- openSUSE Security Announce

SuSE Security Announcement: mod_php4 (SuSE-SA:2002:036)
by Thomas Biege 07 Oct '02

07 Oct '02

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: mod_php4 Announcement-ID: SuSE-SA:2002:036 Date: Friday, Oct 4th 2002 10:30 MEST Affected products: 7.0, 7.1, 7.2, 7.3, 8.0 SuSE eMail Server 3.1 SuSE eMail Server III SuSE Linux Enterprise Server SuSE Linux Connectivity Server SuSE Linux Office Server Vulnerability Type: remote privilege escalation Severity (1-10): 5 SuSE default package: no Cross References: CAN-2002-0985 Content of this advisory: 1) security vulnerability resolved: - control char injection in mail() - handling 5th argument of mail() while in "safe mode" - CRLF injection 2) pending vulnerabilities, solutions, workarounds: - glibc - ghostview/kghostview - fetchmail - kdelibs - ethereal 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information PHP is a well known and widely used web programming language. If a PHP script runs in "safe mode" several restrictions are applied to it including limits on execution of external programs. An attacker can pass shell meta-characters or sendmail(8) command line options via the 5th argument (introduced in version 4.0.5) of the mail() function to execute shell commands or control the behavior of sendmail(8). The CRLF injection vulnerabilities in fopen(), file(), header(), ... allow an attacker to bypass ACLs or trigger cross-side scripting. The mod_php4 package is not installed by default. A temporary fix is not known. Please note, that the following packages were rebuild too: - mod_php4-core - mod_php4-aolserver - mod_php4-devel - mod_php4-servlet - mod_php4-roxen Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. i386 Intel Platform: SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-4.1.0-257.i386.patc… 00ce030f55f4d0af32528402a5cbe269 SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/mod_php4-4.1.0-257.i386.rpm 3399c5b577464a282c85a6fcb56be915 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/mod_php4-4.1.0-257.src.rpm 730c4b802dd14b9f9fc0ce2bb83fdc4e SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/mod_php4-4.0.6-193.i386.rpm c82972d8b1933a388adb6669e625835f source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/mod_php4-4.0.6-193.src.rpm 8a8bf1262e11f4adbfa973b1ba9c9b54 SuSE-7.2 ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/mod_php4-4.0.6-192.i386.rpm b93a3680eef353f3e16de8f7dd13dfb8 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/mod_php4-4.0.6-192.src.rpm 3304dae258e667a56b6d095eb552016f SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/mod_php4-4.0.4pl1-142.i386.r… 8a829c7fd56622b736a7f538e2d8cc3c source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/mod_php4-4.0.4pl1-142.src.r… 23e6b8d1f2128dd4885f85d939646078 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/mod_php4-4.0.4pl1-135.i386.r… 99e3e87bf1f18a839f2b1a2f80c3f336 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/mod_php4-4.0.4pl1-135.src.r… 68013bd4050dff75267cdde07894e5d8 Sparc Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/mod_php4-4.0.6-66.sparc.rpm 397044fb23b60f444fcb6b76986027bf source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/mod_php4-4.0.6-66.src.rpm 431de04e4b31cf939e0cb9a1881c9e72 SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/mod_php4-4.0.4pl1-45.sparc.… a6146130f0c20821696406e62ab22863 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/mod_php4-4.0.4pl1-45.src.r… e1019229ec79ea7175f188ecc348e2b6 AXP Alpha Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/mod_php4-4.0.4pl1-54.alpha.rpm 8010e1ef878dd366bb3dcce07b5c8a99 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/mod_php4-4.0.4pl1-54.src.rpm 7906462b3a64d505dc78e298512312de SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/mod_php4-4.0.4pl1-55.alpha.rpm 55e770e7a01a680e3a776bb085d91254 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/mod_php4-4.0.4pl1-55.src.rpm 0e6654da0c43f3170ddcf0b132ae9ac3 PPC Power PC Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/mod_php4-4.0.6-99.ppc.rpm 52421717b8fdd0c9ee4d96d3f0bb1e89 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/mod_php4-4.0.6-99.src.rpm df7274f651888c62ad3693d3672ccc00 SuSE-7.1 ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/mod_php4-4.0.4pl1-53.ppc.rpm b43d618d2eba73477dd8f9e2d2215118 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/mod_php4-4.0.4pl1-53.src.rpm f9457dc7736cdfecaa2e4a7a01c0c53f SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/mod_php4-4.0.4pl1-45.ppc.rpm 56d6fb88d0032f5dcc12397f295e42b2 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/mod_php4-4.0.4pl1-45.src.rpm b684c0aa03ec7ec9c8d75f5558bbea1e ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - glibc Client applications which use res_search/res_nsreach and/or res_query()/ res_nquery() of libresolv could trigger a DNS decoding error, a SEGV or leak information by reading beyond the end of a too small 'answer' buffer. The update packages are being built and tested. We will publish a security announcement as soon as they are ready. - ghostview/kghostview Bufferoverflows have recently been discovered in these packages. They allow attackers to execute arbitrary code with the privileges of the user viewing special crafted documents created by the attacker. New packgaes will soon be available on our ftp servers. - fetchmail Fetchmail contains remotely exploitable overflows in the mail header parsing functions. In depth discussion of these problems can be found at http://security.e-matters.de/advisories/032002.html. New packages will soon be available on our ftp servers. - kdelibs KDE's SSL implementation fails to check the trust chain in SSL certificates. This bug allows faking valid SSL certificates. New KDE packages will be available soon to fix this and other bugs. - ethereal Several potential security issues have been discovered in ethereal 0.9.4. After this package is tested succesfuly it will be relased. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3in Charset: noconv iQEVAwUBPaFTRHey5gA9JdPZAQEU5wf9E3Kq7go9IuRddxJBsQHQnz5KLdiOofla MR5gO0EziakIO47L3U5XnuRQowjuTQ6ADdVSzyI1T3rqZqhF2lVMed2dMqHes6ge tRCyi1XTJG99UUDG8FuKmCKMepxmwqhM5zK85h/P4wK/0g/6MaxipkLcuDA8EXkk ikxvKbXA2wdc2aEruRHZRIOmEL/yqSpqZRSY8qSEIxhnKF8DWLN3ZBwyIaFIfCgH UL8Td51OfajydtAMSfF8IdrrrYS8RKO8UycgoEq/z5U1U4GpdEBy5mS0ure0NNGY 9lxFyn66lgE+eJ0V3v1BiSWyGvZBTlQeuATMsK+n7vMqNBM0st8zSw== =lMYP -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege <thomas(a)suse.de> SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Cold silence has a tendency to atrophy any sense of compassion - Maynard James Keenan

