[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 279/04 - Four Red Hat Security advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 279/04 dated 10.06.04  Time: 14:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four Red Hat Security advisories:

1. RHSA-2004:233-01 - Updated cvs package fixes security issues.

2. RHSA-2004:234-01 - Updated Ethereal packages fix security issues.

3. RHSA-2004:236-01 - Updated krb5 packages available.
                      
4. RHSA-2004:242-01 - Updated squid package fixes security.
                   





Detail
====== 

1. An updated cvs package that fixes several server vulnerabilities, which could
be exploited by a malicious client, is now available.

2. Updated Ethereal packages that fix various security vulnerabilities are now available.

3. Updated Kerberos 5 (krb5) packages which correct buffer overflows in the 
krb5_aname_to_localname function are now available.

4. An updated squid package that fixes a security vulnerability in the NTLM authentication
helper is now available.



1.                   ESB-2004.0398 -- RHSA-2004:233-01
                 Updated cvs package fixes security issues
                               10 June 2004


Product:                cvs
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
                        Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Linux variants
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Existing Account
CVE Names:              CAN-2004-0414
                        CAN-2004-0416
                        CAN-2004-0417
                        CAN-2004-0418



- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated cvs package fixes security issues
Advisory ID:       RHSA-2004:233-01
Issue date:        2004-06-09
Updated on:        2004-06-09
Product:           Red Hat Enterprise Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2004:190
CVE Names:         CAN-2004-0414 CAN-2004-0416 CAN-2004-0417 CAN-2004-0418
- - - ---------------------------------------------------------------------

1. Topic:

An updated cvs package that fixes several server vulnerabilities, which could be exploited by a malicious client, is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

CVS is a version control system frequently used to manage source code repositories.

While investigating a previously fixed vulnerability, Derek Price discovered a flaw relating to malformed "Entry" lines which lead to a
missing NULL terminator.   The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0414 to this issue.

Stefan Esser and Sebastian Krahmer conducted an audit of CVS and fixed a number of issues that may have had security consequences.

Among the issues deemed likely to be exploitable were: 

- - - -- a double-free relating to the error_prog_name string (CAN-2004-0416)
- - - -- an argument integer overflow (CAN-2004-0417)
- - - -- out-of-bounds writes in serv_notify (CAN-2004-0418).

An attacker who has access to a CVS server may be able to execute arbitrary code under the UID on which the CVS server is executing. 

Users of CVS are advised to upgrade to this updated package, which contains backported patches correcting these issues.

Red Hat would like to thank Stefan Esser, Sebastian Krahmer, and Derek Price for auditing, disclosing, and providing patches for these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those RPMs which are currently installed will be updated.  Those RPMs which are not installed but included in the list will not be updated.  Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many people find this an easier way to apply updates.  To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate.  The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cvs-1.11.1p1-16.src.rpm

i386:
Available from Red Hat Network: cvs-1.11.1p1-16.i386.rpm

ia64:
Available from Red Hat Network: cvs-1.11.1p1-16.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cvs-1.11.1p1-16.src.rpm

ia64:
Available from Red Hat Network: cvs-1.11.1p1-16.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cvs-1.11.1p1-16.src.rpm

i386:
Available from Red Hat Network: cvs-1.11.1p1-16.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cvs-1.11.1p1-16.src.rpm

i386:
Available from Red Hat Network: cvs-1.11.1p1-16.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cvs-1.11.2-24.src.rpm

i386:
Available from Red Hat Network: cvs-1.11.2-24.i386.rpm

ia64:
Available from Red Hat Network: cvs-1.11.2-24.ia64.rpm

ppc:
Available from Red Hat Network: cvs-1.11.2-24.ppc.rpm

ppc64:
Available from Red Hat Network: cvs-1.11.2-24.ppc64.rpm

s390:
Available from Red Hat Network: cvs-1.11.2-24.s390.rpm

s390x:
Available from Red Hat Network: cvs-1.11.2-24.s390x.rpm

x86_64:
Available from Red Hat Network: cvs-1.11.2-24.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cvs-1.11.2-24.src.rpm

