Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1354 Thunderbird security updates 17 April 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 8 Red Hat Enterprise Linux WS/Desktop 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-6825 CVE-2020-6822 CVE-2020-6821 CVE-2020-6820 CVE-2020-6819 Reference: ESB-2020.1263 ESB-2020.1238 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:1488 https://access.redhat.com/errata/RHSA-2020:1489 https://access.redhat.com/errata/RHSA-2020:1495 https://access.redhat.com/errata/RHSA-2020:1496 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:1488-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1488 Issue date: 2020-04-16 CVE Names: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor 1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream 1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method 1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing large images 1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-68.7.0-1.el6_10.src.rpm i386: thunderbird-68.7.0-1.el6_10.i686.rpm thunderbird-debuginfo-68.7.0-1.el6_10.i686.rpm x86_64: thunderbird-68.7.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-68.7.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-68.7.0-1.el6_10.src.rpm i386: thunderbird-68.7.0-1.el6_10.i686.rpm thunderbird-debuginfo-68.7.0-1.el6_10.i686.rpm ppc64: thunderbird-68.7.0-1.el6_10.ppc64.rpm thunderbird-debuginfo-68.7.0-1.el6_10.ppc64.rpm s390x: thunderbird-68.7.0-1.el6_10.s390x.rpm thunderbird-debuginfo-68.7.0-1.el6_10.s390x.rpm x86_64: thunderbird-68.7.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-68.7.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-68.7.0-1.el6_10.src.rpm i386: thunderbird-68.7.0-1.el6_10.i686.rpm thunderbird-debuginfo-68.7.0-1.el6_10.i686.rpm x86_64: thunderbird-68.7.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-68.7.0-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6819 https://access.redhat.com/security/cve/CVE-2020-6820 https://access.redhat.com/security/cve/CVE-2020-6821 https://access.redhat.com/security/cve/CVE-2020-6822 https://access.redhat.com/security/cve/CVE-2020-6825 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXpgtl9zjgjWX9erEAQhkvhAAgJK8UAAMxSq7blDzb0V4U1nGRYthl2zQ ZEYK0PmAOn9DMZZzQpKN6flVdLF6twgnEJiZCUmZe3VnqirCUaBwLCfj73EZ1PG5 iIaI5XMl+jdtSNO/U1hiiVBNr/92ik7xjvao1mhwdd6dtsWpHWdbD9p/au4LoWrB PvcEgYpzRM1ZJv41PC+y6vzYUVF3tBJIMyLSnPS3Zcp0FUHPstQn9cQhYmhNBwwd jL5rsBfR2vmnQPhhlnj9a4hQmosyY+0MK2GGefn4E0LvSJBm6Or1BTJ4RkSF0Maq Z5PIKRnWX7NaZzPM0DNg6QojSMac3g99dAPN4Dy+D+TXzLAMn2k4fZYMDaCGpIfu 7ocFwQeqXZUlg1QO4phgPUUNQofHLkKggS6NTuO1LxGTegWh22tXM7xa/sHbIkCz marBJk2GAZEEDACU134DAOkbG3Rd7p7BQ+eqOOrTw7B/1zOFYCSkQujvHwWZ10Kn fn3A71pQCHE3ZUrh1/9PWGkV/CyIIkM3RIaLIodwjf8V78iljShgRtFhvprY5KXw q+KgERepv6BCBZgBpLnrNTv13MpM8YYhIh8K85Ss2Q9oALU9se44gt5zmbCGc5js JXkdsreq7TnfcmKzHb3M4tAtmMEoQG8tmONbVoayZ/nvd3o3KNOQRDSlKkR4eP1D tEeancuuR8Y= =X03K - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:1489-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1489 Issue date: 2020-04-16 CVE