1 0

SuSE Security Announcement: hylafax (SuSE-SA:2002:035)
by Thomas Biege 07 Oct '02

07 Oct '02

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: hylafax Announcement-ID: SuSE-SA:2002:035 Date: Friday, Oct 4th 2002 10:30 MEST Affected products: 7.0, 7.1, 7.2, 7.3, 8.0 SuSE Linux Connectivity Server SuSE Linux Enterprise Server SuSE Linux Office Server Vulnerability Type: remote privilege escalation Severity (1-10): 4 SuSE default package: no Cross References: CAN-2002-1050 Content of this advisory: 1) security vulnerability resolved: - format string bug in logging code for TSI - buffer overflow in faxgetty while handling image data 2) pending vulnerabilities, solutions, workarounds: - glibc - ghostview/kghostview - fetchmail - kdelibs - ethereal 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information HylaFAX is a client-server architecture for receiving and sending facsimiles. The logging function of faxgetty prior version 4.1.3 was vulnerable to a format string bug when handling the TSI value of a received facsimile. This bug could easily be used to trigger a denial-of-service attack or to execute arbitrary code remotely. Another bug in faxgetty, a buffer overflow, can be abused by a remote attacker by sending a large line of image data to execute arbitrary commands too. Several format string bugs in local helper applications were fixed too. These bugs can not be exploited to gain higher privileges on a system running SuSE Linux because of the absence of setuid bits. The hylafax package is not installed by default. A temporary fix is not known. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. i386 Intel Platform: SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/hylafax-4.1-285.i386.patch.r… 3115ebdb9e65027f35809463c5e6ae7e SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/hylafax-4.1-285.i386.rpm 07b0f2d015b0fd83c5bb9be548e7b8fb source rpm: ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/hylafax-4.1-285.src.rpm 8231586e2de356c737ef3d6f9d17c0ea SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/hylafax-4.1-284.i386.rpm de51bda21cc9ee1a4dd3cd06ccccf71e source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/hylafax-4.1-284.src.rpm aac2ecddf06934f286960f52f2e7670e SuSE-7.2 ftp://ftp.suse.com/pub/suse/i386/update/7.2/n3/hylafax-4.1beta2-376.i386.rpm 275c73b0b192da9c883cfebf6638604e source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/hylafax-4.1beta2-376.src.rpm b8698144b8bb859d880659fcf01eb020 SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/n3/hylafax-4.1beta2-375.i386.rpm c322bc9007191e3692341b5702b29200 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/hylafax-4.1beta2-375.src.rpm 4d76cd426565e411941b4aaebf6ad761 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/n2/hylafax-4.1beta2-373.i386.rpm fa7399ce161a44dbad630928cd6b3b84 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/hylafax-4.1beta2-373.src.rpm 0ac9d8b33b75f29b55a5750f17a65b93 Sparc Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n3/hylafax-4.1-112.sparc.rpm 1cabb4113f858df010d305fa576c5a02 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/hylafax-4.1-112.src.rpm a5ddaee97231c423e04fb71b757532a3 SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n3/hylafax-4.1beta2-218.sparc.… 1449e568071f5fb6080efebb8f2a7a2b source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/hylafax-4.1beta2-218.src.r… bf8c780206da51bc548e9fd4264b9bfc SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n2/hylafax-4.1beta2-218.sparc.… bb265465ea8b84ca31b5c954266daf1d source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/hylafax-4.1beta2-218.src.r… b5bcae601fe056f399fc8696aa156529 AXP Alpha Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/axp/update/7.1/n3/hylafax-4.1beta2-245.alpha.rpm 45d0fd7061f10e4bef9e57c42a9b160d source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/hylafax-4.1beta2-245.src.rpm baf364ec3636077fe8f810edeb111572 SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/n2/hylafax-4.1beta2-244.alpha.rpm 856e96ce4a165b74e70ebc9ef3201672 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/hylafax-4.1beta2-244.src.rpm f68e2260aa36d4d218a3f3589333ea0e PPC Power PC Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n3/hylafax-4.1-189.ppc.rpm 79846b9ae0f75f8ed9b17fed07ba6263 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/hylafax-4.1-189.src.rpm 98a123cf18cb6b34ffd9018a76ad161f SuSE-7.1 ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n3/hylafax-4.1beta2-218.ppc.rpm 2bfe866f1bd1d93307449de95d84d6c2 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/hylafax-4.1beta2-218.src.rpm 972c605bd3a9cc15bbbc5aa188dfc864 SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n2/hylafax-4.1beta2-217.ppc.rpm 00b1ae1c91235ecceb287ffe7aced175 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/hylafax-4.1beta2-217.src.rpm e905325a032854fb653cf458e0db8942 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - glibc Client applications which use res_search/res_nsreach and/or res_query()/ res_nquery() of libresolv could trigger a DNS decoding error, a SEGV or leak information by reading beyond the end of a too small 'answer' buffer. The update packages are being built and tested. We will publish a security announcement as soon as they are ready. - ghostview/kghostview Bufferoverflows have recently been discovered in these packages. They allow attackers to execute arbitrary code with the privileges of the user viewing special crafted documents created by the attacker. New packgaes will soon be available on our ftp servers. - fetchmail Fetchmail contains remotely exploitable overflows in the mail header parsing functions. In depth discussion of these problems can be found at http://security.e-matters.de/advisories/032002.html. New packages will soon be available on our ftp servers. - kdelibs KDE's SSL implementation fails to check the trust chain in SSL certificates. This bug allows faking valid SSL certificates. New KDE packages will be available soon to fix this and other bugs. - ethereal Several potential security issues have been discovered in ethereal 0.9.4. After this package is tested succesfuly it will be relased. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3in Charset: noconv iQEVAwUBPZ2QC3ey5gA9JdPZAQES0gf/Un5d3SHgL+xDlFaseqLg6t7NHa1d4KRw ZM8eqLE+ClFpfq+o/Rf97DqAaQZYrvUYzleOUUcvci2BLevCFMbqBsRxBc0FvU7G lvxgJkjslnlBxjAgkvXp/DmEcYN3sVH/4f8eLtq+cUb4AwU01elI7mThE6l3n6P6 Xq2q4NdWnw1RAXmsgfjNkRuX5gNUgULRUYFFlQF/ycKleoml/DQCH7dBet9tBQQP jem58hBq2cnQmTG2GyFFs0fsb81PCfxk0LrrxveKoMHR/cgH/y2sOBCu01bEzBBe HhpZPhgOcO1CxijXuEufaPbufXN5d/L2gHJpQK54L7Oc6n8zsDLXmg== =7yxm -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege <thomas(a)suse.de> SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Cold silence has a tendency to atrophy any sense of compassion - Maynard James Keenan