i386:
Available from Red Hat Network: cvs-1.11.2-24.i386.rpm

x86_64:
Available from Red Hat Network: cvs-1.11.2-24.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cvs-1.11.2-24.src.rpm

i386:
Available from Red Hat Network: cvs-1.11.2-24.i386.rpm

ia64:
Available from Red Hat Network: cvs-1.11.2-24.ia64.rpm

x86_64:
Available from Red Hat Network: cvs-1.11.2-24.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cvs-1.11.2-24.src.rpm

i386:
Available from Red Hat Network: cvs-1.11.2-24.i386.rpm

ia64:
Available from Red Hat Network: cvs-1.11.2-24.ia64.rpm

x86_64:
Available from Red Hat Network: cvs-1.11.2-24.x86_64.rpm



6. Verification:

MD5 sum                          Package Name
- - - --------------------------------------------------------------------------
6ab08aa7500b7a11765e368581003680 cvs-1.11.1p1-16.i386.rpm df21ca3d88391677f710ad351725fde0 cvs-1.11.1p1-16.ia64.rpm 93629ecea74e4699e208eaeaad1a0560 cvs-1.11.1p1-16.src.rpm 589b87ab2e0d96047d9ffe0b39cd9528 cvs-1.11.2-24.i386.rpm d4ad9ccfa0dabbf6b568e197a897f7d3 cvs-1.11.2-24.ia64.rpm ea79fbc05a95d97735a897f01770fdfd cvs-1.11.2-24.ppc.rpm 704dd6dd8be7e2ead353c5fd399d4cc8 cvs-1.11.2-24.ppc64.rpm 76caa8cb35ff6a082af8d3301e4866ca cvs-1.11.2-24.s390.rpm 8116f490790c1a393c51b72fead9d48f cvs-1.11.2-24.s390x.rpm 865473c922858a56e30eb9f9ee6f84ac cvs-1.11.2-24.src.rpm 6cb397fe4e7dcec66a7b8b4249f36176 cvs-1.11.2-24.x86_64.rpm


These packages are GPG signed by Red Hat for security.  Our key is available from https://www.redhat.com/security/team/key.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)




2.

                     ESB-2004.0395 -- RHSA-2004:234-01
               Updated Ethereal packages fix security issues
                               10 June 2004


Product:                Ethereal
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
                        Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Linux variants
Impact:                 Root Compromise
                        Execute Arbitrary Code/Commands
Access Required:        Remote
CVE Names:              CAN-2004-0504
                        CAN-2004-0505
                        CAN-2004-0506
                        CAN-2004-0507

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated Ethereal packages fix security issues
Advisory ID:       RHSA-2004:234-01
Issue date:        2004-06-09
Updated on:        2004-06-09
Product:           Red Hat Enterprise Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2004:136
CVE Names:         CAN-2004-0504 CAN-2004-0505 CAN-2004-0506
- - - ---------------------------------------------------------------------

1. Topic:

Updated Ethereal packages that fix various security vulnerabilities are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Ethereal is a program for monitoring network traffic.

The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a buffer overflow flaw.  On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0507 to this issue.

In addition, other flaws in Ethereal prior to 0.10.4 were found that could cause it to crash in response to carefully crafted SIP (CAN-2004-0504), AIM (CAN-2004-0505), or SPNEGO (CAN-2004-0506) packets.

