- openSUSE Security Announce

SuSE Security Announcement: ssh (SuSE-SA:2001:04)
by draht＠suse.de 16 Feb '01

16 Feb '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: ssh Announcement-ID: SuSE-SA:2001:04 Date: Friday, February 16th, 2000 18:00 MET Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: possible remote root compromise Severity (1-10): 9 SuSE default package: yes, no (openssh is default after SuSE-6.3) Other affected systems: Unix systems with sshd running Content of this advisory: 1) security vulnerability resolved: ssh problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information SuSE distributions contain the ssh package in the version 1.2.27. No later version is provided because of licensing issues. SuSE maintains the 1.2.27 version in a patched package. Three new patches have been added that workaround three independent security problems in the ssh package: a) SSHD-1 Logging Vulnerability (discovered and published by Jose Nazario, Crimelabs). Attackers can remotely brute-force passwords without getting noticed or logged. In the ssh package from the SuSE distribution, root login is allowed, as well as password authentication. Even though brute-forcing a password may take an enormous amount of time and resources, the issue is to be taken seriously. b) SSH1 session key recovery vulnerability (by (Ariel Waissbein, Agustin Azubel) - CORE SDI, Argentina, and David Bleichenbacher). Captured encrypted ssh traffic can be decrypted with some effort by obtaining the session key for the ssh session. The added patch in our package causes the ssh daemon to generate a new server key pair upon failure of an RSA operation (please note that the patch supplied with Iván Arce on bugtraq on Wed, 7 Feb 2001 has been corrected later on!). c) In 1998, the ssh-1 protocol was found to be vulnerable to an attack where arbitrary sequences could be inserted into the ssh-1 protocol layer. The attack was called "crc32 compensation attack", and a fix was introduced (crc compensation attack detector in the ssh -v output) into the later versions of ssh. Michal Zalewski discovered that the fix in its most widely used implementation is defective. An integer overflow allows an attacker to overwrite arbitrary memory in the sshd process' address space, which potentionally results in a remote root compromise. There are easy resorts that can be offered: a) switch to openssh (please use the openssh packages on ftp.suse.com from the same update directories as the ssh package update URLs below indicate). openssh is a different implementation of the ssh protocol that is compatible to the protocol versions 1 and 2. Openssh Version 2.3.0 does not suffer from the problems listed above. Versions before 2.3.0 are vulnerable to other problems, so please use the updates from the update directory on the ftp.suse.de ftp server. See section 2) of this announcement for the md5sums of the packages. b) upgrade your ssh package from the locations described below. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. SPECIAL INSTALL INSTRUCTIONS: ============================== If you run a sshd (secure shell daemon) server on your system, then the daemon process must be restarted for the update package to become active after installation of the update rpm. You can do this easily with the command (ran as root): kill -15 `cat /var/run/sshd.pid` After this, you can start the daemon using the command rcsshd start It should be possible now to log on again to your server as usual. Please consult the syslogs in /var/log if this is not the case. Warning: killing all instances of sshd on a system might render the system inaccessible from remote, especially if secure shell is your only method to access the system. Be careful to not lock yourself out. Note: The packages on our German ftp server have been built again to correct one of the patches. The package for the 6.1-i386 distribution has finished building a few minutes ago and uses the same name as the build from Wednesday. Use the --force commandline option for the rpm command if you have used the package that was published before the release date of this announcement. i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.de/pub/suse/i386/update/7.1/sec2/ssh-1.2.27-226.i386.rpm ae68bf3ac28b5e81f9c5f2a1d1d8980e source rpm: ftp://ftp.suse.de/pub/suse/i386/update/7.1/zq1/ssh-1.2.27-226.src.rpm d332e662daff71ff7d10cf4d962b6933 SuSE-7.0 ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/ssh-1.2.27-220.i386.rpm f88b339dea96ef186e70872ce9444c24 source rpm: ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/ssh-1.2.27-220.src.rpm 93ca5fc96c103a5f9adee16cb319195c SuSE-6.4 ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/ssh-1.2.27-86.i386.rpm 3f1b41116b7c7d63c791de4fdca9d1ee source rpm: ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/ssh-1.2.27-86.src.rpm 3a8d859f2ae9751852339c642b07b4cf SuSE-6.3 ftp://ftp.suse.de/pub/suse/i386/update/6.3/sec1/ssh-1.2.27-86.i386.rpm 3f1b41116b7c7d63c791de4fdca9d1ee source rpm: ftp://ftp.suse.de/pub/suse/i386/update/6.3/zq1/ssh-1.2.27-86.src.rpm 3a8d859f2ae9751852339c642b07b4cf SuSE-6.2 ftp://ftp.suse.de/pub/suse/i386/update/6.2/sec1/ssh-1.2.27-210.i386.rpm b29822198dc6430167465706965e3499 source rpm: ftp://ftp.suse.de/pub/suse/i386/update/6.2/zq1/ssh-1.2.27-210.src.rpm 4a2130635f702bb266748b9e4838877a SuSE-6.1 ftp://ftp.suse.de/pub/suse/i386/update/6.1/sec1/ssh-1.2.27-210.i386.rpm 17f281262edd689d9861c099489cbcc6 source rpm: ftp://ftp.suse.de/pub/suse/i386/update/6.1/zq1/ssh-1.2.27-210.src.rpm 5e12e0086f61bba2f37c4ccbc4282a92 Sparc Platform: SuSE-7.0 ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/ssh-1.2.27-221.sparc.rpm e1545287f954d089707c55a66598c318 source rpm: ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/ssh-1.2.27-221.src.rpm f37a8b3addaf70711d91f6a3f788a8b3 AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.de/pub/suse/axp/update/7.0/sec1/ssh-1.2.27-221.alpha.rpm 77bd0dcda5df929fba07d56de2bf3399 source rpm: ftp://ftp.suse.de/pub/suse/axp/update/7.0/zq1/ssh-1.2.27-221.src.rpm 77305ae844c9b68e8af559ccf81417e8 SuSE-6.4 ftp://ftp.suse.de/pub/suse/axp/update/6.4/sec1/ssh-1.2.27-86.alpha.rpm 7a8d7086c8b99822b020f3c9d0e4764e source rpm: ftp://ftp.suse.de/pub/suse/axp/update/6.4/zq1/ssh-1.2.27-86.src.rpm e75660e54edc2cf38086b4de3da91881 SuSE-6.3 ftp://ftp.suse.de/pub/suse/axp/update/6.3/sec1/ssh-1.2.27-212.alpha.rpm 671761326c11c9eac50c3d992b550bdf source rpm: ftp://ftp.suse.de/pub/suse/axp/update/6.3/zq1/ssh-1.2.27-212.src.rpm 5472b658aac01bea8667769a04e0e92d PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/ssh-1.2.27-220.ppc.rpm ec7274c8a88b6ce5420c91da0622f94c source rpm: ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/ssh-1.2.27-220.src.rpm 1ae9f7cf4c7099f5cad8cb0ccc8f3e5d SuSE-6.4 ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/ssh-1.2.27-86.ppc.rpm fc3cb2e3b927c7ffc5e8374e183f860e source rpm: ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/ssh-1.2.27-86.src.rpm 439abdfb6f56e2c0d3880cddd103935f ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - The openssh package URLs and md5sums: ftp://ftp.suse.de/pub/suse/i386/update/7.1/sec1/openssh-2.3.0p1-5.i386.rpm 3687c385e3e8f6e845c17518c12dd61b ftp://ftp.suse.de/pub/suse/i386/update/7.1/zq1/openssh-2.3.0p1-5.src.rpm 3cf3a1f652d92d66e70bfc9c40c0eb38 ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/openssh-2.3.0p1-0.i386.rpm ce12abcff3dec118ceabe62e6cd1e090 ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm 3a7cf864f695a9f3ec2dd0bf6cc7e161 ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/openssh-2.3.0p1-0.i386.rpm 3219bf7853c2c27056ec502b5fd3345c ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm 82a18d49a9a98942417258ffcd7a4800 ftp://ftp.suse.de/pub/suse/i386/update/6.3/sec1/openssh-2.3.0p1-0.i386.rpm 3219bf7853c2c27056ec502b5fd3345c ftp://ftp.suse.de/pub/suse/i386/update/6.3/zq1/openssh-2.3.0p1-0.src.rpm 82a18d49a9a98942417258ffcd7a4800 ftp://ftp.suse.de/pub/suse/axp/update/7.0/sec1/openssh-2.3.0p1-0.alpha.rpm b924315c09cb990009b24d3c1093e142 ftp://ftp.suse.de/pub/suse/axp/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm 6339a4f2a4982ba2e6b943a182d02420 ftp://ftp.suse.de/pub/suse/axp/update/6.4/sec1/openssh-2.3.0p1-0.alpha.rpm 61da28e2695d8f4a4b1c6300d867e6b6 ftp://ftp.suse.de/pub/suse/axp/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm 9e8e5af8b890f2a18e244da1c94be796 ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/openssh-2.3.0p1-0.ppc.rpm 72f7c339991e54a476585012423dda62 ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm 749ccc55396944ad43c1977e55903958 ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/openssh-2.3.0p1-0.ppc.rpm e08ec87634dfd0dd76d18886d04ebd4b ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm 95820e1934a5586c8d73719957972d7c ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/openssh-2.3.0p1-0.sparc.rpm 8ed7a34fec7bcc6c658809effe20fd82 ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm c551925107c7000fa32556dbe4a4fad4 - Linux kernel upgrade. Several security flaws have been found in the linux-2.2.x kernel versions. The only suitable workaround is to upgrade to a newer kernel version. SuSE provides kernels that have been expanded with several dozen device drivers that are not included in the standard main stream kernel. While working on the kernel update packages for our distributions, more security problems were discovered. Currently, several persons audit code in the kernel, so that more problems are expected to be discovered in the very near future. Since kernel updates are very time-consuming on behalf of the system administrator, we decided to not publish a new kernel package each week. Instead, the new kernel packages with all known security bugs fixed will be published by the midth/end of next week. In the meanwhile, administrators who require immediate updates, please go to ftp.kernel.org (or one of its mirrors, respectively) and get Alan Cox' prepatches for the 2.2.19 version of the Linux kernel. The directory usually is /pub/linux/kernel/people/alan/2.2.19pre, his latest patch is pre-patch-2.2.19-13.gz. This patch fixes all currently publically known security problems in the Linux v2.2 kernel. For those who are not experienced in patching and installing kernels, we recommend to wait for the release of the SuSE Linux kernel update packages. - From SuSE-SA:2001:03 (bind8): The sparc update packages were pending because of build bottlenecks. The URLs to the update packages and the md5sums are as follows: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/bind8-8.2.3-39.sparc.rpm c7e2a95bd4b90d03207ffc3a9880c36c source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/bind8-8.2.3-39.src.rpm 5d4d4b608f2a8a3e61f7dc6917254f4f - bind: The bind package version 4.x has been found vulnerable to multiple security problems that were discussed and published in public security forums. See http://www.securityfocus.com/templates/advisory.html?id=3051 for more information. SuSE provides update packages for the bind nameserver in version 4 for all distributions and architectures. We also hereby announce that the bind package (bind-4.x; the bind nameserver in version 8 is contained in the bind8 package) will be discontinued in future versions of the SuSE Linux Distribution. We recommend to migrate to bind in the 8.x or 9.x series. There will be a seperate security announcement for the bind (4.x) package by Monday, February 19th 2001. In the meanwhile, get the md5sums from the URL ftp://ftp.suse.de/private/draht/bind4-checksums . It is signed. - More announcements are following this one. (mysql, tmpfile races, ...) Please read (this) section 2) in the announcements carefully. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOo1ck3ey5gA9JdPZAQFXJAgAle2SSB5ddOCY2fk3rzphFmqW7Loh+7KQ jijyw1SQO2/aJsEjszMVGEmlnwJD0H8wOuTrHJzWvl4/lefC+D1qM2Lpd+yJTyus tKdzGIESSmrhXD652iBndB+kpYmMmcRKx7KgBrr9/+q9Z6UNTRUy+8N7ClRoZmuM srLN7KA2yuHDNVwUelmyeHOh3gQGeyKGuBXI8wg3IxQgr2C+64kUyuruTqnG196m GirfMhCKIH1hTdhuM63JZBp6LxQ1rkv8Cd9EeFMm5kL+0yTKU0dv4nO1GHBYe3TD wKkHpENOjGBqEb4jQe/syT/DvBqo8HH5fm9OA9j/R4onEDErFJJqYw== =/AJH -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: bind8 (SuSE-SA:2001:03)
by draht＠suse.de 31 Jan '01

