SuSE Security Announcement: glibc/shlibs, in.ftpd (SuSE-SA:2001:046)

From: Roman Drahtmueller (draht@suse.de)
Date: 12/24/01


Date: Mon, 24 Dec 2001 19:18:39 +0100 (MET)
From: Roman Drahtmueller <draht@suse.de>
To: bugtraq@securityfocus.com


-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SuSE Security Announcement

        Package: glibc/shlibs, in.ftpd
        Announcement-ID: SuSE-SA:2001:046
        Date: Monday, Dec 24th 2001 19:00 MET
        Affected SuSE versions: (6.3), 6.4, 7.0, 7.1, 7.2, 7.3
        Vulnerability Type: remote privilege escalation
        Severity (1-10): 8
        SuSE default package: yes
        Other affected systems: Most Linux systems

    Content of this advisory:
        1) security vulnerability resolved: glibc/shlibs
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion, solution, upgrade information

    This security announcement obsoletes SuSE-SA:2001:001 about glibc (shlibs).

    The file globbing (matching filenames against patterns such as "*.bak")
    routines in the glibc exhibits an error that results in a heap corruption
    and that may allow a remote attacker to execute arbitrary commands from
    processes that take globbing strings from user input.
    Tom Parker, Global InterSec LLC, addressed SuSE Security and illustrated
    an attack scenario against the BSD-derived ftp daemon that is installed
    as /usr/sbin/in.ftpd in SuSE Linux distributions. The said in.ftpd should
    not be confused with the Washington University ftp daemon (wu-ftpd) that
    comes installed as /usr/sbin/wu.ftpd in SuSE Linux and uses its own
    globbing functions.

    Since the attack against in.ftpd is based on a heap corruption in glibc,
    the proper solution for the error is to exchange the responsible code in
    the glibc globbing functions. It should be expected that other network
    service daemons that accept user-supplied globbing strings such as rsyncd
    can be exploited with this glibc globbing error. There is no satisfactory
    workaround against the problem other than updating the glibc libraries
    with a fixed version. We provide update packages for this purpose.

    Users of the SuSE Linux 6.3 distribution should upgrade their systems
    to a newer product since security update support for SuSE Linux 6.3
    has been discontinued two years after the release.

    Notes, Special installation instructions:

      * If you use YOU (Yast2 Online Update), the necessary update packages
        will be selected automatically. Please consider reading the
        PRECAUTIONS and the AFTERCARE paragraph below. A standalone desktop
        installation should not face any problems with the update as long
        as the system is not loaded during the update process.

      * The glibc package consists of one source RPM package and multiple
        binary RPM (sub-) packages. In order to resolve the errors in the
        globbing functions, the source RPM package as well as the
        documentation subpackages do not need to be installed. In fact,
        you only need to install the updates for packages that you have
        installed already on your system.
        The different subpackages contain:
         ++ shared libraries
          + static libraries and header files
          + profiling and debugging versions of glibc
          - timezone description files (package timezone)
          - internationalization files (i18n)
          - two documentation packages
        The packages marked with "+" are necessary to update if they are
        installed on your system. The source RPM does not need to be installed
        unless you want to compile your own glibc binaries.

      * The names of both the source RPM as well as the binary RPM (sub-)
        packages have changed between different SuSE Linux distributions.
        Overview:
        dist | source-RPM | shared libs | static libs,header| profiling
       -----------------------------------------------------------------------
        6.4,7.0 libc shlibs libc libd
        7.1,7.2,7.3 glibc glibc glibc-devel glibc-profile

        Find out which of the four packages are installed on your system
        according to the package names in the table. Use the command
            rpm -q name_of_package
        to query the package database for each name.
        If you have your package list, download the packages that you need
        from the URLs as listed below. Verify their integrity and authenticity
        following the guidelines as described in section 3) of this security
        announcement.

      * PRECAUTIONS
        The shared libraries package of the glibc is the most sensitive
        part of a running Linux system, and modifications to it should be
        handled with special care. During the update of the shlibs/glibc
        package, runtime-linking the shared libraries is likely to fail for
        processes that execute a new binary with the execve(2) system call.
        Therefore, we recommend to bring a system to single user mode
        ("init S") to perform the package update. If this is not applicable
        for operational reasons, a system receiving the update should be kept
        as quiet as possible (no shell scripts of any kind, no cron jobs, no
        incoming email).

