[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SuSE security announcement
I note that Ralf Haferkamp (rhafer@suse.de) has already submitted a number of
reports to our ITS and they are all closed. Looking through the reports, it
looks like the fixes are in OpenLDAP 2.1 but not in 2.0.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Kurt
> D. Zeilenga
> Sent: Friday, December 20, 2002 10:04 AM
> To: Torsten Landschoff
> Cc: openldap-devel@OpenLDAP.org; krahmer@suse.de
> Subject: Re: SuSE security announcement
>
>
> Torsten,
>
> I assume that if SuSE (or anyone else for that matter)
> has found bugs in OpenLDAP Software which they would
> like us to investigate (and possibly incorporate fixes
> for) that they will report them to us (using the OpenLDAP
> Issue Tracking System <http://www.openldap.org/its/>)
> in due course. As they are working with old versions
> of OpenLDAP Software, it make take some time for them
> (or us, if they ask us to) to verify if the bugs remain
> in the latest release.
>
> Kurt
>
> At 06:06 AM 12/20/2002, Torsten Landschoff wrote:
> >Hi *,
> >
> >Sorry I did not introduce myself before - I took over
> maintenance of the
> >OpenLDAP packages for the Debian distribution from Wichert Akkerman
> >some time ago.
> >
> >I'd like to ask what you think about the security announcement SuSE
> >released on Dec 6th regarding OpenLDAP (attached). I am currently
> >trying to apply the patches from that source package to the 2.0.27
> >package in Debian but I wonder if some statement of the OpenLDAP team
> >would be appropriate.
> >
> >Thanks and greetings
> >
> > Torsten
> >Return-Path:
> <bugtraq-return-7543-torsten=debian.org@securityfocus.com>
> >Received: from localhost (localhost [127.0.0.1])
> > by stargate.galaxy (8.12.6/8.12.6/Debian-6) with
> ESMTP id gB6G12UP021998
> > for <torsten@localhost>; Fri, 6 Dec 2002 17:01:07 +0100
> >Received: from fwdallmx.t-online.com [194.25.134.25]
> > by localhost with POP3 (fetchmail-5.9.11)
> > for torsten@localhost (single-drop); Fri, 06 Dec
> 2002 17:01:07 +0100 (CET)
> >Received: from master.debian.org ([65.125.64.135]) by
> mailin03.sul.t-online.com
> > with esmtp id 18KKjp-22tnKyc; Fri, 6 Dec 2002 16:50:01 +0100
> >Received: from outgoing3.securityfocus.com [205.206.231.27]
> > by master.debian.org with esmtp (Exim 3.12 1 (Debian))
> > id 18KKjo-0007Yt-00; Fri, 06 Dec 2002 09:50:00 -0600
> >Received: from lists.securityfocus.com
> (lists.securityfocus.com [205.206.231.19])
> > by outgoing3.securityfocus.com (Postfix) with QMQP
> > id 2B3AAA30E3; Fri, 6 Dec 2002 07:32:44 -0700 (MST)
> >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
> >Precedence: bulk
> >List-Id: <bugtraq.list-id.securityfocus.com>
> >List-Post: <mailto:bugtraq@securityfocus.com>
> >List-Help: <mailto:bugtraq-help@securityfocus.com>
> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
> >Delivered-To: mailing list bugtraq@securityfocus.com
> >Delivered-To: moderator for bugtraq@securityfocus.com
> >Received: (qmail 13287 invoked from network); 6 Dec 2002
> 10:59:44 -0000
> >X-Authentication-Warning: Euklid.suse.de: krahmer owned
> process doing -bs
> >Date: Fri, 6 Dec 2002 12:21:47 +0100 (MET)
> >From: Sebastian Krahmer <krahmer@suse.de>
> >To: <bugtraq@securityfocus.com>
> >Subject: SuSE Security Announcement: OpenLDAP2 (SuSE-SA:2002:047)
> >Message-ID:
> <ENOCOKE.draht.silence.01021206122114000014553-100000@suse>
> >MIME-Version: 1.0
> >Content-Type: TEXT/PLAIN; charset=US-ASCII
> >
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >_____________________________________________________________
> _________________
> >
> > SuSE Security Announcement
> >
> > Package: OpenLDAP2
> > Announcement-ID: SuSE-SA:2002:047
> > Date: Fri Dec 6 11:11:11 MET 2002
> > Affected products: 7.1, 7.2, 7.3, 8.0,
> > SuSE eMail Server III, 3.1,
> > SuSE Linux Connectivity Server,
> > SuSE Linux Enterprise Server 7,
> > SuSE Linux Office Server
> > Vulnerability Type: remote command execution
> > Severity (1-10): 6
> > SuSE default package: no
> > Cross References: -
> >
> > Content of this advisory:
> > 1) security vulnerability resolved: Buffer overflows
> in openldap2.
