Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2568
A vulnerability in IBM InfoSphere Data Flow Designer could
expose sensitive information
12 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM InfoSphere Information Server
Publisher: IBM
Operating System: AIX
Linux variants
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Console/Physical
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Provide Misleading Information -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-4404 CVE-2019-4373 CVE-2019-4372
CVE-2019-4370 CVE-2017-3164 CVE-2015-5211
CVE-2015-3192 CVE-2014-0114 CVE-2012-2098
Reference: ASB-2019.0123
ASB-2017.0164
ASB-2017.0053
ESB-2013.1625
ESB-2013.1240
ESB-2013.1133
Original Bulletin:
https://www.ibm.com/support/docview.wss?uid=ibm10888009
https://www.ibm.com/support/docview.wss?uid=ibm10887973
https://www.ibm.com/support/docview.wss?uid=ibm10887999
https://www.ibm.com/support/docview.wss?uid=ibm10888007
https://www.ibm.com/support/docview.wss?uid=ibm10887113
https://www.ibm.com/support/docview.wss?uid=ibm10887119
https://www.ibm.com/support/docview.wss?uid=ibm10957873
https://www.ibm.com/support/docview.wss?uid=ibm10887121
Comment: This bulletin contains eight (8) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
A vulnerability in IBM InfoSphere Data Flow Designer could expose sensitive
information
Security Bulletin
Document information
More support for: InfoSphere Information Server
Software version: 11.7
Operating system(s): AIX, Linux, Windows
Reference #: 0888009
Modified date: 11 July 2019
Summary
A vulnerability that exposes sensitive information was addressed by IBM
InfoSphere Data Flow Designer.
Vulnerability Details
CVEID: CVE-2019-4404
DESCRIPTION: IBM InfoSphere Information Server could disclose highly sensitive
information to a user with physical access to the system.
CVSS Base Score: 4.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162323 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
The following products, running on all supported platforms, are affected:
IBM InfoSphere Data Flow Designer: version 11.7
IBM InfoSphere Information Server on Cloud: version 11.7
Remediation/Fixes
Product VRMF APAR Remediation/First Fix
InfoSphere Data Flow 11.7 JR61219 --Apply InfoSphere Information Server version 11.7.1.0
Designer, Information Server --Apply IBM InfoSphere Information Server 11.7.1.0
on Cloud Service Pack 1
Acknowledgement
None
Change History
11 July 2019: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
IBM InfoSphere Information Server components are vulnerable to phishing attacks
Security Bulletin
Document information
More support for: InfoSphere Information Server
Software version: 11.7
Operating system(s): AIX, Linux, Windows
Reference #: 0887973
Modified date: 11 July 2019
Summary
A vulnerability to phishing attacks was addressed by IBM InfoSphere Information
Server Enterprise Search, Information Analyzer and Information Governance
Catalog.
Vulnerability Details
CVEID: CVE-2019-4370
DESCRIPTION: IBM InfoSphere Information Server could allow a local attacker to
modify the opening page and conduct phishing atacks.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161809 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Affected Products and Versions
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server Enterprise Search: version 11.7
IBM InfoSphere Information Analyzer : version 11.7
IBM InfoSphere Information Governance Catalog: version 11.7
IBM InfoSphere Information Server on Cloud: version 11.7
Remediation/Fixes
InfoSphere Information Server 11.7 JR61057 --Apply IBM InfoSphere Information Server version
Enterprise Search, 11.7.1.0
Information Analyzer, --Apply IBM InfoSphere Information Server 11.7.1.0
Information Governance Service Pack 1
Catalog, Information Server
on Cloud
Acknowledgement
None
Change History
11 July 2019: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
IBM InfoSphere Information Server is affected by a Cross-site scripting
vulnerability
Security Bulletin
Document information
More support for: InfoSphere Information Server
Software version: 11.3, 11.5, 11.7
Operating system(s): AIX, Linux, Solaris, Windows
Reference #: 0887999
Modified date: 11 July 2019
Summary
A Cross-site scripting vulnerability was addressed by IBM InfoSphere
Information Server Enterprise Search, Information Analyzer and Information
Governance Catalog.
Vulnerability Details
CVEID: CVE-2019-4372
DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site
scripting. This vulnerability allows users to embed arbitrary JavaScript code
in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162074 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server Enterprise Search: version 11.7
IBM InfoSphere Information Analyzer : version 11.7
IBM InfoSphere Information Governance Catalog: version 11.7
IBM InfoSphere QualityStage : versions 11.3, 11.5, 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, 11.7
Remediation/Fixes
Product VRMF APAR Remediation/First Fix
InfoSphere Information Server 11.7 JR61058 --Apply InfoSphere Information Server version 11.7.1.0
Enterprise Search, --Apply IBM InfoSphere Information Server 11.7.1.0
Information Analyzer, Service Pack 1
Information Governance
Catalog, QualityStage, --Users of InfoSphere QualityStage, contact IBM Customer
Information Server on Cloud Support
InfoSphere QualityStage, 11.5 JR61058 --Users of InfoSphere QualityStage, contact IBM Customer
Information Server on Cloud Support
InfoSphere QualityStage 11.3 JR61058 --Users of InfoSphere QualityStage, contact IBM Customer
Support
Acknowledgement
None
Change History
11 July 2019: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
IBM InfoSphere Information Server is affected by a Reflected cross-site
scripting vulnerability
Security Bulletin
Document information
More support for: InfoSphere Information Server
Software version: 11.3, 11.5, 11.7
Operating system(s): AIX, Linux, Solaris, Windows
Reference #: 0888007
Modified date: 11 July 2019
Summary
A Reflected cross-site scripting vulnerability was addressed by IBM InfoSphere
Information Server Enterprise Search, Information Analyzer and Information
Governance Catalog.
