October 2000 - openSUSE Security Announce

SuSE Security Announcement: ncurses (SuSE-SA:2000:043)
by draht＠suse.de 27 Oct '00

27 Oct '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: ncurses Announcement-ID: SuSE-SA:2000:043 Date: Friday, October 27th, 2000 17:00 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: local root compromise Severity (1-10): 5 SuSE default package: yes Other affected systems: systems with suid binaries linked against ncurses Content of this advisory: 1) security vulnerability resolved: ncurses problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The ncurses library is used by many text/console based applications such as mail user agents, ftp clients and other command line utilities. A vulnerability has been found by Jouko Pynn�nen <jouko(a)solutions.fi> in the screen handling functions: Insufficient boundary checking leads to a buffer overflow if a user supplies a specially drafted terminfo database file. If an ncurses-linked binary is installed setuid root, it is possible for a local attacker to exploit this hole and gain elevated privileges. There are several ways to fix the problem associated with the library. One of them would be to fix the library. However, it is not considered unlikely that another problem (similar to the one that has just been found) will be revealed in the future. Therefore, it is advisable to not link setuid applications against the ncurses library. As a permanent and cleaner fix, we do not provide update packages for the ncurses library, but we suggest to change the modes of the relevant setuid applications. There are three setuid-root applications contained in SuSE-distributions: xaos (suid root for permissions to use SVGAlib on the Linux console) screen (does not need root privs in the latest version) cda, contained in the xmcd program, a command line CD player. It might need elevated privileges to access the cdrom device file. The script attached to the email with this announcement changes the modes of files in the SuSE distribution that match both criteria necessary to exploit the buffer overflow in the ncurses library: 1) the binary is setuid root, 2) it is linked against libncurses. Please save the attachment under the name "perms-ncurses.sh" and execute it using the command `bash ./perms-ncurses.sh�. It does: a) Check your version of the screen program installed. b) Changes /etc/permissions and /etc/permissions.easy to reflect the mode changes. The original files are saved, see /etc/permissions.* . (note: The chkstat program is being executed by SuSEconfig, the SuSE configuration script, to set the modes of files according to the entries in the permission files. The files being used are /etc/permissions, /etc/permissions.local and /etc/permissions.easy unless the administrator changed the settings in /etc/rc.config .) c) Changes the file modes by hand by executing chmod 755 /usr/X11R6/lib/X11/xmcd/bin-Linux-$ARCH/cda \ /usr/bin/screen /usr/bin/xaos You can download the script from the following location: ftp://ftp.suse.com/pub/suse/noarch/perms-ncurses.sh md5sum: abe22607d45ecdb710f6061d5bbd3d13 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: A summary about ongoing issues will be included in the next security announcement. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmueller. - - -- - - | Roman Drahtmueller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nuernberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOfmlFXey5gA9JdPZAQG+HQf9GQ2b3bGulr6WZKOhHxLbl71Nj7dI+ord rI8g1/sC0ie+FdjTz0A796CrnUBEh/NwgrOltvXaQXhiTzQguPqnpgoEvct8YF06 tDzCbMog9Jq11Q+YeWRdXbpODqumYoNZdni4gyCWbz391ADi4rlIuhM9yjOkIbHU 8qmvhXS2OvKLNxKM53JX/dWnwrFNvd7sdvrnUMKfga23AEM923LLfq94a7WZtXHg 42nHySQiwrn7l37Zbu+IDeQ5/PQw3MU3AfS1Hhhuofoa6ot8do3mCDO9R6CvDxlg 980AfBGHrDd6l8Wf9g5/+lxKtS641a8sbzzasmAFI2vHGL5KQbt6DA== =Jd2C -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: ypbind/ypclient (SuSE-SA:2000:042)
by draht＠suse.de 18 Oct '00

