[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 477/05 - Four Mandriva Linux Update Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 477/05 dated 27.06.05  Time: 14:30  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four Mandriva Linux Update Advisories:
1. MDKA-2005:032 - pam_ldap
2. MDKSA-2005:103 - sudo
3. MDSKA-2005:104 - squid
4. MDSKA-2005:105 - dbus

Detail
====== 

1. This package fixes a bug that prevents password changes via pam_ldap
 from succeeding when configured to use the password type "exop" (via a
 "pam_password exop" entry in /etc/ldap.conf or the configuration file
 provided as an option in the pam configuration file) against a server
 which doens't allow exop password changes which include the old
 password (such as OpenLDAP 2.1.x).

2. A race condition was discovered in sudo by Charles Morris.  This could
 lead to the escalation of privileges if /etc/sudoers allowed a user to
 execute selected programs that were then followed by another line
 containing the pseudo-command "ALL".  By creating symbolic links at a
 certain time, that user could execute arbitrary commands.

3. A bug was found in the way that Squid handles DNS replies.  If the
 port Squid uses for DNS requests is not protected by a firewall, it is
 possible for a remote attacker to spoof DNS replies, possibly
 redirecting a user to spoofed or malicious content.

4. Dan Reed discovered a vulnerability in the D-BUS system for sending
 messages between applications.  He found that a user can send and
 listen to messages on another user's per-user session bus if they
 knew the address of the socket.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                     Mandriva Linux Update Advisory
 _______________________________________________________________________

 Package name:           pam_ldap
 Advisory ID:            MDKA-2005:032
 Date:                   June 24th, 2005

 Affected versions:	 10.2
 ______________________________________________________________________

 Problem Description:

 This package fixes a bug that prevents password changes via pam_ldap
 from succeeding when configured to use the password type "exop" (via a
 "pam_password exop" entry in /etc/ldap.conf or the configuration file
 provided as an option in the pam configuration file) against a server
 which doens't allow exop password changes which include the old
 password (such as OpenLDAP 2.1.x).
 
 The update applies the changes made between pam_ldap versions 174 and
 175, and changes the behaviour for the "exop" password method to not
 send the old password. The behaviour that was exhibited by the original
 package may be obtained by changing the password method to
 "exop_send_old".
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.2:
 c434580c7d31b44c0e712cdf9fd6690a  10.2/RPMS/nss_ldap-220-5.1.102mdk.i586.rpm
 92b0d732b5209b43cc9c088da9af21b6  10.2/RPMS/pam_ldap-170-5.1.102mdk.i586.rpm
 587d1feabf37950cda4941244a7248a3  10.2/SRPMS/nss_ldap-220-5.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 4f4f259ce9be37455c446a437895279d  x86_64/10.2/RPMS/nss_ldap-220-5.1.102mdk.x86_64.rpm
 897aa0e1d77b673ba7d8d47c75a81224  x86_64/10.2/RPMS/pam_ldap-170-5.1.102mdk.x86_64.rpm
 587d1feabf37950cda4941244a7248a3  x86_64/10.2/SRPMS/nss_ldap-220-5.1.102mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCvHGpmqjQ0CJFipgRAlA9AJ0Smui/UQs7IqL8XfB9nWsgdbyYEwCfcwgG
U1R0k7Spn81aCH/Haotrp2s=
=OaGS
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           sudo
 Advisory ID:            MDKSA-2005:103
 Date:                   June 21st, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A race condition was discovered in sudo by Charles Morris.  This could
 lead to the escalation of privileges if /etc/sudoers allowed a user to
 execute selected programs that were then followed by another line
 containing the pseudo-command "ALL".  By creating symbolic links at a
 certain time, that user could execute arbitrary commands.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1993
  http://www.sudo.ws/sudo/alerts/path_race.html
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 0fdbddfa1ca2298a05261c77c2eb0b43  10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.i586.rpm
 523d0cfc297e81c3381d5df89078b3bc  10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 69b25ae195069271c0a037aaa1912722  amd64/10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.amd64.rpm
 523d0cfc297e81c3381d5df89078b3bc  amd64/10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 07e35abe22a51cbb66d8969cb6cd7738  10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.i586.rpm
 5d636e00903aa9f1e954b658754379f0  10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 3fe900becdac7248053415e5c37029ca  x86_64/10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.x86_64.rpm
 5d636e00903aa9f1e954b658754379f0  x86_64/10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 fa3d69895a19bd321666c565e9919cdb  10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.i586.rpm
 c9abd9d5ad76e4c5d8da20af10ba4601  10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 56cba44d316f3d1623f20a3e5c102721  x86_64/10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.x86_64.rpm
 c9abd9d5ad76e4c5d8da20af10ba4601  x86_64/10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm

 Corporate Server 2.1:
 0574ea8f264d1ac850bc7401da9dfd46  corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.i586.rpm
 7520cfd6be4d4d2ce87787ebf1dccca2  corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 e971d73a7bd06d23d40d102bf113af75  x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.x86_64.rpm
 7520cfd6be4d4d2ce87787ebf1dccca2  x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm

 Corporate 3.0:
 551c661042bae4c9da2fab38fcfbf08a  corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.i586.rpm
 ded9307a4c361548d164765a421e0f9e  corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 f392eecc2886cf8c73a4c27c3d86112d  x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.x86_64.rpm
 ded9307a4c361548d164765a421e0f9e  x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCuYFjmqjQ0CJFipgRAsEEAJ998YMjnujTKm3Eb33S2kXsYn8IYwCfRiSt
1BnR8aOEdr6qHyfN2LlMtlk=
=NTyJ
- -----END PGP SIGNATURE-----



3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           squid
 Advisory ID:            MDKSA-2005:104
 Date:                   June 24th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A bug was found in the way that Squid handles DNS replies.  If the
 port Squid uses for DNS requests is not protected by a firewall, it is
 possible for a remote attacker to spoof DNS replies, possibly
 redirecting a user to spoofed or malicious content.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1519
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 efa0ff6a4392d73c07f9dbc8c3b66438  10.1/RPMS/squid-2.5.STABLE9-1.2.101mdk.x86_64.rpm
 794a1ae90ec7094bdccdefefdfcb2d61  10.1/SRPMS/squid-2.5.STABLE9-1.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 efa0ff6a4392d73c07f9dbc8c3b66438  x86_64/10.1/RPMS/squid-2.5.STABLE9-1.2.101mdk.x86_64.rpm
 794a1ae90ec7094bdccdefefdfcb2d61  x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 73a8aa85012fef6a9c4f366c26bb1337  10.2/RPMS/squid-2.5.STABLE9-1.2.102mdk.i586.rpm
 ad7f452e1a09d1f8d1a6aa2345e25084  10.2/SRPMS/squid-2.5.STABLE9-1.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 eb149b54fcb1dca0c62c7dc255d6185d  x86_64/10.2/RPMS/squid-2.5.STABLE9-1.2.102mdk.x86_64.rpm
 ad7f452e1a09d1f8d1a6aa2345e25084  x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.2.102mdk.src.rpm

 Corporate Server 2.1:
 e0ed76fed0fec9bf6e70bf38c3b8fed0  corporate/2.1/RPMS/squid-2.4.STABLE7-2.7.C21mdk.i586.rpm
 fb62666cca753d0dee0fff76286c537b  corporate/2.1/SRPMS/squid-2.4.STABLE7-2.7.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 19347f85c069b33d30fb569674dc8580  x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.7.C21mdk.x86_64.rpm
 fb62666cca753d0dee0fff76286c537b  x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.7.C21mdk.src.rpm

 Corporate 3.0:
 bba66d7a12eeece71d20a0f1a98bcebd  corporate/3.0/RPMS/squid-2.5.STABLE9-1.2.C30mdk.i586.rpm
 7e1685cce7144065a952e2ee7905265b  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 494442194cc6259050d7ab80076bc6e3  x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.2.C30mdk.x86_64.rpm
 7e1685cce7144065a952e2ee7905265b  x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCvHKmmqjQ0CJFipgRAr4mAKCg2E9CnfRhx10mkDn2pCC3CBugEACgqpe7
fdIS/zhzwmGfSW4HPb/2Mg4=
=LKgO
- -----END PGP SIGNATURE-----



4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           dbus
 Advisory ID:            MDKSA-2005:105
 Date:                   June 24th, 2005

 Affected versions:	 10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Dan Reed discovered a vulnerability in the D-BUS system for sending
 messages between applications.  He found that a user can send and
 listen to messages on another user's per-user session bus if they
 knew the address of the socket.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0201
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 d5eb6d08b6a007fbd7a192628ba33c44  10.1/RPMS/dbus-0.22-3.1.101mdk.i586.rpm
 3e417b23c43db4e7473d647f104471a7  10.1/RPMS/dbus-python-0.22-3.1.101mdk.i586.rpm
 64f7ea9d74f62fdf0ee0ee6e109a3caf  10.1/RPMS/dbus-x11-0.22-3.1.101mdk.i586.rpm
 2c121bf2416362e4b611d0bda3abc737  10.1/RPMS/libdbus-1_0-0.22-3.1.101mdk.i586.rpm
 b05a0b9d6f04cb1903d2cd264ecb8590  10.1/RPMS/libdbus-1_0-devel-0.22-3.1.101mdk.i586.rpm
 5b7bb77f073cd51e642200191e5dc426  10.1/RPMS/libdbus-glib-1_0-0.22-3.1.101mdk.i586.rpm
 bf50565b2fc41f7e801c17d8e234d08d  10.1/RPMS/libdbus-qt-1_0-0.22-3.1.101mdk.i586.rpm
 7f2bb3ba2de7d91c1c67910ce22676ee  10.1/SRPMS/dbus-0.22-3.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c6dbe1230e55ae99059d42053674109f  x86_64/10.1/RPMS/dbus-0.22-3.1.101mdk.x86_64.rpm
 9e38bf83675eb40aa8078ab4d43aa3e4  x86_64/10.1/RPMS/dbus-python-0.22-3.1.101mdk.x86_64.rpm
 25366249b14a222d0ff41e748ae4964e  x86_64/10.1/RPMS/dbus-x11-0.22-3.1.101mdk.x86_64.rpm
 36df1060f8e0243024e3f216a89e413e  x86_64/10.1/RPMS/lib64dbus-1_0-0.22-3.1.101mdk.x86_64.rpm
 3f8484b68edbaeaeffdc520be0802be2  x86_64/10.1/RPMS/lib64dbus-1_0-devel-0.22-3.1.101mdk.x86_64.rpm
 1a093645499551ef0d21a5d45bfd3ce8  x86_64/10.1/RPMS/lib64dbus-glib-1_0-0.22-3.1.101mdk.x86_64.rpm
 3fd269c19dc1ec09b9f99088528c48e9  x86_64/10.1/RPMS/lib64dbus-qt-1_0-0.22-3.1.101mdk.x86_64.rpm
 7f2bb3ba2de7d91c1c67910ce22676ee  x86_64/10.1/SRPMS/dbus-0.22-3.1.101mdk.src.rpm

