MESSAGE
| DATE | 2005-12-06 |
| FROM | Ruben Safir
|
| SUBJECT | Subject: [NYLXS - HANGOUT] [Fwd: [suse-security-announce] SUSE Security Announcement: kernel
|
-----Forwarded Message-----
> From: Marcus Meissner
> To: suse-security-announce-at-suse.com
> Subject: [suse-security-announce] SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:067)
> Date: Tue, 06 Dec 2005 12:35:33 +0100
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ______________________________________________________________________________
>
> SUSE Security Announcement
>
> Package: kernel
> Announcement ID: SUSE-SA:2005:067
> Date: Tue, 06 Dec 2005 13:00:00 +0000
> Affected Products: SUSE LINUX 10.0
> Vulnerability Type: denial of service
> Severity (1-10): 6
> SUSE Default Package: yes
> Cross-References: CVE-2005-2973, CVE-2005-3044, CVE-2005-3055
> CVE-2005-3180, CVE-2005-3181, CVE-2005-3271
> CVE-2005-3527, CVE-2005-3783, CVE-2005-3784
> CVE-2005-3805, CVE-2005-3806, CVE-2005-3807
>
> Content of This Advisory:
> 1) Security Vulnerability Resolved:
> Various security fixes, bugfixes and a XEN update
> Problem Description
> 2) Solution or Work-Around
> 3) Special Instructions and Notes
> 4) Package Location and Checksums
> 5) Pending Vulnerabilities, Solutions, and Work-Arounds:
> See SUSE Security Summary Report.
> 6) Authenticity Verification and Additional Information
>
> ______________________________________________________________________________
>
> 1) Problem Description and Brief Discussion
>
> This kernel update for SUSE Linux 10.0 contains fixes for XEN, various
> security fixes and bug fixes.
>
> CVE-200n-nnnn numbers refer to Mitre CVE IDs (http://cve.mitre.org/).
>
> This update includes a more recent snapshot of the upcoming XEN 3.0.
> Many bugs have been fixed. Stability for x86_64 has been improved.
> Stability has been improved for SMP, and now both i586 and x86_64
> kernels are built with SMP support.
>
> This update contains the following security fixes:
>
> - CVE-2005-3783: A check in ptrace(2) handling that finds out if
> a process is attaching to itself was incorrect and could be used
> by a local attacker to crash the machine.
>
> - CVE-2005-3784: A check in reaping of terminating child processes did
> not consider ptrace(2) attached processes and would leave a ptrace
> reference dangling. This could lead to a local user being able to
> crash the machine.
>
> - CVE-2005-3271: A task leak problem when releasing POSIX timers was
> fixed. This could lead to local users causing a local denial of
> service by exhausting system memory.
>
> - CVE-2005-3805: A locking problem in POSIX timer handling could
> be used by a local attacker on a SMP system to deadlock the machine.
>
> - CVE-2005-3181: A problem in the Linux auditing code could lead
> to a memory leak which finally could exhaust system memory of
> a machine.
>
> - CVE-2005-2973: An infinite loop in the IPv6 UDP loopback handling
> can be easily triggered by a local user and lead to a denial
> of service.
>
> - CVE-2005-3806: A bug in IPv6 flow label handling code could be used
> by a local attacker to free non-allocated memory and in turn corrupt
> kernel memory and likely crash the machine.
>
> - CVE-2005-3807: A memory kernel leak in VFS lease handling can
> exhaust the machine memory and so cause a local denial of
> service. This is seen in regular Samba use and could also be
> triggered by local attackers.
>
> - CVE-2005-3055: Unplugging an user space controlled USB device with
> an URB pending in user space could crash the kernel. This can be
> easily triggered by local attacker.
>
> - CVE-2005-3180: Fixed incorrect padding in Orinoco wireless driver,
> which could expose kernel data to the air.
>
> - CVE-2005-3044: Missing sockfd_put() calls in routing_ioctl() leaked
> file handles which in turn could exhaust system memory.
>
> - CVE-2005-3527: A race condition in do_coredump in signal.c allows
> local users to cause a denial of service (machine hang) by triggering
> a core dump in one thread while another thread has a pending SIGSTOP.
>
> Additionally the following non security bugs were fixed:
> - Fix NFS cache consistency races which could lead to data corruption and
> crashes.