18 Oct '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: ypbind/ypclient Announcement-ID: SuSE-SA:2000:042 Date: Wednesday, October 18th, 2000 19:15 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: possible remote root compromise Severity (1-10): 8 SuSE default package: yes (starting with SuSE-6.4) Other affected systems: Linux systems using this NIS implementation Content of this advisory: 1) security vulnerability resolved: ypbind/ypclient problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information Security problems have been found in the client code of the NIS (Network Information System, aka yp - yellow pages) subsytem. SuSE distributions before SuSE-6.1 came with the original ypbind program, SuSE-6.2 and later included the ypbind-mt NIS client implementation. ypbind-3.3 (the earlier version) has a format string parsing bug if it is run in debug mode, and (discovered by Olaf Kirch <okir(a)caldera.de>) leaks file descriptors under certain circumstances which can lead to a DoS. In addition, ypbind-3.3 may suffer from buffer overflows. ypbind-mt, the software shipped with SuSE distributions starting with SuSE-6.2, suffers from a single format string parsing bug. Some of these bugs could allow remote attackers to execute arbitrary code as root. During code audit and testing it turned out that the ypbind-3.x software in the SuSE-6.1 distribution and earlier needs a major overhaul to make it work both reliable and secure with respect to errors in the code. Basically, this is what happened when Thorsten Kukuk <kukuk(a)suse.de> wrote ypbind-mt from scratch in 1998. For the same reason, we are currently unable to produce a working security update package which fixes the known and yet unknown (there may be more) problems in the ypclient packages in the SuSE-6.1 distribution and older. The only efficient workaround for the SuSE-6.1 distribution and older against these bugs for an untrusted, hostile environment is to upgrade to a new distribution base (SuSE-7.0 is recommended) and use the ypclient update packages for this distribution. As of today, there is no exploit known to exist in the wild. For SuSE-6.2 and later distributions we provide update packages as listed below. We recommend to download and install these packages on systems that are NIS/yp clients. Please note that the sources for the ypclient package are contained within the ypserv source rpm. Download the update package from locations described below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/ypclient-3.5-89.i386.rpm 76e4e7f60791db16c5e36fb5dbf60b65 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/ypserv-1.3.11-89.src.rpm e2b1dccaec003f54e4ebbdef84d99a10 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/ypclient-3.4-95.i386.rpm e485ea27264fb9c4f890cdf7605ffa30 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/ypserv-1.3.11-95.src.rpm c61c6df2ba1fef2369406b2dcbcd25f1 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/ypclient-3.4-95.i386.rpm c1a10cc0a3f72242b136be921f9ae0c1 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/ypserv-1.3.11-95.src.rpm 6f47a880d5e7175dc2b5ff0116d7de4d SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/ypclient-3.4-95.i386.rpm 9050e63cb9f7fac4997968760292a6f1 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/ypserv-1.3.11-95.src.rpm 7ecfaffd8cdb68f73adfd1d6fd27ed39 SuSE-6.1 and older: Please see the problem description above. Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/ypclient-3.5-89.sparc.rpm 1a38d25c8647f010e2a9879f28de4adf source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/ypserv-1.3.11-89.src.rpm 6ba9200e49210f98ca845107b034b981 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/ypclient-3.4-95.alpha.rpm 6aea95ca27245eb3df72da7596af3321 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/ypserv-1.3.11-95.src.rpm a4bf635b9ee4bdefc29b7e6e1cf0cf41 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/ypclient-3.4-95.alpha.rpm b68f8690b7dc554ac9098c83f9c633cd source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/ypserv-1.3.11-95.src.rpm ef0a026d078847d0958118bbbc46b99e PPC Power PC Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/ypclient-3.4-95.ppc.rpm 26080b1443a3daa1de64c876ae36e6f2 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/ypserv-1.3.11-95.src.rpm 4f0904d73c98c8b9737d5ac34b7a4dd5 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: Another security announcement is following this advisory. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOe3b5Hey5gA9JdPZAQHOngf9G0Rn/snskVaDJ3uKXuBiR8n0K8gvCFLe 00BXSE0X1X11rKrnumP7oFzOOby0A69R8n/tm4jFrODuxBep7qVkUtd5Br5uk2Vj qMeSe+AcA3BVib1qOiacgz4YnZo96BvUBtDR/XhVxBgq+C7JWu4hxY4tsvyiYqOw w/HN8KKf2W5t90TUbEap26hcjNQGC2dqTqdo3ERKCraKPJc4/omzF23yadlyYKfk 7yL7XGGop6zISP94CNjd0xVfAORsuvcj6Y5MI9RETEk4+W5G6sqqpUDX2FoTtdUB LxFyIu5zRuIbrUi/ZpGTjDMm7k70zli9TsnEtdPCu3asvJInRrTRqA== =kwtV -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: traceroute (SuSE-SA:2000:041) (repost)