Users of Ethereal should upgrade to these updated packages, which contain backported security patches that correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

Please note that this update is available via Red Hat Network.  To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

124534 - CAN-2004-0504/5/6/7 Ethereal 0.10.4 contains security fixes

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.3-0.AS21.3.src.rpm

i386:
Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.i386.rpm

ia64:
Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.3-0.AS21.3.src.rpm

ia64:
Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.3-0.AS21.3.src.rpm

i386:
Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.3-0.AS21.3.src.rpm

i386:
Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.3-0.30E.2.src.rpm

i386:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.i386.rpm

ia64:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.ia64.rpm

ppc:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.ppc.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.ppc.rpm

s390:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.s390.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.s390.rpm

s390x:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.s390x.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.s390x.rpm

x86_64:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.x86_64.rpm
Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.10.3-0.30E.2.src.rpm

i386:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.i386.rpm

x86_64:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.x86_64.rpm
Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.3-0.30E.2.src.rpm

i386:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.i386.rpm

ia64:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.ia64.rpm

x86_64:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.x86_64.rpm
Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.3-0.30E.2.src.rpm

i386:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.i386.rpm

ia64:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.ia64.rpm

x86_64:
Available from Red Hat Network: ethereal-0.10.3-0.30E.2.x86_64.rpm
Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm



7. Verification:

MD5 sum                          Package Name
- - - --------------------------------------------------------------------------
bc26d56d38b67cee8eb696b2641532a2 ethereal-0.10.3-0.30E.2.i386.rpm abe9d4c502d89bb7ee540d74944e3e0f ethereal-0.10.3-0.30E.2.ia64.rpm a7c42a68ba90ae710b95cb3b9d7fc10b ethereal-0.10.3-0.30E.2.ppc.rpm eef00db3dca81e8c0a0079f3a75680b1 ethereal-0.10.3-0.30E.2.s390.rpm ae3205be77a9968aed7a582df5c8c5dc ethereal-0.10.3-0.30E.2.s390x.rpm aff8a3b08676747794369e3e58f2ea80 ethereal-0.10.3-0.30E.2.src.rpm 53c5dde6961a131fa48a4f6c4073c698 ethereal-0.10.3-0.30E.2.x86_64.rpm
eb06703702fbc3ca1073f620b280b75f ethereal-0.10.3-0.AS21.3.i386.rpm f591951f3d3391664ce45e29f9178854 ethereal-0.10.3-0.AS21.3.ia64.rpm 564313a0070d564abd280755df800ff6 ethereal-0.10.3-0.AS21.3.src.rpm deed436ef34ec9020f55b5051fc1e8fb ethereal-gnome-0.10.3-0.30E.2.i386.rpm
eb425bc45595a8dc603359d8f767333f ethereal-gnome-0.10.3-0.30E.2.ia64.rpm
2c8dc2d7332a7da9eb1b7a27d767780f ethereal-gnome-0.10.3-0.30E.2.ppc.rpm
9c51eac8f13b5ab052e2f8cf50a98311 ethereal-gnome-0.10.3-0.30E.2.s390.rpm
bfeba7dc1c0acf7ac119a0004f496ef7 ethereal-gnome-0.10.3-0.30E.2.s390x.rpm
6c55ea08a93bee6967cf50e50cd1449f ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm
1ded561bd0d471d7161349968e85fdb0 ethereal-gnome-0.10.3-0.AS21.3.i386.rpm
e503f8f6a905ffe3e1be473d275c0742 ethereal-gnome-0.10.3-0.AS21.3.ia64.rpm


These packages are GPG signed by Red Hat for security.  Our key is available from https://www.redhat.com/security/team/key.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://www.ethereal.com/appnotes/enpa-sa-00014.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0506

9. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)






3.  
                     ESB-2004.0396 -- RHSA-2004:236-01
                      Updated krb5 packages available
                               10 June 2004


Product:                krb5
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
                        Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Linux variants
Impact:                 Root Compromise
Access Required:        Remote
CVE Names:              CAN-2004-0523

Ref:                    ESB-2004.0378

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated krb5 packages available
Advisory ID:       RHSA-2004:236-01
Issue date:        2004-06-09
Updated on:        2004-06-09
Product:           Red Hat Enterprise Linux
Keywords:          krb5 auth_to_local MITKRB5-SA-2004-001
Cross references:  
Obsoletes:         RHBA-2004:208
CVE Names:         CAN-2004-0523
- - - ---------------------------------------------------------------------

1. Topic:

Updated Kerberos 5 (krb5) packages which correct buffer overflows in the krb5_aname_to_localname function are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Kerberos is a network authentication system.