Names: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor 1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream 1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method 1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing large images 1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-68.7.0-1.el7_8.src.rpm x86_64: thunderbird-68.7.0-1.el7_8.x86_64.rpm thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-68.7.0-1.el7_8.src.rpm ppc64le: thunderbird-68.7.0-1.el7_8.ppc64le.rpm thunderbird-debuginfo-68.7.0-1.el7_8.ppc64le.rpm x86_64: thunderbird-68.7.0-1.el7_8.x86_64.rpm thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-68.7.0-1.el7_8.src.rpm x86_64: thunderbird-68.7.0-1.el7_8.x86_64.rpm thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6819 https://access.redhat.com/security/cve/CVE-2020-6820 https://access.redhat.com/security/cve/CVE-2020-6821 https://access.redhat.com/security/cve/CVE-2020-6822 https://access.redhat.com/security/cve/CVE-2020-6825 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXpgtktzjgjWX9erEAQjTDQ//bLV3Qrn0UondhoKJRmkRufKr1HpaY5Jf BexhYtzLCr8NLbO4yJ0hR/jAut5PJBWSvLRViI582jDQe+16fmauiR95oeJ1oXYH JxSv9SvZQWwYb7UeCY1SUUvkGTdt0KAMGsfxABtMMSbfhcf2GByqNbGw87pwMqbI UDgbpzYMJta02EdZoGtdBOKyjOentC2nzNQwgVfk68eiKbrwmjBGNju2vGjV6B34 QRBDHg/eHHFtrjcFkI/q40FmmwZiv5r7Qqwwgtpix1EmAEyp5JqZ9L+gyfCgAlza 3Oz1OlssBMALgqEVke/03mRSejdp0gFEU02iLLzJ8m3VNtQe8jmqzhvFCQXfjhH6 N5C/bdXPhyF4MzkhLWYVUrQAMD9yZ9DtLa0VtMYlbYTgWXN2yOliWACII8g3GSda 6VqRHtHsWRzN+EpnM88+vcxJarN8gzlqn3CuxM8BFg9Qgoe3UQBWWFsyZGvEEeSC j5at0Jq96dX+sZ3qFJMWhG+dwBx6psCU3IjGggLlL7zT6yqK+UvLOTh1iIvzlOj2 c/LjflwM72nEFIbZ5AQF/JgXBDjW2fd2Kp0AQ81xQpzIY9oSjxQygJyorraZT414 uh+7SdShcBwQM13AAv9UjVlrRD7s7F8KOinuiI/SCafQrstSjxilH3gCwmOfiwO9 CyPLeqii+Go= =HPeI - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:1495-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1495 Issue date: 2020-04-16 CVE Names: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor 1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream 1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method 1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing large images 1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: thunderbird-68.7.0-1.el8_1.src.rpm ppc64le: thunderbird-68.7.0-1.el8_1.ppc64le.rpm thunderbird-debuginfo-68.7.0-1.el8_1.ppc64le.rpm thunderbird-debugsource-68.7.0-1.el8_1.ppc64le.rpm x86_64: thunderbird-68.7.0-1.el8_1.x86_64.rpm thunderbird-debuginfo-68.7.0-1.el8_1.x86_64.rpm thunderbird-debugsource-68.7.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6819 https://access.redhat.com/security/cve/CVE-2020-6820 https://access.redhat.com/security/cve/CVE-2020-6821 https://access.redhat.com/security/cve/CVE-2020-6822 https://access.redhat.com/security/cve/CVE-2020-6825 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXpjGJtzjgjWX9erEAQhmgg//SHkHxwjO4Ba1EmCTPZ8aHSaxqTwq80Hh 5JGedjK+q0musJi9DhYMddfGEV11F1wdZIIgHuIeo50iYLan/3jcMvdsD7Bduhll ImcieDlTKJ74/3lIGdvKNBnT6MUaCLuowdQLryU1ed67ekMIfSLfAkrbxAMO3W2M c7CjNSJbPizTINFVJ2ziN4YSoTl+2eV6yK3FX2PdwjCocNoIefA0vhZxQPCuon8h