SuSE: 'mod_php' Multiple remote vulnerabilities

    Date28 Feb 2002
    CategorySuSE
    2658
    Posted ByLinuxSecurity Advisories
    Multiple critical remote vulnerabilities exist in several versions of PHP. Several flaws in the way PHP handles multipart/form-data POST requests have been found.
    
    ______________________________________________________________________________
    
                            SuSE Security Announcement
    
            Package:                mod_php, mod_php4
            Announcement-ID:        SuSE-SA:2002:007
            Date:                   Thursday, Feb 28th 2002 22:00 MET
            Affected SuSE products: SuSE Linux 6.4, 7.0, 7.1, 7.2, 7.3,
                                    SuSE Linux Connectivity Server,
                                    SuSE Linux Enterprise Server 7
            Vulnerability Type:     remote command execution
            Severity (1-10):        7
            SuSE default package:   no
            Other affected systems: systems running php modules in their webservers
    
        Content of this advisory:
            1) security vulnerability resolved: mod_php, mod_php4
               problem description, discussion, solution and upgrade information
            2) pending vulnerabilities, solutions, workarounds
            3) standard appendix (further information)
    
    ______________________________________________________________________________
    
    1)  problem description, brief discussion, solution, upgrade information
    
        The e-matters team have found multiple remotely exploitable vulnerabilites
        in the source code responsible for file upload in the apache modules
        mod_php and mod_php4 (versions 3 and 4). The weakness can be used to have
        the webserver execute arbitrary code as supplied by the attacker.
    
        A temporary workaround against the problem is to disable the file-upload
        support using the file_uploads directive in the php.ini file.
    
        SuSE Linux versions from 6.4 through 7.1 contained mod_php in versions 3,
        in addition to php4. Starting with SuSE Linux 7.2, all SuSE products do
        not contain the php-3 package any more. We provide fixed packages for both
        major versions of mod_php. We recommend to install the upgrade packages
        as a permanent solution for the problem.
    
        SuSE Linux versions 7.1 and 7.2 contained a mod_php4 package for the roxen
        http server. If you use the roxen webserver, you should use this package.
    
        SuSE Linux starting with versions 7.2 have a package called mod_php4-core.
        This package is required for the update of mod_php4 - by consequence,
        you can specify both package filenames in the rpm upgrade command after
        having downloaded the RPM package files.
    
    
        To find out which packages to download and install, use the following
        command:
    
                  rpm -qa | grep php
    
        Select the packages to download according to the output of the command
        above and verify their integrity by the methods listed in section 3) of
        this announcement.
        Then, install the package(s) using the command "rpm -Fhv file.rpm" to
        apply the update. To circumvent problems with package versions depending
        on each other, specify all package filenames that you downloaded on
        the commandline of the rpm command. Example: "rpm -Fhv f1.rpm f2.rpm".
    
        Our maintenance customers are kindly requested to await the arrival of
        the packages on the maintenance web while these packages are currently
        going through extensive testing. The packages will be available tomorrow
        March 1st. Please use the temporary workaround as described above in the
        meanwhile.
    
    
        SPECIAL INSTALL INSTRUCTIONS:
        ==============================
        After applying the update, the apache webserver should be restarted for
        the update to become effective. To do this, execute the following command
        as root:
            rcapache restart
    
    
        i386 Intel Platform:
    
        SuSE-7.3
         ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/mod_php4-core-4.0.6-148.i386.rpm
          57759036006c6e58de18c3aeb45c6026
         ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/mod_php4-4.0.6-148.i386.rpm
          bf67ea0eae3fad49269513dafb1e9dc6
         ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/mod_php4-servlet-4.0.6-148.i386.rpm
          dfa7414ff43580b499db2e1058f8f433
         ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/mod_php4-aolserver-4.0.6-148.i386.rpm
          70734055745db12cd073696801bb483c
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/mod_php4-4.0.6-148.src.rpm
          49c999b10542dfca7ef3fa6db821324a
    