1 0

SuSE Security Announcement: heimdal (SuSE-SA:2002:034)
by Sebastian Krahmer 30 Sep '02

30 Sep '02

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: heimdal Announcement-ID: SuSE-SA:2002:034 Date: Mon Sep 30 17:00:00 CEST 2002 Affected products: SuSE Linux 7.2, 7.3, 8.0, SuSE eMail Server, SuSE Linux Connectivity Server, SuSE Linux Enterprise Server 7, SuSE Linux Office Server Vulnerability Type: remote command execution Severity (1-10): 8 SuSE default package: Yes Cross References: http://www.pdc.kth.se/heimdal Content of this advisory: 1) security vulnerability resolved: Various overflows in heimdal. problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - ghostview/kghostview - fetchmail 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The Heimdal package is a free Kerberos implementation offering flexible authentication mechanisms based on the Kerberos 5 and Kerberos 4 scheme. The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several possible buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on unpatched systems. Since these services run usually on authentication servers we consider these bugs to be very serious. An update is strongly recommended if you are using the Heimdal package. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. To be sure the update takes effect you have to restart the services which belong to the heimdal package. As root execute the command /etc/rc.d/kdc restart If you are running other Kerberos based services such as hpropd make sure you also restart them as well. i386 Intel Platform: SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/heimdal-devel-0.4e-191.i386.… 9dcb318864c2ad7c8bb11a51b0c1e12a ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/heimdal-lib-0.4e-191.i386.… 7971b5a482b0f8521c0a8bd07182be36 ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec3/heimdal-0.4e-191.i386.rpm fb6792204a9ec58f69a9dc7b4bcbed59 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/heimdal-0.4e-191.src.rpm 976383f4b7eeabcfc48ab4360a14586f SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/heimdal-0.4d-132.i386.rpm d2f174640a8d3b976eef3ff3afb642ee ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/heimdal-devel-0.4d-132.i38… fad86035d9b94aa50a9225c9e40618da source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/heimdal-0.4d-132.src.rpm 5d3afb07af86563e5eff5f0fad6113d4 SuSE-7.2 ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/heimdal-lib-0.3e-83.i386.r… 7a5f3f3e1c16481b6dea589bedd7ee44 ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/heimdal-0.3e-83.i386.rpm f94d2a88a2100b2b28496b1a8f3030c4 ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/heimdal-devel-0.3e-83.i386… d4fa5f75cb1d422fe439a276fdfe8aca source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/heimdal-0.3e-83.src.rpm a42a3535e0bd5966eb8b9d017213dfb5 Sparc Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec1/heimdal-lib-0.4d-67.sparc… c50802492db0e8728d666f3b38b7ca5e ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/heimdal-0.4d-67.sparc.rpm 595d21ca05b8c886c0887189bb76487d ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/heimdal-devel-0.4d-67.spa… 1dfe9d49c83303ddf3490497dffce7fa source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/heimdal-0.4d-67.src.rpm 7c61896ca257f79656e35bc59e1de734 PPC Power PC Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/heimdal-lib-0.4d-113.ppc.rpm e905e8c468b9eddef6b8a785d5241914 ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/heimdal-0.4d-113.ppc.rpm 7b816aa786118e481be811be6974177f ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/heimdal-devel-0.4d-113.ppc.… 100f9fbe35d82dcf02aed98aa70103b8 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/heimdal-0.4d-113.src.rpm 24467d712a359516ae60462c56dc97df ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - ghostview/kghostview Bufferoverflows have recently been discovered in these packages. They allow attackers to execute arbitrary code with the privileges of the user viewing special crafted documents created by the attacker. New packgaes will soon be available on our ftp servers. - fetchmail Fetchmail contains remotely exploitable overflows in the mail header parsing functions. In depth discussion of these problems can be found at http://security.e-matters.de/advisories/032002.html. New packages will soon be available on our ftp servers. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3in Charset: noconv iQEVAwUBPZhp63ey5gA9JdPZAQGBSAf+PjBSNoZVnkySDmBABDYI3QFbezFDgZ7y 0cpd3jtDBDgr7nyki2H3kUIpk0TW8JqfKrq4psnwDS3minbrxy6iS08iC/CFDj1m 3n+pdGxrcSfGbiYQke4Pn7fiUwCyv2DVeLCoI/b0dik38JOMDNvXp0Rjv2/2uEZJ itc3QV1ocxTx3Q064DAsU3Ll7W9THjGd47eRz6QVott01eBjlDZTaw9gtVvyN99T ooQArj5yhoErRXTkc/V1ttz2MahmvxeB7ohxyMl/26UQ2BWVk71T4mqo1vWEmzv1 59+7cbnjUzIw4iq5G99xkWEVgSgaiFwc8q0BrcwE6KNPhmXAngEq6w== =yeEG -----END PGP SIGNATURE----- -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer(a)suse.de - SuSE Security Team ~

1 0

SuSE Security Announcement: Slapper worm (SuSE-SA:2002:033)
by Olaf Kirch 20 Sep '02

