ESB-2017.2278 - [SUSE] kernel: Multiple vulnerabilities 2017-09-11

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2278
        SUSE Security Update: Security update for the Linux Kernel
                             11 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise          -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-1000380 CVE-2017-1000365 CVE-2017-1000363
                   CVE-2017-11473 CVE-2017-11176 CVE-2017-9242
                   CVE-2017-9077 CVE-2017-9076 CVE-2017-9075
                   CVE-2017-9074 CVE-2017-8925 CVE-2017-8924
                   CVE-2017-8890 CVE-2017-7542 CVE-2017-7533
                   CVE-2017-7487 CVE-2017-7482 CVE-2017-6951
                   CVE-2017-2647 CVE-2016-10277 CVE-2014-9922

Reference:         ASB-2017.0141
                   ASB-2017.0032
                   ESB-2017.2233
                   ESB-2017.2214

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2017/suse-su-20172389-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2389-1
Rating:             important
References:         #1000365 #1000380 #1012422 #1013018 #1015452 
                    #1023051 #1029140 #1029850 #1030552 #1030593 
                    #1030814 #1032340 #1032471 #1034026 #1034670 
                    #1035576 #1035721 #1035777 #1035920 #1036056 
                    #1036288 #1036629 #1037191 #1037193 #1037227 
                    #1037232 #1037233 #1037356 #1037358 #1037359 
                    #1037441 #1038544 #1038879 #1038981 #1038982 
                    #1039258 #1039354 #1039456 #1039594 #1039882 
                    #1039883 #1039885 #1040069 #1040351 #1041160 
                    #1041431 #1041762 #1041975 #1042045 #1042615 
                    #1042633 #1042687 #1042832 #1042863 #1043014 
                    #1043234 #1043935 #1044015 #1044125 #1044216 
                    #1044230 #1044854 #1044882 #1044913 #1045154 
                    #1045356 #1045416 #1045479 #1045487 #1045525 
                    #1045538 #1045547 #1045615 #1046107 #1046192 
                    #1046715 #1047027 #1047053 #1047343 #1047354 
                    #1047487 #1047523 #1047653 #1048185 #1048221 
                    #1048232 #1048275 #1049128 #1049483 #1049603 
                    #1049688 #1049882 #1050154 #1050431 #1051478 
                    #1051515 #1051770 #1055680 #784815 #792863 
                    #799133 #909618 #919382 #928138 #938352 #943786 
                    #948562 #962257 #971975 #972891 #986924 #990682 
                    #995542 
Cross-References:   CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363
                    CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176
                    CVE-2017-11473 CVE-2017-2647 CVE-2017-6951
                    CVE-2017-7482 CVE-2017-7487 CVE-2017-7533
                    CVE-2017-7542 CVE-2017-8890 CVE-2017-8924
                    CVE-2017-8925 CVE-2017-9074 CVE-2017-9075
                    CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Real Time Extension 11-SP4
                    SUSE Linux Enterprise High Availability Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 21 vulnerabilities and has 92 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-7482: Several missing length checks ticket decode allowing for
     information leak or potentially code execution (bsc#1046107).
   - CVE-2016-10277: Potential privilege escalation due to a missing bounds
     check in the lp driver. A kernel command-line adversary can overflow the
     parport_nr array to execute code (bsc#1039456).
   - CVE-2017-7542: The ip6_find_1stfragopt function in
     net/ipv6/output_core.c in the Linux kernel allowed local users to cause
     a denial of service (integer overflow and infinite loop) by leveraging
     the ability to open a raw socket (bsc#1049882).
   - CVE-2017-7533: Bug in inotify code allowing privilege escalation
     (bsc#1049483).
   - CVE-2017-11176: The mq_notify function in the Linux kernel did not set
     the sock pointer to NULL upon entry into the retry logic. During a
     user-space close of a Netlink socket, it allowed attackers to cause a
     denial of service (use-after-free) or possibly have unspecified other
     impact (bsc#1048275).
   - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
     in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
     to gain privileges via a crafted ACPI table (bnc#1049603).
   - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the
     arguments and environmental strings passed through
     RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
     argument and environment pointers into account, which allowed attackers
     to bypass this limitation. (bnc#1039354)
   - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local
     users to gain privileges via a large filesystem stack that includes an
     overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c
     (bnc#1032340)
   - CVE-2017-8924: The edge_bulk_in_callback function in
     drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
     obtain sensitive information (in the dmesg ringbuffer and syslog) from
     uninitialized kernel memory by using a crafted USB device (posing as an
     io_ti USB serial device) to trigger an integer underflow (bnc#1038982).
   - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
     in the Linux kernel allowed local users to cause a denial of service
     (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).
   - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in
     the ALSA /dev/snd/timer driver resulting in local users being able to
     read information belonging to other users, i.e., uninitialized memory
     contents could have bene disclosed when a read and an ioctl happen at
     the same time (bnc#1044125)
   - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     was too late in checking whether an overwrite of an skb data structure
     may occur, which allowed local users to cause a denial of service
     (system crash) via crafted system calls (bnc#1041431)
   - CVE-2017-1000363: A buffer overflow in kernel commandline handling of
     the "lp" parameter could be used by local console attackers to bypass
     certain secure boot settings. (bnc#1039456)
   - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)
   - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)
   - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
     in the Linux kernel mishandled inheritance, which allowed local users to
     cause a denial of service or possibly have unspecified other impact via
     crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)
   - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
     did not consider that the nexthdr field may be associated with an
     invalid option, which allowed local users to cause a denial of service
     (out-of-bounds read and BUG) or possibly have unspecified other impact
     via crafted socket and send system calls (bnc#1039882)
   - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
     Linux kernel mishandled reference counts, which allowed local users to
     cause a denial of service (use-after-free) or possibly have unspecified
     other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
     (bnc#1038879)
   - CVE-2017-8890: The inet_csk_clone_lock function in
     net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
     cause a denial of service (double free) or possibly have unspecified
     other impact by leveraging use of the accept system call (bnc#1038544)
   - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
     users to gain privileges or cause a denial of service (NULL pointer
     dereference and system crash) via vectors involving a NULL value for a
     certain match field, related to the keyring_search_iterator function in
     keyring.c (bnc#1030593)
   - CVE-2017-6951: The keyring_search_aux function in
     security/keys/keyring.c in the Linux kernel allowed local users to cause
     a denial of service (NULL pointer dereference and OOPS) via a
     request_key system call for the "dead" type (bnc#1029850)

