From owner-freebsd-announce@FreeBSD.ORG Tue Oct 21 21:12:33 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 90C07989; Tue, 21 Oct 2014 21:12:33 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 396469D5; Tue, 21 Oct 2014 21:12:33 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id CB67BA12B; Tue, 21 Oct 2014 21:12:31 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id E6E2D5471; Tue, 21 Oct 2014 23:12:19 +0200 (CEST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20141021211219.E6E2D5471@nine.des.no> Date: Tue, 21 Oct 2014 23:12:19 +0200 (CEST) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:22.namei X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2014 21:12:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:22.namei Security Advisory The FreeBSD Project Topic: memory leak in sandboxed namei lookup Category: core Module: kernel Announced: 2014-10-21 Credits: Mateusz Guzik Affects: FreeBSD 9.1 and later. Corrected: 2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) CVE Name: CVE-2014-3711 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The namei kernel facility is responsible for performing and caching translations from path names to file system objects (vnodes). Capsicum is a lightweight capability and sandbox framework using a hybrid capability system model. It is often used to create sandboxes for applications that process data from untrusted sources. II. Problem Description The namei facility will leak a small amount of kernel memory every time a sandboxed process looks up a nonexistent path name. III. Impact A remote attacker that can cause a sandboxed process (for instance, a web server) to look up a large number of nonexistent path names can cause memory exhaustion. IV. Workaround Systems that do not have Capsicum enabled or do not run services that use Capsicum are not vulnerable. On systems that have Capsicum compiled into the kernel, it can be disabled by executing the following command as root: # sysctl kern.features.security_capabilities=0 Services that use Capsicum are usually able to run without it, albeit with reduced security. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.x] # fetch http://security.FreeBSD.org/patches/SA-14:22/namei-9.patch # fetch http://security.FreeBSD.org/patches/SA-14:22/namei-9.patch.asc # gpg --verify namei-9.patch.asc [FreeBSD 10.x] # fetch http://security.FreeBSD.org/patches/SA-14:22/namei-10.patch # fetch http://security.FreeBSD.org/patches/SA-14:22/namei-10.patch.asc # gpg --verify namei-10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r273412 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273411 releng/10.0/ r273415 releng/10.1/ r273414 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJURsStAAoJEO1n7NZdz2rnoMoQAIuqKpDLi+sGXnWUQeYGPEZH OqwkK9ZbvEiNDAeol03FvxfTg8LzI4OtzkceFDy7KWUTNUN3HnGq1MhFLo+s5r7x KtJVIzKgitZVh/1ikr6+DObpuwVHQfdKws6NKqCssqOknDIcNhNG97B1wl/QwnDX 3/BmAWFYaf6+AG0+vQhxUBTuP9keu8DlpBJ4eEbhRqVCSuo6enJ4uTQXOet7lEOR loGqhuMJB265qi2e/vkcnXnOrd6eGQ9vkVJTS0jKmKF3VG8HTcUmUvwLAGeqmTuV LIJVpSaFgDX7BuG0tUhwmtmql4+ROU6tyHVWBAmVcSNTRgy9L/It/BdG0slNdVVq 2OG0ApKCQIukfK6xtz7adgxRYvClzVZZmyjEPzu0MGs/imdEpfgsUap9yrPhHyoe KM98VaKtzz2e09KxoAxAezgioDCv5rLZnaX8IqBlFft3BvfPP7TPbKrPvvmETu4P /4nthuEFE4jl9xyVINaHdKW9gVAOP44OAj+HlxvNxn4llkrA2v4Zbc3mjukK0ZEx OKz++lf7SmfTPI1lD+oN6FJRWEkK0YnVytsw8taHYlqDYdxaL+OB60B+Ko2JoqpL AROBT2tp9j/NsG46CgDFqA7oV5JWe/Kk67VrkOs8BL6nplKVD9M5m4XDyakn9wkk PA3J/dN5bSd7VIxYExZD =MO7y -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Oct 21 21:12:34 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B4C50993; Tue, 21 Oct 2014 21:12:34 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 4A08A9DF; Tue, 21 Oct 2014 21:12:34 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 07D4FA12F; Tue, 21 Oct 2014 21:12:32 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 117495478; Tue, 21 Oct 2014 23:12:20 +0200 (CEST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20141021211220.117495478@nine.des.no> Date: Tue, 21 Oct 2014 23:12:20 +0200 (CEST) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:23.openssl X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2014 21:12:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:23.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2014-10-21 Affects: All supported versions of FreeBSD. Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. [CVE-2014-3513]. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. [CVE-2014-3567]. The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566]. OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568]. III. Impact A remote attacker can cause Denial of Service with OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. [CVE-2014-3513] By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567]. An active man-in-the-middle attacker can force a protocol downgrade to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data from the connection. [CVE-2014-3566] [CVE-2014-3568] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch # fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc # gpg --verify openssl-10.0.patch.asc [FreeBSD 9.3] # fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch # fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc # gpg --verify openssl-9.3.patch.asc [FreeBSD 8.4, 9.1 and 9.2] # fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch # fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc # gpg --verify openssl-8.4.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r273151 releng/8.4/ r273416 stable/9/ r273151 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273149 releng/10.0/ r273415 releng/10.1/ r273399 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08 Ep35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+ RQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T Nn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu zWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G Lk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG o631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx 9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0 nKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh 89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk ov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU cZ84y1sCp0qHtTqKuak9 =ywze -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Oct 21 21:12:33 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9938B98B; Tue, 21 Oct 2014 21:12:33 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 3D6529D7; Tue, 21 Oct 2014 21:12:33 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id ADAECA126; Tue, 21 Oct 2014 21:12:31 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id BA6165465; Tue, 21 Oct 2014 23:12:19 +0200 (CEST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20141021211219.BA6165465@nine.des.no> Date: Tue, 21 Oct 2014 23:12:19 +0200 (CEST) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:21.routed X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2014 21:12:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:21.routed Security Advisory The FreeBSD Project Topic: routed(8) remote denial of service vulnerability Category: core Module: routed Announced: 2014-10-21 Credits: Hiroki Sato Affects: All supported versions of FreeBSD. Corrected: 2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-21 20:20:26 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3955 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The routing information protocol (RIP) is an older routing protocol which, while not as capable as more recent protocols such as OSPF and BGP, is sometimes preferred for its simplicity and therefore still used as an interior gateway protocol on smaller networks. Routers in a RIP network periodically broadcast their routing table on all enabled interfaces. Neighboring routers and hosts receive these broadcasts and update their routing tables accordingly. The routed(8) daemon is a RIP implementation for FreeBSD. The rtquery(8) utility can be used to send a RIP query to a router and display the result without updating the routing table. II. Problem Description The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. III. Impact Upon receipt of a query from a source which is not on a directly connected network, routed(8) will trigger an assertion and terminate. The affected system's routing table will no longer be updated. If the affected system is a router, its routes will eventually expire from other routers' routing tables, and its networks will no longer be reachable unless they are also connected to another router. IV. Workaround Use a packet filter such as pf(4) or ipfw(4) to block incoming UDP packets with destination port 520 that did not originate on the same subnet as the destination address. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:21/routed.patch # fetch http://security.FreeBSD.org/patches/SA-14:21/routed.patch.asc # gpg --verify routed.