Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1354
Thunderbird security updates
17 April 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Red Hat Enterprise Linux Server 8
Red Hat Enterprise Linux WS/Desktop 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-6825 CVE-2020-6822 CVE-2020-6821
CVE-2020-6820 CVE-2020-6819
Reference: ESB-2020.1263
ESB-2020.1238
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:1488
https://access.redhat.com/errata/RHSA-2020:1489
https://access.redhat.com/errata/RHSA-2020:1495
https://access.redhat.com/errata/RHSA-2020:1496
Comment: This bulletin contains four (4) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:1488-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1488
Issue date: 2020-04-16
CVE Names: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821
CVE-2020-6822 CVE-2020-6825
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.7.0.
Security Fix(es):
* Mozilla: Use-after-free while running the nsDocShell destructor
(CVE-2020-6819)
* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)
* Mozilla: Uninitialized memory could be read when using the WebGL
copyTexSubImage method (CVE-2020-6821)
* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
(CVE-2020-6825)
* Mozilla: Out of bounds write in GMPDecodeData when processing large
images (CVE-2020-6822)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell
destructor
1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream
1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using
the WebGL copyTexSubImage method
1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing
large images
1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox
ESR 68.7
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
thunderbird-68.7.0-1.el6_10.src.rpm
i386:
thunderbird-68.7.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.7.0-1.el6_10.i686.rpm
x86_64:
thunderbird-68.7.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.7.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
thunderbird-68.7.0-1.el6_10.src.rpm
i386:
thunderbird-68.7.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.7.0-1.el6_10.i686.rpm
ppc64:
thunderbird-68.7.0-1.el6_10.ppc64.rpm
thunderbird-debuginfo-68.7.0-1.el6_10.ppc64.rpm
s390x:
thunderbird-68.7.0-1.el6_10.s390x.rpm
thunderbird-debuginfo-68.7.0-1.el6_10.s390x.rpm
x86_64:
thunderbird-68.7.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.7.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
thunderbird-68.7.0-1.el6_10.src.rpm
i386:
thunderbird-68.7.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.7.0-1.el6_10.i686.rpm
x86_64:
thunderbird-68.7.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.7.0-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-6819
https://access.redhat.com/security/cve/CVE-2020-6820
https://access.redhat.com/security/cve/CVE-2020-6821
https://access.redhat.com/security/cve/CVE-2020-6822
https://access.redhat.com/security/cve/CVE-2020-6825
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXpgtl9zjgjWX9erEAQhkvhAAgJK8UAAMxSq7blDzb0V4U1nGRYthl2zQ
ZEYK0PmAOn9DMZZzQpKN6flVdLF6twgnEJiZCUmZe3VnqirCUaBwLCfj73EZ1PG5
iIaI5XMl+jdtSNO/U1hiiVBNr/92ik7xjvao1mhwdd6dtsWpHWdbD9p/au4LoWrB
PvcEgYpzRM1ZJv41PC+y6vzYUVF3tBJIMyLSnPS3Zcp0FUHPstQn9cQhYmhNBwwd
jL5rsBfR2vmnQPhhlnj9a4hQmosyY+0MK2GGefn4E0LvSJBm6Or1BTJ4RkSF0Maq
Z5PIKRnWX7NaZzPM0DNg6QojSMac3g99dAPN4Dy+D+TXzLAMn2k4fZYMDaCGpIfu
7ocFwQeqXZUlg1QO4phgPUUNQofHLkKggS6NTuO1LxGTegWh22tXM7xa/sHbIkCz
marBJk2GAZEEDACU134DAOkbG3Rd7p7BQ+eqOOrTw7B/1zOFYCSkQujvHwWZ10Kn
fn3A71pQCHE3ZUrh1/9PWGkV/CyIIkM3RIaLIodwjf8V78iljShgRtFhvprY5KXw
q+KgERepv6BCBZgBpLnrNTv13MpM8YYhIh8K85Ss2Q9oALU9se44gt5zmbCGc5js
JXkdsreq7TnfcmKzHb3M4tAtmMEoQG8tmONbVoayZ/nvd3o3KNOQRDSlKkR4eP1D
tEeancuuR8Y=
=X03K
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:1489-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1489
Issue date: 2020-04-16
CVE Names: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821
CVE-2020-6822 CVE-2020-6825
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.7.0.