> - A kernel panic when loading the r8169 module without powermanagment
> was fixed.
> - i386: A race condition in the power management module powernow-k8
> was fixed.
> - Special ELF binaries without DATA and BSS segments could not be loaded
> due to too strict kernel checks.
> - Various bugs in the ALSA sound system were fixed.
> - A problem in IPv6 initialization with IPv6 disabled by policy that could
> leave dangling kernel pointers around was fixed.
> - Added sis 965l support to the sis5513 ide driver.
> - Disabled C2/C3 power management states on all IBM R40e BIOSes.
> - Fixed machine crash when switching the io-scheduler away from CFQ.
> - Call reboot notifiers of power off to switch off certain machines.
> - AMD64: Don't use TSC for time keeping on AMD single socket dual core
> systems.
> - Fixed the "treason uncloaked" kernel messages that were caused by
> a stale pred_flags variable when the TCP snd_wnd changes.
> - USB floppy drive SAMSUNG SFD-321U/EP was detected 8 times.
> - CONFIG_ACPI_HOTKEY is not supportable yet according to Intel, so we
> disabled it.
> - Disable ACPI on machines from before 2001 on all kernels again.
> - USB: always export interface information for modalias.
> - Various iSCSI fixes.
> - Avoid a potential fs corruption on SMP systems.
> - i386: Increased number of CONFIG_SERIAL_8250_NR_UARTS to 8.
> - Fixed a data corruption in the MD device driver when the delayed
> recovery is interrupted.
> - ahci: Don't set SActive for non-NCQ commands. This could have left
> the LED burning even for inactivity.
> - ppc: Handle GCC 4 generated relocations for 32bit memory access
> in the module loader.
> - ppc: Removed a special case for ppc to use MAC from prom if CSR is
> corrupt
> - CIFS: Made cifsd (kernel daemon for the CIFS filesystem) suspend
> aware.
> - Fixed ACPI issues on an ASUS L5D.
> - IDE: Worked around power management problems.
> - Disable AMD TLB flush filter on i386/x86-64 (might help 3d drivers)
> - Quiet down capacity reading from IDE CD when no media inserted.
> - ACPI: Worked around undefined ZOO* objects on certain Acer Aspire
> notebooks.
> - ACPI: Fixed Oops on pcc_acpi unloading.
> - ACPI: Fix hang in ACPI device scan on certain HP nx Laptops.
> - Fixed a bug in ACL handling of tmpfs.
> - Fix time going twice as fast problem on ATI Xpress chip sets.
>
> 2) Solution or Work-Around
>
> None, please install the fixed packages.
>
> 3) Special Instructions and Notes
>
> SPECIAL INSTALLATION INSTRUCTIONS
> =================================
> The following paragraphs guide you through the installation
> process in a step-by-step fashion. The character sequence "****"
> marks the beginning of a new paragraph. In some cases, the steps
> outlined in a particular paragraph may or may not be applicable
> to your situation. Therefore, make sure that you read through
> all of the steps below before attempting any of these
> procedures. All of the commands that need to be executed must be
> run as the superuser 'root'. Each step relies on the steps
> before it to complete successfully.
>
>
> **** Step 1: Determine the needed kernel type.
>
> Use the following command to determine which kind of kernel is
> installed on your system:
>
> rpm -qf --qf '%{name}\n' /boot/vmlinuz
>
>
> **** Step 2: Download the packages for your system.
>
> Download the kernel RPM package for your distribution with the
> name indicated by Step 1. Starting from SUSE LINUX 9.2, kernel
> modules that are not free were moved to a separate package with
> the suffix '-nongpl' in its name. Download that package as well
> if you rely on hardware that requires non-free drivers, such as
> some ISDN adapters. The list of all kernel RPM packages is
> appended below.
>
> The kernel-source package does not contain a binary kernel in
> bootable form. Instead, it contains the sources that correspond
> with the binary kernel RPM packages. This package is required to
> build third party add-on modules.
>
>
> **** Step 3: Verify authenticity of the packages.
>
> Verify the authenticity of the kernel RPM package using the
> methods as listed in Section 6 of this SUSE Security
> Announcement.
>
>
> **** Step 4: Installing your kernel rpm package.