> > problem description, discussion, solution and
> upgrade information
> > 2) pending vulnerabilities, solutions, workarounds:
> > - traceroute-nanog
> > - gnuplot
> > 3) standard appendix (further information)
> >
> >_____________________________________________________________
> _________________
> >
> >1) problem description, brief discussion, solution, upgrade
> information
> >
> > OpenLDAP is the Open Source implementation of the
> Lightweight Directory
> > Access Protocol (LDAP) and is used in network
> environments for distributing
> > certain information such as X.509 certificates or login
> information.
> >
> > The SuSE Security Team reviewed critical parts of that
> package and found
> > several buffer overflows and other bugs remote attackers
> could exploit
> > to gain access on systems running vulnerable LDAP servers.
> > In addition to these bugs, various local exploitable
> bugs within the
> > OpenLDAP2 libraries (openldap2-devel package) have been fixed.
> >
> > Since there is no workaround possible except shutting
> down the LDAP server,
> > we strongly recommend an update.
> >
> > Please download the update package for your distribution
> and verify its
> > integrity by the methods listed in section 3) of this
> announcement.
> > Then, install the package using the command "rpm -Fhv
> file.rpm" to apply
> > the update.
> > Our maintenance customers are being notified
> individually. The packages
> > are being offered to install from the maintenance web.
> >
> > To be sure the update takes effect you have to restart
> the LDAP server
> > by executing the following command as root:
> >
> > /etc/rc.d/ldap restart
> >
> >
> > i386 Intel Platform:
> >
> > SuSE-8.0:
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/openldap2-2.0.2
> 3-143.i386.rpm
> > 0facbec09078e1a849b629a335d25dcf
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/openldap2-devel
> -2.0.23-143.i386.rpm
> > 90b2aff137bd510930835b7a7cb7bc1e
> > patch rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/openldap2-2.0.2
> 3-143.i386.patch.rpm
> > aac122b6dda874c97d2e3f8e43a33897
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/openldap2-devel
> -2.0.23-143.i386.patch.rpm
> > e032d25cd37167b956a41b45e7c1bc60
> > source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/openldap2-2.0.
> 23-143.src.rpm
> > 773c24a1654055b692dbfe6c1ce436f2
> >
> > SuSE-7.3:
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/openldap2-2.0.1
> 2-44.i386.rpm
> > 0c3078060330559ae49d67cdb0def908
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/openldap2-devel
> -2.0.12-44.i386.rpm
> > 4d09ba68655344abc273f7cb67fee482
> > source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/openldap2-2.0.
> 12-44.src.rpm
> > 58706b1104fec0d6a6533e5f6decb8cd
> >
> >
> > SuSE-7.2:
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/openldap2-2.0.1
> 1-67.i386.rpm
> > 28f575d89d8fbb9c269b158d12b599a6
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/openldap2-devel
> -2.0.11-67.i386.rpm
> > 7edf8a034f6de9ec15fd0d0e683e25e3
> > source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openldap2-2.0.
> 11-67.src.rpm
> > 1aac2bc81f82065513845a0e923433bf
> >
> > SuSE-7.1:
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/openldap2-2.0.1
> 1-66.i386.rpm
> > 901b6452a24470b5cf39223e4b4a611d
> > source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/openldap2-2.0.
> 11-66.src.rpm
> > d5d0a0a397f919b2f5d644c517dd56a5
> >
> >
> > Sparc Platform:
> >
> > SuSE-7.3:
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/openldap2-2.0.