20 Sep '02

In a typical case of Heisenmurphy, the PGP signature of the previous message got garbled, and I can't figure out why. Here's a re-send of the message, re-signed. I apologize for any confusion this may have caused. Olaf -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: openssl/Slapper worm Announcement-ID: SuSE-SA:2002:033 Date: Thu Sep 19 2002 Affected products: 7.0, 7.1, 7.2, 7.3, 8.0 SuSE Linux Database Server, SuSE eMail Server III, SuSE eMail Server 3.1, SuSE Linux Enterprise Server, SuSE Linux Firewall on CD, SuSE Linux Enterprise Server 7 SuSE Linux Office Server Vulnerability Type: buffer overflow Severity (1-10): 9 SuSE default package: yes Cross References: CVE CAN-2002-0655, CAN-2002-0656, CAN-2002-0659, SuSE-SA:2002:027 Content of this advisory: 1) vulnerabilities in openssl libraries; Slapper worm 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information This advisory is issued in an attempt to clarify any issues surrounding the recently discovered Apache/mod_ssl worm. On July 30, we released a security advisory concerning vulnerabilities in OpenSSL, including a buffer overflow in the SSL code. This vulnerability (CVE CAN-2002-0656, also discussed in CERT Advisory http://www.cert.org/advisories/CA-2002-23.html) is currently being exploited by a worm called Slapper, propagating through Apache's mod_ssl module. It is worth noting that even though the worm infects Apache through mod_ssl, this is not a vulnerability in mod_ssl or Apache, but in the OpenSSL library used by mod_ssl. This also means that Apache may not be the only service vulnerable to an attack via the SSL bug. Similar exploits may be possible against cyrus-imapd, sendmail with TLS support, or sslwrap-enabled services. As a workaround, it is also possible to disable SSLv2 in mod_ssl (as described in our previous advisory SuSE-SA:2002:027; http://www.suse.com/de/security/2002_027_openssl.html) but you should be aware that this does not protect other SSL based servers that may be running on your machine. We have received numerous inquiries from SuSE users on whether the update packages provided by SuSE as part of SA:2002:027 fix this bug even though they do not contain the latest OpenSSL version recommended in various advisories. To clarify this, we would like to state that these packages DO FIX the bug exploited by the Slapper worm. Following established policy, we did this by applying a source code patch instead of upgrading to a newer version, because the latter usually causes serious problems for many users (in particular, different versions of OpenSSL libraries are not always API compatible). However, it turns out that a number of packages were statically linked against OpenSSL libraries: mod_ssl (SuSE Linux 7.0): We have released rebuilt mod_ssl packages linked against the most recent OpenSSL libraries. If you run mod_ssl on SuSE Linux 7.0, you must upgrade mod_ssl, too. sendmail-tls (SuSE Linux 7.1, 7.2, 7.3): Sendmail-tls, the SSL enabled version of sendmail, was linked statically against OpenSSL on SuSE 7.1, 7.2 and 7.3. The security impact of this problem is probably the same as with Apache and mod_ssl. We are releasing rebuilt packages linked against the most OpenSSL libraries. Sendmail-tls is not part of the default installation profile. If you are using sendmail-tls, we strongly recommend you upgrade to the latest packages provided on our FTP servers. openssh (SuSE Linux 7.1, 7.2 and 7.3): Ssh and sshd do not use any SSL functionality, and thus are not susceptible to the type of attack carried out by the Slapper worm. To date, we are not aware of any way to exploit them. We nevertheless recommend to upgrade to the latest versions provided on our FTP site. freeswan (SuSE Linux 7.1, 7.2): FreeSWAN includes a utility named fswcert for creating and manipulating X.509 certificates, which is also linked statically against libcrypto. To date, we are not aware of any way to exploit them. We nevertheless recommend to upgrade to the latest versions provided on our FTP site as soon as they become available (2002 Sep 20). ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: mod_php4: we are preparing an update of mod_php4 addressing various vulnerabilities that have been published recently. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an uninstalled rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the toplevel directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the cleartext signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3in Charset: noconv iQEUAwUBPYrQdney5gA9JdPZAQEx+wf1GPGG2o1vDa1V/jqaL6typ0jNlq1Rb8nG lcI3Dp5V3lKBCOmMkRLdBE6+FNCRaEi6dN001WzJFsAMt4QjxW3Zk3ix8vRwPdgw 1jVSJkh+7yKQttMki7ff2SmmEbVBg+kmnVKq0GRQoOJlVN7L7RdzyjdMyYwnqxRG T37bZMwgl+76qkZWuVNKwukRYkopb6PT5nszVjSFwcX69yTu+tO5Y0INyHi6dWXY b8nxN24Lg0DSTgH85bG8fW1Ad02o9Iv7RPS6W1Geu+yq8TgxES9oCZatltU6r4yX F2AjkRMipCagdHc+aMSCtnoFC3Yes/vySJUE80iTbCy9dno5eJ/a =pVWJ -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: Slapper worm (SuSE-SA:2002:033)
by Olaf Kirch 19 Sep '02