by draht＠suse.de 16 Oct '00

16 Oct '00

You have received a Security Announcement about traceroute already. An update package in the 6.4-i386 tree got confused with an older version. This older version file has been replaced by the new file under the old name in order to prevent the installation of an older package without the security fixes. I apologize. Here is the corrected advisory: -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: traceroute Announcement-ID: SuSE-SA:2000:041 Date: Monday, October 16th, 2000 16:10 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: local root compromise Severity (1-10): 6 SuSE default package: yes Other affected systems: Linux systems using the NANOG traceroute Content of this advisory: 1) security vulnerability resolved: traceroute problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The security problem in the traceroute program as shipped with SuSE Linux distributions is completely different from the one reported on security mailing lists a few days ago (`traceroute -g 1 -g 1') by Pekka Savola <pekkas(a)netcore.fi>. SuSE distributions do not contain this particular traceroute implementation. The problem in our traceroute was discovered independently and reported to us by H D Moore <hdm(a)secureaustin.com>. The problem in the implementation of traceroute that we ship is a format string parsing bug in a routine that can be used to terminate a line in traceroute's output to easily embed the program in cgi scripts as used for web frontends for traceroute. Using a specially crafted sequence of characters on the commandline, it is possile to trick the traceroute program into running arbitrary code as root. If you want to temporarily work around this security vulnerability, you can disable traceroute for normal users by clearing the suid bit on the file /usr/sbin/traceroute: chmod -s /usr/sbin/traceroute . Do not forget to change the respective line in /etc/permissions to read: /usr/sbin/traceroute root.root 755 We have prepared update packages on our ftp server that eliminate the vulnerability in the traceroute program. Note that the traceroute program is contained in the nkita or the nkitb package, depending on the distribution version. Distributions starting with SuSE-6.4 contain the traceroute program in the nkitb package which is not required by the boot process and therefore counts as an additional package. Download the update package from locations described below and install the package with the command `rpm -Fhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/nkitb-2000.10.4-0.i386.rpm 6c8f713a071a96c287942f880cd5919c source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm c01db9ee70a9ac01cba1bace93cfdd16 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/nkitb-2000.10.4-0.i386.rpm 321b78de11928a3361edf0a044721383 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm 61aa9e2e4272606d2bd70828a72c957c SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/nkita-2000.10.4-0.i386.rpm 6c5932e4083de6f499e4c77fcadbffc1 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nkita-2000.10.4-0.src.rpm 9debb8804293384057d69254614a1496 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/nkita-2000.10.4-0.i386.rpm 49269283c6d39a234f61303b2e918413 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/nkita-2000.10.4-0.src.rpm 1cc00eb9b37b37a51fc249db3b51f6e1 SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/nkita-2000.10.4-0.i386.rpm 2fe1c6d70fcf1272da95f33ad7ad1010 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/nkita-2000.10.4-0.src.rpm 74d6f2e623b7fcac1b0881b1bfbe0880 SuSE-6.0 Please use the update packages from the 6.1 distribution. Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/nkitb-2000.10.4-0.sparc.rpm e9bc3512b6182f540e74308c02d81f65 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm 8fba03e9cef63ae076b10fb61c800e39 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/nkitb-2000.10.4-0.alpha.rpm 7850969c7b3beaf3fd1ce8b2a9246be0 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm 6e5a964177b6cf87524119c747f0220b SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/nkita-2000.10.4-0.alpha.rpm 6440a6a7da903829cff57a5f8c7cda91 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nkita-2000.10.4-0.src.rpm 53bf05462378c384e8a46f3c6c368c67 PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/nkitb-2000.10.5-0.ppc.rpm 407d1c6731228f5d3e9addd108d31224 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nkitb-2000.10.5-0.src.rpm 8fba03e9cef63ae076b10fb61c800e39 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/nkitb-2000.10.4-0.ppc.rpm c432a5b8d37640be6e325ef9603f9cba source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm edf24c1989c85616d1caf53872e61f17 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: A set of security announcements is following this advisory. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOesfuXey5gA9JdPZAQFSZAgAkrGudnGaS0ZRcnpWa27nRN4tMOU+Eh/d zYrl/zuOlHPuEgXBrl382XAJLNCIomchR9aSmY28ETWVk8HbGu7n1YB4MxIj994I XzDAU6eL4YuJErfTnMuCdoAiHltFJn3eRci/lSmTV/ZNK0LQm3BhIOFWJyTbPNaY nA2UqaAz1HGu0jEDDC5o8JrSvjuqCJv3BWmFLTimg/xuuaOV3S5cSYgum6c/w/ph Q78Q7xLj+RGSBKBP0NDsNwXoW+bV1cQWcGQlOo02nGt3Vk41vhdYAtSAdskEmiWT pwYkHgVja+3ct0iX4pDdo4KWCVeZ6YqTh29fKlt9bIDT1mXa2q7YqQ== =G34Y -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: traceroute (SuSE-SA:2000:041)
by draht＠suse.de 16 Oct '00

16 Oct '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: traceroute Announcement-ID: SuSE-SA:2000:041 Date: Monday, October 16th, 2000 16:10 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: local root compromise Severity (1-10): 6 SuSE default package: yes Other affected systems: Linux systems using the NANOG traceroute Content of this advisory: 1) security vulnerability resolved: traceroute problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The security problem in the traceroute program as shipped with SuSE Linux distributions is completely different from the one reported on security mailing lists a few days ago (`traceroute -g 1 -g 1') by Pekka Savola <pekkas(a)netcore.fi>. SuSE distributions do not contain this particular traceroute implementation. The problem in our traceroute was discovered independently and reported to us by H D Moore <hdm(a)secureaustin.com>. The problem in the implementation of traceroute that we ship is a format string parsing bug in a routine that can be used to terminate a line in traceroute's output to easily embed the program in cgi scripts as used for web frontends for traceroute. Using a specially crafted sequence of characters on the commandline, it is possile to trick the traceroute program into running arbitrary code as root. If you want to temporarily work around this security vulnerability, you can disable traceroute for normal users by clearing the suid bit on the file /usr/sbin/traceroute: chmod -s /usr/sbin/traceroute . Do not forget to change the respective line in /etc/permissions to read: /usr/sbin/traceroute root.root 755 We have prepared update packages on our ftp server that eliminate the vulnerability in the traceroute program. Note that the traceroute program is contained in the nkita or the nkitb package, depending on the distribution version. Download the update package from locations described below and install the package with the command `rpm -Fhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/nkitb-2000.10.4-0.i386.rpm 6c8f713a071a96c287942f880cd5919c source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm c01db9ee70a9ac01cba1bace93cfdd16 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/nkitb-2000.7.11-0.i386.rpm 118075b7fc295be86b3659bf9b3fa778 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm 61aa9e2e4272606d2bd70828a72c957c SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/nkita-2000.10.4-0.i386.rpm 6c5932e4083de6f499e4c77fcadbffc1 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nkita-2000.10.4-0.src.rpm 9debb8804293384057d69254614a1496 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/nkita-2000.10.4-0.i386.rpm 49269283c6d39a234f61303b2e918413 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/nkita-2000.10.4-0.src.rpm 1cc00eb9b37b37a51fc249db3b51f6e1 SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/nkita-2000.10.4-0.i386.rpm 2fe1c6d70fcf1272da95f33ad7ad1010 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/nkita-2000.10.4-0.src.rpm 74d6f2e623b7fcac1b0881b1bfbe0880 SuSE-6.0 Please use the update packages from the 6.1 distribution. Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/nkitb-2000.10.4-0.sparc.rpm e9bc3512b6182f540e74308c02d81f65 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm 8fba03e9cef63ae076b10fb61c800e39 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/nkitb-2000.10.4-0.alpha.rpm 7850969c7b3beaf3fd1ce8b2a9246be0 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm 6e5a964177b6cf87524119c747f0220b SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/nkita-2000.10.4-0.alpha.rpm 6440a6a7da903829cff57a5f8c7cda91 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nkita-2000.10.4-0.src.rpm 53bf05462378c384e8a46f3c6c368c67 PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/nkitb-2000.10.5-0.ppc.rpm 407d1c6731228f5d3e9addd108d31224 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nkitb-2000.10.5-0.src.rpm 8fba03e9cef63ae076b10fb61c800e39 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/nkitb-2000.10.4-0.ppc.rpm c432a5b8d37640be6e325ef9603f9cba source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm edf24c1989c85616d1caf53872e61f17 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: A set of security announcements is following this advisory. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOesNgHey5gA9JdPZAQGk/wf+Jkjci3YR373FXlRomv2gy+fvhlHsQI8t wQSqlzOSPUHUlPWnxWRxOLx+tLjGX0I69lR5i2PKIFDiudBBKbiZR4pb4LGux8dk ekhs/pxfDgk9J+RBreEBdcKb4YirGWjMVVWfBydMOp0Atp4wNQ+Ab3hyxunKxr4p 3J+c8z8FwFGfEr7piHZMkRP/cP3S5CYrLe856yea2Unn6B4EoKBhBdL/AAfKPsUD o6JsUzm5hcYeFd2XJfnuIWceNvr8uQZxltqx8EqCmtFKfSSbDIHv3/Rq+fd9rQ8Z qERcmDuZRh8d7+VTM0QELuQWxCSICM/pUHk+9xYO5u+OtmomXe/EkA== =kQe2 -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: gnorpm (SuSE-SA:2000:040)
by draht＠suse.de 16 Oct '00

16 Oct '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: gnorpm Advisory-ID: SuSE-SA:2000:040 Date: Monday, October 16th, 2000 15:45 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: tmp race / local file overwrite Severity (1-10): 4 SuSE default package: no Other affected systems: Systems using gnorpm Content of this advisory: 1) security vulnerability resolved: gnorpm problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information gnorpm is a graphical user interface to the rpm subsystem for the gnome desktop. Insecure temporary file handling may cause the gnorpm package to overwrite arbitrary files on the system. As a workaround solution it is recommended to make sure that no active user processes on the system while performing software updates with gnorpm. This can be accomplished by bringing the linux system down to runlevel 1 (multi-user without network) and starting the network by hand (rci4l_hardware start; rci4l start;rcnetwork start; rcroute start). IMPORTANT NOTE: SuSE provides update packages for the vulnerable gnorpm package. However, tests have revealed that the new gnorpm version from Alan Cox does not work reliably with the rpm subsystem in older SuSE distributions. Adding patches to these gnorpm versions has proven to not increase the reliability of the package either. For this reason we do not provide update packages for the SuSE distributions prior to (and including) SuSE-6.3. Please update your system to a more recent base installation (SuSE-7.0 recommended) or use the workaround as described above if you need to use gnorpm in a multi user and possibly hostile environment. Download the update package from locations desribed below and install the package with the command `rpm -Fhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/gnm3/gnorpm-0.95-3.i386.rpm 6aa5ea031f48d903bf3fb4e2328fc4c7 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/gnorpm-0.95-3.src.rpm a6df0b51a50b0f82a1d0e77d46587d82 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/gnm3/gnorpm-0.95-3.i386.rpm 2f47a772c634c35d989078287668e67d source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/gnorpm-0.95-3.src.rpm 04a7c41f0537ef513495efc49c105b1b Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/gnm3/gnorpm-0.9-159.sparc.rpm 467a2839f7df52c31eb42b97ebb8dd0d source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/gnorpm-0.9-159.src.rpm eb09af61e93eab32a55c6538d0b45bc4 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/gnm3/gnorpm-0.95-4.alpha.rpm b99a121e1469f958413b26eef1fd7ce9 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/gnorpm-0.95-4.src.rpm a65ba20f86d5d0693ecc3e77520ff584 PPC Power PC Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/gnm3/gnorpm-0.95-3.ppc.rpm 9ad07eb2c2c437ed427d8ec5cb2b8439 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/gnorpm-0.95-3.src.rpm ffdb55e153b7e07cad91830eafb088b9 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: A set of security announcements is following this advisory. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOesJuHey5gA9JdPZAQFOaQf7BeD4f+p2nnW6HurZfmn3286FAOGGdEeO 7fYP+ECHNIgzwa9QSVjbbG/sDMbLiND4sv+z4Bi/7v6qm1rMIGrR1t3yYSAQLvJQ RiW5Vvg3epdhZA4IVb+T0UDGLzSztWs5kfKmELUV2DCPwNA3ot6WXKJr64x27Ewj bygg78xtIAvpLFa1IwHezllVPrdMjHJvIfMDV2bukLrVMTfax4sf8EmnPexIVTSW hXp/+63HHWKXaELMvD3UHV6P9kjCcbqNsoerJCQ9KlaSC5dujMj31P5J5hsYSsOG I+6T34rmFMuzANDc3AzMyQZb3zXBx6f2ozmHhQ1Ur/0b2+db0xknRw== =bbjh -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: cfengine