Bugs have been fixed in the krb5_aname_to_localname library function. Specifically, buffer overflows were possible for all Kerberos versions up to and including 1.3.3. The krb5_aname_to_localname function translates a Kerberos principal name to a local account name, typically a UNIX username. This function is frequently used when performing authorization checks.

If configured with mappings from particular Kerberos principals to particular UNIX user names, certain functions called by krb5_aname_to_localname will not properly check the lengths of buffers used to store portions of the principal name.  If configured to map principals to user names using rules, krb5_aname_to_localname would consistently write one byte past the end of a buffer allocated from the heap.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0523 to this issue.

Only configurations which enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname() are vulnerable. These configurations are not the default.

Users of Kerberos are advised to upgrade to these erratum packages which contain backported security patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those RPMs which are currently installed will be updated.  Those RPMs which are not installed but included in the list will not be updated.  Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many people find this an easier way to apply updates.  To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate.  The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

125001 - CAN-2004-0523 MIT Kerberos 5: buffer overflows in krb5_aname_to_localname

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/krb5-1.2.2-27.src.rpm

i386:
Available from Red Hat Network: krb5-devel-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-server-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.i386.rpm

ia64:
Available from Red Hat Network: krb5-devel-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-server-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/krb5-1.2.2-27.src.rpm

ia64:
Available from Red Hat Network: krb5-devel-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-server-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/krb5-1.2.2-27.src.rpm

i386:
Available from Red Hat Network: krb5-devel-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-server-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/krb5-1.2.2-27.src.rpm

i386:
Available from Red Hat Network: krb5-devel-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-server-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/krb5-1.2.7-24.src.rpm

i386:
Available from Red Hat Network: krb5-devel-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.i386.rpm

ia64:
Available from Red Hat Network: krb5-devel-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-server-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.ia64.rpm

ppc:
Available from Red Hat Network: krb5-devel-1.2.7-24.ppc.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.ppc.rpm Available from Red Hat Network: krb5-server-1.2.7-24.ppc.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.ppc.rpm

ppc64:
Available from Red Hat Network: krb5-libs-1.2.7-24.ppc64.rpm

s390:
Available from Red Hat Network: krb5-devel-1.2.7-24.s390.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.s390.rpm Available from Red Hat Network: krb5-server-1.2.7-24.s390.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.s390.rpm

s390x:
Available from Red Hat Network: krb5-devel-1.2.7-24.s390x.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.s390x.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.s390.rpm Available from Red Hat Network: krb5-server-1.2.7-24.s390x.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.s390x.rpm

x86_64:
Available from Red Hat Network: krb5-devel-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/krb5-1.2.7-24.src.rpm

i386:
Available from Red Hat Network: krb5-devel-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.i386.rpm

x86_64:
Available from Red Hat Network: krb5-devel-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/krb5-1.2.7-24.src.rpm

i386:
Available from Red Hat Network: krb5-devel-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.i386.rpm

ia64:
Available from Red Hat Network: krb5-devel-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-server-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.ia64.rpm

x86_64:
Available from Red Hat Network: krb5-devel-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/krb5-1.2.7-24.src.rpm

i386:
Available from Red Hat Network: krb5-devel-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.i386.rpm

ia64:
Available from Red Hat Network: krb5-devel-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-server-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.ia64.rpm

x86_64:
Available from Red Hat Network: krb5-devel-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.x86_64.rpm