19 Sep '02

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: openssl/Slapper worm Announcement-ID: SuSE-SA:2002:033 Date: Thu Sep 19 2002 Affected products: 7.0, 7.1, 7.2, 7.3, 8.0 SuSE Linux Database Server, SuSE eMail Server III, SuSE eMail Server 3.1, SuSE Linux Enterprise Server, SuSE Linux Firewall on CD, SuSE Linux Enterprise Server 7 SuSE Linux Office Server Vulnerability Type: buffer overflow Severity (1-10): 9 SuSE default package: yes Cross References: CVE CAN-2002-0655, CAN-2002-0656, CAN-2002-0659, CERT CA 2002-23, SuSE-SA:2002:027 Content of this advisory: 1) vulnerabilities in openssl libraries; Slapper worm 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information This advisory is issued in an attempt to clarify any issues surrounding the recently discovered Apache/mod_ssl worm. On July 30, we released a security advisory concerning vulnerabilities in OpenSSL, including a buffer overflow in the SSL code. This vulnerability (CVE CAN-2002-0656, also discussed in CERT Advisory http://www.cert.org/advisories/CA-2002-23.html) is currently being exploited by a worm called Slapper, propagating through Apache's mod_ssl module. It is worth noting that even though the worm infects Apache through mod_ssl, this is not a vulnerability in mod_ssl or Apache, but in the OpenSSL library used by mod_ssl. This also means that Apache may not be the only service vulnerable to an attack via the SSL bug. Similar exploits may be possible against cyrus-imapd, sendmail with TLS support, or sslwrap-enabled services. As a workaround, it is also possible to disable SSLv2 in mod_ssl (as described in our previous advisory SuSE-SA:2002:027; http://www.suse.com/de/security/2002_027_openssl.html) but you should be aware that this does not protect other SSL based servers that may be running on your machine. We have received numerous inquiries from SuSE users on whether the update packages provided by SuSE as part of SA:2002:027 fix this bug even though they do not contain the latest OpenSSL version recommended in various advisories. To clarify this, we would like to state that these packages DO FIX the bug exploited by the Slapper worm. Following established policy, we did this by applying a source code patch instead of upgrading to a newer version, because the latter usually causes serious problems for many users (in particular, different versions of OpenSSL libraries are not always API compatible). However, it turns out that a number of packages were statically linked against OpenSSL libraries: mod_ssl (SuSE Linux 7.0): We have released rebuilt mod_ssl packages linked against the most recent OpenSSL libraries. If you run mod_ssl on SuSE Linux 7.0, you must upgrade mod_ssl, too. sendmail-tls (SuSE Linux 7.1, 7.2, 7.3): Sendmail-tls, the SSL enabled version of sendmail, was linked statically against OpenSSL on SuSE 7.1, 7.2 and 7.3. The security impact of this problem is probably the same as with Apache and mod_ssl. We are releasing rebuilt packages linked against the most OpenSSL libraries. Sendmail-tls is not part of the default installation profile. If you are using sendmail-tls, we strongly recommend you upgrade to the latest packages provided on our FTP servers. openssh (SuSE Linux 7.1, 7.2 and 7.3): Ssh and sshd do not use any SSL functionality, and thus are not susceptible to the type of attack carried out by the Slapper worm. To date, we are not aware of any way to exploit them. We nevertheless recommend to upgrade to the latest versions provided on our FTP site. freeswan (SuSE Linux 7.1, 7.2): FreeSWAN includes a utility named fswcert for creating and manipulating X.509 certificates, which is also linked statically against libcrypto. To date, we are not aware of any way to exploit them. We nevertheless recommend to upgrade to the latest versions provided on our FTP site as soon as they become available (2002 Sep 20). ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: mod_php4: we are preparing an update of mod_php4 addressing various vulnerabilities that have been published recently. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an uninstalled rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the toplevel directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the cleartext signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3in Charset: noconv iQEVAwUBPYobFXey5gA9JdPZAQELFAf+Jg9mJS26xzi2PilO8A8RTIpjnyuLkV1x w97rDIodxnGNc1dt1SNQ6Oxm+w+bPrLVWiaOtXZJ0ohrjAVkbGou70wv2vFnDHHy KyLfwB65pi4ZpAXCw39w5jK/gsok6HgiLaBjzF48P5l7/FYJW0uHQuBFiEjlG/6z v+l8QdVTHgKbDt7oIP+1OaMuBDVohvASqbBisUAnDcEtFDmgTQx1o8sVYW4kfUDP YEXiNn7I2jtP5L8brIzXQKkCGnADcOJO+DYtzGDvMXA6vTxHFjaDaylvHGzrv0BF T+jf+Y9V/IJVvOetO1yKip88GwRMdsXJYlIliaWBZ5p4ce97r4DaQQ== =anAw -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: xf86 (SuSE-SA:2002:032)
by Sebastian Krahmer 18 Sep '02

18 Sep '02

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: xf86 Announcement-ID: SuSE-SA:2002:032 Date: Wed Sep 18 12:00:00 MEST 2002 Affecte products: SuSE Linux 8.0 Vulnerability Type: local privilege escalation Severity (1-10): 5 SuSE default package: yes Cross References: http://www.xfree.org/security Content of this advisory: 1) security vulnerability resolved: LD_PRELOAD vulnerability in the X11 library problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - Perl 5.6.1 glob overflow fix - new OpenSSH packages - sparc info 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The xf86 package contains various libraries and programs which are fundamental for the X server to function. The libX11.so library from this package dynamically loads other libraries where the pathname is controlled by the user invoking the program linked against libX11.so. Unfortunately, libX11.so also behaves the same way when linked against setuid programs. This behavior allows local users to execute arbitrary code under a different UID which can be the root-UID in the worst case. libX11.so has been fixed to check for calls from setuid programs. It denies loading of user controlled libraries in this case. We recommend an update in any case since there is no easy workaround possible except removing the setuid bit from any program linked against libX11.so. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. i386 Intel Platform: SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/x1/xshared-4.2.0-174.i386.rpm 2a515055a811de5b465d016ffa77a09c ftp://ftp.suse.com/pub/suse/i386/update/8.0/x2/xdevel-4.2.0-174.i386.rpm 67ddeb24b04b8c2badb7a039d9ea270e source rpm: ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/xf86-4.2.0-174.src.rpm e44b3f6dd4a406bd422adc4f7fac63f2 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - perl New Perl 5.6.1 packages will soon be available which fix overflows in the globbing code of the Perl interpreter. Although we believe that there is not much impact by this bug, we recommend an update especially on systems offering remote services based on Perl. - openssh New openssh packages are available for the SuSE Linux distributions 7.0 - 7.3 (version 2.9.9p2). These packages have been rebuilt to contain the fixes in the openssl library, which is used by openssh. It is possible but not proven that the weaknesses in the openssl code (fixed and announced by SuSE-SA:2002:027) can be exploited in any way. We release the packages to prevent the possibility that the vulnerability exists. It is recommended to install the updates. - sparc Due to a lack of build power on the sparc architecture, we will discontinue providing security updates for the SuSE Linux 7.0 and 7.1 distributions for sparc. We estimate that more than 95% of all SuSE Linux for sparc users use the most recent version 7.3 so that the loss should be considerably small. In addition to the update directories on ftp.suse.com, we will also move the directories containing the distributions themselves into the discontinued/ tree on ftp.suse.com/pub/suse/discontinued/. By consequence, all updates will continue to be available, but the path indicates that these directories and files will remain there for archiving purposes only. Please note that mirrors of the SuSE ftp server ftp.suse.com might not contain the discontinued/ directory tree. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPYhK03ey5gA9JdPZAQF/WQf/V8vZceiSGlfYXdbrI6E1Lw8uUzXhfrvd +I8rPf2RjaQ5/VFqt4rDMYPxjkY/ymgiFlVyZpOrj0leHuWxUH4mD7Gtej4YGi43 8L5mMBj5uKtzaP5XZM5g8P18q2ZcjjhYxSE3oZC8SdB398D/vPaOARbSxppsxqI7 yg86MwZGMxHpG8xfto0hTKqMuNilAds1VoFBDuuLiVe50RSLfsBmrEJXn6eChdkZ rj90D+SUzsUWs7p3pAgsfnpyEM8K72u17TdIenu9UXh8Z3aUDLHDZsIC37OAKpng 2SOkZOVT2pZAQF0z1sQO8zg5fDhFdUW2hKWAsJYCKRtDSJ127BmUaQ== =Gdii -----END PGP SIGNATURE----- -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer(a)suse.de - SuSE Security Team ~

