Sicherheit: Denial of Service in php4

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

SUSE Security Announcement

Package: php4, php5
Announcement-ID: SUSE-SA:2005:023
Date: Fri, 15 Apr 2005 12:00:00 +0000
Affected products: 8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 8, 9

Vulnerability Type: remote denial of service
Severity (1-10): 5
SUSE default package: no
Cross References: CAN-2005-0524
CAN-2005-0525

Content of this advisory:
1) security vulnerability resolved:
php4 / php5 denial of service attack
problem description
2) solution/workaround
3) special instructions and notes
4) package location and checksums
5) pending vulnerabilities, solutions, workarounds:
none
6) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion

This update fixes the following security issues in the PHP scripting
language:

- A bug in getimagesize() EXIF handling which could lead to a denial of
service attack.

This is tracked by the Mitre CVE IDs CAN-2005-0524 and CAN-2005-0525.

Additionally this non-security bug was fixed:
- Performance problems of unserialize() caused by previous security
fix to unserialize were fixed.

All SUSE Linux based distributions shipping php4 and php5 were affected.

2) solution/workaround

Please install the upgraded packages.

3) special instructions and notes

Please make sure you restart the web server after this update.

4) package location and checksums

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to
apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.

x86 Platform:

SUSE Linux 9.3:
apache2-mod_php4-4.3.10-14.2.i586.rpm
092b41e835df38140ce84a57a8a19291
apache2-mod_php5-5.0.3-14.2.i586.rpm
859c59423121af7fc782187b67ac9eb2
mod_php4-servlet-4.3.10-14.2.i586.rpm
998bb2eee2ccb49db4889f9064520212
php4-4.3.10-14.2.i586.rpm
8e5903503b80b7235e253d9b8b59904f
php4-devel-4.3.10-14.2.i586.rpm
b6e4b7080e54cb4ca2b970817d7a7202
php4-fastcgi-4.3.10-14.2.i586.rpm
5f14cca638d59b161c3db68cc378c237
php4-session-4.3.10-14.2.i586.rpm
726545e66501ea788cb278804071bfe3
php4-sysvshm-4.3.10-14.2.i586.rpm
c201b0e680713340312baef2b8629252
php5-5.0.3-14.2.i586.rpm
356d41447026e2c29658b4be3ba18b95
php5-devel-5.0.3-14.2.i586.rpm
63b4c9099189788fc6c6fee76d4b0d6f
php5-fastcgi-5.0.3-14.2.i586.rpm
5b5d43fc648f6d54a36dbd475c075e0d
php5-sysvmsg-5.0.3-14.2.i586.rpm
f64d969e257eebc6756b018fd2609638
php5-sysvshm-5.0.3-14.2.i586.rpm
7e70d9b50cb54250c26953ada098a381
php4-32bit-9.3-7.1.x86_64.rpm
05fad72084e61a4df8a3acd1ff08f798

SUSE Linux 9.2:
apache2-mod_php4-4.3.8-8.5.i586.rpm
30fc3c59fab61fa89944dec7db94d26e
mod_php4-servlet-4.3.8-8.5.i586.rpm
ba2c67dd1c709dff17168eaebd8e145f
php4-4.3.8-8.5.i586.rpm
6d4a22a613dc64a3699d27ce09f9f255
php4-devel-4.3.8-8.5.i586.rpm
fdbd8f94484d41142f51af35b18b8b97
php4-fastcgi-4.3.8-8.5.i586.rpm
78a39683a5496885464c8a7bb5ebdd82
php4-session-4.3.8-8.5.i586.rpm
70a081d38fa56e51c4e357dd0a7c3a73
php4-sysvshm-4.3.8-8.5.i586.rpm
ae7974ce3c6e62fea4687a13eefa1f43
php4-32bit-9.2-200504081300.x86_64.rpm
a9d235e734d2ac2e876048173900e392

SUSE Linux 9.1:
apache2-mod_php4-4.3.4-43.28.i586.rpm
b7aead2cb147c681e0efb34cb0012d56
mod_php4-core-4.3.4-43.28.i586.rpm
bf8e4ccdcc94b8ff6aa9e50738d5652e
mod_php4-servlet-4.3.4-43.28.i586.rpm
cbeec3026b9274969a61421ec0b5d15f
php4-4.3.4-43.28.i586.rpm
65b3a8046f7622973b7a7d0b8a388a9a
php4-devel-4.3.4-43.28.i586.rpm
dc7b8514735b01887158b9666cb09cc1
php4-fastcgi-4.3.4-43.28.i586.rpm
7872f4539151e9055a0c3a05bcc53340
php4-imap-4.3.4-43.28.i586.rpm
e6c0896439221b47ac95bd5b81347030
php4-mysql-4.3.4-43.28.i586.rpm
879bb81a1e99f0f1abc9f9297ef78afb
php4-recode-4.3.4-43.28.i586.rpm
7640c6d169b4ee0bb7beace768ebd3bf
php4-servlet-4.3.4-43.28.i586.rpm
091a8ca814be21d0dca4473214151ab4
php4-session-4.3.4-43.28.i586.rpm
f836d57b333b0854f77831f947a29939
php4-sysvshm-4.3.4-43.28.i586.rpm
d0ce400b95af15df2c2ff93cefc27f6f
php4-wddx-4.3.4-43.28.i586.rpm
153fe65a00f9c83ed6e3e9d8ac58bcd7
source rpm(s):
php4-4.3.4-43.28.src.rpm
6cd11704fb5dcba94fef2efe304ce6ae