31 Jan '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: bind8 Announcement-ID: SuSE-SA:2001:03 Date: Tuesday, January 30th, 2000 23:40 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 Vulnerability Type: remote root compromise Severity (1-10): 9 SuSE default package: no Other affected systems: all systems using bind, versions before 8.2.3-REL Content of this advisory: 1) security vulnerability resolved: bind8 problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely over- flow a buffer and thereby execute arbitrary code as the user running the nameserver (this is user named by default on SuSE systems). In addition to this bug, another problem allows for a remote attacker to collect information about the running bind process (this has been found by Claudio Musmarra <a9605121(a)unet.univie.ac.at>). For more information on these bugs, please visit the CERT webpage at http://www.cert.org/advisories/CA-2001-02.html and the bind bugs webpage at http://www.isc.org/products/BIND/bind-security.html . The problem is existent in the upcoming SuSE distribution 7.1 that will be available by February 10th in the CD/DVD version. There exists no reasonable method to circumvent the problems other than to update the package as described below. Please choose the update package for your distribution from the URLs listed below and download the necessary rpm files. Then, install the package using the command `rpm -Uhv file.rpmŽ. rpm packages have an internal md5 checksum that protects against file corruption. You can verify this checksum using the command (independently from the md5 signatures below) `rpm --checksig --nogpg file.rpm', The md5 sums under each package are to prove the package authenticity, independently from the md5 checksums in the rpm package format. SPECIAL INSTALL INSTRUCTIONS: ============================== If you run a bind8 nameserver on your system, please update the package immediately. In order for the updated package to become active, the nameserver process "named" needs to be restarted. Do this using the command `rcnamed restartŽ as root after performing the rpm command as shown above. Afterwards, check for the running daemon using the ps command as `ps auxŽ. The named process should show a new starting time. Repeat the `rcnamed restartŽ command if the nameserver shut down too slowly to release the socket for the new server. i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/bind8-8.2.3-92.i386.rpm e9b354dbd96f6216b9da01f2b3a0a166 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/bind8-8.2.3-92.src.rpm f77200a6c476b58980f68b5db3fd7c4b SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/bind8-8.2.3-61.i386.rpm 4fdee7483fce85f2a31a1a53d2b01b76 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/bind8-8.2.3-61.src.rpm e53896d1ddfb405774a492469621af02 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/bind8-8.2.3-0.i386.rpm bb25cb6ba2e54bf929f61c14b3663b3e source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/bind8-8.2.3-0.src.rpm 1033f0df4b747f1d2758fdae69a5fa17 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/bind8-8.2.3-0.i386.rpm 73fe798d4afb87beecb2546ecf076f64 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/bind8-8.2.3-0.src.rpm dfe4e452d8d0a0a8ff0994e514353b3f SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/bind8-8.2.3-0.i386.rpm 48b45d14724e852810de130864ab8281 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/bind8-8.2.3-0.src.rpm 22ca23ed06739effc887370bfef2d83e SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/bind8-8.2.3-0.i386.rpm fc9cd0970c15246599f90ce1f5955f29 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/bind8-8.2.3-0.src.rpm 6cdf2e5c3a9a25ca98f8916de677cb70 SuSE-6.0 Please use the SuSE-6.1 packages for the SuSE-6.0 distribution on the i386 Intel Platform. AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/bind8-8.2.3-39.alpha.rpm 84014e0f19e52a09b90897e18d8eb774 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/bind8-8.2.3-39.src.rpm 99df556319e0c232d78cdb69d5d28ac0 SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/bind8-8.2.3-0.alpha.rpm 2e2a8f6c3c6838a7fd49bd7926fc3de3 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/bind8-8.2.3-0.src.rpm 9b0c2e8469f597f43010a125af8f54fe SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/bind8-8.2.3-0.alpha.rpm 0194fc4461ef902c46b75f28fa8f2ef6 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/bind8-8.2.3-0.src.rpm dffa2d911f6dae9092301bd8ad4f026f SuSE-6.1 ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/bind8-8.2.3-0.alpha.rpm ebd233233829eef3d73db7d0a828c35a source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/bind8-8.2.3-0.src.rpm 582e7985719d3f7da86a77349aa1611d PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/bind8-8.2.3-39.ppc.rpm b9354106b0b89edf8f1883b2ea50e656 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/bind8-8.2.3-39.src.rpm 534d84e900c6edf3fa8f2ef546d08c0a SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/bind8-8.2.3-0.ppc.rpm 5c3a00ebd3ddb0388e460673bfec88d0 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/bind8-8.2.3-0.src.rpm 418ae09b44885199f4a4403748b6ab2b Sparc Platform: Due to build bottlenecks, the update package for the sparc platform (SuSE-7.0 distribution) is delayed. ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: SuSE distributions contain the bind nameserver in Version 4 as well. bind-4.x in the currently used version has security-related bugs, some of which are similar to the ones in the 8.x versions. We will provide update packages as well as an announcement for the bind (not bind8) package shortly, along with an own announcement. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOndmjXey5gA9JdPZAQGwCwf/U0uWMe9nA8sQmu9C2scFsK5MYpNT0rgu uEUnChBznoc7FzeeWt2I1sube0DiVx5qcZDY4M7u0/BK4VJCacZIHFgWpye1GseP RU8bKhsUiujoplyiWb0Fm39AoKa5HGvAAdRFDNuMC7vt8FtKZic6JGm76MOlqVoD a0hXd6E0Jr55juGxZ5eQqpKWPAR+EjUjEE+R79LQMG8K5FWKHqfwgO2tMNUASaj9 VDkdSTkZS2DX8JIoII6s4g9ksYS0gJds1zivfFdj0fVYcHzwPEvn/ZUv/Mukf2/b MMDFIaTSGM/G751wRD7sYUhcJ5hxJ8qulsdMvLO8nBorh7IjMZSJrw== =zKPn -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: kdesu
by krahmer＠suse.de 30 Jan '01