1 0

SuSE Security Announcement: glibc (SuSE-SA:2002:031)
by Roman Drahtmueller 30 Aug '02

30 Aug '02

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: glibc Announcement-ID: SuSE-SA:2002:031 Date: Friday, Aug 30th 2002 19:00 MEST Affected products: 7.0, 7.1, 7.2, 7.3, 8.0 SuSE Linux Database Server, SuSE eMail Server III, SuSE Linux Enterprise Server, SuSE Linux Firewall on CD SuSE Linux Connectivity Server SuSE Linux Office Server Vulnerability Type: local/remote privilege escalation Severity (1-10): 6 SuSE default package: yes Cross References: CAN-2002-0391, CERT CA-2002-25 Content of this advisory: 1) security vulnerability resolved: glibc problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - ethereal 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker. There is no temporary workaround for this security problem other than disabling all RPC based server and client programs. The permanent solution is to update the glibc packages with the update packages listed below. Notes, Special installation instructions: * The update packages for the SuSE Linux distributions 7.0 and 7.1 have not been built yet. The packages for these distributions will be published in approximately two weeks (mid September) from now. * The names of both the source RPM as well as the binary RPM (sub-) packages have changed between different SuSE Linux products. Overview: dist | source-RPM | shared libs | static libs,header| profiling ----------------------------------------------------------------------- 7.0 libc shlibs libc libd all SuSE products after and including SuSE Linux 7.1 glibc glibc glibc-devel glibc-profile Find out which of the four packages are installed on your system according to the package names in the table. Use the command rpm -q name_of_package to query the package database for each name. If you have your package list, download the packages that you need from the URLs as listed below. Verify their integrity and authenticity following the guidelines as described in section 3) of this security announcement. * PRECAUTIONS The shared libraries package of the glibc is the most sensitive part of a running Linux system, and modifications to it should be handled with special care. During the update of the shlibs/glibc package, runtime-linking the shared libraries is likely to fail for processes that execute a new binary with the execve(2) system call. Therefore, we recommend to bring a system to single user mode ("init S") to perform the package update. If this is not applicable for operational reasons, a system receiving the update should be kept as quiet as possible (no shell scripts of any kind, no cron jobs, no incoming email). * After performing the update, you should run the following command on your system: /sbin/ldconfig ldconfig will rebuild the runtime linker cache. If you use YOU (Yast2 Online Update), the ldconfig command will be executed automatically at the end of the update. The shared libraries that were installed on the system before the update have been removed from the filesystem, but they are still in use by the running applications. Therefore, the diskspace as well as the memory will not be freed until the last process that uses these files exits. We recommend to reboot the system to workaround this problem. Listed below you find the URLs for the update packages for the SuSE Linux products. We only list the packages that are relevant for the security update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/glibc-2.2.5-123.i386.rpm 57bb8eb5e4355539f01ee9dc2e1b790e ftp://ftp.suse.com/pub/suse/i386/update/8.0/d2/glibc-devel-2.2.5-123.i386.r… cf1a18510a8e78914500c10cc9b79bf0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/glibc-profile-2.2.5-123.i386… a03333bb8a0bd77def78b633d790fdb2 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/glibc-2.2.5-123.src.rpm 5ca1e41a5ab22282b0cd0ecc5c286093 SuSE-7.3: ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/glibc-2.2.4-75.i386.rpm b6c392faf66f4a3e23f9f8ba70166496 ftp://ftp.suse.com/pub/suse/i386/update/7.3/d1/glibc-devel-2.2.4-75.i386.rpm f4616d3ddcaef2847b113f2ac7a86866 ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/glibc-profile-2.2.4-75.i386.… a8d5377fc289837c5b9d7902785ea1fe source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/glibc-2.2.4-75.src.rpm 646af6d0e99f54fd03eb0ec99449df36 SuSE-7.2: ftp://ftp.suse.com/pub/suse/i386/update/7.2/a1/glibc-2.2.2-64.i386.rpm 1408ad17ef2bc543cb9ff42cb2813f99 ftp://ftp.suse.com/pub/suse/i386/update/7.2/d1/glibc-devel-2.2.2-64.i386.rpm 283d808402eed8f0f4a8ae2b64b91e17 ftp://ftp.suse.com/pub/suse/i386/update/7.2/d2/glibc-profile-2.2.2-64.i386.… d23a61431b924e5c2e09861463f5489d source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/glibc-2.2.2-64.src.rpm 9019bbfd6a6952bb154bdcf7cd8d37d3 Sparc Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/a1/glibc-2.2.4-43.sparc.rpm df6be3f3b427f4ca6cd27b12dbf16fc8 ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d1/glibc-devel-2.2.4-43.sparc.… f90e87513d996235cb2711286371dfae ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d2/glibc-profile-2.2.4-43.spar… bc659d5181c4d571950821a978fa6ab2 source rpm(s): ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/glibc-2.2.4-43.src.rpm 846403d32700d8173e10932517926fc3 AXP Alpha Platform: - no new packages - PPC Power PC Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/a1/glibc-2.2.4-63.ppc.rpm 2294e4d4777954e7d7c85b6a4e5c8ef7 ftp://ftp.suse.com/pub/suse/ppc/update/7.3/d1/glibc-devel-2.2.4-63.ppc.rpm f68b4b421cd5af4e62a80e9a2c803bd6 ftp://ftp.suse.com/pub/suse/ppc/update/7.3/d2/glibc-profile-2.2.4-63.ppc.rpm 0f837c5c1e4bac59e73a0d23b0d88187 source rpm(s): ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/glibc-2.2.4-63.src.rpm fdef49ff7f4ec9546f1e9d8bd46e8fa9 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - ethereal Multiple overflows and other security related problems have been found in ethereal, a network traffic analyzer program. We have provided update packages on our ftp server that upgrade the ethereal package to the latest version 0.9.6. A backport of the security fixes to the versions supplied in the released SuSE Linux products does not seem feasible. We will not release an own announcement for this specific problem. - postgresql A buffer overflow has been found in the postgresql database management system. We are about to prepare update packages for this vulnerability. - openldap2 Andrew McCall reported a problem within the openldap2 package which could lead to a denial of service attack against the slapd server. This problem has been fixed. New openldap2 packages will soon be available. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- Roman Drahtmüller, SuSE Security. - -- - - | Roman Drahtmüller <draht(a)suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPW+lVney5gA9JdPZAQF0cQf/bLrFDn0vzfXuT+LZ+lME3R438/PM9IOU XfUKz8rKJk14pkHMHxI6MCxzQnNS41jajE9XkG6i4z89bGy5+8cXShl6Jl+woVWN iwCJC8U1BgMKXHq3ns5c0+YzQpD7f7YQSUUXoCLoARNYMS/A8b4FHmX942uurjKg u4VKCe4nV0VY9ydn8hHtb+AtA/2FEkuK2J7b5jeh80UeC0ZzysahawB8zyOmaOYm ip1ji2YmuKzsVcVd1Wy7gQUkUmzTIxGX7XB4UaAJY99NeXkeBapRgDKRgNVdj06a QVu1Yh/0jA4XptOIUlBdwYLUPckRR0EV3xeYl6kmb/V7cDJesvGHRw== =g3B7 -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: i4l (SuSE-SA:2002:030)
by Sebastian Krahmer 12 Aug '02