7. Verification:

MD5 sum                          Package Name
- - - --------------------------------------------------------------------------
3d02725d161f02d01ff86ef7b7182183 krb5-1.2.2-27.src.rpm af63a6f3ffd39b302760c87fcad4266e krb5-1.2.7-24.src.rpm 3bc07d36495e716f02a27744853e2076 krb5-devel-1.2.2-27.i386.rpm 168a5eeb5037510af1fbb5ec62228466 krb5-devel-1.2.2-27.ia64.rpm 6d6afcdbf68274e0e17d1febc8b4cbbc krb5-devel-1.2.7-24.i386.rpm a5fb83189f17bce330979183c1adf258 krb5-devel-1.2.7-24.ia64.rpm a9b7d213f7063478841d3fbb81815812 krb5-devel-1.2.7-24.ppc.rpm 8f328bf8938322b57587819a3f28ff46 krb5-devel-1.2.7-24.s390.rpm 16acea014099bc8bc972e4c93190a202 krb5-devel-1.2.7-24.s390x.rpm 579783ee3caafeb629c76e1f17fb6b36 krb5-devel-1.2.7-24.x86_64.rpm 3f3d659e6a39aadf75b0d199a1785075 krb5-libs-1.2.2-27.i386.rpm e6d7cd9a27c55e3e764556595d6d9b3a krb5-libs-1.2.2-27.ia64.rpm 348a5fe692a60dd6fb53cf926ca1a67a krb5-libs-1.2.7-24.i386.rpm a836bc89fab21b87c2671a38376060c8 krb5-libs-1.2.7-24.ia64.rpm dc8412ef9ff911cb3c0203dda9757acd krb5-libs-1.2.7-24.ppc.rpm d5e94f1dd96b7b9adf0063d8bf3f6a68 krb5-libs-1.2.7-24.ppc64.rpm 3ebad1dba1ef6be35c42944ec0e3b374 krb5-libs-1.2.7-24.s390.rpm 4dadbf79a6f406bc219d8794c20f61e0 krb5-libs-1.2.7-24.s390x.rpm c61c3221a56d5603e6e4e1ec9ddaf380 krb5-libs-1.2.7-24.x86_64.rpm ef93cca932fb036e44fb3aeaf5f72a7a krb5-server-1.2.2-27.i386.rpm 5e756234b865a2a6539c29fe0baeab88 krb5-server-1.2.2-27.ia64.rpm 0f31a82ed0046a3fbe50bf1d4ac05948 krb5-server-1.2.7-24.i386.rpm f882e7d17c37f242afb32aaf7c34c0b9 krb5-server-1.2.7-24.ia64.rpm ee76eced813fce598c895c75743f1a34 krb5-server-1.2.7-24.ppc.rpm 23d8d0c047508e5598fd6417e461c61b krb5-server-1.2.7-24.s390.rpm 86c9d73665948640d90915f4665ae2b0 krb5-server-1.2.7-24.s390x.rpm e9cef6200f186a4118da041cf56fe6f7 krb5-server-1.2.7-24.x86_64.rpm 2a2743270d3fe988624d55a0e254f380 krb5-workstation-1.2.2-27.i386.rpm
fa5fdeef9726022e788d5ff02a9e2c49 krb5-workstation-1.2.2-27.ia64.rpm
54deedb77213b98088601db3c91c5136 krb5-workstation-1.2.7-24.i386.rpm
9e2b7bad03c8f0c4dbda226aad2edaa7 krb5-workstation-1.2.7-24.ia64.rpm
a8f191915064110e4f3c072f831aca0b krb5-workstation-1.2.7-24.ppc.rpm ff7ec2de33ee8084384be8ae53d285ab krb5-workstation-1.2.7-24.s390.rpm
83b35af5e4d0f049d88fd70d6b2693c4 krb5-workstation-1.2.7-24.s390x.rpm
750e1126b693966e4207546e2469e20b krb5-workstation-1.2.7-24.x86_64.rpm


These packages are GPG signed by Red Hat for security.  Our key is available from https://www.redhat.com/security/team/key.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523

9. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAxwixXlSAg2UNWIIRArTVAJ9Y70Y8DAsUtk5W6RuFvnLpaclVnACeJJGI
BRCn6CVrJgm7p8GD4rowae8=
=QT9H
- - -----END PGP SIGNATURE-----