        SuSE-7.2
         ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/mod_php4-core-4.0.6-147.i386.rpm
          2aeb974641c749688085073abb172022
         ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/mod_php4-4.0.6-147.i386.rpm
          dce52a783db7e05e672668797ce8df86
         ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/mod_php4-roxen-4.0.6-147.i386.rpm
          ca56dc95c22e05e01ab80fdf20667ff2
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/mod_php4-4.0.6-147.src.rpm
          3bf6894b0ad0d99d895f64383bd0d989
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/mod_php-3.0.17RC1-54.i386.rpm
          1e700627bf7f4beffc8ddd2d561a8eb8
         ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/mod_php4-4.0.4pl1-126.i386.rpm
          ad8683f3499b9a94ddf04cb98d937a9c
         ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/mod_php4-roxen-4.0.4pl1-126.i386.rpm
          5607ebeaae4c6968cc2a303934aa525c
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/mod_php-3.0.17RC1-54.src.rpm
          a8b213fad528434fd0a76ecd6f64efd9
         ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/mod_php4-4.0.4pl1-126.src.rpm
          59c902cc181460e76c87d79389ed2ae1
    
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/mod_php-3.0.17RC1-54.i386.rpm
          384ec69cf57d82d879e459369abe0f30
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/mod_php4-4.0.4pl1-126.i386.rpm
          0b8066c5c6708c3591cde686fa0ebd0d
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/mod_php-3.0.17RC1-54.src.rpm
          3a1181820dc0aea8a412ffe78910f939
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/mod_php4-4.0.4pl1-126.src.rpm
          2236e35cc9d05518f141bb1e1dfcbfa4
    
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/mod_php-3.0.16-79.i386.rpm
          7ed2b7d7df87e243f16d4601fc86ff79
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/mod_php4-4.0.3pl1-27.i386.rpm
          e2d7209f030de57068e8a8137df7fa8b
        source rpm:
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/mod_php-3.0.16-79.src.rpm
          f191f6a589cd2f48db315eb13b04905d
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/mod_php4-4.0.3pl1-27.src.rpm
          f000bd6f629cd3ca1eb1674915bc5e68
    
    
    
        Sparc Platform:
    
        SuSE-7.3
         ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/mod_php4-core-4.0.6-58.sparc.rpm
          0e5651dd6388128becbca8253c20c7db
         ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/mod_php4-4.0.6-58.sparc.rpm
          549d42a54c8c7a2248e88020f9462bf1
         ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/mod_php4-servlet-4.0.6-58.sparc.rpm
          852e01eea835b08c6a60d749ba7a83fc
         ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n3/mod_php4-aolserver-4.0.6-58.sparc.rpm
          0902ffbf72ab0185513169b206c9eb2c
        source rpm:
         ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/mod_php4-4.0.6-58.src.rpm
          74ca2271fe120a72b5a8c19ee1c3c91d
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/mod_php4-4.0.4pl1-37.sparc.rpm
          9b4be03a0d859f8e20e135b01cd2bdd6
         ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/mod_php4-roxen-4.0.4pl1-37.sparc.rpm
          0f47c53ad5aa143858b384dbd34f6731
        source rpm:
         ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/mod_php4-4.0.4pl1-37.src.rpm
          7265b855b566de06fe75548b3e95922c
    
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/mod_php-3.0.17RC1-47.sparc.rpm
          14c13b4c207039010216e847823c2eed
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/mod_php4-4.0.4pl1-37.sparc.rpm
          2eb8e2bc19bebabfaaf37581fd45ad7b
        source rpm:
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/mod_php-3.0.17RC1-47.src.rpm
          c9b771b7166a1bd580ef6c046322329d
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/mod_php4-4.0.4pl1-37.src.rpm
          7a19250c19bec86b08eb4d8a23418459
    
    
    
    
        AXP Alpha Platform:
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/mod_php-3.0.17RC1-65.alpha.rpm
          6f7a7f8df47ee6ac2421667f7db7264d
         ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/mod_php4-4.0.4pl1-44.alpha.rpm
          ac77382743cb67c39293a51cfd9e00b4
         ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/mod_php4-roxen-4.0.4pl1-44.alpha.rpm
          9a84772b00b35577a9e1acf1e1ccf38f
        source rpm:
         ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/mod_php-3.0.17RC1-65.src.rpm
          4ef545e1921b8187f7c85bb759534196
         ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/mod_php4-4.0.4pl1-44.src.rpm
          3f6ae603df3a5bab9aef46f99f8e61ce
    
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/mod_php-3.0.17RC1-65.alpha.rpm
          470bc80f7964b7ad9b92340d4622a9c4
         ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/mod_php4-4.0.4pl1-44.alpha.rpm
          52990c4e82ef33ff2f16589b3cfee842
        source rpm:
         ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/mod_php-3.0.17RC1-65.src.rpm
          13b465f51631bf2fde0b3e4473773779
         ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/mod_php4-4.0.4pl1-44.src.rpm
          fa2305309b645a799308a359d1e5b3c9
    