30 Jan '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: kdesu Announcement-ID: SuSE-SA:2001:02 Date: Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: local root compromise Severity (1-10): 3 SuSE default package: yes Other affected systems: All KDE 1 & KDE 2 systems Content of this advisory: 1) security vulnerability resolved: kdesu problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information kdesu is a KDE frontend for su(1). When invoked it prompts for the root password and runs su(1). kdesu itself does not run setuid/setgid. However when enabling the 'keep password' option it tries to send the password across process boundaries to kdesud via a UNIX socket. During this it does not verify the identity of the listener on the other end. This allows attackers to obtain the root password. This bug has been fixed in the update packages by checking the ownership of the socket on the listener side. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-6.1: ftp://ftp.suse.com/pub/suse/i386/update/6.1/kpa1/kdesu-0.98-187.i386.rpm 3d51f84f2dc87916bc937f3afe507c1a SuSE-6.1: ftp://ftp.suse.com/pub/suse/i386/update/6.1/kpa1/kdesu.rpm 3d51f84f2dc87916bc937f3afe507c1a source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/kdesu-0.98-187.src.rpm f8764afd475fa7a41c18603d15ce48ab SuSE-6.2: ftp://ftp.suse.com/pub/suse/i386/update/6.2/kpa1/kdesu-0.98-187.i386.rpm 027617e19c957b1ed5f42f140b62521b SuSE-6.2: ftp://ftp.suse.com/pub/suse/i386/update/6.2/kpa1/kdesu.rpm 027617e19c957b1ed5f42f140b62521b source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/kdesu-0.98-187.src.rpm 9cf3d4b0c00db4598968dd5c7e07eef7 SuSE-6.3: ftp://ftp.suse.com/pub/suse/i386/update/6.3/kpa1/kdesu-0.98-187.i386.rpm d2b6c6f3330a20c2eb7d5500de2f9df6 SuSE-6.3: ftp://ftp.suse.com/pub/suse/i386/update/6.3/kpa1/kdesu.rpm d2b6c6f3330a20c2eb7d5500de2f9df6 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/kdesu-0.98-187.src.rpm a50cc8ba1a793f9151559454fdad0a14 SuSE-6.4: ftp://ftp.suse.com/pub/suse/i386/update/6.4/kpa1/kdesu-0.98-187.i386.rpm 8f06dd49bdc00dca25eff33a3754ddee SuSE-6.4: ftp://ftp.suse.com/pub/suse/i386/update/6.4/kpa1/kdesu.rpm 8f06dd49bdc00dca25eff33a3754ddee source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/kdesu-0.98-187.src.rpm 0ca2d30cf51d1307f88581d4e240bbf0 SuSE-7.0: ftp://ftp.suse.com/pub/suse/i386/update/7.0/kpa1/kdesu-0.98-187.i386.rpm c7238ea5775939239b3857b550ca9f1b SuSE-7.0: ftp://ftp.suse.com/pub/suse/i386/update/7.0/kpa1/kdesu.rpm c7238ea5775939239b3857b550ca9f1b source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/kdesu-0.98-187.src.rpm bc74c75ba0b514f7df4f0250ccc7454a Sparc Platform: AXP Alpha Platform: SuSE-6.1: ftp://ftp.suse.com/pub/suse/axp/update/6.1/kpa1/kdesu-0.98-187.alpha.rpm 8017cd7fed463cae4bef3fa471e7e1d8 SuSE-6.1: ftp://ftp.suse.com/pub/suse/axp/update/6.1/kpa1/kdesu.rpm 8017cd7fed463cae4bef3fa471e7e1d8 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/kdesu-0.98-187.src.rpm 78846e4ae3f50e9264e8840da1a628a8 SuSE-6.3: ftp://ftp.suse.com/pub/suse/axp/update/6.3/kpa1/kdesu-0.98-187.alpha.rpm cf1629ba236c0c84e0f2b33101b5f1aa SuSE-6.3: ftp://ftp.suse.com/pub/suse/axp/update/6.3/kpa1/kdesu.rpm cf1629ba236c0c84e0f2b33101b5f1aa source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/kdesu-0.98-187.src.rpm da851ebaee36cb91cb1e1fca0c8bfda2 SuSE-6.4: ftp://ftp.suse.com/pub/suse/axp/update/6.4/kpa1/kdesu-0.98-187.alpha.rpm d1904cc9db320ea2c576b73633ee6bd5 SuSE-6.4: ftp://ftp.suse.com/pub/suse/axp/update/6.4/kpa1/kdesu.rpm d1904cc9db320ea2c576b73633ee6bd5 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/kdesu-0.98-187.src.rpm 27261cf8ff0ea66a597520260b832f7d SuSE-7.0: ftp://ftp.suse.com/pub/suse/axp/update/7.0/kpa1/kdesu-0.98-187.alpha.rpm be3b258eeeb3c56351b93ec8a32826db SuSE-7.0: ftp://ftp.suse.com/pub/suse/axp/update/7.0/kpa1/kdesu.rpm be3b258eeeb3c56351b93ec8a32826db source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/kdesu-0.98-187.src.rpm b7e3139377784c5cbbc4f14a5061d124 PPC Power PC Platform: SuSE-6.4: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/kpa1/kdesu-0.98-187.ppc.rpm 705afa4defc64c48f89dd94b2d52c296 SuSE-6.4: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/kpa1/kdesu.rpm 705afa4defc64c48f89dd94b2d52c296 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/kdesu-0.98-187.src.rpm 32e626fa7e8206d6803957c77062185b SuSE-7.0: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/kpa1/kdesu-0.98-187.ppc.rpm e9b4a8a26844af0bc8cb37c8d2d26530 SuSE-7.0: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/kpa1/kdesu.rpm e9b4a8a26844af0bc8cb37c8d2d26530 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/kdesu-0.98-187.src.rpm aaa092ffafe149ef8ba3acf570966e09 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - Kmail remote code execution. This issue will be adressed in following advisories. - pgp4pine bufferoverflow. Very unlikely to be exploited, but next advisories will contain information on this as well as URL's for patches. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Sebastian Krahmer ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOnLxI3ey5gA9JdPZAQGh/Qf+MoBq8Ys7ANMtnSg9mKVLxA7HXSM5DPVP lM4zFFJwyU8b/DBNfEHYPwDwNeAxeHtjMbpYbWt2zos2dVsz9caFOZznBRjM9hlF AhGMzXjTus+qfVoothlsMfVGvV3xOqbbIjdiUZChiULe8/Bm+YDmD2y9fkquxD+Z dmoY9yOaQ2bSjT8a1Gyin04Jew/uFyAroNmaAn1XDPGqXPq9EIXJz8gWigqDLwe+ Qfcizp9picMLnfEipGtCARP2/my53hp+2JwGy78E+lf7EZrhq0wlJ5nELQUdvYyA Y6aOEVq349q6Q5QeMF9ABfpyKPbmUXwkzzXTtMwdmYKoKtu6cUEThQ== =YAhD -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: shlibs/glibc (SuSE-SA:2001:01)
by draht＠suse.de 26 Jan '01