      * Update the shared libraries package first using the command
            rpm -Uhv <name-of-package.rpm>
        The execution of this command must not be interrupted!
        Then use the same command ("rpm -Uhv ...") to update the other
        packages. The update of these packages is not critical.

      * AFTERCARE
        After performing the update, you should run the following command
        on your system:
            /sbin/ldconfig
        ldconfig will rebuild the runtime linker cache. If you use YOU
        (Yast2 Online Update), the ldconfig command will be executed
        automatically at the end of the update.

        The shared libraries that were installed on the system before the
        update have been removed from the filesystem, but they are still
        in use by the running applications. Therefore, the diskspace as well
        as the memory will not be freed until the last process that uses
        these files exits. We recommend to reboot the system to workaround
        this problem.

    i386 Intel Platform:

    SuSE-7.3
    ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/glibc-2.2.4-64.i386.rpm
      ab4f2c0a14df2fc904a77e3093ab64c1
    ftp://ftp.suse.com/pub/suse/i386/update/7.3/d1/glibc-devel-2.2.4-64.i386.rpm
      30fecdf4a05cdbb563f89544d83d3832
    ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/glibc-profile-2.2.4-64.i386.rpm
      170136831b255f9fb4f7626bb0db118c
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/glibc-2.2.4-64.src.rpm
      0e9042c4513fdab17574fcfa00d85a49

    SuSE-7.2
    ftp://ftp.suse.com/pub/suse/i386/update/7.2/a1/glibc-2.2.2-60.i386.rpm
      7f6986a143c394217e8c25d7a337213b
    ftp://ftp.suse.com/pub/suse/i386/update/7.2/d1/glibc-devel-2.2.2-60.i386.rpm
      ec20c83a27d82909bf244260ce7a5918
    ftp://ftp.suse.com/pub/suse/i386/update/7.2/d2/glibc-profile-2.2.2-60.i386.rpm
      39663b28aa3460b3496543f1fc38bbb8
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/glibc-2.2.2-60.src.rpm
      cdb94c3f69df860a331fcd767464d958

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/a1/glibc-2.2-17.i386.rpm
      bfe1b48b0f74b8ebe4887de7f433581d
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/d1/glibc-devel-2.2-17.i386.rpm
      84e3b7aef3d13dda8e938a2d0be2a6a8
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/d2/glibc-profile-2.2-17.i386.rpm
      b4260429e50687c3ec45c330f565aa3d
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/glibc-2.2-17.src.rpm
      8060cd3ce8a70f2e7fbd646586e1ea55

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/shlibs-2.1.3-202.i386.rpm
      c5e373b55d91ce4611548cace59015f1
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/libc-2.1.3-202.i386.rpm
      94e0ef7bcb2b1d12e35b2ecf4106e2a3
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/d2/libd-2.1.3-202.i386.rpm
      27b725ec3b2f47609222dabe34798d6e
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/libc-2.1.3-202.src.rpm
      be466007d22952ae08809e4a13cf7f74

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/shlibs-2.1.3-204.i386.rpm
      9539d8a62365de6007fc6644ad41cfa6
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/d1/libc-2.1.3-204.i386.rpm
      526f3261e684ecc94f7a3e5447cb47fa
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/d2/libd-2.1.3-204.i386.rpm
      ac0d6067cff50b0b63ca3905a1c5728f
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/libc-2.1.3-204.src.rpm
      0a0332bac56a42898b6e38caeaf8898b

    Sparc Platform:

    SuSE-7.3
    ftp://ftp.suse.com/pub/suse/sparc/update/7.3/a1/glibc-2.2.4-34.sparc.rpm
      ec7a28d3ecd776b855f658bfb5c5c906
    ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d1/glibc-devel-2.2.4-34.sparc.rpm
      c1b948813f902d357733bc05a844c991
    ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d2/glibc-profile-2.2.4-34.sparc.rpm
      5c97f462e33a4d95ba740b82f57dde0c
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/glibc-2.2.4-34.src.rpm
      1346299f187ceeaef241dbf45ff49f51