by draht＠suse.de 11 Oct '00

11 Oct '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: cfengine Date: Wednesday, October 11th, 2000 19:15 MEST Affected SuSE versions: 5.3, 6.0, 6.1, 6.3, 6.4, 7.0 Vulnerability Type: remote (root) compromise Severity (1-10): 5 SuSE default package: no Other affected systems: Linux systems using the pam_smb module Content of this advisory: 1) security vulnerability resolved: pam_smb problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. Pekka Savola <pekkas(a)netcore.fi> has found several format string vulnerabilities in syslog() calls that can be abused to either make the cfengine program to segfault and die or to execute arbitrary commands as the user the cfengine process runs as (usually root). The cfengine package is not installed per default, and not activated when installed. Thus, the vulnerability affects only systems where the administrator actively uses this tool. The only efficient fix for the problem is an update of the cfengine package since access restrictions limit the attack possibilities to a closed group of hosts/users only. Download the update package from locations desribed below and install the package with the command `rpm -Fhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/cfengine-1.5.4-82.i386.rpm dc42c40f3d38756f03d0fe120854438f source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/cfengine-1.5.4-82.src.rpm 2fd8a119cfef86239ce8fa96eb84115d SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/cfengine-1.5.4-82.i386.rpm 751acfe93106296ce1109a2502756802 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/cfengine-1.5.4-82.src.rpm 843b0f958737d528d7160f7fada0e480 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/cfengine-1.5.4-82.i386.rpm c8acb6a4cb25bf5794a58cbdddeadb3c source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/cfengine-1.5.4-82.src.rpm 0fc789bf5ee81448416e3b70665eac5e SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/cfengine-1.5.4-82.i386.rpm 414b3b1ba8d1f6c54e8edf1bc06e3fd4 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/cfengine-1.5.4-82.src.rpm 4cbc2ee010505ebd386c77c275cbe623 SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/cfengine-1.5.4-82.i386.rpm c90ee6da76d111f537ae3bf0e3a8410d source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/cfengine-1.5.4-82.src.rpm de796070b0df0e7ff564ba73ef02fa2e SuSE-6.0 please use the update packages for the SuSE-6.1 distribution. SuSE-5.3 ftp://ftp.suse.com/pub/suse/i386/update/5.3/ap1/cfengine-1.5.4-87.i386.rpm a47f6a4a9affbe258d3c83b569b1dba4 ftp://ftp.suse.com/pub/suse/i386/update/5.3/zq1/cfengine-1.5.4-87.src.rpm 546bc5a8a2e2c4b717d83fe4c04519bd Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/cfengine-1.5.4-83.sparc.rpm 3517304c0fd9ff411631ea4c8191516f source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/cfengine-1.5.4-83.src.rpm fdc47c721783442a605ca209fa088122 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/cfengine-1.5.4-82.alpha.rpm 409a3b91a67f383a330ea26faccb5eef source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/cfengine-1.5.4-82.src.rpm b86fe2ebe7e971c98203c977543ffddc SuSE-6.3 Please use the update packages for the SuSE-6.4 distribution. SuSE-6.1 ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/cfengine-1.5.4-84.alpha.rpm b15950b227f1e77e783dba1ebf512df4 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/cfengine-1.5.4-84.src.rpm d38bc69b3024e375b3757b869fab88df PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/cfengine-1.5.4-85.ppc.rpm 2ee85ef27d51cac7ac1d574e8233aae5 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/cfengine-1.5.4-85.src.rpm 282c56270f5ecc8b58cc8be27472f6aa SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/cfengine-1.5.4-82.ppc.rpm ddc0e11f730e2fbb2ef5462987eadffa source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/cfengine-1.5.4-82.src.rpm e2f61fcf0e0598f673fc93411fbbbb18 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - gnorpm A race condition has been found in the gnorpm program, a GUI for the rpm system. The issue will be addressed in a following