26 Jan '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: glibc (shlibs) Announcement-ID: SuSE-SA:2001:01 Date: Friday, January 26th, 2001 15:40 MET Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: local root compromise Severity (1-10): 6 SuSE default package: yes Other affected systems: most Linux/glibc based systems Content of this advisory: 1) security vulnerability resolved: glibc problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information ld-linux.so.2, the dynamical linker, adds shared libraries to the memoryspace of a program to be started. Its flexibility allows for some environment variables to influence the linking process such as preloading shared libraries as well as defining the path in which the linker will search for the shared libraries. Special care must be exercised when runtime-linking setuid- or setgid-binaries: The runtime-linker must not link against user-specified libraries since the code therein would then run with the elevated privileges of the suid binary. The runtime-linker as used in the SuSE distributions ignores the content of the critical environment variables if the specified path begins with a slash ("/"), or if the library file name is not cached (eg it is contained in a path from /etc/ld.so.conf). However, Solar Designer has found out that even preloading glibc- native shared libraries can be dangerous: The code in the user-linked library is not aware of the fact that the binary runs with suid or sgid privileges. Using debugging features of the glibc (and possibly other features) it is possible for a local attacker to overwrite arbitrary files with the elevated privileges of the suid/sgid binary executed. This may lead to a local root compromise. To eliminate these problems, we provide update packages that completely disregard the LD_* variables upon runtime-linking of a binary that has an effective uid different from the caller's userid. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. SPECIAL INSTALL INSTRUCTIONS: ============================== The glibc (the shlibs package) is an intrinsic part of the GNU/Linux operating system since most binary executables are dependent on the shared libraries from that package. For this reason, special care must be taken while updating the shlibs package. After downloading the binary rpm files, make sure that your system is idle by bringing it down to Single User Mode (`init 1Ž). If this is not applicable for operational reasons, then keep your machine as calm as possible while you perform the update. In particular, make sure that no shell scripts are running during the update. Install the package using the command rpm -Uhv package-rpm-file Do _NOT_ interrupt the operation of the rpm command! After the installation, execute the commands ldconfig # alternatively, use SuSEconfig /sbin/init u # will restart init At this point, the update is done. On low-memory machines a reboot is advisable to free the memory that is used by the old memory-mapped libraries. Note 1: The upcoming SuSE-7.1 distribution is based on glibc-2.2. This distribution is not affected by the security problems in glibc as discussed in security forums. Note 2: The source rpm for the shlibs package is called "libc*.rpm". Multiple binary rpm packages are being generated from this source rpm package. These include: localedb, nssv1, shlibs, timezone. To get a fix for the runtime-linker related security issue (topic of this announcement), it is only necessary to update the shlibs binary rpm package. SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/shlibs-2.1.3-190.i386.rpm 94ccbb80d2841f08f2b7322671d6e7f3 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/libc-2.1.3-190.src.rpm 3d15b6ffff534f0bf705882dbd8a2551 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/shlibs-2.1.3-155.i386.rpm bc03f1a6f32a66958128e9450e355698 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/libc-2.1.3-155.src.rpm e8f2aa8d32122edfbe3c436a52abb847 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/shlibs-2.1.2-48.i386.rpm 8d572332c67b488e5d64a8d4d3274e90 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/libc-2.1.2-48.src.rpm 8e1f861112f4a921ea4c7b5631304ee6 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/a1/shlibs-2.1.1-30.i386.rpm b6b4cfe73e46c5b3bd5b626d68dfa584 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/libc-2.1.1-30.src.rpm 67fcd70b40f145b5f40b86f7254e35be SuSE-6.1 SuSE-6.0 The rpm packages are being produced as this announcement is written. The md5sums for these rpm packages will be provided on the ftp-server, signed with the security(a)suse.de pgp key below. Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/shlibs-2.1.3-155.sparc.rpm 6b000a6278366c6da4b719d2f62ad7a4 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/libc-2.1.3-155.src.rpm e845606be9c9aca72213e4c5f1f32290 AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/shlibs-2.1.3-155.alpha.rpm 2df813e3c08b52e3f914c591efc742d4 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/libc-2.1.3-155.src.rpm 9cb7a6e5981112da6d702916d453b419 SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/shlibs-2.1.3-155.alpha.rpm 0636c2cddf131e76c19e154619a65bd8 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/libc-2.1.3-155.src.rpm 39fd3b8e7e4054bc7a333a831e99e6fd SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/a1/shlibs-2.1.2-48.alpha.rpm f9713bc945bf7f98527d2fdfbe756dfb source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/libc-2.1.2-48.src.rpm af2eb3df9d83f8f8ca13526046a3a539 SuSE-6.1 ftp://ftp.suse.com/pub/suse/axp/update/6.1/a1/shlibs-2001.1.17-0.alpha.rpm 4a0033c4ec32ef0e79fc1b7a83692738 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/libc-2000.9.5-0.src.rpm 11871baa8279f8c0c79f6c9d95ca531c PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/shlibs-2.1.3-173.ppc.rpm 8d9d27a8fba22de4df5cd4700a541ad9 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/libc-2.1.3-173.src.rpm 89946b9a2bb7c545a1761a84ebd979ab SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/shlibs-2.1.3-190.ppc.rpm 383bb49a2f6a3e83a9c2ed3eea30dc99 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/libc-2.1.3-190.src.rpm 91ed7087165b74383cddb556abc07402 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: This announcement is followed by a sequence of more announcements to address the ongoing security problems as discussed in public security forums. In particular, there are temporary file races in multiple packages (we collect and address them in a single announcement to keep the noise low), format string bugs, as well as a man-in-the-middle attack in the kdesu program and a single-byte buffer overflow. The next announcenemts will contain more information on these topics. Please stay tuned. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller, SuSE Security. - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOnGNKney5gA9JdPZAQHwWAf+O/xaFgEnMGl1E3NqR/oC6zDB5TelVWil 7Ng4KVr1Ijwodi7CjXAOXdI1SfVt2v64IWKxjpppQdM1F9epNEFCHx2XdLCviBEo EMC8r+KmPICRvfZJUzhJQPszXuLm7SDPTf5fsrWBcQrLnaQ+1eCBqlyCciFqLb3s iZYaxP/NoQh18UuKUVo3lRAzwN7eZwKh4xuwRfmxdB1yBqHloquTKA+JV7kl8SV4 k3PaNO7yC1kkbltkUX/y95hKEhQazh5Il/vK0FyKMHzXYdj8y28kQJKL07Gmwaye Sx3U7QRe9AD1e+IcfPzE6G9n1beaNhKMu+hGfyYXg+5n8lGKp/FTxw== =bcEa -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: netscape (SuSE-SA:2000:48)
by draht＠suse.de 30 Nov '00

30 Nov '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: netscape Announcement-ID: SuSE-SA:2000:48 Date: Thursday, November 30th, 2000 19:00 MET Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: clientside remote vulnerability Severity (1-10): 4 SuSE default package: yes Other affected systems: systems w/ netscape versions before 4.76 Content of this advisory: 1) security vulnerability resolved: netscape problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information Michal Zalewski <lcamtuf(a)DIONE.IDS.PL> has found a buffer overflow in the html parser code of the Netscape Navigator in all versions before and including 4.75. html code of the form <form action=foo method=bar> <input type=password value=long string here> more form tags </form> can crash the browser. It may be possible for an attacker to supply a webpage that executes arbitrary code as the user running netscape. As of today, no exploit code is known to exist in the wild. SuSE provides an update package for the vulnerable software. It is recommended to upgrade to the latest version found on our ftp server as described below. The update package introduces Netscape version 4.76. NOTE: Please note that Netscape-4.76 is not available for the glibc-2.0-based SuSE Distributions SuSE-6.0 and 6.1 because Netscape doesn't provide any binaries for the glibc version in these distributions (glibc-2.0). For SuSE-6.0 and 6.1, we provide a libc5-based version of netscape-4.76 which runs smoothly on all i386-based SuSE distributions 6.x and 7.x, provided the package shlibs5 is installed. The package can be found in the update/5.3 directory on our ftp server (see below). There are no packages available for platforms other than i386. NOTE: The packages on our ftp servers date back to October 31st. Since there is no release notes or README file with equivalent content in the netscape tarball, SuSE security was not aware of the fact that this release of netscape fixes the known problems. This information can be obtained from (along with information about other bugfixes) http://home.netscape.com/eng/mozilla/4.7/relnotes/windows-4.76.html . Please choose the update package(s) for your distribution from the URLs listed below and download the necessary rpm files. Then, install the package using the command `rpm -Uhv file.rpmŽ. rpm packages have an internal md5 checksum that protects against file corruption. You can verify this checksum using the command (independently from the md5 signatures below) `rpm --checksig --nogpg file.rpm', The md5 sums under each package are to prove the package authenticity, independently from the md5 checksums in the rpm package format. Intel i386 Platform SuSE-7.0 SuSE-6.4 SuSE-6.3 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/netscape-4.76.glibc21.i386… 7ccebaca7df0937a3c08fc30a27af858 SuSE-6.1 SuSE-6.0 ftp://ftp.suse.com/pub/suse/i386/update/5.3/xap1/netscape-4.76.libc5.i386.r… 3c4f06c5fea4755083524eb135627380 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - ssh/openssh Several inconsistencies and configuration bugs have been introduced in the SuSE rpm packages for the update of openssh (SuSE-SA:2000:47) that cause the openssh software to not work as reliably as usual. The packages are about to be reworked, the openssh announcement will be reissued. - pidentd The in.identd daemon on SuSE distributions can be crashed remotely. We're working on a fix. - bash1 bash, version 1, handles temporary files in an unsafe manner that allows a local attacker to overwrite arbitrary files as the user running a bash1 with input redirection of the "<< EOF" style. The bash1 package is not used per default in SuSE-distributions. We're working on a fix (update packages). - tcsh The paragraph above about bash version 1 applies to the tcsh as well, in all versions. The tcsh is not used by SuSE scripts. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOiacFHey5gA9JdPZAQEy5Qf+NlySb8Nk3N5KUFHMf4zh/tVQfyCiXEW5 GUJ5M3Y8quHZq2KX/ErCXWws2/RJAIdHnyEAkeXigwZ001l0MqnWM5PqAWUUGXRh X4isNVr2IeV07RnhIyLdYUj4sDBfmDf1Xwyf/cl6SYcHmeo9/dnfz4ImanYuO9iF cd1gjSWQVCGkP6C28p99GaK3IfzUMvfZjiINS1/mURKSeiQMsOTd4ktOtBvKJY4O SVe8d9is1lUqoiRME1q0+ri3iRLYGWQDDrjukg1SUXVO3jgEXi+lBrO0fs3Stb7o OKRaMnWJvsoHmemRWBMHo7mnBtdYkubQqF6iSIVC60NuW/VJmV9YWg== =Nv3j -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: openssh/ssh (SuSE-SA:2000:47)
by draht＠suse.de 24 Nov '00