Security Fix(es):
* Mozilla: Use-after-free while running the nsDocShell destructor
(CVE-2020-6819)
* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)
* Mozilla: Uninitialized memory could be read when using the WebGL
copyTexSubImage method (CVE-2020-6821)
* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
(CVE-2020-6825)
* Mozilla: Out of bounds write in GMPDecodeData when processing large
images (CVE-2020-6822)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor
1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream
1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the
WebGL copyTexSubImage method
1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing
large images
1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox
ESR 68.7
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
thunderbird-68.7.0-1.el7_8.src.rpm
x86_64:
thunderbird-68.7.0-1.el7_8.x86_64.rpm
thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source:
thunderbird-68.7.0-1.el7_8.src.rpm
ppc64le:
thunderbird-68.7.0-1.el7_8.ppc64le.rpm
thunderbird-debuginfo-68.7.0-1.el7_8.ppc64le.rpm
x86_64:
thunderbird-68.7.0-1.el7_8.x86_64.rpm
thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
thunderbird-68.7.0-1.el7_8.src.rpm
x86_64:
thunderbird-68.7.0-1.el7_8.x86_64.rpm
thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-6819
https://access.redhat.com/security/cve/CVE-2020-6820
https://access.redhat.com/security/cve/CVE-2020-6821
https://access.redhat.com/security/cve/CVE-2020-6822
https://access.redhat.com/security/cve/CVE-2020-6825
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXpgtktzjgjWX9erEAQjTDQ//bLV3Qrn0UondhoKJRmkRufKr1HpaY5Jf
BexhYtzLCr8NLbO4yJ0hR/jAut5PJBWSvLRViI582jDQe+16fmauiR95oeJ1oXYH
JxSv9SvZQWwYb7UeCY1SUUvkGTdt0KAMGsfxABtMMSbfhcf2GByqNbGw87pwMqbI
UDgbpzYMJta02EdZoGtdBOKyjOentC2nzNQwgVfk68eiKbrwmjBGNju2vGjV6B34
QRBDHg/eHHFtrjcFkI/q40FmmwZiv5r7Qqwwgtpix1EmAEyp5JqZ9L+gyfCgAlza
3Oz1OlssBMALgqEVke/03mRSejdp0gFEU02iLLzJ8m3VNtQe8jmqzhvFCQXfjhH6
N5C/bdXPhyF4MzkhLWYVUrQAMD9yZ9DtLa0VtMYlbYTgWXN2yOliWACII8g3GSda
6VqRHtHsWRzN+EpnM88+vcxJarN8gzlqn3CuxM8BFg9Qgoe3UQBWWFsyZGvEEeSC
j5at0Jq96dX+sZ3qFJMWhG+dwBx6psCU3IjGggLlL7zT6yqK+UvLOTh1iIvzlOj2
c/LjflwM72nEFIbZ5AQF/JgXBDjW2fd2Kp0AQ81xQpzIY9oSjxQygJyorraZT414
uh+7SdShcBwQM13AAv9UjVlrRD7s7F8KOinuiI/SCafQrstSjxilH3gCwmOfiwO9
CyPLeqii+Go=
=HPeI
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:1495-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1495
Issue date: 2020-04-16
CVE Names: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821
CVE-2020-6822 CVE-2020-6825
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.7.0.