>
> Install the rpm package that you have downloaded in Step 2 with
> the command
>
> rpm -Uhv
>
> replacing with the filename of the RPM package
> downloaded.
>
> Warning: After performing this step, your system may not boot
> unless the following steps have been followed
> completely.
>
>
> **** Step 5: Configuring and creating the initrd.
>
> The initrd is a RAM disk that is loaded into the memory of your
> system together with the kernel boot image by the boot loader.
> The kernel uses the content of this RAM disk to execute commands
> that must be run before the kernel can mount its root file
> system. The initrd is typically used to load hard disk
> controller drivers and file system modules. The variable
> INITRD_MODULES in /etc/sysconfig/kernel determines which kernel
> modules are loaded in the initrd.
>
> After a new kernel rpm has been installed, the initrd must be
> recreated to include the updated kernel modules. Usually this
> happens automatically when installing the kernel rpm. If
> creating the initrd fails for some reason, manually run the
> command
>
> /sbin/mkinitrd
>
>
> **** Step 6: Update the boot loader, if necessary.
>
> Depending on your software configuration, you either have the
> LILO or GRUB boot loader installed and initialized on your
> system. Use the command
>
> grep LOADER_TYPE /etc/sysconfig/bootloader
>
> to find out which boot loader is configured.
>
> The GRUB boot loader does not require any further action after a
> new kernel has been installed. You may proceed to the next step
> if you are using GRUB.
>
> If you use the LILO boot loader, lilo must be run to
> reinitialize the boot sector of the hard disk. Usually this
> happens automatically when installing the kernel RPM. In case
> this step fails, run the command
>
> /sbin/lilo
>
>
> Warning: An improperly installed boot loader will render your
> system unbootable.
>
>
> **** Step 7: Reboot.
>
> If all of the steps above have been successfully completed on
> your system, the new kernel including the kernel modules and the
> initrd are ready to boot. The system needs to be rebooted for
> the changes to be active. Make sure that all steps have been
> completed then reboot using the command
>
> /sbin/shutdown -r now
>
> Your system will now shut down and restart with the new kernel.
>
> 4) Package Location and Checksums
>
> The preferred method for installing security updates is to use the YaST
> Online Update (YOU) tool. YOU detects which updates are required and
> automatically performs the necessary steps to verify and install them.
> Alternatively, download the update packages for your distribution manually
> and verify their integrity by the methods listed in Section 6 of this
> announcement. Then install the packages using the command
>
> rpm -Fhv
>
> to apply the update, replacing with the filename of the
> downloaded RPM package.
>
>
> x86 Platform:
>
> SUSE LINUX 10.0:
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-14.2.i586.rpm
> 02d032c2a4e43516e382faa1c38593ff
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-15.7.i586.rpm
> 16ebf82f7f0eb76a7e95239a7748bd49
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-2.6.13-15.7.i586.rpm
> 5efbba52b5b452ee68770c234d1c4206
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13-15.7.i586.rpm
> 201dd3f4f090b01034c2706860a2ded1
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl-2.6.13-15.7.i586.rpm
> 890a9500a671e62c872a316094c976fc
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.7.i586.rpm
> 3824bd72e5e38f170a1f53cdf12b7936
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6.13-15.7.i586.rpm
> f1d4ca38c6f19b92a3ec2bdc4ee55ab7
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-15.7.i586.rpm
> 444382d73c4ea88144b58155032f3979
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15.7.i586.rpm
> 88ddaf01d3cdfc2a02f40c246f27a03f
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.7.i586.rpm
> 4a4282db387b1a50b7f0d8358811955c
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.13-15.7.i586.rpm
> fd64850adff5fc8fab2a807afc07bac0
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.7.i586.rpm
> ec1ccdf16b4c2eadd789871e5bda3361
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6.13-15.7.i586.rpm
> ad5b17a6998f04832d29f189a5f42240
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13-15.7.i586.rpm
> 1ed3738e413c0df9a131989560effb85
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-3.0_7608-2.1.i586.rpm
