<<< Date Index >>>     <<< Thread Index >>>

SUSE Security Announcement: apache2 (SUSE-SA:2004:032)



-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                apache2
        Announcement-ID:        SUSE-SA:2004:032
        Date:                   Wednesday, Sep 15th 2004 16:00 MEST
        Affected products:      8.1, 8.2, 9.0, 9.1
                                SUSE Linux Enterprise Server 9
        Vulnerability Type:     remote denial-of-service
        Severity (1-10):        5
        SUSE default package:   no
        Cross References:       CAN-2004-0747
                                CAN-2004-0786

    Content of this advisory:
        1) security vulnerability resolved:
             - remote denial-of-service
             - local buffer overflow
           problem description
        2) solution/workaround
        3) special instructions and notes
        4) package location and checksums
        5) pending vulnerabilities, solutions, workarounds:
             - samba
             - a2ps
             - mozilla
             - mc
             - squid
             - gtk2
             - gaim
             - nessus
        6) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion

    The Apache daemon is running on most of the web-servers used in the
    Internet today.
    The Red Hat ASF Security-Team and the Swedish IT Incident Center within
    the National Post and Telecom Agency (SITIC) have found a bug in apache2
    each.
    The first vulnerability appears in the apr_uri_parse() function while
    handling IPv6 addresses. The affected code passes a negative length
    argument to the memcpy() function. On BSD systems this can lead to remote
    command execution due to the nature of the memcpy() implementation.
    On Linux this bug will result in a remote denial-of-service condition.
    The second bug is a local buffer overflow that occurs while expanding
    ${ENVVAR} in the .htaccess and httpd.conf file. Both files are not
    writeable by normal user by default.


2) solution/workaround

    There is no known workaround.


3) special instructions and notes

    After the new apache2 packages have been installed you have to restart
    the apache2 daemon by executing the following command as root:
      /usr/sbin/rcapache2 restart


4) package location and checksums

    Please download the update package for your distribution and verify its
    integrity by the methods listed in section 3) of this announcement.
    Then, install the package using the command "rpm -Fhv file.rpm" to apply
    the update.
    Our maintenance customers are being notified individually. The packages
    are being offered to install from the maintenance web.


    x86 Platform:

    SUSE Linux 9.1:
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.14.i586.rpm
      9b845c3d735cbd1bcac668d8c750b676
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49-27.14.i586.rpm
      0384d427dfc90eb86c2905676e9adc07
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-27.14.i586.rpm
      5be402effc8131d5565591cfe10d7526
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.14.i586.rpm
      05220b62526e03cb6c2b183b523754d0
    patch rpm(s):
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.14.i586.patch.rpm
      81de5904923e436a8ef5b69d30e785ae
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49-27.14.i586.patch.rpm
      61e2e118d9fe7065de566292f08a1345
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-27.14.i586.patch.rpm
      49ebf40839bc3481cacd83756b326d11
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.14.i586.patch.rpm
      f37b330d2eb4f0540886fbb26c32413e
    source rpm(s):
    
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/apache2-2.0.49-27.14.src.rpm
      08cbcb0efed1d5555bb0613b865a6053

    SUSE Linux 9.0:
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-139.i586.rpm
      27840b6a3af5fd22aa6514e5160a8069
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48-139.i586.rpm
      2b6472921d506546a0b3d949b7228839
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-139.i586.rpm
      deb73562cbd878dad304b8aff2b00466
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-139.i586.rpm
      f6233d3447b716cedb7bc1b7e7e470ae
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-139.i586.rpm
      66f5c0630ebfc80409eaf9c9bb11ccb0
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.48-139.i586.rpm
      17edb6c60cb0a9b10a76feb97f49f755
    patch rpm(s):
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-139.i586.patch.rpm
      d1f0678ce5caf6d31afb324d4bffbce3
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48-139.i586.patch.rpm
      86ac5cf3e6d9bd9eb03184fd2bdc9905
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-139.i586.patch.rpm
      52aa93198d5e20eaccf0b9f841f10c4d
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-139.i586.patch.rpm
      df994be46d4dc9d00616750dd6b0b0c1
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-139.i586.patch.rpm
      33ba4684fc5259f05ff6708ab5d48350
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.48-139.i586.patch.rpm
      85252f1966a4be547c6771642fc738dd
    source rpm(s):
    