SUSE Linux 9.0:
apache2-mod_php4-4.3.3-187.i586.rpm
8e9e46631279dfec913dbccc3507a04d
mod_php4-4.3.3-187.i586.rpm
4b817d14ea8cfa471d2b7da231bc9c04
mod_php4-aolserver-4.3.3-187.i586.rpm
01cde19877d4cdb7241183c29d799a40
mod_php4-core-4.3.3-187.i586.rpm
2f3b9eaea64686556524d4b6a3712b44
mod_php4-devel-4.3.3-187.i586.rpm
9ffcd67d307dac6d4d2b35c8f2e19269
mod_php4-servlet-4.3.3-187.i586.rpm
f381038385a6634a0191daa3da1d8ea8
source rpm(s):
mod_php4-4.3.3-187.src.rpm
ba28af987d39a5eb456574fc0fb95828

SUSE Linux 8.2:
apache2-mod_php4-4.3.1-176.i586.rpm
e2afaa2f21bfd29e5689fb66e87bc7c4
mod_php4-4.3.1-176.i586.rpm
7056ee242089ad9889c9109d7ba58bfa
mod_php4-aolserver-4.3.1-176.i586.rpm
8af8e5ba3e8a69737b695f3df2886c43
mod_php4-core-4.3.1-176.i586.rpm
cc17c23d79a92b7d73db7015343fec6f
mod_php4-devel-4.3.1-176.i586.rpm
792e5ca40d4b7416e50a7c5d8305cc76
source rpm(s):
mod_php4-4.3.1-176.src.rpm
33395ed1d8a162e7bca09fc93ef6ed68

x86-64 Platform:

SUSE Linux 9.3:
apache2-mod_php4-4.3.10-14.2.x86_64.rpm
121aad084e9f90b7e8d29c373b02244b
apache2-mod_php5-5.0.3-14.2.x86_64.rpm
9d4dd7ba5c8d91d1457d665bcf0aebbb
mod_php4-servlet-4.3.10-14.2.x86_64.rpm
878e379e96e2c372963df3da299a15eb
php4-4.3.10-14.2.x86_64.rpm
e00307757dcad75e470ba669a703028f
php4-devel-4.3.10-14.2.x86_64.rpm
06a496f60998c7201cf185ee474cd43d
php4-fastcgi-4.3.10-14.2.x86_64.rpm
0635a305efff157be56155c721db1cff
php4-session-4.3.10-14.2.x86_64.rpm
281d0cc5a831edfd3c50a678f0fa74ac
php4-sysvshm-4.3.10-14.2.x86_64.rpm
edbcb8ca2bab9aa26c799e86526386d9
php5-5.0.3-14.2.x86_64.rpm
72d4e5c520f32be6719efd1a744fad3e
php5-devel-5.0.3-14.2.x86_64.rpm
c7a90df0de9500399421a565c2828d9c
php5-fastcgi-5.0.3-14.2.x86_64.rpm
8cdb9d138bb757dff6906e5bd44eda68
php5-sysvmsg-5.0.3-14.2.x86_64.rpm
06152a5ab1352458a8a339813df012b0
php5-sysvshm-5.0.3-14.2.x86_64.rpm
fbb8306bf72ee918ec6b7a5804f52857
source rpm(s):
php4-4.3.10-14.2.src.rpm
2623d3f94ea8e6bd801249f7b79c0e09
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.2.src.rpm
9026dde16cdf291cfae85d8a8e5b266b

SUSE Linux 9.2:
apache2-mod_php4-4.3.8-8.5.x86_64.rpm
74e80d4996883b92ae30b1aea5a24d3d
mod_php4-servlet-4.3.8-8.5.x86_64.rpm
b7e113e58096dee64975ad09075b058e
php4-4.3.8-8.5.x86_64.rpm
dc2697c70c101c3c16133e45aad4eb05
php4-devel-4.3.8-8.5.x86_64.rpm
0904155bbb6b3bf8a275bd7a7780c356
php4-fastcgi-4.3.8-8.5.x86_64.rpm
472e3a708e7f6f1774dce421d1c06067
php4-session-4.3.8-8.5.x86_64.rpm
4f1402d04098100f10a7910685b17d45
php4-sysvshm-4.3.8-8.5.x86_64.rpm
ae473a3e1e8177d711a98d7f85a43db1
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.5.src.rpm
be3087c034218ea830c64dfcfc20fd5d