24 Nov '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: openssh/ssh Announcement-ID: SuSE-SA:2000:47 Date: Friday, November 24th, 2000 16:30 MET Affected SuSE versions: 6.4, 7.0 Vulnerability Type: clientside remote vulnerability Severity (1-10): 6 SuSE default package: yes Other affected systems: systems w/ openssh versions before 2.3.0 Content of this advisory: 1) security vulnerability resolved: openssh problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project. Many vulnerabilities have been found in the openssh package, along with a compilation problem in the openssh and ssh packages in the SuSE-7.0 distribution: An openssh client (the ssh program) can accept X11- or ssh-agent forwarding requests even though these forwarding capabilities have not been requested by the client side after successful authentication. Using these weaknesses, an attacker could gain access to the authentication agent which may hold multiple user-owned authentification identities, or to the X-server on the client side as if requested by the user. These problems have been found/reported by Markus Friedl <markus.friedl(a)informatik.uni-erlangen.de> and Jacob Langseth <jwl(a)pobox.com>. A problem in the configure script in both the openssh and ssh package on the SuSE-7.0 distribution caused the sshd programs to not be linked against the tcp-wrapper library. By consequence, access rules for the sshd server-side service as configured in /etc/hosts.allow and /etc/hosts.deny were ignored. This has been reported to us by Lutz Pressler <lp(a)SerNet.DE>. We thank these individuals for their contribution. Sebastian Krahmer <krahmer(a)suse.de> found a small tmp file handling problem in the perl script `make-ssh-known-hostsŽ. A (local) attacker could trick the perl program to follow symbolic links and thereby overwriting files with the privileges of the user calling make-ssh-known-hosts. The solution for the first three problems (agent+X11-forwarding, missing libwrap support) is an upgrade to a newer package. The tmp file problem can be easily solved by hand. Please see the special install instructions below. Note: Upon public request, we also provide update packages for the SuSE-6.3 Intel distribution, even though the openssh packages was not included in this distribution. special install instructions: ===================================== To find out which package (ssh or openssh) you use, please use the command `rpm -qf /usr/bin/sshŽ. __ case openssh: Please follow the instructions below to download and install the update package. Afterwards, restart the sshd daemon: `rcsshd restartŽ. __ case ssh: before SuSE-7.0 (excluding 7.0): In the file /usr/bin/make-ssh-known-hosts, please change the line (around line 102) $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; to read $private_ssh_known_hosts = "~/ssh_known_hosts$$"; and you are done. SuSE-7.0: Please follow the instructions below to download and install the update package. Afterwards, restart the sshd daemon: `rcsshd restartŽ Please choose the update package(s) for your distribution from the URLs listed below and download the necessary rpm files. Then, install the package using the command `rpm -Uhv file.rpmŽ. rpm packages have an internal md5 checksum that protects against file corruption. You can verify this checksum using the command (independently from the md5 signatures below) `rpm --checksig --nogpg file.rpm', The md5 sums under each package are to prove the package authenticity, independently from the md5 checksums in the rpm package format. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/openssh-2.3.0p1-0.i386.rpm 3c7b9044ffb64f9f74c904eb2b278eb2 source rpm: ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm aebcda19518208497671e752bbdfaeb8 SuSE-6.4 ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/openssh-2.3.0p1-0.i386.rpm 04c17b0eba99c798ae401fb9aafbc7e4 source rpm: ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm 2003ab41cfa32ef39b11b4977ef4cd1f SuSE-6.3 ftp://ftp.suse.de/pub/suse/i386/update/6.3/sec1/openssh-2.3.0p1-0.i386.rpm 04c17b0eba99c798ae401fb9aafbc7e4 source rpm: ftp://ftp.suse.de/pub/suse/i386/update/6.3/zq1/openssh-2.3.0p1-0.src.rpm 2003ab41cfa32ef39b11b4977ef4cd1f Sparc Platform: SuSE-7.0 ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/openssh-2.3.0p1-0.sparc.rpm 898aaaacee88777429496f1a5658076f source rpm: ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm 97868b04de04a0baafcee69ebbbe6079 AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.de/pub/suse/axp/update/7.0/sec1/openssh-2.3.0p1-0.alpha.rpm dd12c60b2744455780c976b115b26f27 source rpm: ftp://ftp.suse.de/pub/suse/axp/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm 6df5af1a88fda4d8fc1a493e4d10bc01 SuSE-6.4 ftp://ftp.suse.de/pub/suse/axp/update/6.4/sec1/openssh-2.3.0p1-0.alpha.rpm 99de4bb6f183be1b69a610744f4566bc source rpm: ftp://ftp.suse.de/pub/suse/axp/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm aa56e311205ba58478c815760452367e PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/openssh-2.3.0p1-0.ppc.rpm 72f7c339991e54a476585012423dda62 source rpm: ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm 749ccc55396944ad43c1977e55903958 SuSE-6.4 ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/openssh-2.3.0p1-0.ppc.rpm 59727fa055e5d835bc4e455302b1ef49 source rpm: ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm 7e42dbad4e50a2ad9156e94cf2a93955 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: Clarification: In my message (Subject: "SuSE: miscellaneous"), dated Wed, 15 Nov 2000, concerning the paragraph about runtime linking problems in gs (GhostScript) , I have stated that the problem will be fixed in future versions of the SuSE distribution. This does not touch the fact that we will of course provide fixes for the older distributions. - pine The packages (version 4.30) are on our ftp server and can be downloaded. The SuSE security announcement is pending. - netscape Michal Zalewski <lcamtuf(a)DIONE.IDS.PL> has reported a buffer overflow in Netscape's html parser code. A specially crafted html document may cause the browser to execute arbitrary code as the user calling the netscape program. The packages are available for download on ftp.suse.com. A security announcement is on the way to address the issue. - gs (ghostscript) Two vulnerabilities have been found in the ghostscript package as shipped with SuSE distributions: Insecure temporary file handling and a linker problem that could make gs runtime-link against ./libc.so.6. We're currently working on update packages. In the meanwhile, it is advised to not run gs or applications that call gs from within a world- writeable directory. - jed The text editor jed saves files in /tmp upon emergency termination in an insecure way. This problem was fixed with the release of SuSE-6.3 after a SuSE-internal code audit by Thomas Biege <thomas(a)suse.de>. The information about the existence of this bug was not communicated to the public because the editor was not very widely used at that time. We will provide update packages for the SuSE releases 6.0, 6.1 and 6.2 shortly. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOh6OSney5gA9JdPZAQFsKAf/Rn7V0D4N4nRRhWcYvvtNeIYfYsitOByR 7W/Q1Mbh3WIjDehw+3enCZi9PBB5GnoMVyMRthaUH1+1zY5DT8q/bkpgvhW3pD+F pP/ksNRwJte2mZNdd/7UUu/cS8ditCIRO65JGyttqdU6VhoGLFgXiZPE0YWcfyJj VoCRR4Jv6peCodSZdfOe5DVZUTfZATdp8Fm1A5+0XAVwfgr3n/J/aoJgkRwWJ/Kr szGp7Q9TeIOzKZJOHxwKnQ+c+8ge0F2h02WsI8cq6B8HMhVwYnV4rXU4E7CmYnzm sn6lKj7qTykqajNi1zqPjGpUDNU7gH1L5zMXiiisgkacT9bavwF7lw== =Uskv -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: tcpdump (SuSE-SA:2000:46)
by draht＠suse.de 17 Nov '00

