[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SuSE security announcement



I note that Ralf Haferkamp (rhafer@suse.de) has already submitted a number of
reports to our ITS and they are all closed. Looking through the reports, it
looks like the fixes are in OpenLDAP 2.1 but not in 2.0.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Kurt
> D. Zeilenga
> Sent: Friday, December 20, 2002 10:04 AM
> To: Torsten Landschoff
> Cc: openldap-devel@OpenLDAP.org; krahmer@suse.de
> Subject: Re: SuSE security announcement
>
>
> Torsten,
>
> I assume that if SuSE (or anyone else for that matter)
> has found bugs in OpenLDAP Software which they would
> like us to investigate (and possibly incorporate fixes
> for) that they will report them to us (using the OpenLDAP
> Issue Tracking System <http://www.openldap.org/its/>)
> in due course.  As they are working with old versions
> of OpenLDAP Software, it make take some time for them
> (or us, if they ask us to) to verify if the bugs remain
> in the latest release.
>
> Kurt
>
> At 06:06 AM 12/20/2002, Torsten Landschoff wrote:
> >Hi *,
> >
> >Sorry I did not introduce myself before - I took over
> maintenance of the
> >OpenLDAP packages for the Debian distribution from Wichert Akkerman
> >some time ago.
> >
> >I'd like to ask what you think about the security announcement SuSE
> >released on Dec 6th regarding OpenLDAP (attached). I am currently
> >trying to apply the patches from that source package to the 2.0.27
> >package in Debian but I wonder if some statement of the OpenLDAP team
> >would be appropriate.
> >
> >Thanks and greetings
> >
> >        Torsten
> >Return-Path:
> <bugtraq-return-7543-torsten=debian.org@securityfocus.com>
> >Received: from localhost (localhost [127.0.0.1])
> >        by stargate.galaxy (8.12.6/8.12.6/Debian-6) with
> ESMTP id gB6G12UP021998
> >        for <torsten@localhost>; Fri, 6 Dec 2002 17:01:07 +0100
> >Received: from fwdallmx.t-online.com [194.25.134.25]
> >        by localhost with POP3 (fetchmail-5.9.11)
> >        for torsten@localhost (single-drop); Fri, 06 Dec
> 2002 17:01:07 +0100 (CET)
> >Received: from master.debian.org ([65.125.64.135]) by
> mailin03.sul.t-online.com
> >        with esmtp id 18KKjp-22tnKyc; Fri, 6 Dec 2002 16:50:01 +0100
> >Received: from outgoing3.securityfocus.com [205.206.231.27]
> >        by master.debian.org with esmtp (Exim 3.12 1 (Debian))
> >        id 18KKjo-0007Yt-00; Fri, 06 Dec 2002 09:50:00 -0600
> >Received: from lists.securityfocus.com
> (lists.securityfocus.com [205.206.231.19])
> >        by outgoing3.securityfocus.com (Postfix) with QMQP
> >        id 2B3AAA30E3; Fri,  6 Dec 2002 07:32:44 -0700 (MST)
> >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
> >Precedence: bulk
> >List-Id: <bugtraq.list-id.securityfocus.com>
> >List-Post: <mailto:bugtraq@securityfocus.com>
> >List-Help: <mailto:bugtraq-help@securityfocus.com>
> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
> >Delivered-To: mailing list bugtraq@securityfocus.com
> >Delivered-To: moderator for bugtraq@securityfocus.com
> >Received: (qmail 13287 invoked from network); 6 Dec 2002
> 10:59:44 -0000
> >X-Authentication-Warning: Euklid.suse.de: krahmer owned
> process doing -bs
> >Date: Fri, 6 Dec 2002 12:21:47 +0100 (MET)
> >From: Sebastian Krahmer <krahmer@suse.de>
> >To: <bugtraq@securityfocus.com>
> >Subject: SuSE Security Announcement: OpenLDAP2 (SuSE-SA:2002:047)
> >Message-ID:
> <ENOCOKE.draht.silence.01021206122114000014553-100000@suse>
> >MIME-Version: 1.0
> >Content-Type: TEXT/PLAIN; charset=US-ASCII
> >
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >_____________________________________________________________
> _________________
> >
> >                        SuSE Security Announcement
> >
> >        Package:                OpenLDAP2
> >        Announcement-ID:        SuSE-SA:2002:047
> >        Date:                   Fri Dec  6 11:11:11 MET 2002
> >        Affected products:      7.1, 7.2, 7.3, 8.0,
> >                                SuSE eMail Server III, 3.1,
> >                                SuSE Linux Connectivity Server,
> >                                SuSE Linux Enterprise Server 7,
> >                                SuSE Linux Office Server
> >        Vulnerability Type:     remote command execution
> >        Severity (1-10):        6
> >        SuSE default package:   no
> >        Cross References:       -
> >
> >    Content of this advisory:
> >        1) security vulnerability resolved: Buffer overflows
> in openldap2.