Vulnerability Details
CVEID: CVE-2019-4373
DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site
scripting. This vulnerability allows users to embed arbitrary JavaScript code
in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162075 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server Enterprise Search: version 11.7
IBM InfoSphere Information Analyzer : version 11.7
IBM InfoSphere Information Governance Catalog: version 11.7
IBM InfoSphere QualityStage : versions 11.3, 11.5, 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, 11.7
Remediation/Fixes
Product VRMF APAR Remediation/First Fix
InfoSphere Information Server 11.7 JR61059 --Apply InfoSphere Information Server version 11.7.1.0
Enterprise Search, --Apply IBM InfoSphere Information Server 11.7.1.0
Information Analyzer, Service Pack 1
Information Governance
Catalog, QualityStage, --Users of InfoSphere QualityStage, contact IBM Customer
Information Server on Cloud Support
InfoSphere QualityStage, 11.5 JR61059 --Users of InfoSphere QualityStage, contact IBM Customer
Information Server on Cloud Support
InfoSphere QualityStage 11.3 JR61059 --Users of InfoSphere QualityStage, contact IBM Customer
Support
Change History
11 July 2019: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: A vulnerability in Apache Ant affects IBM InfoSphere
Information Server
Security Bulletin
Document information
More support for: InfoSphere Information Server
Software version: 11.3, 11.5, 11.7
Operating system(s): AIX, Linux, Solaris, Windows
Reference #: 0887113
Modified date: 11 July 2019
Summary
A vulnerability in Apache Ant was addressed by IBM InfoSphere Information
Server.
Vulnerability Details
CVEID: CVE-2012-2098
DESCRIPTION: Apache Commons Compress and Apache Ant are vulnerable to a denial
of service, caused by an error when using bzip2 compression to compress files.
By passing specially-crafted input to the BZip2CompressorOutputStream class, a
remote attacker could exploit this vulnerability to consume all available
resources.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
75857 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Server : versions 11.3, 11.5, 11.7
Remediation/Fixes
+-----------+---------+---------+-----------------------------------------------+
|Product |VRMF |APAR |Remediation/First Fix |
+-----------+---------+---------+-----------------------------------------------+
|InfoSphere |11.7 |JR60963 |--Apply IBM InfoSphere Information Server |
|Information| | |version 11.7.1.0 |
|Server, | | |--Apply IBM InfoSphere Information Server |
|Information| | |11.7.1.0 Service Pack 1 |
|Server on | | | |
|Cloud | | | |
+-----------+---------+---------+-----------------------------------------------+
|InfoSphere | | | |
|Information| | | |
|Server, |11.5 |JR60963 |--Contact IBM Customer Support |
|Information| | | |
|Server on | | | |
|Cloud | | | |
+-----------+---------+---------+-----------------------------------------------+
|InfoSphere | | |--Upgrade to a new release where the issue has |
|Information|11.3 |JR60963 |been addressed |
|Server | | | |
+-----------+---------+---------+-----------------------------------------------+
Change History
11 July 2019: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: A vulnerability in Apache Commons BeanUtils affects IBM
InfoSphere Information Server
Security Bulletin
Document information
More support for: InfoSphere Information Server
Software version: 11.3, 11.5, 11.7
Operating system(s): AIX, Linux, Solaris, Windows
Reference #: 0887119
Modified date: 11 July 2019
Summary
A vulnerability in Apache Commons BeanUtils was addressed by IBM InfoSphere
Information Server.
Vulnerability Details
CVEID: CVE-2014-0114
DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary
code on the system, caused by the failure to restrict the setting of Class
Loader attributes. An attacker could exploit this vulnerability using the class
parameter of an ActionForm object to manipulate the ClassLoader and execute
arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
92889 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Affected Products and Versions
The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Server : versions 11.3, 11.5, 11.7
Remediation/Fixes
+-----------+---------+---------+-----------------------------------------------+
|Product |VRMF |APAR |Remediation/First Fix |
+-----------+---------+---------+-----------------------------------------------+
|InfoSphere |11.7 |JR61135 |--Apply IBM InfoSphere Information Server |
|Information| | |version 11.7.1.0 |
|Server, | | |--Apply IBM InfoSphere Information Server |
|Information| | |11.7.1.0 Service Pack 1 |
|Server on | | | |
|Cloud | | | |
+-----------+---------+---------+-----------------------------------------------+
|InfoSphere | | | |
|Information| | | |
|Server, |11.5 |JR61135 |--Contact IBM Customer Support |
|Information| | | |
|Server on | | | |
|Cloud | | | |
+-----------+---------+---------+-----------------------------------------------+
|InfoSphere | | |--Upgrade to a new release where the issue has |
|Information|11.3 |JR61135 |been addressed |
|Server | | | |
+-----------+---------+---------+-----------------------------------------------+
Contact Technical Support:
In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical
Support.