17 Nov '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: tcpdump Announcement-ID: SuSE-SA:2000:46 Date: Friday, November 17th, 2000 16:00 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: remote denial of service Severity (1-10): 6 SuSE default package: yes Other affected systems: systems using the same versions of tcpdump and the necessary libraries Content of this advisory: 1) security vulnerability resolved: tcpdump problem description, discussion, solution and upgrade information 2) clarification, pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information tcpdump is a widespread network/packet analysis tool, also known as a packet sniffer, used in unix/unix-like environment. Several overflowable buffers have been found in SuSE's version of tcpdump that could allow a remote attacker to crash the local tcpdump process. Since tcpdump may be used in combination with intrusion detection systems, a crashed tcpdump process may disable the network monitoring system as a whole. The FreeBSD team who found these vulnerabilities also reported that tcpdump's portion of code that can decode AFS ACL (AFS=Andrew File System, a network filesystem, ACL=Access Control List) packets is vulnerable to a (remotely exploitable) buffer overrun attack that could allow a remote attacker to execute arbitrary commands as root since the tcpdump program usually requires root privileges to gain access to the raw network socket. The versions of tcpdump as shipped with SuSE distributions do not contain the AFS packet decoding capability and are therefore not vulnerable to this second form of attack. A temporary workaround for the tcpdump problems other than not using tcpdump in the first place does not exist. However, we provide update packages for the affected SuSE distributions. We recommend an upgrade using the packages that can be found using the URLs below. Note: Please note that there is only one source rpm package but two binary rpm packages. tcpdump*.rpm is the rpm for the tcpdump program, and libpcapn*.rpm is the packet capture library that is required by tcpdump at compile time. In order to remove the security vulnerability in tcpdump, it is necessary to update the tcpdump rpm package only. The libpcapn package with the static library is provided for consistency and compatibility because it will be generated if the binary packages are rebuilt from the source rpm. To check if your system has the vulnerable package installed, use the command `rpm -q <package name>Ž. If applicable, please choose the update package(s) for your distribution from the URLs listed below and download the necessary rpm files. Then, install the package using the command `rpm -Uhv file.rpmŽ. rpm packages have an internal md5 checksum that protects against file corruption. You can verify this checksum using the command (independently from the md5 signatures below) `rpm --checksig --nogpg file.rpm', The md5 sums under each package are to prove the package authenticity, independently from the md5 checksums in the rpm package format. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/libpcapn-0.4a6-279.i386.rpm f4e4a9231b695e1cf5eef0ad09871c34 ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/tcpdump-3.4a6-280.i386.rpm ba711cf2fab14218752603fa5a941721 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/tcpdump-3.4a6-280.src.rpm d4c5902c50d6a321e2c4ed665fcd1962 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/d1/libpcapn-0.4a6-279.i386.rpm a1030d64ca4ca86a08b6bee5dc9cff78 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/tcpdump-3.4a6-280.i386.rpm 12335bf0055c6a9b915044a95a544aaa source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/tcpdump-3.4a6-280.src.rpm dca26c3e5ef81f449cd43ab4d1f91b63 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/d1/libpcapn-0.4a6-279.i386.rpm 13c90044ed57792090163a33ffb69ecf ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/tcpdump-3.4a6-280.i386.rpm 646de6c14a2d4988d0c684a42b4eef58 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/tcpdump-3.4a6-280.src.rpm 46980acd95607d4a9c61ca0f75c33fc2 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/d1/libpcapn-0.4a6-279.i386.rpm d058e563ad10daf078f5909a6b8ff288 ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/tcpdump-3.4a6-280.i386.rpm f5209f1f1433b0a55676f29451a2ef1b source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/tcpdump-3.4a6-280.src.rpm cd34cd3feedbe0568d76dd9a406cec79 SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/d1/libpcapn-0.4a6-279.i386.rpm ef454e2d23e410be82aa9f0634bcc9dc ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/tcpdump-3.4a6-280.i386.rpm 9f6ebff316039421ee00121a0e8720fa source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/tcpdump-3.4a6-280.src.rpm d1148813da9610f940ecdbd462ab2541 SuSE-6.0 Please use the package for the SuSE-6.1 distribution. Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d1/libpcapn-0.4a6-279.sparc.rpm 412a7db34985555705d8d43f2853ae4e ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/tcpdump-3.4a6-280.sparc.rpm a177326150a65d78212cebba90b88201 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/tcpdump-3.4a6-280.src.rpm 49f1f0420dd84070dcd9a67452770e75 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/d1/libpcapn-0.4a6-279.alpha.rpm 096522f46ab70d92dda17b4ca33b4181 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/tcpdump-3.4a6-280.alpha.rpm 84ca9a93a2201f7046446ed07107cbbc source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/tcpdump-3.4a6-280.src.rpm 07ed654ad1693dca5fd433572b3689c9 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/d1/libpcapn-0.4a6-280.alpha.rpm 747c22bb722da5df7fe3cfc252bdc545 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/tcpdump-3.4a6-281.alpha.rpm dbe10ebc95a2371d01df729af265bdf6 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/tcpdump-3.4a6-281.src.rpm 8f6e48e693fc465c1f60b6cee944c27c PPC Power PC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d1/libpcapn-0.4a6-279.ppc.rpm 140b95ffb3be2c2915327d4798b16dd0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/tcpdump-3.4a6-280.ppc.rpm 7f71b4ac17e3ad2c071e712c137a7c28 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/tcpdump-3.4a6-280.src.rpm d9db0e99e91d8981efebafd6a539566f SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/d1/libpcapn-0.4a6-279.ppc.rpm ed8697842867cbb5457c03015c117131 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/tcpdump-3.4a6-280.ppc.rpm 782dc3faba33cf1b2d9e6ef95caf4107 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/tcpdump-3.4a6-280.src.rpm 318bf758753d9728f101de2101ad3227 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: Clarification: In my message (Subject: "SuSE: miscellaneous"), dated Wed, 15 Nov 2000, concerning the paragraph about runtime linking problems in gs (GhostScript) , I have stated that the problem will be fixed in future versions of the SuSE distribution. This does not touch the fact that we will of course provide fixes for the older distributions. - pine We're still working on the packages for the version 4.30 (stability problems). - ppp The ppp "deny_incoming" problem as announced by FreeBSD Security Advisory FreeBSD-SA-00:70.ppp-nat is FreeBSD specific and does not affect the SuSE distribution. - vixie cron Michal Zalewski <lcamtuf(a)TPI.PL> reported security problems in Paul Vixie's cron implementation that is commonly used in Linux distributions. Due to correct permissions on the directory /var/spool/cron, the SuSE cron package is not affected by the problem. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOhVREney5gA9JdPZAQHBPAf/fgUBBQa9WMGBv+IBYcbUjBAVC2Qa/kKI ZOFVgQPUtLrAk9052YBNbmsDaaUnvgVn09YllVig4fBRfTRm/tdfdq+3rYSGUgn2 NqCc/Om79SDM3TH5wF4VnrTT8bBznCr9u7sWEGFGAa83uuw5eMALXtHcwWqoM5E3 llIKx4mikIHKHPJGZY4+va5Bmn4Zjq1eLInVlkOa9LqsI1+YcLa/9GSsyYgZP3Px 4YnG8XdUwgd6/Nlp1cg6Do/icdH/XfPx/RfVRda8S/sI232ClFt9+PtZbJEDqA2p SGj5sm4f4h4e3Sn+tnRwKEexgV/84odnnFPeUzwFHXP8LKinZVakDA== =IV5+ -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: bind8 (SuSE-SA:2000:45)
by draht＠suse.de 16 Nov '00