> >           problem description, discussion, solution and
> upgrade information
> >        2) pending vulnerabilities, solutions, workarounds:
> >            - traceroute-nanog
> >            - gnuplot
> >        3) standard appendix (further information)
> >
> >_____________________________________________________________
> _________________
> >
> >1)  problem description, brief discussion, solution, upgrade
> information
> >
> >    OpenLDAP is the Open Source implementation of the
> Lightweight Directory
> >    Access Protocol (LDAP) and is used in network
> environments for distributing
> >    certain information such as X.509 certificates or login
> information.
> >
> >    The SuSE Security Team reviewed critical parts of that
> package and found
> >    several buffer overflows and other bugs remote attackers
> could exploit
> >    to gain access on systems running vulnerable LDAP servers.
> >    In addition to these bugs, various local exploitable
> bugs within the
> >    OpenLDAP2 libraries (openldap2-devel package) have been fixed.
> >
> >    Since there is no workaround possible except shutting
> down the LDAP server,
> >    we strongly recommend an update.
> >
> >    Please download the update package for your distribution
> and verify its
> >    integrity by the methods listed in section 3) of this
> announcement.
> >    Then, install the package using the command "rpm -Fhv
> file.rpm" to apply
> >    the update.
> >    Our maintenance customers are being notified
> individually. The packages
> >    are being offered to install from the maintenance web.
> >
> >    To be sure the update takes effect you have to restart
> the LDAP server
> >    by executing the following command as root:
> >
> >        /etc/rc.d/ldap restart
> >
> >
> >    i386 Intel Platform:
> >
> >    SuSE-8.0:
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/openldap2-2.0.2
> 3-143.i386.rpm
> >      0facbec09078e1a849b629a335d25dcf
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/openldap2-devel
> -2.0.23-143.i386.rpm
> >      90b2aff137bd510930835b7a7cb7bc1e
> >    patch rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/openldap2-2.0.2
> 3-143.i386.patch.rpm
> >      aac122b6dda874c97d2e3f8e43a33897
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/openldap2-devel
> -2.0.23-143.i386.patch.rpm
> >      e032d25cd37167b956a41b45e7c1bc60
> >    source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/openldap2-2.0.
> 23-143.src.rpm
> >      773c24a1654055b692dbfe6c1ce436f2
> >
> >    SuSE-7.3:
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/openldap2-2.0.1
> 2-44.i386.rpm
> >      0c3078060330559ae49d67cdb0def908
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/openldap2-devel
> -2.0.12-44.i386.rpm
> >      4d09ba68655344abc273f7cb67fee482
> >    source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/openldap2-2.0.
> 12-44.src.rpm
> >      58706b1104fec0d6a6533e5f6decb8cd
> >
> >
> >    SuSE-7.2:
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/openldap2-2.0.1
> 1-67.i386.rpm
> >      28f575d89d8fbb9c269b158d12b599a6
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/openldap2-devel
> -2.0.11-67.i386.rpm
> >      7edf8a034f6de9ec15fd0d0e683e25e3
> >    source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openldap2-2.0.
> 11-67.src.rpm
> >      1aac2bc81f82065513845a0e923433bf
> >
> >    SuSE-7.1:
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/openldap2-2.0.1
> 1-66.i386.rpm
> >      901b6452a24470b5cf39223e4b4a611d
> >    source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/openldap2-2.0.
> 11-66.src.rpm
> >      d5d0a0a397f919b2f5d644c517dd56a5
> >
> >
> >    Sparc Platform:
> >
> >    SuSE-7.3:
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/openldap2-2.0.