SUSE Linux 9.1:
apache2-mod_php4-4.3.4-43.28.x86_64.rpm
8aedd4ae5089b6ad1628a46e962e10c5
mod_php4-core-4.3.4-43.28.x86_64.rpm
bd38471abb2b27c6e0f104a05ae3dec5
mod_php4-servlet-4.3.4-43.28.x86_64.rpm
6db8f9c47c5c3df1acfeb874b87b87af
php4-4.3.4-43.28.x86_64.rpm
83acb944933f86d8752eb1c0b79d51fd
php4-devel-4.3.4-43.28.x86_64.rpm
eb10c12b4dda00a723fd2481cb0d9431
php4-fastcgi-4.3.4-43.28.x86_64.rpm
6f0f093744f78d3a01f22ee750ee41b9
php4-imap-4.3.4-43.28.x86_64.rpm
be1d5285711535911577202e61eea27f
php4-mysql-4.3.4-43.28.x86_64.rpm
0e7c2f8ee85bac2b33d0669004c93781
php4-recode-4.3.4-43.28.x86_64.rpm
e614abf4e2de40ce21bd05a6c0e7b4da
php4-servlet-4.3.4-43.28.x86_64.rpm
e769eeaa2674e0090abfd8e97f4a6cb7
php4-session-4.3.4-43.28.x86_64.rpm
eb9953ae01fbdaae89b1010d8bb89fbd
php4-sysvshm-4.3.4-43.28.x86_64.rpm
0a5fd6e2d6caa31edd14e7bb87d45a90
php4-wddx-4.3.4-43.28.x86_64.rpm
6507908da0b26e98739bc21d3af623fe
source rpm(s):
php4-4.3.4-43.28.src.rpm
2ce604b9c1f50575bae7fdcf1736e40a

SUSE Linux 9.0:
apache2-mod_php4-4.3.3-187.x86_64.rpm
adb3475c4da5623ae3a83e82f0369340
mod_php4-4.3.3-187.x86_64.rpm
082261652c7fa03cd2dda0101c03e2a7
mod_php4-aolserver-4.3.3-187.x86_64.rpm
c4cd316278e841f0a9ea8c3448fe0c63
mod_php4-core-4.3.3-187.x86_64.rpm
427d132d1682e628abf972d353e30113
mod_php4-devel-4.3.3-187.x86_64.rpm
5a5e7041c2d74a6736cc07a095764b4b
mod_php4-servlet-4.3.3-187.x86_64.rpm
76cf3f75df2341b03c58b7ddaeb4bad4
source rpm(s):
mod_php4-4.3.3-187.src.rpm
b9b4f1b5fa5edac29c606ca3b03c041c

______________________________________________________________________________

5) Pending vulnerabilities in SUSE Distributions and Workarounds:

none
______________________________________________________________________________

6) standard appendix: authenticity verification, additional information

- Package authenticity verification:

SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.

1) execute the command
md5sum <name-of-the-file.rpm>
after you downloaded the file from a SUSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security@suse.de),
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.

2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, where <file.rpm> is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an un-installed rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SUSE in rpm packages for SUSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SUSE Linux distributions version 7.1 and thereafter install the
key "build@suse.de" upon installation or upgrade, provided
that
the package gpg is installed. The file containing the public key
is placed at the top-level directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .

- SUSE runs two security mailing lists to which any interested party may
subscribe:

suse-security@suse.com
- general/linux/SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe@suse.com>.

suse-security-announce@suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.

For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info@suse.com> or
<suse-security-faq@suse.com> respectively.

=====================================================================
SUSE's security contact is <security@suse.com> or
<security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the clear-text signature shows proof of the
authenticity of the text.
SUSE Linux AG makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQl+NaXey5gA9JdPZAQEdHAgAgJIFuGro3aYnRFmDZ2+MDt+mTFko//kZ
RzAd1P8100crlmL/3wpVrPjZnKuQGdSgqAh/4QK7ONXsIFrUm/bno1r2nF6eeOz6
SBeN7WMAWpRD8Eauol6J8kMLEmBQQFIWP2WtFLU7RVriwlFFaTxY9RpxsP6y6F0I
PbqCqh5kIzypeSDv7zIN3jFAMG7Ohyrjx+L7l6O65AaMF5effGFZNDGNoTel/8/9
RxhAXfHyLVTSz4oZD1/1epKRJ7uSzdXPhLzFkd9rol41gJ7BKI4d92NJzkGz2VBI
ov/nW9vFvDznkk5fudzSHB3/b6j/SVXgHmNQlprWneiAXHVpCS1Dew==
=OJbv
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: suse-security-announce-unsubscribe@suse.com
For additional commands, e-mail: suse-security-announce-help@suse.com