 Corporate 3.0:
 7c4b8579d8eecda85f872e9a2fc4d4a5  corporate/3.0/RPMS/dbus-0.20-7.1.C30mdk.i586.rpm
 2e15717b81ca73467c23ab50a0095dc2  corporate/3.0/RPMS/dbus-python-0.20-7.1.C30mdk.i586.rpm
 8dcdff915a80b7d431f3a0ceb217f6d3  corporate/3.0/RPMS/dbus-x11-0.20-7.1.C30mdk.i586.rpm
 b9977c3ae26550fbe72f396e4dfd9cfe  corporate/3.0/RPMS/libdbus-1_0-0.20-7.1.C30mdk.i586.rpm
 b3da28ccfa97ab3b93bcf9781bb1e4bc  corporate/3.0/RPMS/libdbus-1_0-devel-0.20-7.1.C30mdk.i586.rpm
 ee3ec88593d4905f0dd97cde0c9f658b  corporate/3.0/RPMS/libdbus-glib-1_0-0.20-7.1.C30mdk.i586.rpm
 14583f66f8d8f447e06a252513be73a5  corporate/3.0/RPMS/libdbus-qt-1_0-0.20-7.1.C30mdk.i586.rpm
 47cdf4af75570b82b0186e9bdca839f0  corporate/3.0/SRPMS/dbus-0.20-7.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 89bbcc00def4fbf81a4c1d66e157abaa  x86_64/corporate/3.0/RPMS/dbus-0.20-7.1.C30mdk.x86_64.rpm
 99c4eda1d977bc2ee1e4ae622ffa8a39  x86_64/corporate/3.0/RPMS/dbus-python-0.20-7.1.C30mdk.x86_64.rpm
 dc34492029f4eb3d8d5d607f10c607a1  x86_64/corporate/3.0/RPMS/dbus-x11-0.20-7.1.C30mdk.x86_64.rpm
 757173e4ee8c855e9c3bfa9318bd92bb  x86_64/corporate/3.0/RPMS/lib64dbus-1_0-0.20-7.1.C30mdk.x86_64.rpm
 3a088834b9f401be106c9c5de05a400c  x86_64/corporate/3.0/RPMS/lib64dbus-1_0-devel-0.20-7.1.C30mdk.x86_64.rpm
 88e751ac99d886fdf17b03c599192a4e  x86_64/corporate/3.0/RPMS/lib64dbus-glib-1_0-0.20-7.1.C30mdk.x86_64.rpm
 c54c001d0e5e6cdca42856d4130fe072  x86_64/corporate/3.0/RPMS/lib64dbus-qt-1_0-0.20-7.1.C30mdk.x86_64.rpm
 47cdf4af75570b82b0186e9bdca839f0  x86_64/corporate/3.0/SRPMS/dbus-0.20-7.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCvHQYmqjQ0CJFipgRAjuWAKDkXzhPQhPXrjw/nn1tCPamvmZSKwCgyg3V
sZGh0UWIIKP5FYw+0zNDn60=
=oSFw
- -----END PGP SIGNATURE-----



- -------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQr/+ropao72zK539AQFehQP/Vdjv7WNk+QyTDi1OflSLyJfX/yJvw5c8
7wu3qMArHv5ppIRT9aYZAxeDEZ2bPT+RhzLtTFsiq3F+W2o/f2+bMpca171jbBLl
nioGw88KgUMWfW8kthQRb4pAIeP3h05IrbdWmpa4wmW5YR4qDx/aAe7AqKkY0xh2
awYHWJx1cAQ=
=b5bF
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________