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/a1/glibc-2.2-18.sparc.rpm
      7562d1fce096b8b28205f1d35d7c127a
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/d1/glibc-devel-2.2-18.sparc.rpm
      49930f964d3e0269a1cd8d94c1989bc0
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/d2/glibc-profile-2.2-18.sparc.rpm
      0f5e8c3b667e0809213b3f54f1e50b13
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/glibc-2.2-18.src.rpm
      c836663dd27b4ff476a12b1a8c0c9f90

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/shlibs-2.1.3-160.sparc.rpm
      f2af7ef92554c60bd5a872de208d8b6f
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d1/libc-2.1.3-160.sparc.rpm
      7bdb705c7ebd03f4adce09a6809892c2
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d2/libd-2.1.3-160.sparc.rpm
      2b3306cb460f478db3429e23f823b995
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/libc-2.1.3-160.src.rpm
      a64566e9fd63300019cfeef8f29f4818

    AXP Alpha Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/axp/update/7.1/a1/glibc-2.2-26.alpha.rpm
      6c859b49dfd1bfcb6a3c641b684d043b
    ftp://ftp.suse.com/pub/suse/axp/update/7.1/d1/glibc-devel-2.2-26.alpha.rpm
      650adc9694f047966d66ced86a4242b6
    ftp://ftp.suse.com/pub/suse/axp/update/7.1/d2/glibc-profile-2.2-26.alpha.rpm
      c6b9e63c4cbfeb4319259ef69588d8ed
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/glibc-2.2-26.src.rpm
      c793e9da8291e45b9323c4fa4e85de67

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/shlibs-2.1.3-203.alpha.rpm
      28e5a26227efba257f0c5aa81ecff74f
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/d1/libc-2.1.3-203.alpha.rpm
      64ccdf133939fca4f47082c5092b348f
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/d2/libd-2.1.3-203.alpha.rpm
      471b1a63ebdfcc9df3cf71423ac51b78
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/libc-2.1.3-203.src.rpm
      08e3ef5b96cdd2a647bfd4db7a2cb55f

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/shlibs-2.1.3-204.alpha.rpm
      798f75dbfb95b6917f79ed26c48de2fe
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/d1/libc-2.1.3-204.alpha.rpm
      0851f8afd4cf6316263128f406af1df3
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/d2/libd-2.1.3-204.alpha.rpm
      95b0e06e0328d3a4422b9139c5955cc5
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/libc-2.1.3-204.src.rpm
      d52cf0e58f6f8f9ef0749b2c0fca534a

    PPC Power PC Platform:

    SuSE-7.3
    The update packages are delayed and are currently being built. They
    will be available shortly at the same locations as the 7.1 packages,
    with the 7.3 path segment, respectively.

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/a1/glibc-2.2-25.ppc.rpm
      298ad3b4eaf87f3656e096d5eb4f4a4d
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/d1/glibc-devel-2.2-25.ppc.rpm
      6f31f5f7b055485f65e7c81ebf8f9d64
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/d2/glibc-profile-2.2-25.ppc.rpm
      26d70564073e77a610562acf5ae27f1f
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/glibc-2.2-25.src.rpm
      b76a1624d9be6dbb63ceb8803a5ed07f

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/shlibs-2.1.3-198.ppc.rpm
      472cb2d66abdfb2a523ba57e15613f04
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d1/libc-2.1.3-198.ppc.rpm
      37e62fe7376e6f66defc6897abcae74d
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d2/libd-2.1.3-198.ppc.rpm
      6e8b150fddc5ea7ab8799b021cb20311
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/libc-2.1.3-198.src.rpm
      b7b73eeb4c091302fff48284f6894d9b

    SuSE-6.4
    The update packages are delayed and are currently being built. They
    will be available shortly at the same locations as the 7.0 packages,
    with the 6.4 path segment, respectively.

______________________________________________________________________________

2) Pending vulnerabilities in SuSE Distributions and Workarounds:

    - /bin/login vulnerabilities
    A buffer overflow vulnerability has been reported for System V derived
    implementations of the login program while it copies environment variables
    from the login prompt to the user's future environment. SuSE Linux
    distributions are unaffected by this problem. The login programs in
    SuSE Linux distributions before and including SuSE Linux 6.1 contain
    the environment copying feature. Versions shipped after (and including)
    SuSE Linux 6.2 use PAM (Pluggable Authentication Module) routines for
    logini- and password prompting. The PAM routines do not support
    environment passing.