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/routed.patch c) Recompile routed. Execute the following commands as root: # cd /usr/src/sbin/routed # make && make install 4) Restart the affected service To restart the affected service after updating the system, either reboot the system or execute the following command as root: # service routed restart VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r273413 releng/8.4/ r273416 stable/9/ r273412 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r272872 releng/10.0/ r273415 releng/10.1/ r273414 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJURsSrAAoJEO1n7NZdz2rneOIQAIXaYGwNAYmVFUqa/YOtxSlQ l1ETThsuHxuDUrlkHD82uZu6yJi+HdGz1R2xBLYlxpwk/4GO3D/IdUZI0w1LgNJs JRHmAikUpCgcMh0QfyoHD9KSp3wPiQJ9Cmp6ajrjsdIdjrNbFwczoaWHHQ1MyRwp kv9OEC7t9rJkZRMuCjrSvGTQVqHFixoZUdJV42a2PNYTyWZmwE33GJ+Zgv/59mPw bzGTTI3RTuj1WUJp4MmYV3Eb8y8SnM6szUs4Wlul/uVGfEI3dXYYo3iAHQNHWpAR sUaqoVI16P5x952I9PbMA/J5wq/Nm2bVwEAsJN9NE/KPMdD1I4QzvyAlNRFCro8S C7qS4a0X75nQ+pehRqPVDdnvJbkxfdgsWP+jwVZ4e0244DQfiKWTKTd+If/cPHa8 T0z1uZ4xE/BQ0DpJiu9r/ndcm5ych6TbIkNXmGI05jQPntvSYQzhyUTEp2Rmq3IX rmre4CHWrTYT7/niTJonieErmtGDe5LrUyP2Odv13euKEsCIbSOPVnDFFhAwsAjJ zu2Tm+BPXh0lXHuq/tQ+L5lWv1uoMi9hkLxh6zhFaX4li15sS5tR+GeBXmd9h2Wp +iT5hvgxfnQPZI3Ey932J20+7LMULlkr2aV2h5NcvroolnQIehj12z0IQBelFsXN wtFPveXqXWUfV8WVNBJ1 =uHh+ -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Oct 21 21:12:33 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BA31D98D; Tue, 21 Oct 2014 21:12:33 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 3F8499D8; Tue, 21 Oct 2014 21:12:33 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 95911A124; Tue, 21 Oct 2014 21:12:31 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id A80CC5461; Tue, 21 Oct 2014 23:12:19 +0200 (CEST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20141021211219.A80CC5461@nine.des.no> Date: Tue, 21 Oct 2014 23:12:19 +0200 (CEST) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2014 21:12:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:20.rtsold Security Advisory The FreeBSD Project Topic: rtsold(8) remote buffer overflow vulnerability Category: core Module: rtsold Announced: 2014-10-21 Credits: Florian Obser, Hiroki Sato Affects: FreeBSD 9.1 and later. Corrected: 2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) CVE Name: CVE-2014-3954 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background As part of the stateless addess autoconfiguration (SLAAC) mechanism, IPv6 routers periodically broadcast router advertisement messages on attached networks to inform hosts of the correct network prefix, router address and MTU, as well as additional network parameters such as the DNS servers (RDNSS), DNS search list (DNSSL) and whether a stateful configuration service is available. Hosts that have recently joined the network can broadcast a router solicitation message to solicit an immediate advertisement instead of waiting for the next periodic advertisement. The router solicitation daemon, rtsold(8), broadcasts router solicitation messages at startup or when the state of an interface changes from passive to active. Incoming router advertisement messages are first processed by the kernel and then passed on to rtsold(8), which handles the DNS and stateful configuration options. II. Problem Description Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8). III. Impact Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised host on the same network, can cause rtsold(8) to crash. While it is theoretically possible to inject code into rtsold(8) through malformed router advertisement messages, it is normally compiled with stack protection enabled, rendering such an attack extremely difficult. When rtsold(8) crashes, the existing DNS configuration will remain in force, and the kernel will continue to receive and process periodic router advertisements. IV. Workaround No workaround is available, but systems that do not run rtsold(8) are not affected. As a general rule, SLAAC should not be used on networks where trusted and untrusted hosts coexist in the same broadcast domain. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:20/rtsold.patch # fetch http://security.FreeBSD.org/patches/SA-14:20/rtsold.patch.asc # gpg --verify rtsold.