> dafe91eab2d6fbe749693373a561609d
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-devel-3.0_7608-2.1.i586.rpm
> 8a20190de6fef952115623503b2149f9
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-html-3.0_7608-2.1.i586.rpm
> 1c27687f9f9482c72fdf300c64d0db4f
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-pdf-3.0_7608-2.1.i586.rpm
> 356c1d14e0873344b8789e6bf36b94e2
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-ps-3.0_7608-2.1.i586.rpm
> 7b9066e6834db4b1eb5505d089830714
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-tools-3.0_7608-2.1.i586.rpm
> 43b7333eea6e0e52ce2cb9431a9d3627
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-tools-ioemu-3.0_7608-2.1.i586.rpm
> f8d51a8b0119ea984317cad976ca16d5
>
> Power PC Platform:
>
> SUSE LINUX 10.0:
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-15.7.ppc.rpm
> b5b4e1ad4db39e8bede52cd0f171c508
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.13-15.7.ppc.rpm
> a7fbffd1f09d4e6c9a58950fe1692361
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15.7.ppc.rpm
> a09e0b94d50c24ea8065b709ccb53775
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-15.7.ppc.rpm
> ae4c7ad291aaa37dceb43e331651b2c4
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.7.ppc.rpm
> 51ddc5ea24587d210edb3e249b0472c9
>
> x86-64 Platform:
>
> SUSE LINUX 10.0:
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.13-15.7.x86_64.rpm
> ae11f5ccb7e1f96d9cb38444d1ae770f
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nongpl-2.6.13-15.7.x86_64.rpm
> a2f3716cc423c87b8f7505629c13716a
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-15.7.x86_64.rpm
> 0899d5b37db71c18ac4d7733189388bd
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2.6.13-15.7.x86_64.rpm
> 108a43a7e5386d1f2b098e31f9299ec1
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.13-15.7.x86_64.rpm
> 94f28fdcbeff5b02c95da380808a0347
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-15.7.x86_64.rpm
> 2d106be84319cdf38210076c4113a95a
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-15.7.x86_64.rpm
> 58f4740f9538a21e9e187c751a58a376
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2.6.13-15.7.x86_64.rpm
> 3c8a4dd3378a988c79675f9a84a2969c
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-3.0_7608-2.1.x86_64.rpm
> 7595b44074a3d8cc51288e9473c81e0d
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-devel-3.0_7608-2.1.x86_64.rpm
> 135cc2d6855f10518bbf6555405dd63d
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-html-3.0_7608-2.1.x86_64.rpm
> 481e6f688096bb367c35a67fb2185504
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-pdf-3.0_7608-2.1.x86_64.rpm
> 7f67dd3c63742fb07f424ff7cd1f87b3
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-ps-3.0_7608-2.1.x86_64.rpm
> e768c5066b488a556496574bccbda414
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-tools-3.0_7608-2.1.x86_64.rpm
> 118c0e872deb66309fc9c6957969bad4
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-tools-ioemu-3.0_7608-2.1.x86_64.rpm
> 00ecbc085cb200937224d8a2bbda3ec7
>
> Sources:
>
> SUSE LINUX 10.0:
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-14.2.src.rpm
> c4ee0c5893efbde6ecf45f0da05e5103
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-15.7.src.rpm
> 56dd71a804ebcaa1eb8268665dfa2b18
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/xen-3.0_7608-2.1.src.rpm
> 3571ce3e27ca472bffc2f2794eeae8a0
>
> ______________________________________________________________________________
>
> 5) Pending Vulnerabilities, Solutions, and Work-Arounds:
>
> See SUSE Security Summary Report.
> ______________________________________________________________________________
>
> 6) Authenticity Verification and Additional Information
>
> - Announcement authenticity verification:
>
> SUSE security announcements are published via mailing lists and on Web
> sites. The authenticity and integrity of a SUSE security announcement is
> guaranteed by a cryptographic signature in each announcement. All SUSE
> security announcements are published with a valid signature.
>
> To verify the signature of the announcement, save it as text into a file
> and run the command
>
> gpg --verify
>
> replacing with the name of the file where you saved the
> announcement. The output for a valid signature looks like:
>
> gpg: Signature made using RSA key ID 3D25D3D9
> gpg: Good signature from "SuSE Security Team "
>
> where is replaced by the date the document was signed.