Dud1KRUmeAueyiJA4pLfaCxQH0HWWKRgwobH+t0M0xXSf1NwGOqeFKfGUw3SZCeN lVaujSbfg3niXhsNHD3ykypg4cNgzxp2a8p8+xBgwrE5nGghhBpGhHAkm+VGx0LM 9BmxffBpLNUymAoUo7rWjjoAMn2xwZHMm30qKtG9MfmAKLrQoAQ+mcXHOhXFLETT j56JCoZfppMTJ0CxZZpplBBLbT9wG8ltk4PJN4VgiDi2axd9zF4LNEYQ/iBrMF4v UD6+af38ssRwCjVUBqy1xeRrF/8AG9fnT8ZgIqkuKbjHbXXL0ENPa+OJF2GMbXtZ gYpfB2oXZX+kTb5VIRlWlvzEqYBY0B+otgJuBjnKNFCwhCsOrvYHCDFKV8ItBv7J LbHTd6TxVoj/muy9jumtaC+vcpTq9o/X+FA6Xd45hTtsKlo1Burraw54BfVIPmVB 2heXAaP1O0Y= =opsE - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:1496-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1496 Issue date: 2020-04-16 CVE Names: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor 1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream 1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method 1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing large images 1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.0): Source: thunderbird-68.7.0-1.el8_0.src.rpm ppc64le: thunderbird-68.7.0-1.el8_0.ppc64le.rpm thunderbird-debuginfo-68.7.0-1.el8_0.ppc64le.rpm thunderbird-debugsource-68.7.0-1.el8_0.ppc64le.rpm x86_64: thunderbird-68.7.0-1.el8_0.x86_64.rpm thunderbird-debuginfo-68.7.0-1.el8_0.x86_64.rpm thunderbird-debugsource-68.7.0-1.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6819 https://access.redhat.com/security/cve/CVE-2020-6820 https://access.redhat.com/security/cve/CVE-2020-6821 https://access.redhat.com/security/cve/CVE-2020-6822 https://access.redhat.com/security/cve/CVE-2020-6825 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXpjAStzjgjWX9erEAQg8RBAAh5XvCv4IrgrpH4F1IOkvIB+pc1BCt3ud gERiOHtOb4FVT2S9pTXIRvUfcRtvUrz6RIjm6dWlUoc0NNsuDmOjxzuE81rm21zV lu7BuNGsaiN2ghDsUJt4ar0gZpBFPfb8ZY3U0r8xcfXkeLgsBdTAYBrIY0bSTjyN KEqtFr/OgfZbxy1VJnWbcoZedlHLwPdN323JL+C4/WildFr6gyxIMS6shmH6/UaJ ZXDR5p7UpErkHxdFDmMgOOuawO6USPnc0UAtTOlans+13IjBJd30M31lTWxvhBQv fd2u0XRrtpvmEwXvqXyNe9VhbIyvxHxRakqQs6u2d8FgnJTCfUJAPJXw2AUPXktU /ROZXwZs/Y/gIKOenKzr0MbX+588lX6GFBmCnEHjBm0m3iDxDq+7kovAlL45yHTl iUKd0IFrrh4LLr8New8eY1VSE8I0IP/3RWfEQtEQ1aB2r3jt7IPDKDeMkP/XIolR DPD03WSRxWONPvOTZKsmbR+VfFsvTMTmUf+hxdjDLe/UWqE72QTeHWd8HGfI9GWs gK5NV9lp9/G67uajiavurTLr93SqvUmKypvfMhohSGFif9ucoAqwSOXYekfNGnTP usbx84Ydl7aKW1mBjH1hZYWV65UGIg2PcHOIgDH3X/CLdGqgMZ/MRbSSs6dw+lG2 jMo8btiu1i0= =+I9N - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXpkHgWaOgq3Tt24GAQgaRRAAmoMYjOq7QJMvN8A2cM0VObCBMcmXj/aw Hh85/uzDDek0IUdcmvlfJRr9ytoOmqewuVYsfKxhTgnQ5JNcdlKXjg1lF6L8jqgF mOTvlToP3xI0Lwv+tUvLBO4cgEno77CKEMviIiMzddRRUX8hJe1xmhs4kYDGOgUL ZFuEFsSsvKr5p/DWaJ7F9FO8VzleeHaIo904RfOuzz/1XuQvmNY0Rwp/XZMXpBic q3BeaMvU5JcCifZSYhEUIqw1nPKkmCNsOyC7I4XMOHSCsgemvllEkRHzYzOtcuAM F1lsekeUL+hkHjwX6fABkMCWjgJzP/pK0J8oV4NK2N7AfCH+Iea7F/Cu3xaWhnD3 Co9K8591o4e1cpTB+9CFm8PIcOrAw4bzLm//kB8db6+Vjv66zvd3GsGE9yKzbiQf UlO42qgrtiPuhOWrR8Pt8Gj/dXpzsje++mOxBWVQiR3dZfz1XCQxOiQQwViNgSZP BiabrbZGbrBf4IsGirkscUGx3X4oR2F31wkwFB3c1u61V11RLhOUlGtvhHyl6TaD KO8eDOrkKwrR3tNQFD2RZqVQ/xssd5YtImpzrQYsGARTwgpAGu4nQmo5QOIAGh3x dOUdwbrPwAxxIH1HDaAyAsazCR4wIDyIzXdRM8PwmgN+xg++eoi2YZJ+XE6+G3VX 4TjLIIItCQ8= =nrqY -----END PGP SIGNATURE-----