16 Nov '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: bind8 Announcement-ID: SuSE-SA:2000:45 Date: Thursday, November 16th, 2000 16:00 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4 Vulnerability Type: remote denial of service Severity (1-10): 7 SuSE default package: no Other affected systems: all systems using bind, version 8.2.2 before patchlevel 7 Content of this advisory: 1) security vulnerability resolved: bind8 problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has been found vulnerable to two denial of service attacks: named may crash after a compressed zone transfer request (ZXFR) and if an SRV record (defined in RFC2782) is sent to the server. Administrators testing the ZXFR bug should be aware that it can take several seconds after the triggering the bug until the nameserver daemon crashes. SuSE versions 6.0 through 6.4 are affected by these two problems. The bind8 package in SuSE-7.0 is not affected because a different version of bind8 (8.2.3) was used in this distribution. By the release time of the SuSE-7.0 distribution our engineers have determined that the problems we had with stalling zone transfers under some obscure conditions were not present with the 8.2.3 release of the package. Administrators are strongly recommended to upgrade their bind8 package using the provided packages from the sources below. There is a temporary fix for the ZXFR problem (disable zone transfers) but none for the SRV record problem. For the latest information about security vulnerabilities in the bind name server consider the Internet Software Consortium bind security webpage at http://www.isc.org/products/BIND/bind-security.html . To check if your system has the vulnerable package installed, use the command `rpm -q <package name>Ž. If applicable, please choose the update package(s) for your distribution from the URLs listed below and download the necessary rpm files. Then, install the package using the command `rpm -Uhv file.rpmŽ. rpm packages have an internal md5 checksum that protects against file corruption. You can verify this checksum using the command (independently from the md5 signatures below) `rpm --checksig --nogpg file.rpm', The md5 sums under each package are to prove the package authenticity, independently from the md5 checksums in the rpm package format. i386 Intel Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/bind8-8.2.2-139.i386.rpm c6f2242efe722aaa4320010e00ddc080 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/bind8-8.2.2-139.src.rpm ecd26bdf60d7950585649bc638a1d812 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/bind8-8.2.2-139.i386.rpm d3f51528ad2120cd3dc6517c2bc26c0a source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/bind8-8.2.2-139.src.rpm 6f1b8c1227d4876389a28d416a952713 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/bind8-8.2.2-139.i386.rpm 4d8a9f4c6e041326929bbdae97c10105 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/bind8-8.2.2-139.src.rpm 83807820676d98687797ffff6f5b425c SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/bind8-8.2.2-139.i386.rpm 1694cf40b5fa41361749297c9cddbca4 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/bind8-8.2.2-139.src.rpm 8c5f727554e12a5aedb96de3db663518 SuSE-6.0 Please use the package from the 6.1 distribution. AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/bind8-8.2.2-139.alpha.rpm 51f61faaad78160fb3dcc68a8588c209 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/bind8-8.2.2-139.src.rpm f42c51962852f8ff14e2d6423de62aec SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/bind8-8.2.2-139.alpha.rpm 4d16cecb0da4f8ed6bff9c92655b9036 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/bind8-8.2.2-139.src.rpm d8c4d1d9f0a14249151aa9d9e25f1db8 SuSE-6.1 ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/bind8-8.2.2-139.alpha.rpm 6a4f5b18072cca93f9064fdc802e50fb source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/bind8-8.2.2-139.src.rpm a3eec237cc642739b5b6c6eea6d197c0 PPC Power PC Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/bind8-8.2.2-139.ppc.rpm 65e82b875e7f8ff7409062d502d56115 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/bind8-8.2.2-139.src.rpm fd2a6e2a29a80b997758d4245913ff51 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: A new security announcement follows this advisory. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Roman Drahtmüller. - - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOhP863ey5gA9JdPZAQGVSggAjgh+Kdg2Xc6xLGVRrI4DrNOJLKLf/Hvc /1+WxxMMGW8Pzhk46tk6lXnY8oHwM+/Y5bqrVCRZbO3kcxisfnDf/DoOK6G9aoSH pVazqG5TqGHxbya+rKR72x/u/yTgA3EuGvb3zNL2uudDSRY2lj6h9k0xXP3k+Hv2 hfyKCloWHvrKcJnphTsBu4oShr/j9yT8bAyDrW7MnS7u5th092b/3vXz/KJ6joZy HOsln5N8Ul1lHnFeVk+xhRkQbyV8SUUgXTASxM/iYVx2RnDyA0IXcnc3F+D3lSjD Iy+J6QOWmzhD46kGdov4RCqZihKiQ6LmwcZaaXVk+iMHxXAGtS4DWA== =AAo1 -----END PGP SIGNATURE-----

1 0

SuSE: miscellaneous
by draht＠suse.de 15 Nov '00

15 Nov '00

-----BEGIN PGP SIGNED MESSAGE----- SuSE: miscellaneous 15:30 MET, Wednesday, November 15 2000 This notice addresses the latest security advisories from various Linux vendors as well as private contributors on public security forums. The issues have been collected to keep the noise on the public security forums at a reduced level. The information herein should be considered both background as well as upgrade information (please read carefully). == Topics: 1) SuSE security staff 2) packages: gpg (update information) bind8 (status: update avail, announcement pending) pine (status: testing new version 4.30) dump (status: not vulnerable) phf (status: not vulnerable) gs (status: pending) global (status: building) crontab (status: not vulnerable) vlock (status: not vulnerable) tcpdump (status: update avail, testing) tcsh (status: update+announcement pending) modules (status: more updates for older distributions) == 1) SuSE security staff SuSE welcomes security professional Sebastian Krahmer <krahmer(a)suse.de> aboard the SuSE security team. His name has already been on top of the last SuSE security announcement about the security problems in the modules package. Enlarging the capacity of the security team, Sebastian will be busy fixing security problems, auditing code and maintaining security- related software. More security announcements from him will be seen in the future. 2) packages _________________________________________________________________________ * gpg GnuPG may erroneously recognize a file/mail to be correctly signed, if there are multiple signatures and the file/mail has been modified. This bug affects all GnuPG versions prior to and including 1.0.3. It has been fixed in version 1.0.4. Updated packages are available on our German ftp server (as well as its mirrors) for the SuSE distributions 6.3, 6.4 and 7.0. Please note that the gpg packages for the SuSE-7.0 distribution have an addon, called gpgaddon. It contains implementations of cipher algorythms that require licenses in many countries due to software patents. Those gpgaddon packages are not listed below. There will not be a security announcement for this package - the privacy risk for users of the old package is considerably small. You can update your installed packages using the command rpm -Uhv <URL-to-file> where <URL-to-file> is one of the following FTP URLs to chose from. Please use the SuSE Linux mirrors as listed at http://www.suse.de/de/support/download/ftp/inland.html . The md5sums for the files on the ftp server are: i386 Intel Platform SuSE-7.0 ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/gpg-1.0.4-7.i386.rpm d0b78231c127a6423c7ca46ec9618c00 source rpm: ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/gpg-1.0.4-7.src.rpm a613abc7691b49e0c67e8c7dc924e3b0 SuSE-6.4 ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/gpg-1.0.4-7.i386.rpm c5b9fbe25d8cb5db4f52638c0959294d source rpm: ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/gpg-1.0.4-7.src.rpm f9d351e1b86fbcfbcf0d23fae5739b20 SuSE-6.3 ftp://ftp.suse.de/pub/suse/i386/update/6.3/sec1/gpg-1.0.4-7.i386.rpm c5b9fbe25d8cb5db4f52638c0959294d source rpm: ftp://ftp.suse.de/pub/suse/i386/update/6.3/zq1/gpg-1.0.4-7.src.rpm f9d351e1b86fbcfbcf0d23fae5739b20 Sparc Platform SuSE-7.0 ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/gpg-1.0.4-5.sparc.rpm 335aa6315468d4dae5753a6d14809bdd source rpm: ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/gpg-1.0.4-5.src.rpm 796b6f901aee33aad5fd01dc874abe3c PPC Power PC platform SuSE-7.0 ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/gpg-1.0.4-7.ppc.rpm 302a7899783c9604a4ce962fcc627675 source rpm: ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/gpg-1.0.4-7.src.rpm 415be9ff92bcfd4a8f764207d412906d SuSE-6.4 ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/gpg-1.0.4-5.ppc.rpm 3566276b56ce13d6b977af91b5797ffc source rpm: ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/gpg-1.0.4-5.src.rpm 49b75a880656a11e99fcbad16673247e AXP Alpha Platform SuSE-7.0 ftp://ftp.suse.de/pub/suse/axp/update/7.0/sec1/gpg-1.0.4-12.alpha.rpm 8a504ad8957d455ead3ff22d6ba31626 source rpm: ftp://ftp.suse.de/pub/suse/axp/update/7.0/zq1/gpg-1.0.4-12.src.rpm 986675ccf38f88770c079281a4175618 SuSE-6.4 ftp://ftp.suse.de/pub/suse/axp/update/6.4/sec1/gpg-1.0.4-5.alpha.rpm 65f6662aea3ff8832ac932ca0a57c10b source rpm: ftp://ftp.suse.de/pub/suse/axp/update/6.4/zq1/gpg-1.0.4-5.src.rpm 1d3ff30fac336c8e314da9903d1ee1b9 _________________________________________________________________________ * bind8 BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has been found vulnerable to two denial of service attacks: named may crash after a compressed zone transfer request and if an SRV record (defined in RFC2782) is sent to the server. SuSE versions 6.0 through 6.4 are affected by this problem. The bind8 package in SuSE-7.0 is not susceptible to the problems because a different version of bind8 has been used in this distribution. A temporary workaround against the first error is to disable zone transfers if those are not needed (it is recommended for security reasons, and the default configuration in our package has zone transfers disabled.). Since the second bug can't be circumvented so easily, it is recommended to upgrade the bind8 package as soon as possible. Recognizing the urgency of this issue, the updated packages are on their way to the ftp server right now. An announcement covering the issue will follow this notice. _________________________________________________________________________ * pine The popular text-based mail user agent is vulnerable to a buffer overflow in the portion of code that periodically checks for the arrival of new mail. In addition, there is an error in the header parsing code which could lead to a crash of the mail program. The authors of pine (University of Washington, Seattle, see http://www.washington.edu/pine/credits.html) have published a new version of the pine package that should fix the known problems. During testing, several instabilities of the program have been observed so that we have delayed the release of the updated version. Additional patches are being tested right now so that the release of the new version 4.30 can be expected within days. _________________________________________________________________________ * dump The Linux implementation of the ext2fs backup utility "dump" can be tricked into running arbitrary commands as root in case it is installed setuid root. dump is not installed suid root in SuSE Linux releases 6.0 through (the most recent) 7.0 because there is no convincing reason to do so. Therefore, SuSE Linux is not vulnerable to this problem with the dump program. _________________________________________________________________________ * phf cgi program proton <proton(a)ENERGYMECH.NET> has discovered a buffer overflow that can lead the phf cgi program to execute arbitrary code with the privileges of the user that the webserver is running under. SuSE distributions contain a cgi program that is called phf, it is included in the thttpd package. Installed under /usr/local/httpd/htdocs/cgi-bin/phf, this program is a booby trap that logs attackers intending to exploit formerly known bugs of the phf program. By consequence, SuSE distributions are not vulnerable to the buffer overflow in the phf program. _________________________________________________________________________ * gs The Ghostscript program in SuSE distributions runtime-links against shared libraries in the current working directory if a shared library with the adequate name is present. The problem is created by exporting the environment variable LD_RUN_PATH at linking time during the package compile process. Later, at runtime linking, the runtime linker ld-linux.so.2 will try to open ./libc.so.6. If this fails, the linker will continue searching the usual paths to find the library. Basically, this means that users should call gs as well as all programs using gs (such as gv or ghostview) in a directory that is only writeable by the user calling gs. It is expected that more Linux distributions (other than SuSE Linux) and possibly commercial unix vendors as well are affected by this problem. In future versions of the SuSE Linux distribution, this problem will be fixed. _________________________________________________________________________ * global htags, one program within the global package, is a hypertext generator from C, Yacc and Java source code. The "-f" option generates a cgi script as an input form backend that is vulnerable to a simple remote attack if the script is executable by a webserver. Remote attackers can run arbitrary commands under the user privileges of the webserver. The global package is not installed per default, nor is the bug present in the "installed-only" state of the package. However, if you use the program and the "-f" option of htags, it is recommended to upgrade the package as soon as possible. We are working on the update packages. _________________________________________________________________________ * crontab A tmp file vulnerability has been found in various implementations of the crontab(1) command. SuSE Linux is not affected by this problem. _________________________________________________________________________ * vlock vlock is a terminal locking program for the Linux virtual system console. It has been reported by Bartlomiej Grzybicki <bgrzybicki(a)morliny.pl> that it is possible to crash a running vlock and thus giving access to a console without a password. However, the conditions under which the failure happens are not clear. SuSE distributions are not concerned because the vlock program is not included in the distribution. _________________________________________________________________________ * tcpdump Several buffer overflows have been found in the tcpdump program, a network analysis program, according to FreeBSD Security Advisory FreeBSD-SA-00:61.tcpdump. The vulnerability can be used to remotely crash a running tcpdump program. Since the version of tcpdump included in SuSE distributions is not capable of decoding AFS ACL packets, this particular part of the bugs does not concern SuSE Linux. Though, some intrusion detection systems rely on tcpdump's output so that a proper operation of the tcpdump program is crutial. There are updates packages available for download on our ftp server which fix the vulnerability. The security announcement is pending while we're still testing the packages. _________________________________________________________________________ * tcsh proton <proton(a)ENERGYMECH.NET> has found a temporary file vulnerability in the portion of code in the tcsh that handles redirects of the form cat << END_OF_TEXT foo bar END_OF_TEXT With this vulnerability in place, it is possible for an attacker to overwrite arbitrary files with the privileges of the user of tcsh. There is no fix for this problem other than an upgrade to a fixed version which will be available on our ftp server shortly. An advisory covering this matter will follow. _________________________________________________________________________ * modules/modutils Sebastian Krahmer <krahmer(a)suse.de> has issued a SuSE security announcement about the shell meta character expansion vulnerability in the modprobe program that is responsible for the automatic loading of kernel modules upon request. In addition to the update packages for the vulnerable versions of the SuSE distribution, we will provide updates for the older distributions (6.0-6.3) shortly, even though these distributions have not been found vulnerable to the modprobe problem. The rpm packages can be found at the usual location shortly. Regards, Roman Drahtmüller, SuSE Security. - -- - - | Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOhKcN3ey5gA9JdPZAQGW4QgAn6EDIQOe94u4xMc6u8z8yKv4eGaCQBk8 kCZ4l5kRizSO4z5NCc/oCChoi5ANuIIqRLG91cKixG0+4E69vgm140sSRicpfUtn oqP2ExAXLf13vgA+XmFCTnFcTG3TY7+XCiwvpdM2aU95iuPcM0TSuVTeLlkFJW6S Xkmt+58/111xFKrQ32UCOqgxsDIOV4b/Y5m+xi3XrubxdkW/eHjopZkutwXnFGVz 3rn1TEDOSRw6D41OdvWLRBQc6YdTYGdsUC4S5kMv3/Ti6/GQbjenxc3FKxWVPQaj nvGMCobk5pbi/AuarEupXsgybDZbMmA6wlr8ppUsrV80uIqLH+zmZg== =BjBa -----END PGP SIGNATURE-----