advisory. - ncurses The ncurses library contains buffer overflows that are exploitable when user-supplied terminfo databases are processed. This imposes a security risk on programs/binaries that are linked against libncurses and run with special privileges. Both workaround and clean solution is to remove the suid bit from all executable files with setuid bit set. The issue will be addressed in a following security announcement. - apache mod_rewrite, php A bug has been discovered in the apache package that allows attackers to read arbitrary files on a system that runs apache. The responsible apache module named "mod_rewrite" is not used by default on SuSE installations of the apache package. The issue will be addressed in a following security announcement. - usermode/userhelper userhelper is a suid helper program designed to let the user who is logged on to the console execute some programs with root privileges. SuSE distributions do not contain the usermode package and therefore are not vulnerable to the security problems recently discovered in the usermode package. - tmpwatch The tmpwatch packages as shipped with SuSE distributions are not vulnerable to the attacks as discussed on security forums because we ship an older version that does not provide the functionality that can be exploited. - lprNG The versions of the lprNG package that come with SuSE distributions are not vulnerable to the format string parsing errors as discussed in security forums. - traceroute The traceroute program has been found vulnerable to a bug (`traceroute -g 1 -g 1') in many distributions. Newer SuSE distributions have a different implementation of the traceroute program and are not vulnerable to the bug found by Pekka Savola <pekkas(a)netcore.fi>. The vulnerability could not be verified in older SuSE distributions. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOeShFXey5gA9JdPZAQHCdQf/RVtjLXr9Bp+5rfPi2+8aCiVvkjT1Y0bi SwPxhqY0BXxg54nGZuQNKuIwudt+qiSiPpe0di1JurDpKJwarKJjjqOr2GxWTsS8 etPp4600noYv1bDCAwjXTDrZrtlEGpTWo9G22VSHfj8HAbcYcJN3F1gp7nMMdet7 PDROiolnXizB0/IWxBbaC7CrZk0pijHnxpYS+DTNqGNbGvoAg7npT9l8Vw8c0tGW 4p6cs4iMW7i5rm2xX2WtFRqx7ZhUcm/bwTGnILAEqrC4nTN2num/Fdar3imqlSYP vO5skgR7XTNO5jBhOXgBqho5JJYfINjm7bLrfLH405xpCH8Q3sI1PA== =yMlp -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: esound
by draht＠suse.de 11 Oct '00

11 Oct '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: esound Date: Wednesday, October 11th, 2000 19:00 MEST Affected SuSE versions: 6.3, 6.4, 7.0 Vulnerability Type: local user compromise Severity (1-10): 3 SuSE default package: yes Other affected systems: Linux systems using esound with unix domain socket support Content of this advisory: 1) security vulnerability resolved: esound problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information esound, a daemon program for the Gnome desktop, is used for sound replay by various programs such as windowmanagers and other applications. The esound daemon creates a directory /tmp/.esd to host a unix domain socket. Upon startup, the daemon changes the modes of the socket, but a race condition allows an attacker to place a symlink into the directory to point to an arbitrary file belonging to the victim. By consequence, an attacker may be able to change the permissions of any file belonging to the victim. If the victim's userid is root, the attacker may be able to change the modes of any file in the system. SuSE distributions before SuSE-6.3 were not vulnerable to this attack because unix domain sockets were not supported by the esound daemon as shipped with these distributions. The only efficient solution for the problem is to store the unix domain socket in a directory where only the user has write access to. The user's home directory is such a location. Update packages that fix the race conditions by placing the sockets into the user's home directory are available for download. It is recommended to apply the fix on systems where multiple users can access the local filesystem. Note: Not all filesystems support unix domain sockets. The fix might not work if the user's home directory is on such a filesystem (such as AFS, eg.). In such rare cases, administrators are usually aware of such limitations. SuSE default installations do not have this limitation. Download the update package from locations desribed below and install the package with the command `rpm -Fhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/snd1/esound-0.2.19-15.i386.rpm 