Change History
11 July 2019: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM
InfoSphere Information Server
Security Bulletin
Document information
More support for: InfoSphere Information Server
Software version: All Versions
Operating system(s): AIX, Linux, Windows
Software edition: 11.5, 11.7
Reference #: 0957873
Modified date: 11 July 2019
Summary
A vulnerability in Apache Solr (lucene) was addressed by IBM InfoSphere
Information Server.
Vulnerability Details
CVEID: CVE-2017-3164
DESCRIPTION: Apache Solr is vulnerable to server-side request forgery, caused
by not having corresponding whitelist mechanism in the shards parameter. By
using a specially-crafted argument, an attacker could exploit this
vulnerability to conduct SSRF attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
156956 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 11.5, 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, 11.7
Remediation/Fixes
InfoSphere Information 11.7 JR61261 --Apply InfoSphere Information Server version 11.7.1.0
Server, Information Server on --Apply InfoSphere Information Server 11.7.1.0 Service
Cloud Pack 1
--Users of Information Server Exception Management
contact IBM Customer Support
InfoSphere Information 11.5 JR61261 --Users of Information Server Exception Management
Server, Information Server on contact IBM Customer Support
Cloud
Change History
11 July 2019: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM
InfoSphere Information Server
Security Bulletin
Document information
More support for: InfoSphere Information Server
Software version: 11.7
Operating system(s): AIX, Linux, Windows
Reference #: 0887121
Modified date: 11 July 2019
Summary
Multiple vulnerabilities in Spring Framework were addressed by IBM InfoSphere
Information Server.
Vulnerability Details
CVEID: CVE-2015-5211
DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to download
arbitrary files, caused by a reflected file download attack. By using a
specially crafted URL with a batch script extension, an attacker could exploit
this vulnerability to download a malicious response.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
130673 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID: CVE-2015-3192
DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service,
caused by the failure to properly process inline DTD declarations when DTD is
partially enabled. By persuading a victim to open a specially crafted XML file,
a remote attacker could exploit this vulnerability to consume all available
memory resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
115554 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Affected Products and Versions
The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Server : versions 11.7
Remediation/Fixes
+-----------+---------+---------+-----------------------------------------------+
|Product |VRMF |APAR |Remediation/First Fix |
+-----------+---------+---------+-----------------------------------------------+
|InfoSphere |11.7 |JR61139 |--Apply IBM InfoSphere Information Server |
|Information| | |version 11.7.1.0 |
|Server, | | |--Apply IBM InfoSphere Information Server |
|Information| | |11.7.1.0 Service Pack 1 |
|Server on | | | |
|Cloud | | | |
+-----------+---------+---------+-----------------------------------------------+
Change History
11 July 2019: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXSf76WaOgq3Tt24GAQjq2RAAzgP2AJYdkUAHv4tLh8pFR6Vwda2g0+ba
CH5Sk2xfiw6EdfJCWTSRNkbqtv8LCF6vnTVKvwi5q3rlbOhJBZXjoSUiuAO8V7cL
u0j6ZHQu7k9zOjsqcADQwnliCEQk7BIk+NsB80C3bqZLL+xE4Pd5pLl4aw5OnrzR
wwWGG7mGMHJqTmZGdVUwvOLDaI8KBei5K9fiD+nUG+N53AnqBTYK6v3SWH1Y/Rdb
s7gNovc1vJsUeN9KoPt8ag2XPAMHIXvwmWZ89+DC5Gipl2tqLLvCL6ekFNeDD/XE
7nlRT/n/2nHgCO1rAxpUoz8ULuDgoEDVaJfFgdbZ8UMN9wTSKVJg+RhitMdGpv0u
/D6mywyRz5KON+d2MMFltKFZuWEGoqh1kQy5E7qDrRScy5hQciobMLorRDBTBJFn
T/crD07EhqhP8Xtiou2GgGQnNWYfIyNnkoZBRD7+SdgDXZpK+mtP6HEePKfSBCBC
E68ORdCaICWgj4K8+tHlvpnnagQUfrAQZEi16HA4aLDwtyMccIw7GWBbDkLdtrkb
MpIcJw9FHQe+xVpCXF2YGSDLnjXcyfbPQOfpD1cPeLVOpqFEUnDWJZR6PG8egaS2
PFldRccDxFbsoYBmf6iFGbuVYp9o24mZu6bto25z4W0m26F0i7ERgCigZIUBgk3B
7Kcgv+j+CJU=
=36M9
-----END PGP SIGNATURE-----