12 Aug '02

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: i4l Announcement-ID: SuSE-SA:2002:030 Date: Mon Aug 12 11:00:00 CEST 2002 Affected products: 7.3, 8.0, SuSE Linux Database Server, SuSE eMail Server 3.1, SuSE eMail Server III, SuSE Firewall Adminhost VPN, SuSE Linux Admin-CD for Firewall, SuSE Linux Live-CD for Firewall, SuSE Linux Connectivity Server, SuSE Linux Enterprise Server 7 Vulnerability Type: local privilege escalation Severity (1-10): 5 SuSE default package: Yes Other affected systems: No Content of this advisory: 1) security vulnerability resolved: buffer overflows in ipppd problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The i4l package contains several programs for ISDN maintenance and connectivity on Linux. The ipppd program which is part of the package contained various buffer overflows and format string bugs. Since ipppd is installed setuid to root and executable by users of group 'dialout' this may allow attackers with appropriate group membership to execute arbitrary commands as root. The i4l package is installed by default and also vulnerable if you do not have a ISDN setup. The buffer overflows and format string bugs have been fixed. We strongly recommend an update of the i4l package. If you do not consider updating the package it is also possible to remove the setuid bit from /usr/sbin/ipppd as a temporary workaround. The SuSE Security Team is aware of a published exploit for ipppd that gives a local attacker root privileges so you should either update the package or remove the setuid bit from ipppd. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. i386 Intel Platform: SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/i4l-2002.7.31-0.i386.rpm cfd29e3bfb2466dc15eafae8c8280b3d source rpm: ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/i4l-2002.7.31-0.src.rpm fdb75de724d373dee4d21ce3e9be176e SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/i4l-2002.7.23-0.i386.rpm 1d5fff19d48eb1b0652c21c139fdf53d source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/i4l-2002.7.23-0.src.rpm b0b5ac3c6f03f848170a158b5fee4e72 Sparc Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/i4l-2002.7.23-0.sparc.rpm 2fd232a50e27055831fd35337e6d73e7 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/i4l-2002.7.23-0.src.rpm cdef29bad89fcc6c2e4d0be38377edfa PPC Power PC Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/i4l-2002.7.23-0.ppc.rpm 90939fabf3b1fcd8dd143e969b830dea source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/i4l-2002.7.23-0.src.rpm 220bb5b9c5f16605beff26b961eba11a ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - docbook In past some distributors provided updates for their docbook packages to fix a problem within the docbook configuration-files which allowed evil input-files to create arbitrary files within the users scope. However the supplied configuration-fixes can easily be circumvented by offering certain style-sheet files along with the evil input-file. Because of this fact SuSE does not offer updates for the docbook packages but rather strongly recommends to not process untrusted files with the docbook utilities. - openldap2 Andrew McCall reported a problem within the openldap2 package which could lead to a denial of service attack against the slapd server. This problem has been fixed. New openldap2 packages will soon be available. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPVeImney5gA9JdPZAQHucgf9FaNs22ccTGur7PSNRPY7XXR/UGiP3A8H qr2dAVMm1/9oTqTM20F+kYEl34cAG5DT3JnHocLYKTL3zZVDEW9QaM8xFBK4LWGp VH8Zjfg0m9UzYEKUJ7lu0B2lYByQUdwroqJ5BqKZOxEG7Oopa65rc8tI5iyGgdMr j+C1pBszdGS3oVBcA17gIMxJcrjgFrKYFMwnw9UgtpoZat+5qO2XJvf1O2ZQc+lU OJPZ8WmEzDs4BHaLEIH4xSAauR7PGr0t0NsraWVFT86AK2xJuKGZGX2oi552XxwV pEIHufu8MqGlN/Y3N+PxW38RLCcGsnj1y3NqChT4+GSOoQKNbwJWbg== =Ds1S -----END PGP SIGNATURE----- -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer(a)suse.de - SuSE Security Team ~

1 0

Not affected: openssh trojan from ftp.openbsd.org
by Roman Drahtmueller 01 Aug '02