______________________________________________________________________________

3) standard appendix: authenticity verification, additional information

  - Package authenticity verification:

    SuSE update packages are available on many mirror ftp servers all over
    the world. While this service is being considered valuable and important
    to the free and open source software community, many users wish to be
    sure about the origin of the package and its content before installing
    the package. There are two verification methods that can be used
    independently from each other to prove the authenticity of a downloaded
    file or rpm package:
    1) md5sums as provided in the (cryptographically signed) announcement.
    2) using the internal gpg signatures of the rpm package.

    1) execute the command
        md5sum <name-of-the-file.rpm>
       after you downloaded the file from a SuSE ftp server or its mirrors.
       Then, compare the resulting md5sum with the one that is listed in the
       announcement. Since the announcement containing the checksums is
       cryptographically signed (usually using the key security@suse.de),
       the checksums show proof of the authenticity of the package.
       We disrecommend to subscribe to security lists which cause the
       email message containing the announcement to be modified so that
       the signature does not match after transport through the mailing
       list software.
       Downsides: You must be able to verify the authenticity of the
       announcement in the first place. If RPM packages are being rebuilt
       and a new version of a package is published on the ftp server, all
       md5 sums for the files are useless.

    2) rpm package signatures provide an easy way to verify the authenticity
       of an rpm package. Use the command
        rpm -v --checksig <file.rpm>
       to verify the signature of the package, where <file.rpm> is the
       filename of the rpm package that you have downloaded. Of course,
       package authenticity verification can only target an uninstalled rpm
       package file.
       Prerequisites:
        a) gpg is installed
        b) The package is signed using a certain key. The public part of this
           key must be installed by the gpg program in the directory
           ~/.gnupg/ under the user's home directory who performs the
           signature verification (usually root). You can import the key
           that is used by SuSE in rpm packages for SuSE Linux by saving
           this announcement to a file ("announcement.txt") and
           running the command (do "su -" to be root):
            gpg --batch; gpg < announcement.txt | gpg --import
           SuSE Linux distributions version 7.1 and thereafter install the
           key "build@suse.de" upon installation or upgrade, provided that
           the package gpg is installed. The file containing the public key
           is placed at the toplevel directory of the first CD (pubring.gpg)
           and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .

  - SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        - general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        - SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    =====================================================================
    SuSE's security contact is <security@suse.com> or <security@suse.de>.
    The <security@suse.de> public key is listed below.
    =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way. In particular,
    it is desired that the cleartext signature shows proof of the
    authenticity of the text.
    SuSE GmbH makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CpkBogQ57vSBEQQAk/GN+ftr7+DBlSoixDDpfRnUk+jApGEt8hCnrnjV
nPs/9Cr33+CXLQbILOO7Y5oiPbJdHh45t4E0fKyLVzDerCRFB1swz/mNDxT26DLy
sdBV5fwNHTPhxa67goAZVrehQPqJEckkIpYriOaYcKpF3n5fQIZMEfMaHEElQhcX
ML8AoJVXDkJYh7vI8EUB8ZURNLZMEECNA/sH0MCnb4Q6ZcRyeZ3+1PHP8hP73b6T
epRdLZhaylwVF/iu7uIn62ZUL4//NTOCDY7V63qg4iba/fUbOsWtEnGaiE7mQuAl
sSWvRspwRA9/g9rdVf3/JdLJrLmKBTheyG+PSJE3W7cAE4ZWafGxIRCwXhmj3TQn
Jn2euqylHRubEQP/aL53NZK0kBdvrKgff6O8Of6tqoss8Dkk55I7QVFSp+My1Dn+
mngQKFejTAgtyo/WmR3wPjQ9HoT2lRiYI2lTRYT4uMdHuwVC3b4DqAKmoy375FER
wHkrMVyKBJslv8QtbAWw5A1CAUseaHo+91wmYJ4/4p6YUahqbG/tZyhbxfq0KFN1
U0UgUGFja2FnZSBTaWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6IXAQTEQIAHAUC
Oe70gQUJA8JnAAQLCgMEAxUDAgMWAgECF4AACgkQqE7a6JyACspfLACffAYA+NM8
NBhyRyH+nTX58CNjwLIAoIx9fj52BJe0xY7WbKoXs1+72b2AiEYEEBECAAYFAjpw
XlIACgkQnkDjEAAKq6TczgCgi+ddhWb7+FWcfeE6WwPZccqAHowAnjjtRyGwHLQH
r5OTFAYTXi2Wv6jNiQEVAwUQOnBgb3ey5gA9JdPZAQE1pwf/QJ+b34lFBNVUJ7fk
/xGJJREt7V12iSafaRzGuH8xWvIz1bb+VARxnnt16FDQ1cDNjoEhCEmcW83Vxp6i
JXE9PE8wVA/Yue/bon5JS7J69+UiQ2eq2pudfwljp52lYVM53jgPYEz0q/v3091n
lZ8CYkAkN9JDS1lV1gEzJ7J0+POngDpU+lDQT2EC6VKaxeWK8pNt6UFDwICRDQxK
nlOoiDvTrdWT7QdJZ4sPv8Qotdw9+tKNbWQ2DqdIRxyTdw9xDfAtcj6mXeQr7852
Lwem1gSKVnEYHZ9g1FTJqVOutY8KhpUc9RfOCRv8XuIxrs4KSbfSF0s8qIRCQelx
ufg9AbkCDQQ57vSSEAgAhJHQTejMX+Vr6g1pHDEcusJ63fQ2CfFFE5iE9okH9O7U
VCiSfb9CV38dmeHdPCEEjDUWquFYEnvj3WICMtH249t1Ymuf4Du3yRKQ9oXdn/qT
Jzlrx9qzjiG3mH7ocwHOgUIwCrZoEdBEVE2n0zPVm+hddwjWWTWXw6pxQz+i9dsN
89xexRV5M9O0bNwCLaNWX2GXeLAkqTK/9EuZy6x2yLxi6du9YYUAXkZpqBhCjtiU
XpRoFCdglMznbcAyCk9C2wqb2j/D1Z2BeSBaGCSFkR6pRLebnE17LWcu72Iy+r0z
+JecbPiyDpDZj4apn7IC81aNFGi7fNITsHODbwwjiwADBgf/YPvVdzkc8OC7ztac
EWCanwylKvxCdKzTDA+DfES6WUYShyiVJvZzRy25LJ5WcK20kzOS6Qv1OrIXiz/p
dGy1aKtJZrAnFEsofpmOj8VoqyyFgp/yAGQBp12+mXek7SCZRhuqalDfEMRiWEJ6
J5dLkyShyRDWyPbFh0HXE7QTHN+IKKxxQqNQXL6Z3NSxS61p+5n6BseiDUI39xxk
KTFwFrkgUIc5Gs2Or2lhaWvGwSfoCmwbsklszZt6xbU+R0SjFqTvjPWx6eHfqbmN
C9WMDdTjGrXDDKXFp2aYlokfN6It9vsbVlGNlOwHt/JjGoPMxW6Xqj0FLA7/Vewg
CdXW64hMBBgRAgAMBQI57vSSBQkDwmcAAAoJEKhO2uicgArKSyIAmwUHf/vtKQfc
mVg4asR7U6XQl0bAAJ4pO22B5U8UH6IYl2LBCXFqw5+5fA==
=rVRn
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBPCdtWney5gA9JdPZAQHTNgf/cKuT1LoGBawaDsfqAgOwQQt66lbnqBiT
szjaM1RERYQ+rnalsKtIL94+0BmKYiP0adqKgaNgX1+lwEad/yXdzfIZNOXckiwk
K22nklylKOQgKNKHKsPhee9wu4EVH8Ddv5VFjvfUDB4FaAlTzmOQILGaWnJ4e2hW
syPE3L0qNgG9QnXO+x0oYEjhR6A6mZquHjou5Re5OnF1vhppYelcMw4X4MEhv8S/
UtpLcuzJpP+UCoU4nkFbBtZ5Lc2ykBXQTWTpseqLQHD5YUnPZ9AwYF/DnmIsXTLb
nm3heI07RHU7QQeVDzurGO1CRb/g+AsK4J0X7uL1SzTQ/kLpX1URIQ==
=3QO9
-----END PGP SIGNATURE-----



Relevant Pages