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/apache2-2.0.48-139.src.rpm
      464180f4e7e4c39cdecac9a802d589fd

    SUSE Linux 8.2:
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-2.0.48-139.i586.rpm
      05260a9f52cc71c1818e3787c46b27dc
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-prefork-2.0.48-139.i586.rpm
      17ebbca6883fe62d9a9161103229e31a
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-worker-2.0.48-139.i586.rpm
      2eb72f1af2c80a64922580a2408bb8e6
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libapr0-2.0.48-139.i586.rpm
      d2509b369c4a41dd3f2089e175449be0
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-leader-2.0.48-139.i586.rpm
      fe40ce0f5a3421f0242a689155375b4f
    patch rpm(s):
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-2.0.48-139.i586.patch.rpm
      191173d3e403cdac75fb7a9f7bec870c
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-prefork-2.0.48-139.i586.patch.rpm
      0f059ac6202f4e3589a50eb018b34244
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-worker-2.0.48-139.i586.patch.rpm
      3b34bab03c462e153d539afaf5deeb77
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libapr0-2.0.48-139.i586.patch.rpm
      b3e42a5dbbd6b68052bb09482204725c
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-leader-2.0.48-139.i586.patch.rpm
      ba77a1ad221299e6cd413e6bc76a13de
    source rpm(s):
    
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/apache2-2.0.48-139.src.rpm
      f18c560ad459b862730916f79b8bb3b8

    SUSE Linux 8.1:
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apache2-2.0.48-139.i586.rpm
      1c77aab21c333c1e1f3498ae61eac987
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apache2-prefork-2.0.48-139.i586.rpm
      b8b07652ebcb57d588cfaaa6bbb2ac84
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apache2-worker-2.0.48-139.i586.rpm
      bc71f335963a9fdf52adf6d99a93d69d
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apr-2.0.48-139.i586.rpm
      48df09d3a351cf7f5a718e71e48aa33e
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apache2-perchild-2.0.48-139.i586.rpm
      68d781d4efe000a6a5ad5c7aeebbaccf
    patch rpm(s):
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apache2-2.0.48-139.i586.patch.rpm
      dddd28b031ebdcee9e7c184db14a8318
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apache2-prefork-2.0.48-139.i586.patch.rpm
      fa6ac0a41463bd39856e54c0b1763ebb
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apache2-worker-2.0.48-139.i586.patch.rpm
      d9704298ea9e359edccf824cc525f0e7
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apr-2.0.48-139.i586.patch.rpm
      afc83912677b81ce2ec47eb94a401bff
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/apache2-perchild-2.0.48-139.i586.patch.rpm
      28929bae30f7789f1945c457ba12bf9b
    source rpm(s):
    
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/apache2-2.0.48-139.src.rpm
      0132de4f1d42009a6ef81ddb2b5fc55e




    x86-64 Platform:

    SUSE Linux 9.1:
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.14.x86_64.rpm
      9e0f9899d4f9e5bb64bdb09e0bec316e
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.0.49-27.14.x86_64.rpm
      2c4ea232129aa2e1589b528b39ba4727
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0.49-27.14.x86_64.rpm
      80d8e4d121c34d250793427050d4d0d0
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.14.x86_64.rpm
      7b0fb31d24bde01c46f4b361c23e208c
    patch rpm(s):
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.14.x86_64.patch.rpm
      8acab2f576039bd291d94012d1658568
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.0.49-27.14.x86_64.patch.rpm
      f1fe28267d4e49bcbeaf3207b2ce28a6
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0.49-27.14.x86_64.patch.rpm
      154f87e3acb64512c415828a866810d7
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.14.x86_64.patch.rpm
      8a6bb234f6e467f0c620c1edcd34efa0
    source rpm(s):
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/apache2-2.0.49-27.14.src.rpm
      55f7b18ef66d6db039936a811906cb86