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/rtsold.patch c) Recompile rtsold. Execute the following commands as root: # cd /usr/src/usr.sbin/rtsold # make && make install 4) Restart the affected service To restart the affected service after updating the system, either reboot the system or execute the following command as root: # service rtsold restart VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r273412 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273411 releng/10.0/ r273415 releng/10.1/ r273414 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJURsSoAAoJEO1n7NZdz2rn5GsP/2y0fUJYVdsZjA4VtUcLFp4Q nhjGO3I4NOXZAj3c+bWwbw/Bmg7juFVXiAdLgcpK8UuTT+0znAkEcGoG+uA9q6K1 PoFjTmXoukIqtu4sd5Gxp74+xVqY41XOuwanHNMiCbvGEbInxoCs3t56C7Ai1/9m DXhDCukNEH9JZv5qUS5L7IcosuQs2l1viU9oUA/hSfVeI9IFKp8SItDthwtLVrXe bgr50oQdCtwR3gx3Dwkg//er3JCsSJ0ixJO0bGGaqnGLPq7gwmJf8zKy10EE2fri AMpUcYMsO+MqhE+PyyuW9MJaPpX+zghZac75UYPh0EckIn8m2p6QGYXcDtZ18qR8 uq4JCk5nDARKuy7kraEuNJgFzNIBN/wVwOSqaF4n43vhmsuiKF9uzePrtEhB7xoN 7vT66EXXkCgiqQrQVJ6IH5LzoUJtYVDZTWLWU66r919qbQzYQFU7uslaGF8rgVIg HZOfEbDto3dvULmbVHkaWiyotKYSKXZROBTKvTOWVs+BX37zQgg4PGuU6CqatB8R Sltg2kxycQXoIm5XiiSL18RTgxEWb+DKfw8e/691EM1/F3XIQVNX11wJpeZwL/sf zE9TtTnmqpIBPGIe7aURgJWwX/iA4ljAqB1t5DmgIQrJMXovMXnAVMIu4L2jy+gY eRy82+SI3pc3thChv2hv =L56U -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Oct 22 21:07:46 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F356194C; Wed, 22 Oct 2014 21:07:45 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DE217260; Wed, 22 Oct 2014 21:07:45 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s9ML7j4U010728; Wed, 22 Oct 2014 21:07:45 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s9ML7jSN010726; Wed, 22 Oct 2014 21:07:45 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 22 Oct 2014 21:07:45 GMT Message-Id: <201410222107.s9ML7jSN010726@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:10.tzdata X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2014 21:07:46 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:10.tzdata Errata Notice The FreeBSD Project Topic: Time zone data file update Category: contrib Module: zoneinfo Announced: 2014-10-22 Affects: All supported versions of FreeBSD prior to FreeBSD 10.1-BETA1 Corrected: 2014-08-29 13:41:21 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 23:52:25 UTC (releng/10.0, 10.0-RELEASE-p11) 2014-08-29 13:27:49 UTC (stable/9, 9.3-STABLE) 2014-10-21 23:50:46 UTC (releng/9.3, 9.3-RELEASE-p4) 2014-10-21 23:52:25 UTC (releng/9.2, 9.2-RELEASE-p14) 2014-10-21 23:52:25 UTC (releng/9.1, 9.1-RELEASE-p21) 2014-08-29 13:26:11 UTC (stable/8, 8.4-STABLE) 2014-10-21 23:52:25 UTC (releng/8.4, 8.4-RELEASE-p18) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The tzsetup(8) program allows the user to specify the default local timezone. Based on the selected timezone, tzsetup(8) copies one of the files from /usr/share/zoneinfo to /etc/localtime. This file actually controls the conversion. II. Problem Description Several changes in Daylight Savings Time happened after previous FreeBSD releases were released that would affect many people who live in different countries. Because of these changes, the data in the zoneinfo files need to be updated, and if the local timezone on the running system is affected, tzsetup(8) needs to be run so the /etc/localtime is updated. III. Impact An incorrect time will be displayed on a system configured to use one of the affected timezones if the /usr/share/zoneinfo and /etc/localtime files are not updated, and all applications on the system that rely on the system time, such as cron(8) and syslog(8), will be affected. IV. Workaround The system administrator can install an updated timezone database from the misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected. Applications that store and display times in Coordinated Universal Time (UTC) are not affected. V. Solution Please note that some third party software, for instance PHP, Ruby, Java and Perl, may be using different zoneinfo data source, in such cases these software has to be updated separately. For software packages that is installed via package collection, they can be upgraded by doing a `pkg upgrade'. Following the instructions in this Errata Notice will update all of the zoneinfo files to be the same as what was released with FreeBSD release. Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.4] # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-8.4.patch # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-8.4.patch.asc # gpg --verify tzdata-8.4.patch.asc [FreeBSD 9.1] # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.1.patch # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.1.patch.asc # gpg --verify tzdata-9.1.patch.asc [FreeBSD 9.2] # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.2.patch # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.2.patch.asc # gpg --verify tzdata-9.2.patch.asc [FreeBSD 9.3] # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.3.patch # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-9.3.patch.asc # gpg --verify tzdata-9.3.patch.asc [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-10.0.patch # fetch http://security.FreeBSD.org/patches/EN-14:10/tzdata-10.0.patch.asc # gpg --verify tzdata-10.0.