> 12-27.sparc.rpm
> >      4639159e2de3a53115b4a7a918a79864
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/openldap2-deve
> l-2.0.12-27.sparc.rpm
> >      609773f10ce2ea8953f4fc8772f4af23
> >    source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/openldap2-2.0
> .12-27.src.rpm
> >      70758c3e7c36f10a53980eaeb6bddea3
> >
> >    AXP Alpha Platform:
> >
> >    SuSE-7.1:
> >
> ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/openldap2-2.0.11
> -30.alpha.rpm
> >      3d6bf0861070044c54ed52e8777192b6
> >    source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/openldap2-2.0.1
> 1-30.src.rpm
> >      3e0867844268b399d6ac2b9788d017f4
> >
> >
> >    PPC Power PC Platform:
> >
> >    SuSE-7.3:
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/openldap2-2.0.12
> -54.ppc.rpm
> >      fa2268bf1629c69db048371b67a1e177
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/openldap2-devel-
> 2.0.12-54.ppc.rpm
> >      e5f6ea2f05c6f5904834e8083ef8502b
> >    source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/openldap2-2.0.1
> 2-54.src.rpm
> >      5c88d479f0f54b6b933f11a63e8d0c42
> >
> >    SuSE-7.1:
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/openldap2-2.0.11
> -27.ppc.rpm
> >      b6630f01be5e342cba2167a1f69583bf
> >    source rpm(s):
> >
> ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/openldap2-2.0.1
> 1-27.src.rpm
> >      5664341323793814db38b162d4cf07dc
> >
> >_____________________________________________________________
> _________________
> >
> >2)  Pending vulnerabilities in SuSE Distributions and Workarounds:
> >
> >    - traceroute-nanog
> >    Due to recent postings on bugtraq@securityfocus.com new
> >    traceroute-nanog packages are currently being built and
> >    will be released as soon as possible.
> >
> >    - gnuplot
> >    An error in a patch for french documentation added by
> SuSE leads to a
> >    buffer overflow in gnuplot that can be exploited to gain root
> >    privileges by a local attacker. gnuplot is installed
> setuid root on
> >    SuSE Linux before (excluding) 8.0 to be able to display
> graphics with
> >    the SVGA library. We have provided update packages at the usual
> >    location that fix the vulnerability.
> >
> >_____________________________________________________________
> _________________
> >
> >3)  standard appendix: authenticity verification, additional
> information
> >
> >  - Package authenticity verification:
> >
> >    SuSE update packages are available on many mirror ftp
> servers all over
> >    the world. While this service is being considered
> valuable and important
> >    to the free and open source software community, many
> users wish to be
> >    sure about the origin of the package and its content
> before installing
> >    the package. There are two verification methods that can be used
> >    independently from each other to prove the authenticity
> of a downloaded
> >    file or rpm package:
> >    1) md5sums as provided in the (cryptographically signed)
> announcement.
> >    2) using the internal gpg signatures of the rpm package.
> >
> >    1) execute the command
> >        md5sum <name-of-the-file.rpm>
> >       after you downloaded the file from a SuSE ftp server
> or its mirrors.
> >       Then, compare the resulting md5sum with the one that
> is listed in the
> >       announcement. Since the announcement containing the
> checksums is
> >       cryptographically signed (usually using the key
> security@suse.de),
> >       the checksums show proof of the authenticity of the package.
> >       We disrecommend to subscribe to security lists which cause the
> >       email message containing the announcement to be
> modified so that
> >       the signature does not match after transport through
> the mailing
> >       list software.
> >       Downsides: You must be able to verify the authenticity of the
> >       announcement in the first place. If RPM packages are
> being rebuilt
> >       and a new version of a package is published on the
> ftp server, all
> >       md5 sums for the files are useless.
> >
> >    2) rpm package signatures provide an easy way to verify
> the authenticity
> >       of an rpm package. Use the command
> >        rpm -v --checksig <file.rpm>
> >       to verify the signature of the package, where
> <file.rpm> is the
> >       filename of the rpm package that you have downloaded.
> Of course,
> >       package authenticity verification can only target an
> un-installed rpm
> >       package file.