    SUSE Linux 9.0:
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-139.x86_64.rpm
      023e3977f7c6cad342b112a98a784934
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.0.48-139.x86_64.rpm
      8bd2e882f197d842484c520e94921545
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0.48-139.x86_64.rpm
      254aa465d3477520b799e58e8540b72d
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-139.x86_64.rpm
      d2f3fdcbf23c0795e945792be8e30fb5
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0.48-139.x86_64.rpm
      af40e228c3967470c45b3a56fee5b18b
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2.0.48-139.x86_64.rpm
      8454ccf5f9e799e66507386ee3c6d516
    patch rpm(s):
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-139.x86_64.patch.rpm
      673aac30385aef7e15d65f3d8c2d3e4e
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.0.48-139.x86_64.patch.rpm
      37ec566cc3511ca9a6c7e23f24bed85a
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0.48-139.x86_64.patch.rpm
      1eab9effa42d4d0c54e9bc618f4b97fa
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-139.x86_64.patch.rpm
      d71304c7e348686cd279c9629c17a087
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0.48-139.x86_64.patch.rpm
      51b69ec124cfd5d08cf73e77c73271f2
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2.0.48-139.x86_64.patch.rpm
      1e9168aaaf5b204235635513e1f4c22f
    source rpm(s):
    
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/apache2-2.0.48-139.src.rpm
      fee40db2840b32cdd6af4c77f6a1b3cc

______________________________________________________________________________

5)  Pending vulnerabilities in SUSE Distributions and Workarounds:

     - samba
     This version fixes several bugs in the Samba suite including two
     denial-of-service (DoS) Vulnerabilities.
     Microsoft Windows XP clients with installed Service Pack 2 crash the
     Samba (smbd) process while printing.
     Using macros in the smb.conf 'log file' statement might lead to an
     infinite recursion.
     A wrong counter and pointer handling in samba-vscan leads to a crash
     of the Samba (smbd) process sometimes.
     A DoS bug in smbd may allow an unauthenticated user to cause smbd to
     spawn new processes, each one entering an infinite loop.  After sending
     a sufficient amount of packets it is possible to exhaust the memory
     resources on the server. This issue is known as CAN-2004-0807.
     A DoS bug in nmbd may allow an attacker to remotely crash the nmbd
     daemon. This issue is known as CAN-2004-0808.
     New packages are available on our FTP servers.

     - a2ps
     This update fixes the handling of filenames that include shell meta-
     characters. Without this patch it was possible to execute shell
     commands via a2ps by providing a filename that includes meta-
     characters as an argument.
     New packages are available on our FTP servers.

     - mozilla
     We are in the process of releasing updates for mozilla (and related
     browsers), fixing various issues: CAN-2004-0597, CAN-2004-0718,
     CAN-2004-0722, CAN-2004-0757, CAN-2004-0758, CAN-2004-0759, CAN-2004-
     0760, CAN-2004-0761, CAN-2004-0762, CAN-2004-0763, CAN-2004-0764 and
     CAN-2004-0765.
     We will give you concrete details in a separate mozilla advisory when
     the updates are available.

     - mc
     The console filesystem browser mc was found vulnerable to various
     meta-char attacks in the extfs perl and shell scripts. These bugs
     can be exploited by providing a malformed archive file to a victim
     user to execute shell commands with her/his privileges.
     (CAN-2004-0494)
     New packages will be available soon.

     - squid
     Certain malformed NTLMSSP packets can crash the NTLM helpers
     provided by Squid (CAN-2004-0832).
     New packages will be available soon.

     - gtk2
     This update fixes three vulnerabilities found in the XPM loader code
     of the GTK Library. They are registered as:
       + CAN-2004-0782 Heap-based overflow in pixbuf_create_from_xpm
       + CAN-2004-0783 Stack-based overflow in xpm_extract_color
       + CAN-2004-0788 icon loader integer overflow.
     New packages will be available soon.

     - gaim
     This security update fixes four security issues which are registered as:
       + CAN-2004-0754
         An integer overflow in the groupware message handler exists in Gaim.
       + CAN-2004-0784
         A shell escape vulnerability in the handling of smiley theme tar-
         ball filenames could lead to arbitrary command execution.
       + CAN-2004-0785
         Buffer overflows in Gaim could lead to a denial of service or
         arbitrary code execution.
     Additionally a buffer overflow in the URL parsing code of gaim is fixed.
     This bug let to remote system compromise with the privileges of the user
     running gaim.