> 12-27.sparc.rpm
> > 4639159e2de3a53115b4a7a918a79864
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/openldap2-deve
> l-2.0.12-27.sparc.rpm
> > 609773f10ce2ea8953f4fc8772f4af23
> > source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/openldap2-2.0
> .12-27.src.rpm
> > 70758c3e7c36f10a53980eaeb6bddea3
> >
> > AXP Alpha Platform:
> >
> > SuSE-7.1:
> >
> ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/openldap2-2.0.11
> -30.alpha.rpm
> > 3d6bf0861070044c54ed52e8777192b6
> > source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/openldap2-2.0.1
> 1-30.src.rpm
> > 3e0867844268b399d6ac2b9788d017f4
> >
> >
> > PPC Power PC Platform:
> >
> > SuSE-7.3:
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/openldap2-2.0.12
> -54.ppc.rpm
> > fa2268bf1629c69db048371b67a1e177
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/openldap2-devel-
> 2.0.12-54.ppc.rpm
> > e5f6ea2f05c6f5904834e8083ef8502b
> > source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/openldap2-2.0.1
> 2-54.src.rpm
> > 5c88d479f0f54b6b933f11a63e8d0c42
> >
> > SuSE-7.1:
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/openldap2-2.0.11
> -27.ppc.rpm
> > b6630f01be5e342cba2167a1f69583bf
> > source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/openldap2-2.0.1
> 1-27.src.rpm
> > 5664341323793814db38b162d4cf07dc
> >
> >_____________________________________________________________
> _________________
> >
> >2) Pending vulnerabilities in SuSE Distributions and Workarounds:
> >
> > - traceroute-nanog
> > Due to recent postings on bugtraq@securityfocus.com new
> > traceroute-nanog packages are currently being built and
> > will be released as soon as possible.
> >
> > - gnuplot
> > An error in a patch for french documentation added by
> SuSE leads to a
> > buffer overflow in gnuplot that can be exploited to gain root
> > privileges by a local attacker. gnuplot is installed
> setuid root on
> > SuSE Linux before (excluding) 8.0 to be able to display
> graphics with
> > the SVGA library. We have provided update packages at the usual
> > location that fix the vulnerability.
> >
> >_____________________________________________________________
> _________________
> >
> >3) standard appendix: authenticity verification, additional
> information
> >
> > - Package authenticity verification:
> >
> > SuSE update packages are available on many mirror ftp
> servers all over
> > the world. While this service is being considered
> valuable and important
> > to the free and open source software community, many
> users wish to be
> > sure about the origin of the package and its content
> before installing
> > the package. There are two verification methods that can be used
> > independently from each other to prove the authenticity
> of a downloaded
> > file or rpm package:
> > 1) md5sums as provided in the (cryptographically signed)
> announcement.
> > 2) using the internal gpg signatures of the rpm package.
> >
> > 1) execute the command
> > md5sum <name-of-the-file.rpm>
> > after you downloaded the file from a SuSE ftp server
> or its mirrors.
> > Then, compare the resulting md5sum with the one that
> is listed in the
> > announcement. Since the announcement containing the
> checksums is
> > cryptographically signed (usually using the key
> security@suse.de),
> > the checksums show proof of the authenticity of the package.
> > We disrecommend to subscribe to security lists which cause the
> > email message containing the announcement to be
> modified so that
> > the signature does not match after transport through
> the mailing
> > list software.
> > Downsides: You must be able to verify the authenticity of the
> > announcement in the first place. If RPM packages are
> being rebuilt
> > and a new version of a package is published on the
> ftp server, all
> > md5 sums for the files are useless.
> >
> > 2) rpm package signatures provide an easy way to verify
> the authenticity
> > of an rpm package. Use the command
> > rpm -v --checksig <file.rpm>
> > to verify the signature of the package, where
> <file.rpm> is the
> > filename of the rpm package that you have downloaded.
> Of course,
> > package authenticity verification can only target an
> un-installed rpm
> > package file.