4. 
                     ESB-2004.0397 -- RHSA-2004:242-01
                   Updated squid package fixes security
                               10 June 2004

Product:                squid
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Remote
CVE Names:              CAN-2004-0541

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated squid package fixes security vulnerability
Advisory ID:       RHSA-2004:242-01
Issue date:        2004-06-09
Updated on:        2004-06-09
Product:           Red Hat Enterprise Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2004:133
CVE Names:         CAN-2004-0541
- - - ---------------------------------------------------------------------

1. Topic:

An updated squid package that fixes a security vulnerability in the NTLM authentication helper is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Squid is a full-featured Web proxy cache.

A buffer overflow was found within the NTLM authentication helper routine.  If Squid is configured to use the NTLM authentication helper, 
a remote attacker could potentially execute arbitrary code by sending a lengthy password.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0541 to this issue.

Note: The NTLM authentication helper is not enabled by default in Red Hat Enterprise Linux 3.  Red Hat Enterprise Linux 2.1 is not vulnerable to this issue as it shipped with a version of Squid which did not contain the helper.  

Users of Squid should update to this errata package which contains a backported patch that is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those RPMs which are currently installed will be updated.  Those RPMs which are not installed but included in the list will not be updated.  Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many people find this an easier way to apply updates.  To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate.  The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

125507 - CAN-2004-0541 Squid NTLM authentication helper overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.src.rpm

i386:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.i386.rpm

ia64:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ia64.rpm

ppc:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ppc.rpm

ppc64:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ppc64.rpm

s390:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.s390.rpm

s390x:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.s390x.rpm

x86_64:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-6.3E.src.rpm

i386:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.i386.rpm

x86_64:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-6.3E.src.rpm

i386:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.i386.rpm

ia64:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ia64.rpm

x86_64:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.src.rpm

i386:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.i386.rpm

ia64:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ia64.rpm

x86_64:
Available from Red Hat Network: squid-2.5.STABLE3-6.3E.x86_64.rpm



7. Verification:

MD5 sum                          Package Name
- - - --------------------------------------------------------------------------
90890ecfae7b1ec7eed00f7c8aaef784 squid-2.5.STABLE3-6.3E.i386.rpm 4e92fc8d282ba0facf5351917eabc39a squid-2.5.STABLE3-6.3E.ia64.rpm 66d562d99fde548adb74b20496b7c7dd squid-2.5.STABLE3-6.3E.ppc.rpm d0dfd950a6b606482c612807b611dedf squid-2.5.STABLE3-6.3E.ppc64.rpm f95a05ab1ecc6d26283ad358b287f5b6 squid-2.5.STABLE3-6.3E.s390.rpm adad7b44a928f2faeea523c21affd678 squid-2.5.STABLE3-6.3E.s390x.rpm e94efd7bc32ae23263d64c84a1bf54d2 squid-2.5.STABLE3-6.3E.src.rpm 31fa3552c7b731b1d4a21d31fa2fcb93 squid-2.5.STABLE3-6.3E.x86_64.rpm


These packages are GPG signed by Red Hat for security.  Our key is available from https://www.redhat.com/security/team/key.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://www.idefense.com/application/poi/display?id=107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0541

9. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAxwjAXlSAg2UNWIIRAoe9AKCEMvnEAGZlA4A+iM6eNl8TgDY1dgCdGUZn
SpZ3IkvBhUIb0hunl/zI0i8=
=4sSL
- - -----END PGP SIGNATURE-----



For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQMhmrYpao72zK539AQEcCwP+MoRLXXzc54Nc7latMG2+Qw5msZwYpsfE
6S2yV78vkdYnio+RqeIQVpIOFl6Hh6ZOohmvVciLN4vUiotmu4zskFn6T0hUsin3
IUdpEiSQ9g8M4lV8jJbdKDOVqudu8LJOS1ywb+b2c3dDEpnJjehs1hlzuncjdOmJ
jCY4wLpCa6Y=
=thwW
-----END PGP SIGNATURE-----