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/mod_php-3.0.16-18.alpha.rpm
          4b4bb55d4fd2702ad53825c09cdbf319
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/mod_php4-4.0.3pl1-16.alpha.rpm
          d6938494ab74b8ee1436f82ea8f175de
        source rpm:
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/mod_php-3.0.16-18.src.rpm
          985240424ec682de27167a01d98f4c25
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/mod_php4-4.0.3pl1-16.src.rpm
          717466aae064d608c25b9a46e34dbce4
    
    
    
    
        PPC Power PC Platform:
    
        SuSE-7.3
         ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/mod_php4-core-4.0.6-87.ppc.rpm
          3f7efc1ae5a0fa851da916d1cf26bc42
         ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/mod_php4-4.0.6-87.ppc.rpm
          4097f6214718d1c332a6ac8e08228009
         ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/mod_php4-servlet-4.0.6-87.ppc.rpm
          41fa3215ff4d52cf05522b6fff232d79
         ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n3/mod_php4-aolserver-4.0.6-87.ppc.rpm
          d0e5d095ae725fe170661006b5c62e86
        source rpm:
         ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/mod_php4-4.0.6-87.src.rpm
          56af75e705fb13b6bc23acbecbbc886f
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/mod_php4-4.0.4pl1-36.ppc.rpm
          ce51eec29604063b2a50b72ae055981b
         ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/mod_php4-roxen-4.0.4pl1-36.ppc.rpm
          a129e7670f7405716bb1a7a10a231f59
        source rpm:
         ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/mod_php4-4.0.4pl1-36.src.rpm
          8783a6fcdfe3da9d48cdcf78ee964760
    
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/mod_php-3.0.17RC1-31.ppc.rpm
          81580d598dfe9418251d98378da859ac
         ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/mod_php4-4.0.4pl1-36.ppc.rpm
          7b5838375100e20c81aa9a1e553bf0ed
        source rpm:
         ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/mod_php-3.0.17RC1-31.src.rpm
          f4b44b67fe6e57dca79f591f21acfcde
         ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/mod_php4-4.0.4pl1-36.src.rpm
          42cdb0304ea6f7ddbfc1ac6a52600316
    
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/mod_php-3.0.16-82.ppc.rpm
          faed7151496289390205b2fb446a2c46
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/mod_php4-4.0.3pl1-20.ppc.rpm
          c26feb6b96e4f4463b5e3d80cd0e9b0a
        source rpm:
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/mod_php-3.0.16-82.src.rpm
          1dcfe695bf1eadd644284731a1a3b7b1
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/mod_php4-4.0.3pl1-20.src.rpm
          4d67007f9f33d07a061242e822d13dd4
    
    ______________________________________________________________________________
    
    2)  Pending vulnerabilities in SuSE Distributions and Workarounds:
    
      - correction:
        In our last security announcement SuSE-SA:2002:006 (cups), it is advised
        to restart a running instance of cupsd after performing the rpm update
        command to make the package upgrade effective (similar to apache in this
        announcement). The correct command to accomplish a restart of the cups
        daemon is "rccups restart".
    
    
      - squid (squid2, squid23, squid-beta packages)
        Malformed  ftp:// style URLs are not treated safely in all squid
        packages. Our packages are available for most architectures and
        distributions from our ftp server at the usual location, but the security
        announcement is waiting for the last packages to complete building and
        testing.
    
    
      - ucdsnmpd
        The UCD snmpd contains a variety of security related bugs.
        The SuSE Security Team have been reviewing the code and the available
        fixes to ensure that all problems get fixed. The update packages are
        available at the usual location, but the security announcement is
        waiting for the last packages to complete building and testing.
        Regardless of whether you use the fixed or the unfixed packages, it is
        it is strongly recommended to filter SNMP (TCP and UDP packets with
        destination to port 161) traffic on your inbound router(s).
    
    
      - ssh/openssh
        Rumours are spreading that there is a new security breach in
        implementations of secure shell (ssh). The two implementations shipped
        with SuSE products have been fixed to our best knowlege, and we are not
        aware of any security holes in these packages.
        SuSE Security are investigating this issue and will report any
        vulnerability found through our announcement list
        This email address is being protected from spambots. You need JavaScript enabled to view it. (subscription information in section 3
        of this security announcement).
    
