-4.4.121-92.109.2
ocfs2-kmp-default-4.4.121-92.109.2
ocfs2-kmp-default-debuginfo-4.4.121-92.109.2
o SUSE Enterprise Storage 4 (noarch):
kernel-devel-4.4.121-92.109.2
kernel-macros-4.4.121-92.109.2
kernel-source-4.4.121-92.109.2
o SUSE Enterprise Storage 4 (x86_64):
kernel-default-4.4.121-92.109.2
kernel-default-base-4.4.121-92.109.2
kernel-default-base-debuginfo-4.4.121-92.109.2
kernel-default-debuginfo-4.4.121-92.109.2
kernel-default-debugsource-4.4.121-92.109.2
kernel-default-devel-4.4.121-92.109.2
kernel-syms-4.4.121-92.109.2
kgraft-patch-4_4_121-92_109-default-1-3.5.2
o OpenStack Cloud Magnum Orchestration 7 (x86_64):
kernel-default-4.4.121-92.109.2
kernel-default-debuginfo-4.4.121-92.109.2
kernel-default-debugsource-4.4.121-92.109.2
References:
o https://www.suse.com/security/cve/CVE-2016-8636.html
o https://www.suse.com/security/cve/CVE-2017-17741.html
o https://www.suse.com/security/cve/CVE-2017-18174.html
o https://www.suse.com/security/cve/CVE-2018-1091.html
o https://www.suse.com/security/cve/CVE-2018-1120.html
o https://www.suse.com/security/cve/CVE-2018-1128.html
o https://www.suse.com/security/cve/CVE-2018-1129.html
o https://www.suse.com/security/cve/CVE-2018-12126.html
o https://www.suse.com/security/cve/CVE-2018-12127.html
o https://www.suse.com/security/cve/CVE-2018-12130.html
o https://www.suse.com/security/cve/CVE-2018-19407.html
o https://www.suse.com/security/cve/CVE-2019-11091.html
o https://www.suse.com/security/cve/CVE-2019-11486.html
o https://www.suse.com/security/cve/CVE-2019-3882.html
o https://www.suse.com/security/cve/CVE-2019-8564.html
o https://www.suse.com/security/cve/CVE-2019-9503.html
o https://bugzilla.suse.com/1012382
o https://bugzilla.suse.com/1024908
o https://bugzilla.suse.com/1034113
o https://bugzilla.suse.com/1043485
o https://bugzilla.suse.com/1068032
o https://bugzilla.suse.com/1073311
o https://bugzilla.suse.com/1080157
o https://bugzilla.suse.com/1080533
o https://bugzilla.suse.com/1082632
o https://bugzilla.suse.com/1087231
o https://bugzilla.suse.com/1087659
o https://bugzilla.suse.com/1087906
o https://bugzilla.suse.com/1093158
o https://bugzilla.suse.com/1094268
o https://bugzilla.suse.com/1096748
o https://bugzilla.suse.com/1100152
o https://bugzilla.suse.com/1103186
o https://bugzilla.suse.com/1106913
o https://bugzilla.suse.com/1109772
o https://bugzilla.suse.com/1111331
o https://bugzilla.suse.com/1112178
o https://bugzilla.suse.com/1113399
o https://bugzilla.suse.com/1116841
o https://bugzilla.suse.com/1118338
o https://bugzilla.suse.com/1119019
o https://bugzilla.suse.com/1122822
o https://bugzilla.suse.com/1124832
o https://bugzilla.suse.com/1125580
o https://bugzilla.suse.com/1129279
o https://bugzilla.suse.com/1131416
o https://bugzilla.suse.com/1131427
o https://bugzilla.suse.com/1131587
o https://bugzilla.suse.com/1132673
o https://bugzilla.suse.com/1132828
o https://bugzilla.suse.com/1133188
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXOIPXWaOgq3Tt24GAQjStxAAyhha/ViKC98lKdJ2pBTsoc0bBvULhuS9
utJ9bLxBbIRIJYjvzbggPd0mN6Oe300EiDCqJ2Zdtf6uW6F+z5Ck607Igyd+C6ow
Jd1N1hQalwh3DLahCODGppdSunMUuWU/XDFXBxkeyQcIIRkmvmHHFgmuGMVqbkba
Wm8vn2LXjayEkQIy3KU49tDlj3mdDCCjutaX7OQKEMQdtjZNlwRwF1HtV73/IbR9
AwtJFchvJ60ZgRY4U1LApN09nLskOwogVgFD1q10O52XS5A0bdyVV1V+mSS0TYgZ
TpwhhGob09F4RRfegZKWKGWVrel1ozDBOj3uintt1YEN6SU6f8u0lu03uAKwZ9Is
TNbHitOH1wsZ0YI8ZsxOsxtShsr7vZzwAKrmadxiSKQAa7QGXqgSWB2aiyGFDGk0
mEoat1rWv1fJNo5QWsLgGWZGeHKV+vDbSFTvTabGuTNWGcULHwG8fPaAtFREBCFb
MEdd8GoOSlTveXbH7U0LXb4qZvRh+3pCuMG1w33xP1jM6oqSDi6+Gxf+I19HJ3Ym
73AKFJhbcyPZKnTho38EZORVfp+xngAGLVmEsVRbOxPa/zVBswbypYgnHuvIEoi7
6+VLX2jZ8bT3n98fRagzfaAsQs35mffbvp2etT0NBf5LMceyg1B/D4RTlsaYXcrZ
vMCJOEgk+uw=
=RQf3
-----END PGP SIGNATURE-----