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all the affected applications and daemons, or reboot the system. 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r270814 releng/8.4/ r273439 stable/9/ r270815 releng/9.1/ r273439 releng/9.2/ r273439 releng/9.3/ r273438 stable/10/ r270817 releng/10.0/ r273439 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:10.tzdata.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0 iQIcBAEBCgAGBQJUSA5BAAoJEO1n7NZdz2rnUusP/ijQW4Dsn4R9rMta1e7ZokhN YR02tSR+CHUYM/ks0AB8s6NYt6VfK7EAeMiIZqM+EK1Sg8RWfG1NsOJ/JR4K9aSk gbkqDUbJ/ACBz8MkKQegpI4wXJIYd5DipajJncN+960HJ2qu7gY7NSQGTjbfvA// MIbNLgxpmVDr3BHFYGYW4Y1dBqIWzrjaBX8aURmqOP6KOZ+x2Y0UeNmjCGifQTqv 2yv2Fw8GnPNQpQu5rlPgL9uLn2YVAsCrhz8CXSvf10gEij1fM+COAqbXhxBMEEjs ZOfUWqtCPL4p/fToiQVsq7g6SzmukxUDbH+kAo4jbZhixGmscPo83sklt3u7++vZ nNV0ascp0hFN+prDPGZ1nVlAhQtUYOY1RX1fQ1d7yWJhVfy+zJUAbglL6C06+oUr QX4YLaS2oD4VqCTqM+cGJEgvF8z4CUGy2wPkRsPxWFslmqAewTpOrcOB+xlFDCjo Rymp1zbusduRm2PAFOaQigtRG7JjW448Q5NkZR+TY5ZlmQLdO55o+x1Sm1FxOGUW o/tFWH5wzmKidGQq2cSG2fXe4lAbo7kPkc+9cCCrF0OQldjbU27fQXQUROmHHZhE mJdBBAH4SOX3nGVsZM79zIwTw3rXcekv0hdPoCkHxJySJZO9bDLpTdEip3hLM4Xq i++VVywJAeUJ752xLXc0 =hb2R -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Oct 22 21:07:50 2014 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0AF619D6; Wed, 22 Oct 2014 21:07:50 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E1453261; Wed, 22 Oct 2014 21:07:49 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s9ML7nVW010741; Wed, 22 Oct 2014 21:07:49 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s9ML7nLC010739; Wed, 22 Oct 2014 21:07:49 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 22 Oct 2014 21:07:49 GMT Message-Id: <201410222107.s9ML7nLC010739@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:11.crypt X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2014 21:07:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-14:11.crypt Errata Notice The FreeBSD Project Topic: crypt(3) default hashing algorithm Category: core Module: libcrypt Announced: 2014-10-22 Affects: FreeBSD 9.3 and FreeBSD 10.0-STABLE after 2014-05-11 and before 2014-10-16. Corrected: 2014-10-13 15:56:47 UTC (stable/10, 10.1-PRERELEASE) 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC3) 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC2-p2) 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC1-p2) 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-BETA3-p2) 2014-10-21 21:09:54 UTC (stable/9, 9.3-STABLE) 2014-10-21 23:50:46 UTC (releng/9.3, 9.3-RELEASE-p4) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The crypt(3) function performs password hashing. Different algorithms of varying strength are available, with older, weaker algorithms being retained for compatibility. The crypt(3) function was originally based on the DES encryption algorithm and generated a 13-character hash from an eight-character password (longer passwords were truncated) and a two-character salt. II. Problem Description In recent FreeBSD releases, the default algorithm for crypt(3) was changed to SHA-512, which generates a much longer hash than the traditional DES-based algorithm. III. Impact Many applications assume that crypt(3) always returns a traditional DES hash, and blindly copy it into a short buffer without bounds checks. This may lead to a variety of undesirable results including, at worst, crashing the application. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch.asc # gpg --verify crypt.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r273425 releng/9.3/ r273438 stable/10/ r273043 releng/10.1/ r273187 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-14:11.crypt.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0 iQIcBAEBCgAGBQJUSAvTAAoJEO1n7NZdz2rnOnsP/0a4Cz7DAc9aW7Ia1aLnGBbZ HDBF7t+LjVj94PnXxhUWWxGgN5KAsYg1TaXw2b68KyrQYQK/X9mG6Qlu8MWjngaL fH3bKPV+h2Fog8Y7nEW0QmW5sd863Uo5NxNyDcXU0m4frk7yo+i6yBHlBq07eWGv 6fqDjLiP8+kLLCkDtu+s4e9NfJcc8XMRxCzEseLVorDU/5eZWUx5Mb5NkJWt6vLf jrPclEEVZrrfsf5zt6MN6ZmwYi85RcW/TwksCT5UzYQeoZlr3BtTsFMqEs8ZYulJ 1kUcml4yV8IstaWm1bq8QMM76zfUHe/OzLbwTcynZofBPSWS4DF1f+GpzHW7z11w /bNGLFWdXm+mbLjv6GCi/rpplIuTUgdTCUr0yC9iyox9e1a1Ukl6B63PA/nnwzas OFAKZppMiP8S4/RtyueeBJx+ZASNn+ZPTjiiiV92VxYzIreLYDbClzMFjVqd95Wc Yt1AYvfeRAPmTLNEGhGbgOKZBX6ZdCZDqQIctvnT/LjmJQ3evSxz+wVge1UnYMit do71bHIWLrRPZlyyh/bNHT2pXxj2Sdw49rbiJqE7VeJnbo1qlAv5jjxaKF8rs+WZ hFINgZaoVQ2HdHXgj/dvnKi/D7QrfVBomyRMrYq8YmoniRhu1uqbT2LN8QjMhOnA MfV6XkrYkUgh3Z74uRyu =psMc -----END PGP SIGNATURE-----