9d8addaa5ba29554a727eb34ae5189f4 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/esound-0.2.19-15.src.rpm a9724b99a96430b1b7c1f741a8e8d528 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/snd1/esound-0.2.16-75.i386.rpm 6f32f0867d1597a5129d0516438d9cca source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/esound-0.2.16-75.src.rpm 94ca6842981f7a501300d9edfc5cbf73 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/snd1/esound-0.2.15-21.i386.rpm 16a5804a2f27e62d73df40d206b047ca source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/esound-0.2.15-21.src.rpm c86689fd5d9f719135e1263dd5a38832 Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/snd1/esound-0.2.19-15.sparc.rpm 112648ef64c351952f832b180fcca23c source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/esound-0.2.19-15.src.rpm a0bb3e3517ca83c13abd6827a8d2295e AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/snd1/esound-0.2.16-75.alpha.rpm d2efefb21a6424a81e63788d972db49d source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/esound-0.2.16-75.src.rpm a69ebae320c6f118f4b9e07f2a9af4d2 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/snd1/esound-0.2.15-21.alpha.rpm 19942e308eda0c0d505bb64da734ad8d source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/esound-0.2.15-21.src.rpm 6f337d6864111d27fa93ef2bc3cb7b5a PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/snd1/esound-0.2.19-16.ppc.rpm be6daabfee0e7e629b848814be81d9d0 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/esound-0.2.19-16.src.rpm c77475b2c8fff104f8662bb9179efb64 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/snd1/esound-0.2.16-75.ppc.rpm f0e1aa54c3fdf7c6c02b34bedc51ee0f source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/esound-0.2.16-75.src.rpm 9acd25b5521201386bb73bc707382646 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - gnorpm A race condition has been found in the gnorpm program, a GUI for the rpm system. The issue will be addressed in a following announcement. - ncurses The ncurses library contains buffer overflows that are exploitable when user-supplied terminfo databases are processed. This imposes a security risk on programs/binaries that are linked against libncurses and run with special privileges. Both workaround and clean solution is to remove the suid bit from all executable files with setuid bit set. The issue will be addressed in a following security announcement. - apache mod_rewrite A bug has been discovered in the apache package that allows attackers to read arbitrary files on a system that runs apache. The responsible apache module named "mod_rewrite" is not used by default on SuSE installations of the apache package. The issue will be addressed in a following security announcement. - cfengine A format string parsing bug causes the cfengine package to be vulnerable to a remote root attack. Update packages are available, the security announcement is pending. - usermode/userhelper userhelper is a suid helper program designed to let the user who is logged on to the console execute some programs with root privileges. SuSE distributions do not contain the usermode package and therefore are not vulnerable to the security problems recently discovered in the usermode package. - tmpwatch The tmpwatch packages as shipped with SuSE distributions are not vulnerable to the attacks as discussed on security forums because we ship an older version that does not provide the functionality that can be exploited. - lprNG The versions of the lprNG package that come with SuSE distributions are not vulnerable to the format string parsing errors as discussed in security forums. - traceroute The traceroute program has been found vulnerable to a bug (`traceroute -g 1 -g 1') in many distributions. Newer SuSE distributions have a different implementation of the traceroute program and are not vulnerable to the bug found by Pekka Savola <pekkas(a)netcore.fi>. The vulnerability could not be verified in older SuSE distributions. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOeSeQHey5gA9JdPZAQHrvQf/Rr4f0JNuNIRymhcGou60OfvkDjXOH2yi iT/CG9+uQns6QCyNe4jFjMNoFjCt//eZG2zMOO/22RiiCXUbPKeLPXVgyZYDN5VS F1JDJfxYIoHrU+eQnDO1QVM0QpXbeSU4J6YIXxneZaZ0uP2kqi6y0o36UQtwzk3j tRY/H1NsNWcKPYYTYWgmKZUQNd5n+Jq3cSf8DQAPWzoRoLGPo1+yp/SGuOyZbKN/ mEwTcsFxdOGgHtBOcHfRaAcb4nBHQ9QApKZTan8ndLTUIrhFb9C06gh9BEGmaqLD jENF4MnWIlxGX5EaW0nLSJ2Ts4uh8julg9qteJGLN949+2ECfgzqag== =oZfu -----END PGP SIGNATURE-----

1 0