   The following non-security bugs were fixed:

   - 8250: use callbacks to access UART_DLL/UART_DLM.
   - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).
   - ALSA: hda - Fix regression of HD-audio controller fallback modes
     (bsc#1045538).
   - ALSA: hda - using uninitialized data (bsc#1045538).
   - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop
     (bsc#1045538).
   - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
     (bsc#1045538).
   - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).
   - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).
   - Add CVE tag to references
   - CIFS: backport prepath matching fix (bsc#799133).
   - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128).
   - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr().
   - Fix scripts/bigmem-generate-ifdef-guard to work on all branches
   - Fix soft lockup in svc_rdma_send (bsc#1044854).
   - IB/mlx4: Demote mcg message from warning to debug (bsc#919382).
   - IB/mlx4: Fix ib device initialization error flow (bsc#919382).
   - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).
   - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).
   - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
     (bsc#919382).
   - IB/mlx4: Set traffic class in AH (bsc#919382).
   - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE
     operation (bsc#1036288).
   - Input: cm109 - validate number of endpoints before using them
     (bsc#1037193).
   - Input: hanwang - validate number of endpoints before using them
     (bsc#1037232).
   - Input: yealink - validate number of endpoints before using them
     (bsc#1037227).
   - KEYS: Disallow keyrings beginning with '.' to be joined as session
     keyrings (bnc#1035576).
   - NFS: Avoid getting confused by confused server (bsc#1045416).
   - NFS: Fix another OPEN_DOWNGRADE bug (git-next).
   - NFS: Fix size of NFSACL SETACL operations (git-fixes).
   - NFS: Make nfs_readdir revalidate less often (bsc#1048232).
   - NFS: tidy up nfs_show_mountd_netid (git-fixes).
   - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688
     bsc#1051770).
   - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).
   - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes).
   - NFSv4: Fix problems with close in the presence of a delegation
     (git-fixes).
   - NFSv4: Fix the underestimation of delegation XDR space reservation
     (git-fixes).
   - NFSv4: fix getacl head length estimation (git-fixes).
   - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).
   - Remove superfluous make flags (bsc#1012422)
   - Return short read or 0 at end of a raw device, not EIO (bsc#1039594).
   - Revert "math64: New div64_u64_rem helper" (bnc#938352).
   - SUNRPC: Fix a memory leak in the backchannel code (git-fixes).
   - Staging: vt6655-6: potential NULL dereference in
     hostap_disable_hostapd() (bsc#1045479).
   - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).
   - USB: class: usbtmc: do not print error when allocating urb fails
     (bsc#1036288).
   - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288).
   - USB: iowarrior: fix NULL-deref in write (bsc#1037359).
   - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).
   - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).
   - USB: serial: ark3116: fix register-accessor error handling (git-fixes).
   - USB: serial: ch341: fix open error handling (bsc#1037441).
   - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441).
   - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).
   - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).
   - USB: serial: io_ti: fix information leak in completion handler
     (git-fixes).
   - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026).
   - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441).
   - USB: serial: sierra: fix bogus alternate-setting assumption
     (bsc#1037441).
   - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).
   - USB: usbip: fix nonconforming hub descriptor (bsc#1047487).
   - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).
   - USB: usbtmc: Change magic number to constant (bsc#1036288).
   - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).
   - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).
   - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).