    ______________________________________________________________________________
    
    3)  standard appendix: authenticity verification, additional information
    
      - Package authenticity verification:
    
        SuSE update packages are available on many mirror ftp servers all over
        the world. While this service is being considered valuable and important
        to the free and open source software community, many users wish to be
        sure about the origin of the package and its content before installing
        the package. There are two verification methods that can be used
        independently from each other to prove the authenticity of a downloaded
        file or rpm package:
        1) md5sums as provided in the (cryptographically signed) announcement.
        2) using the internal gpg signatures of the rpm package.
    
        1) execute the command
            md5sum 
           after you downloaded the file from a SuSE ftp server or its mirrors.
           Then, compare the resulting md5sum with the one that is listed in the
           announcement. Since the announcement containing the checksums is
           cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it.),
           the checksums show proof of the authenticity of the package.
           We disrecommend to subscribe to security lists which cause the
           email message containing the announcement to be modified so that
           the signature does not match after transport through the mailing
           list software.
           Downsides: You must be able to verify the authenticity of the
           announcement in the first place. If RPM packages are being rebuilt
           and a new version of a package is published on the ftp server, all
           md5 sums for the files are useless.
    
        2) rpm package signatures provide an easy way to verify the authenticity
           of an rpm package. Use the command
            rpm -v --checksig 
           to verify the signature of the package, where  is the
           filename of the rpm package that you have downloaded. Of course,
           package authenticity verification can only target an uninstalled rpm
           package file.
           Prerequisites:
            a) gpg is installed
            b) The package is signed using a certain key. The public part of this
               key must be installed by the gpg program in the directory
               ~/.gnupg/ under the user's home directory who performs the
               signature verification (usually root). You can import the key
               that is used by SuSE in rpm packages for SuSE Linux by saving
               this announcement to a file ("announcement.txt") and
               running the command (do "su -" to be root):
                gpg --batch; gpg < announcement.txt | gpg --import
               SuSE Linux distributions version 7.1 and thereafter install the
               key "This email address is being protected from spambots. You need JavaScript enabled to view it." upon installation or upgrade, provided that
               the package gpg is installed. The file containing the public key
               is placed at the toplevel directory of the first CD (pubring.gpg)
               and at  ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
    
    
      - SuSE runs two security mailing lists to which any interested party may
        subscribe:
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   general/linux/SuSE security discussion.
                All SuSE security announcements are sent to this list.
                To subscribe, send an email to
                    <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   SuSE's announce-only mailing list.
                Only SuSE's security annoucements are sent to this list.
                To subscribe, send an email to
                    <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
    
        For general information or the frequently asked questions (faq)
        send mail to:
            <This email address is being protected from spambots. You need JavaScript enabled to view it.> or
            <This email address is being protected from spambots. You need JavaScript enabled to view it.> respectively.
    
        =====================================================================
        SuSE's security contact is <This email address is being protected from spambots. You need JavaScript enabled to view it.> or <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
        The <This email address is being protected from spambots. You need JavaScript enabled to view it.> public key is listed below.
        =====================================================================
    ______________________________________________________________________________
    
        The information in this advisory may be distributed or reproduced,
        provided that the advisory is not modified in any way. In particular,
        it is desired that the cleartext signature shows proof of the
        authenticity of the text.
        SuSE GmbH makes no warranties of any kind whatsoever with respect
        to the information contained in this security advisory.
    
    Type Bits/KeyID    Date       User ID
    pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <This email address is being protected from spambots. You need JavaScript enabled to view it.>
    pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <This email address is being protected from spambots. You need JavaScript enabled to view it.>
    
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see  http://www.gnupg.org
    
    mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
    4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
    M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
    QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
    XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
    D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
    G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
    CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
    myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
    YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
    wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
    NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
    QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
    LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
    XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
    D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
    0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
    1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
    cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
    ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
    AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
    Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
    HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
    t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
    tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
    523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
    2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
    QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
    JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
    1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
    ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
    wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
    EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
    0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
    CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
    SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
    omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
    A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
    /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
    GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
    ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
    ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
    RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
    8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
    B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
    11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
    8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
    qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
    WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
    hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
    BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
    AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
    RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
    zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
    /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
    whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
    D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
    dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
    RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
    DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
    =LRKC
    -----END PGP PUBLIC KEY BLOCK-----
    
    
    Roman Drahtmüller,
    SuSE Security.
    --
     -                                                                      -
    | Roman Drahtmüller      <This email address is being protected from spambots. You need JavaScript enabled to view it.> // "You don't need eyes to see, |
      SuSE GmbH - Security           Phone: //             you need vision!"
    | Nürnberg, Germany     +49-911-740530 //           Maxi Jazz, Faithless |
     -                                                                      -
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.