> >       Prerequisites:
> >        a) gpg is installed
> >        b) The package is signed using a certain key. The
> public part of this
> >           key must be installed by the gpg program in the directory
> >           ~/.gnupg/ under the user's home directory who performs the
> >           signature verification (usually root). You can
> import the key
> >           that is used by SuSE in rpm packages for SuSE
> Linux by saving
> >           this announcement to a file ("announcement.txt") and
> >           running the command (do "su -" to be root):
> >            gpg --batch; gpg < announcement.txt | gpg --import
> >           SuSE Linux distributions version 7.1 and
> thereafter install the
> >           key "build@suse.de" upon installation or upgrade,
> provided that
> >           the package gpg is installed. The file containing
> the public key
> >           is placed at the top-level directory of the first
> CD (pubring.gpg)
> >           and at
> ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
> >
> >
> >  - SuSE runs two security mailing lists to which any
> interested party may
> >    subscribe:
> >
> >    suse-security@suse.com
> >        -   general/linux/SuSE security discussion.
> >            All SuSE security announcements are sent to this list.
> >            To subscribe, send an email to
> >                <suse-security-subscribe@suse.com>.
> >
> >    suse-security-announce@suse.com
> >        -   SuSE's announce-only mailing list.
> >            Only SuSE's security announcements are sent to this list.
> >            To subscribe, send an email to
> >                <suse-security-announce-subscribe@suse.com>.
> >
> >    For general information or the frequently asked questions (faq)
> >    send mail to:
> >        <suse-security-info@suse.com> or
> >        <suse-security-faq@suse.com> respectively.
> >
> >
> =====================================================================
> >    SuSE's security contact is <security@suse.com> or
> <security@suse.de>.
> >    The <security@suse.de> public key is listed below.
> >
> =====================================================================
> >_____________________________________________________________
> _________________
> >
> >    The information in this advisory may be distributed or
> reproduced,
> >    provided that the advisory is not modified in any way.
> In particular,
> >    it is desired that the clear-text signature shows proof of the
> >    authenticity of the text.
> >    SuSE Linux AG makes no warranties of any kind whatsoever
> with respect
> >    to the information contained in this security advisory.
> >
> >Type Bits/KeyID    Date       User ID
> >pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
> >pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key
> <build@suse.de>
> >
> >- -----BEGIN PGP PUBLIC KEY BLOCK-----
> >Version: GnuPG v1.0.6 (GNU/Linux)
> >Comment: For info see http://www.gnupg.org
> >
> >mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
> >4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
> >M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
> >QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
> >XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
> >D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
> >G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
> >CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
> >myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
> >YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
> >wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
> >NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
> >QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
> >LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
> >XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
> >D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
> >0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
> >1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
> >cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
> >ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
> >AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
> >Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
> >HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
> >t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
> >tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
> >523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
> >2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
> >QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
> >JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
> >1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
> >ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
> >wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
> >EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
> >0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
> >CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
> >SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
> >omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
> >A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
> >/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
> >GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
> >ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
> >ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
> >RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
> >8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
> >B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
> >11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
> >8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
> >qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
> >WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
> >hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
> >BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
> >AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
> >RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
> >zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
> >/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
> >whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
> >D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
> >dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
> >RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
> >DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
> >=LRKC
> >- -----END PGP PUBLIC KEY BLOCK-----
> >
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: 2.6.3i
> >Charset: noconv
> >
> >iQEVAwUBPfCCO3ey5gA9JdPZAQFKnwf/SBJrd4TnicHAhWOGeb3+u0Utrwy7L8+I
> >O3c47WTGo9d4kCfuUeGiGNwOn7jjahuIGDOI9KaIXKnHhDASEhXE8XwYcYR/69Mx
> >+Qpbmr6MCOEyJZwPFr6Gz7y+ltA+oIT6mHwJ6Dfr1wres3DmuMJMuUXCivm9IIbK
> >RpOxjDU1qP/Azk7rAAXNdTOj8UsNdsjus0ujAV3yf/C+BZL49hSpRrUsR4g0W7Pu
> >gd/RPxx/b52nhVaPkZC1h6aJWgFM1+0WNqI2ROz/OA/bE+8uh8y5YYrt8gkjBQlb
> >qUFv94ZVLJR3mAYLN2FsV9PL+lMFZ8+CGDuQvFmIvVAsZn65EZ25yg==
> >=E/Cr
> >-----END PGP SIGNATURE-----
> >
> >--
> >~~
> >~~ perl self.pl
> >~~ $_='print"\$_=\47$_\47;eval"';eval
> >~~ krahmer@suse.de - SuSE Security Team
> >~~
> >
> >
>
>