1 0

SuSE Security Announcement: modules
by krahmer＠suse.de 13 Nov '00

13 Nov '00

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: modules Announcement-ID: SuSE-SA:2000:44 Date: Monday, November 13th, 2000 10:00 MEST Affected SuSE versions: 6.4, 7.0 Vulnerability Type: local root compromise Severity (1-10): 8 SuSE default package: yes Other affected systems: many newer Linux distributions Content of this advisory: 1) security vulnerability resolved: modprobe shell metacharacter expansion problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The modules package is responsible for on-demand loading of kernel modules/drivers. The /sbin/modprobe command, when executed as a new task by the kernel-internal function request_module(), runs with the priviledges of the init process, usually root. Newer versions of the modprobe program contain a bug which allows local users to gain root priviledges. modprobe expands given arguments via /bin/echo and can easily be tricked into executing commands. In order for this bug to be exploitable, a setuid root program must be installed that can trigger the loading of modules (such as ping6). The fix for this bug consists of a change to modprobe which disables the expansion of arguments to modprobe via /bin/echo. A temporary workaround for this bug is to disable the automatic loading of modules in the running kernel by running the command (as root) /sbin/sysctl -w kernel.modprobe=/ or echo "/" > /proc/sys/kernel/modprobe Please note that this temporary workaround will have to be repeated after the next reboot to become effective again. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/modules-2.3.11-73.i386.rpm 9643216a1e0c147635ef62d894a9d7ad source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/modules.spm Due to a packaging error, the modules package source rpm is not available on our ftp servers yet. It will appear at the location above in very few hours. SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/modules-2.3.9-63.i386.rpm d3a95b93e549aae9a462e84d179efe45 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/modules.spm Due to a packaging error, the modules package source rpm is not available on our ftp servers yet. It will appear at the location above in very few hours. Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/modules-2.3.11-73.sparc.rpm c0ab9aab7a61cefdb2cade98c663d4e3 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/modules.spm Due to a packaging error, the modules package source rpm is not available on our ftp servers yet. It will appear at the location above in very few hours. AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/modules-2.3.9-63.alpha.rpm a88b84d7f3d79f2a47ff9e78681a0390 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/modules.spm Due to a packaging error, the modules package source rpm is not available on our ftp servers yet. It will appear at the location above in very few hours. PPC Power PC Platform: SuSE-7.0: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/modules-2.3.11-73.ppc.rpm ef09b5c6438a0de8e18653e0a60d9c4c source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/modules.spm Due to a packaging error, the modules package source rpm is not available on our ftp servers yet. It will appear at the location above in very few hours. SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/modules-2.3.9-63.ppc.rpm 27ba13500292c44969dd865f0c543c19 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/modules.spm Due to a packaging error, the modules package source rpm is not available on our ftp servers yet. It will appear at the location above in very few hours. ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: A seperate message is being prepared to address the currently ongoing security vulnerabilites. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== Regards, Sebastian Krahmer ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOg+vPXey5gA9JdPZAQFwXQf+LqkRkpXmx6QNnM6aihRsnBpElNC/6Ip5 to1SNRdg2GPKDIznbFLCOOhu0v4siIfpJs0nJEK2CNyZvV3iCL8RZlHasfJTD/6/ GTQtXAaxXHeEISfn/3Ouibf1WIjYDGC7mo444412feabOcZWhzG1p/11G1wgmU3T mWUMDWY5IgL/0Qz00ghC6tXnt3YQQtgw5hFzxfxyJ91zh74WbMcyRvU4hyfiBq3w uhGyU5gjkwWoGugWm3RfEByEtflah1yumfeuV6Fh3UF6dBRo878qM239ugxFQFYj vIT5Qp4lvg48Cn1BpxTNQTA74qOwBVzb4QqlSTGh+kwMNwiIjsRpCA== =/v2t -----END PGP SIGNATURE-----

1 0