     - nessus
     The nessus-adduser creates temporary files in $TMPDIR in an insecure
     manner.
     New packages will be available soon.

______________________________________________________________________________

6)  standard appendix: authenticity verification, additional information

  - Package authenticity verification:

    SUSE update packages are available on many mirror ftp servers all over
    the world. While this service is being considered valuable and important
    to the free and open source software community, many users wish to be
    sure about the origin of the package and its content before installing
    the package. There are two verification methods that can be used
    independently from each other to prove the authenticity of a downloaded
    file or rpm package:
    1) md5sums as provided in the (cryptographically signed) announcement.
    2) using the internal gpg signatures of the rpm package.

    1) execute the command
        md5sum <name-of-the-file.rpm>
       after you downloaded the file from a SUSE ftp server or its mirrors.
       Then, compare the resulting md5sum with the one that is listed in the
       announcement. Since the announcement containing the checksums is
       cryptographically signed (usually using the key security@xxxxxxx),
       the checksums show proof of the authenticity of the package.
       We disrecommend to subscribe to security lists which cause the
       email message containing the announcement to be modified so that
       the signature does not match after transport through the mailing
       list software.
       Downsides: You must be able to verify the authenticity of the
       announcement in the first place. If RPM packages are being rebuilt
       and a new version of a package is published on the ftp server, all
       md5 sums for the files are useless.

    2) rpm package signatures provide an easy way to verify the authenticity
       of an rpm package. Use the command
        rpm -v --checksig <file.rpm>
       to verify the signature of the package, where <file.rpm> is the
       filename of the rpm package that you have downloaded. Of course,
       package authenticity verification can only target an un-installed rpm
       package file.
       Prerequisites:
        a) gpg is installed
        b) The package is signed using a certain key. The public part of this
           key must be installed by the gpg program in the directory
           ~/.gnupg/ under the user's home directory who performs the
           signature verification (usually root). You can import the key
           that is used by SUSE in rpm packages for SUSE Linux by saving
           this announcement to a file ("announcement.txt") and
           running the command (do "su -" to be root):
            gpg --batch; gpg < announcement.txt | gpg --import
           SUSE Linux distributions version 7.1 and thereafter install the
           key "build@xxxxxxx" upon installation or upgrade, provided that
           the package gpg is installed. The file containing the public key
           is placed at the top-level directory of the first CD (pubring.gpg)
           and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .


  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@xxxxxxxx
        -   general/linux/SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@xxxxxxxx>.

    suse-security-announce@xxxxxxxx
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@xxxxxxxx>.

    For general information or the frequently asked questions (faq) 
    send mail to:
        <suse-security-info@xxxxxxxx> or
        <suse-security-faq@xxxxxxxx> respectively.

    =====================================================================
    SUSE's security contact is <security@xxxxxxxx> or <security@xxxxxxx>.
    The <security@xxxxxxx> public key is listed below.
    =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way. In particular,
    it is desired that the clear-text signature shows proof of the
    authenticity of the text.
    SUSE Linux AG makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.

Type Bits/KeyID    Date       User ID
pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@xxxxxxx>
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@xxxxxxx>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQUhPVney5gA9JdPZAQF85wf+JEHfkhiB6DfDs9ngTDW02Og+I/4sRVs0
j3bRhnNkHnjd/01Dc1l4yXHMtb1hyaf+fWUv1aLT1NvscVbmvlSBNwA6bLWnXwxe
EohAPPl4rWoGlQy1WaQN3nHDTfPdoAtVTv5VTIYQDtJmoopQN29jl4CeIy5exHdF
mPRrV1pdep1eLrMysRYYiR8wjf6PBHfUX/vgjxnRSfBO8OrEICRajHqpop2hm3zz
XbCtYWcNKH5UsCtUyNHjCCdrsHgdacNqNoXZQqLkmtIT6LDVTf+M8GLeBLcNceJN
TxflOAiWetOj2nlJ3yOGc+R//vOC4U3ugKDnls/cRrW84MNISJrkjw==
=U3fZ
-----END PGP SIGNATURE-----