Security Fix(es):
* Mozilla: Use-after-free while running the nsDocShell destructor
(CVE-2020-6819)
* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)
* Mozilla: Uninitialized memory could be read when using the WebGL
copyTexSubImage method (CVE-2020-6821)
* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
(CVE-2020-6825)
* Mozilla: Out of bounds write in GMPDecodeData when processing large
images (CVE-2020-6822)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor
1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream
1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the
WebGL copyTexSubImage method
1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when
processing large images
1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox
ESR 68.7
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
thunderbird-68.7.0-1.el8_1.src.rpm
ppc64le:
thunderbird-68.7.0-1.el8_1.ppc64le.rpm
thunderbird-debuginfo-68.7.0-1.el8_1.ppc64le.rpm
thunderbird-debugsource-68.7.0-1.el8_1.ppc64le.rpm
x86_64:
thunderbird-68.7.0-1.el8_1.x86_64.rpm
thunderbird-debuginfo-68.7.0-1.el8_1.x86_64.rpm
thunderbird-debugsource-68.7.0-1.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-6819
https://access.redhat.com/security/cve/CVE-2020-6820
https://access.redhat.com/security/cve/CVE-2020-6821
https://access.redhat.com/security/cve/CVE-2020-6822
https://access.redhat.com/security/cve/CVE-2020-6825
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXpjGJtzjgjWX9erEAQhmgg//SHkHxwjO4Ba1EmCTPZ8aHSaxqTwq80Hh
5JGedjK+q0musJi9DhYMddfGEV11F1wdZIIgHuIeo50iYLan/3jcMvdsD7Bduhll
ImcieDlTKJ74/3lIGdvKNBnT6MUaCLuowdQLryU1ed67ekMIfSLfAkrbxAMO3W2M
c7CjNSJbPizTINFVJ2ziN4YSoTl+2eV6yK3FX2PdwjCocNoIefA0vhZxQPCuon8h
Dud1KRUmeAueyiJA4pLfaCxQH0HWWKRgwobH+t0M0xXSf1NwGOqeFKfGUw3SZCeN
lVaujSbfg3niXhsNHD3ykypg4cNgzxp2a8p8+xBgwrE5nGghhBpGhHAkm+VGx0LM
9BmxffBpLNUymAoUo7rWjjoAMn2xwZHMm30qKtG9MfmAKLrQoAQ+mcXHOhXFLETT
j56JCoZfppMTJ0CxZZpplBBLbT9wG8ltk4PJN4VgiDi2axd9zF4LNEYQ/iBrMF4v
UD6+af38ssRwCjVUBqy1xeRrF/8AG9fnT8ZgIqkuKbjHbXXL0ENPa+OJF2GMbXtZ
gYpfB2oXZX+kTb5VIRlWlvzEqYBY0B+otgJuBjnKNFCwhCsOrvYHCDFKV8ItBv7J
LbHTd6TxVoj/muy9jumtaC+vcpTq9o/X+FA6Xd45hTtsKlo1Burraw54BfVIPmVB
2heXAaP1O0Y=
=opsE
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:1496-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1496
Issue date: 2020-04-16
CVE Names: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821
CVE-2020-6822 CVE-2020-6825
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream E4S (v. 8.0) - ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.7.0.