> > Prerequisites:
> > a) gpg is installed
> > b) The package is signed using a certain key. The
> public part of this
> > key must be installed by the gpg program in the directory
> > ~/.gnupg/ under the user's home directory who performs the
> > signature verification (usually root). You can
> import the key
> > that is used by SuSE in rpm packages for SuSE
> Linux by saving
> > this announcement to a file ("announcement.txt") and
> > running the command (do "su -" to be root):
> > gpg --batch; gpg < announcement.txt | gpg --import
> > SuSE Linux distributions version 7.1 and
> thereafter install the
> > key "build@suse.de" upon installation or upgrade,
> provided that
> > the package gpg is installed. The file containing
> the public key
> > is placed at the top-level directory of the first
> CD (pubring.gpg)
> > and at
> ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
> >
> >
> > - SuSE runs two security mailing lists to which any
> interested party may
> > subscribe:
> >
> > suse-security@suse.com
> > - general/linux/SuSE security discussion.
> > All SuSE security announcements are sent to this list.
> > To subscribe, send an email to
> > <suse-security-subscribe@suse.com>.
> >
> > suse-security-announce@suse.com
> > - SuSE's announce-only mailing list.
> > Only SuSE's security announcements are sent to this list.
> > To subscribe, send an email to
> > <suse-security-announce-subscribe@suse.com>.
> >
> > For general information or the frequently asked questions (faq)
> > send mail to:
> > <suse-security-info@suse.com> or
> > <suse-security-faq@suse.com> respectively.
> >
> >
> =====================================================================
> > SuSE's security contact is <security@suse.com> or
> <security@suse.de>.
> > The <security@suse.de> public key is listed below.
> >
> =====================================================================
> >_____________________________________________________________
> _________________
> >
> > The information in this advisory may be distributed or
> reproduced,
> > provided that the advisory is not modified in any way.
> In particular,
> > it is desired that the clear-text signature shows proof of the
> > authenticity of the text.
> > SuSE Linux AG makes no warranties of any kind whatsoever
> with respect
> > to the information contained in this security advisory.
> >
> >Type Bits/KeyID Date User ID
> >pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
> >pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key
> <build@suse.de>
> >
> >- -----BEGIN PGP PUBLIC KEY BLOCK-----
> >Version: GnuPG v1.0.6 (GNU/Linux)
> >Comment: For info see http://www.gnupg.org
> >
> >mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
> >4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
> >M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
> >QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
> >XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
> >D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
> >G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
> >CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
> >myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
> >YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
> >wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
> >NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
> >QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
> >LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
> >XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
> >D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
> >0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
> >1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
> >cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
> >ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
> >AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
> >Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
> >HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
> >t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
> >tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
> >523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
> >2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
> >QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
> >JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
> >1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
> >ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
> >wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
> >EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
> >0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
> >CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
> >SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
> >omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
> >A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
> >/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
> >GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
> >ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
> >ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
> >RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
> >8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
> >B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
> >11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
> >8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
> >qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
> >WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
> >hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
> >BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
> >AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
> >RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
> >zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
> >/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
> >whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
> >D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
> >dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
> >RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
> >DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
> >=LRKC
> >- -----END PGP PUBLIC KEY BLOCK-----
> >
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: 2.6.3i
> >Charset: noconv
> >
> >iQEVAwUBPfCCO3ey5gA9JdPZAQFKnwf/SBJrd4TnicHAhWOGeb3+u0Utrwy7L8+I
> >O3c47WTGo9d4kCfuUeGiGNwOn7jjahuIGDOI9KaIXKnHhDASEhXE8XwYcYR/69Mx
> >+Qpbmr6MCOEyJZwPFr6Gz7y+ltA+oIT6mHwJ6Dfr1wres3DmuMJMuUXCivm9IIbK
> >RpOxjDU1qP/Azk7rAAXNdTOj8UsNdsjus0ujAV3yf/C+BZL49hSpRrUsR4g0W7Pu
> >gd/RPxx/b52nhVaPkZC1h6aJWgFM1+0WNqI2ROz/OA/bE+8uh8y5YYrt8gkjBQlb
> >qUFv94ZVLJR3mAYLN2FsV9PL+lMFZ8+CGDuQvFmIvVAsZn65EZ25yg==
> >=E/Cr
> >-----END PGP SIGNATURE-----
> >
> >--
> >~~
> >~~ perl self.pl
> >~~ $_='print"\$_=\47$_\47;eval"';eval
> >~~ krahmer@suse.de - SuSE Security Team
> >~~
> >
> >
>
>