01 Aug '02

-----BEGIN PGP SIGNED MESSAGE----- Thu Aug 1 14:40:28 MEST 2002 The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp server ftp.openbsd.org has been trojaned with code that opens network connections to a server in the internet (203.62.158.32:6667) at compile time. The backdoor does not have any influence on the runtime behaviour of the package to our current knowlege. As of now, the package on the openbsd ftp server has not been removed/cleaned. The SuSE openssh package for SuSE Linux 8.0 has the same version 3.4p1, but it is built from non-trojaned sources. Therefore, the SuSE openssh packages are not affected by this backdoor. We thank our users who have expressed their concerns about the backdoor when they notified SuSE Security, and to Len Rose from full-disclosure(a)lists.netsys.com. Regards, Roman Drahtmüller, SuSE Security. - -- - - | Roman Drahtmüller <draht(a)suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPUku1Hey5gA9JdPZAQHNgwf7Bj2C9aJyCR+ooCxOr/2wpTYKkn0wEHFS DsKUXyXWXKXQORs09npwxVh2NF9WIotreDAwG4MOnLgMdGD6ai+rcV0Y16UIo0YC V8SwhpKemDTHPCnDZq9TTywsWhXIpsOmFZelHqbzEvbL99Ibf7GCDfMmfAYkId+E WOaC9LA5MPICiMQYB/o1hRpiU49iKvEfvOWzYb3E+OcA1vKiYdO9cmSQXNXV50oS l5FR345zGnl1dWvu6jbXaxNwgbMeWF1T5Ow0RE7a6/9iA/WiGaNAkd8GVUPSDW0G r+xCYmmcp5VNb3UnMlZLa6FQP8pmNYJtI6emVAGRo5mBPmwxC3S2JA== =CLck -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: wwwoffle (SuSE-SA:2002:029)
by Thomas Biege 01 Aug '02

01 Aug '02

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: wwwoffle Announcement-ID: SuSE-SA:2002:029 Date: Thursday, Aug 1st 2002 12:30 MEST Affected products: 7.1, 7.2, 7.3, 8.0 Vulnerability Type: remote privilege escalation Severity (1-10): 4 SuSE default package: no Other affected systems: all systems using wwwoffle Content of this advisory: 1) security vulnerability resolved: insufficient checking of Content Length value problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The WWWOFFLE, World Wide Web Offline Explorer, program suite acts as a HTTP, FTP and Finger proxy to allow users with dial-up access to the internet to do offline WWW browsing. The parsing code of wwwoffled that processes HTTP PUT and POST requests fails to handle a Content Length value smaller then -1. It is believed that an attacker could exploit this bug to gain remote wwwrun access to the system wwwoffled is running on. The wwwoffle package is not installed by default. As temporary workaround the wwwoffle daemon can be disabled the following way (as root): rcwwwoffle stop If wwwoffled is started at boottime, you have to modify your boot scripts too. This can be done by using the runlevel editor of yast2. All running instances of wwwoffled need to be restarted after updating your system (as root): rcwwwoffle restart Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Missing packages will be published as soon as possible. i386 Intel Platform: SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/wwwoffle-2.6d-300.i386.patch… 841aed6738e45973891a08e8c666a624 SuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/wwwoffle-2.6d-300.i386.rpm de8e402d077da779070e3e1158b1463f source rpm: ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/wwwoffle-2.6d-300.src.rpm cb35aca6bfd20360883beb025647fabe SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wwwoffle-2.6d-298.i386.rpm 08438c130e574eb2f3c9b7c8cc60f45b source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/wwwoffle-2.6d-298.src.rpm 1a48eda5d2b8032aef96c62cf2472cd1 SuSE-7.2 ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wwwoffle-2.6b-63.i386.rpm 54ad9710b00030e5402478958545ad73 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/wwwoffle-2.6b-63.src.rpm 89705ac7a6ce27e8fb8198aef626315a SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/wwwoffle-2.6-20.i386.rpm 345aeaf33ed09e22cd0d5e2ea9202fef source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/wwwoffle-2.6-20.src.rpm 1c6a427d71b338a9c0091c4dc5ea1e61 Sparc Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/wwwoffle-2.6-18.sparc.rpm b525c495f7e47f64cfbe1c364b683d90 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/wwwoffle-2.6-18.src.rpm ae9df7749fc38b0a7be2d013eeb5f8fb AXP Alpha Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/wwwoffle-2.6-26.alpha.rpm 0140df0cf370942f50c9a6af2167b4bc source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/wwwoffle-2.6-26.src.rpm e2d72c3e70ef7e083fcd34a788cf1638 PPC Power PC Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wwwoffle-2.6d-207.ppc.rpm 98bfb93df81b987a93ba5ce8578325c2 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/wwwoffle-2.6d-207.src.rpm f8816a3a536a60b72839fe010b8aceeb SuSE-7.1 ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/wwwoffle-2.6-24.ppc.rpm 4a5f2eb327fa5441a7e9d0f9d0af32f5 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/wwwoffle-2.6-24.src.rpm 5a31460401e823a4adc17eda39222c1f ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - bzip The FreeBSD Team discovered some security related bugs in bzip2. By exploiting this bugs an attacker could change file permissions or overwrite files. Bzip got fixed and a new version of the bzip package is available on our FTP servers. - pam_ldap A "format string" bug in pam_ldap's logging functions gots fixed. New packages are available on our FTP servers. - chfn/util-linux Linux distributors have published security announcements about password locking race conditions that lead to a local root vulnerability. SuSE products are not affected by this weakness because we use the user/group management utilities from the shadow package. These utilities are not affected. - libpng libpng is a library that provides functions for applications to handle PNG image files (Portable Network Graphics). An overflow vulnerability has been found in the libpng library that may make it possible for an attacker to run arbitrary code or to crash an application that uses the libpng library if the application in question opens a png image file. We are in the process of fixing this vulnerability. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security(a)suse.de) the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build(a)suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. ===================================================================== SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3in Charset: noconv iQEVAwUBPUkbbHey5gA9JdPZAQHQjAf/T/8kVNSdI3w4YRHUqNmTNH/0YUYJTe+G 5zIgkRvsFG1KYBGLlX9D13eeCC0oeDq3A8MngEW5U9LDYYWoUKhYgmJeWMOarwA2 JnqqdFPduaYOlnLZkZSw94kQiBxqU6gF3Qq0NfRrjVMk1JuvwiyFw8nr3fwmPeBY izvpWAhbr3RQvhoCdUigRNCAfTBuQL1WVI3RT15Vrh9WA7sR+1t2FIor4fx2cBCq mRbRWk+qTl2lS3afrjADinNZWIoStE3MNflzUOLB5xsogzsDRcNsOI+dyebBSRqC WTAYE5Lr7QbTYuTUf8425ot1QeoHn1ThrhC9KbzVz8ceHf1MHXScvw== =RSY0 -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege <thomas(a)suse.de> SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Trete durch die Form ein, und trete aus der Form heraus.

1 0