>
> If the security team's key is not contained in your key ring, you can
> import it from the first installation CD. To import the key, use the
> command
>
> gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
>
> - Package authenticity verification:
>
> SUSE update packages are available on many mirror FTP servers all over the
> world. While this service is considered valuable and important to the free
> and open source software community, the authenticity and the integrity of
> a package needs to be verified to ensure that it has not been tampered
> with.
>
> There are two verification methods that can be used independently from
> each other to prove the authenticity of a downloaded file or RPM package:
>
> 1) Using the internal gpg signatures of the rpm package
> 2) MD5 checksums as provided in this announcement
>
> 1) The internal rpm package signatures provide an easy way to verify the
> authenticity of an RPM package. Use the command
>
> rpm -v --checksig
>
> to verify the signature of the package, replacing with the
> filename of the RPM package downloaded. The package is unmodified if it
> contains a valid signature from build-at-suse.de with the key ID 9C800ACA.
>
> This key is automatically imported into the RPM database (on
> RPMv4-based distributions) and the gpg key ring of 'root' during
> installation. You can also find it on the first installation CD and at
> the end of this announcement.
>
> 2) If you need an alternative means of verification, use the md5sum
> command to verify the authenticity of the packages. Execute the command
>
> md5sum
>
> after you downloaded the file from a SUSE FTP server or its mirrors.
> Then compare the resulting md5sum with the one that is listed in the
> SUSE security announcement. Because the announcement containing the
> checksums is cryptographically signed (by security-at-suse.de), the
> checksums show proof of the authenticity of the package if the
> signature of the announcement is valid. Note that the md5 sums
> published in the SUSE Security Announcements are valid for the
> respective packages only. Newer versions of these packages cannot be
> verified.
>
> - SUSE runs two security mailing lists to which any interested party may
> subscribe:
>
> suse-security-at-suse.com
> - General Linux and SUSE security discussion.
> All SUSE security announcements are sent to this list.
> To subscribe, send an e-mail to
> .
>
> suse-security-announce-at-suse.com
> - SUSE's announce-only mailing list.
> Only SUSE's security announcements are sent to this list.
> To subscribe, send an e-mail to
> .
>
> For general information or the frequently asked questions (FAQ),
> send mail to or
> .
>
> =====================================================================
> SUSE's security contact is or .
> The public key is listed below.
> =====================================================================
> ______________________________________________________________________________
>
> The information in this advisory may be distributed or reproduced,
> provided that the advisory is not modified in any way. In particular, the
> clear text signature should show proof of the authenticity of the text.
>
> SUSE Linux Products GmbH provides no warranties of any kind whatsoever
> with respect to the information contained in this security advisory.
>
> Type Bits/KeyID Date User ID
> pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team
> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key
>
> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
> 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
> M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
> QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
> XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
> D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
> G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
> CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
> myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
> YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
> wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
> NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
> QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
> LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
> XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
> D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
> 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
> 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
> cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
> ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
> AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
> Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
> HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
> t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
> tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
> 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
> 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
> QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
> JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
> 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
> ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
> wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
> EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
> 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
> CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
> SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
> omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
> A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
> /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
> GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
> ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
> ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
> RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
> 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
> B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
> 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
> 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
> qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
> WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
> hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
> BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
> AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
> RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
> zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
> /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
> whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
> D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
> dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
> RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
> DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
> =LRKC
> - -----END PGP PUBLIC KEY BLOCK-----
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
>
> iQEVAwUBQ5V3B3ey5gA9JdPZAQJZkgf9HaTAuew58a6H/AoTc4ukxp23L6UI1moZ
> 4Z7kZRTE/+BTK54QAyAswj9ad428jBJeVJC1tsIfP/vaZhl4nJ3ML99lPJHt2FBq
> 3qsuQgK2aXxCR1UlURlUPR6NWeXvHxIY3LBdW+ngQRYKNASkB2AZ9az0Z771OaTx
> lIAa2KQMFP9lAyftLFlkfqcZI9zewCqAy5r657koyv2SjPdNaK0O8dtW+kX35LvF
> x9AgxJCSJgtEf7ZOGXsHmvcFaoHftiy6S21ddgzNHLPEGCZg54yAMDVyR2TT0kWs
> ml/91KJTIvuVb0wssECS9cJhIvOlNyrY3wEbUk5xwT6SbGnMX2et8Q==
> =XMU5
> -----END PGP SIGNATURE-----
|
|