Security Fix(es):
* Mozilla: Use-after-free while running the nsDocShell destructor
(CVE-2020-6819)
* Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)
* Mozilla: Uninitialized memory could be read when using the WebGL
copyTexSubImage method (CVE-2020-6821)
* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
(CVE-2020-6825)
* Mozilla: Out of bounds write in GMPDecodeData when processing large
images (CVE-2020-6822)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor
1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream
1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using
the WebGL copyTexSubImage method
1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing
large images
1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox
ESR 68.7
6. Package List:
Red Hat Enterprise Linux AppStream E4S (v. 8.0):
Source:
thunderbird-68.7.0-1.el8_0.src.rpm
ppc64le:
thunderbird-68.7.0-1.el8_0.ppc64le.rpm
thunderbird-debuginfo-68.7.0-1.el8_0.ppc64le.rpm
thunderbird-debugsource-68.7.0-1.el8_0.ppc64le.rpm
x86_64:
thunderbird-68.7.0-1.el8_0.x86_64.rpm
thunderbird-debuginfo-68.7.0-1.el8_0.x86_64.rpm
thunderbird-debugsource-68.7.0-1.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-6819
https://access.redhat.com/security/cve/CVE-2020-6820
https://access.redhat.com/security/cve/CVE-2020-6821
https://access.redhat.com/security/cve/CVE-2020-6822
https://access.redhat.com/security/cve/CVE-2020-6825
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXpjAStzjgjWX9erEAQg8RBAAh5XvCv4IrgrpH4F1IOkvIB+pc1BCt3ud
gERiOHtOb4FVT2S9pTXIRvUfcRtvUrz6RIjm6dWlUoc0NNsuDmOjxzuE81rm21zV
lu7BuNGsaiN2ghDsUJt4ar0gZpBFPfb8ZY3U0r8xcfXkeLgsBdTAYBrIY0bSTjyN
KEqtFr/OgfZbxy1VJnWbcoZedlHLwPdN323JL+C4/WildFr6gyxIMS6shmH6/UaJ
ZXDR5p7UpErkHxdFDmMgOOuawO6USPnc0UAtTOlans+13IjBJd30M31lTWxvhBQv
fd2u0XRrtpvmEwXvqXyNe9VhbIyvxHxRakqQs6u2d8FgnJTCfUJAPJXw2AUPXktU
/ROZXwZs/Y/gIKOenKzr0MbX+588lX6GFBmCnEHjBm0m3iDxDq+7kovAlL45yHTl
iUKd0IFrrh4LLr8New8eY1VSE8I0IP/3RWfEQtEQ1aB2r3jt7IPDKDeMkP/XIolR
DPD03WSRxWONPvOTZKsmbR+VfFsvTMTmUf+hxdjDLe/UWqE72QTeHWd8HGfI9GWs
gK5NV9lp9/G67uajiavurTLr93SqvUmKypvfMhohSGFif9ucoAqwSOXYekfNGnTP
usbx84Ydl7aKW1mBjH1hZYWV65UGIg2PcHOIgDH3X/CLdGqgMZ/MRbSSs6dw+lG2
jMo8btiu1i0=
=+I9N
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXpkHgWaOgq3Tt24GAQgaRRAAmoMYjOq7QJMvN8A2cM0VObCBMcmXj/aw
Hh85/uzDDek0IUdcmvlfJRr9ytoOmqewuVYsfKxhTgnQ5JNcdlKXjg1lF6L8jqgF
mOTvlToP3xI0Lwv+tUvLBO4cgEno77CKEMviIiMzddRRUX8hJe1xmhs4kYDGOgUL
ZFuEFsSsvKr5p/DWaJ7F9FO8VzleeHaIo904RfOuzz/1XuQvmNY0Rwp/XZMXpBic
q3BeaMvU5JcCifZSYhEUIqw1nPKkmCNsOyC7I4XMOHSCsgemvllEkRHzYzOtcuAM
F1lsekeUL+hkHjwX6fABkMCWjgJzP/pK0J8oV4NK2N7AfCH+Iea7F/Cu3xaWhnD3
Co9K8591o4e1cpTB+9CFm8PIcOrAw4bzLm//kB8db6+Vjv66zvd3GsGE9yKzbiQf
UlO42qgrtiPuhOWrR8Pt8Gj/dXpzsje++mOxBWVQiR3dZfz1XCQxOiQQwViNgSZP
BiabrbZGbrBf4IsGirkscUGx3X4oR2F31wkwFB3c1u61V11RLhOUlGtvhHyl6TaD
KO8eDOrkKwrR3tNQFD2RZqVQ/xssd5YtImpzrQYsGARTwgpAGu4nQmo5QOIAGh3x
dOUdwbrPwAxxIH1HDaAyAsazCR4wIDyIzXdRM8PwmgN+xg++eoi2YZJ+XE6+G3VX
4TjLIIItCQ8=
=nrqY
-----END PGP SIGNATURE-----