   - USB: usbtmc: add missing endpoint sanity check (bsc#1036288).
   - USB: usbtmc: fix DMA on stack (bsc#1036288).
   - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).
   - USB: usbtmc: fix probe error path (bsc#1036288).
   - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk
     (bsc#1036288).
   - USB: wusbcore: fix NULL-deref at probe (bsc#1045487).
   - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).
   - Use make --output-sync feature when available (bsc#1012422).
   - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
   - __bitmap_parselist: fix bug in empty string handling (bnc#1042633).
   - acpi: Disable APEI error injection if securelevel is set (bsc#972891,
     bsc#1023051).
   - af_key: Add lock to key dump (bsc#1047653).
   - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
   - ath9k: fix buffer overrun for ar9287 (bsc#1045538).
   - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU
     (bsc#1035721).
   - blacklist.conf: Add a few inapplicable items (bsc#1045538).
   - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub
     to weak to prevent gcc from using short jumps to it') The released
     kernels are not build with a gas new enough to optimize the jmps so that
     this patch would be required. (bsc#1051478)
   - blkback/blktap: do not leak stack data via response ring (bsc#1042863
     XSA-216).
   - block: do not allow updates through sysfs until registration completes
     (bsc#1047027).
   - block: fix ext_dev_lock lockdep report (bsc#1050154).
   - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - cifs: Timeout on SMBNegotiate request (bsc#1044913).
   - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode
     numbers are in use (bsc#1041975). backporting upstream commit
     2f2591a34db6c9361faa316c91a6e320cb4e6aee
   - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).
   - cputime: Avoid multiplication overflow on utime scaling (bnc#938352).
   - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863).
   - decompress_bunzip2: off by one in get_next_block() (git-fixes).
   - dentry name snapshots (bsc#1049483).
   - devres: fix a for loop bounds check (git-fixes).
   - dm: fix ioctl retry termination with signal (bsc#1050154).
   - drm/mgag200: Add support for G200eH3 (bnc#1044216)
   - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,
     bsc#995542).
   - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ext4: fix fdatasync(2) after extent manipulation operations
     (bsc#1013018).
   - ext4: keep existing extra fields when inode expands (bsc#1013018).
   - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).
   - firmware: fix directory creation rule matching with make 3.80
     (bsc#1012422).
   - firmware: fix directory creation rule matching with make 3.82
     (bsc#1012422).
   - fixed invalid assignment of 64bit mask to host dma_boundary for scatter
     gather segment boundary limit (bsc#1042045).
   - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).
   - fnic: Using rport->dd_data to check rport online instead of rport_lookup
     (bsc#1035920).
   - fs/block_dev: always invalidate cleancache in invalidate_bdev()
     (git-fixes).
   - fs/xattr.c: zero out memory copied to userspace in getxattr
     (bsc#1013018).
   - fs: fix data invalidation in the cleancache during direct IO (git-fixes).
   - fuse: add missing FR_FORCE (bsc#1013018).
   - genirq: Prevent proc race against freeing of irq descriptors
     (bnc#1044230).
   - hrtimer: Allow concurrent hrtimer_start() for self restarting timers
     (bnc#1013018).
   - initial cr0 bits (bnc#1036056, LTC#153612).
   - ipmr, ip6mr: fix scheduling while atomic and a deadlock with
     ipmr_get_route (git-fixes).
   - irq: Fix race condition (bsc#1042615).
   - isdn/gigaset: fix NULL-deref at probe (bsc#1037356).
   - isofs: Do not return EACCES for unknown filesystems (bsc#1013018).
   - jsm: add support for additional Neo cards (bsc#1045615).
   - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
   - libata: fix sff host state machine locking while polling (bsc#1045525).
   - libceph: NULL deref on crush_decode() error path (bsc#1044015).
   - libceph: potential NULL dereference in ceph_msg_data_create()
     (bsc#1051515).
   - libfc: fixup locking in fc_disc_stop() (bsc#1029140).
   - libfc: move 'pending' and 'requested' setting (bsc#1029140).
   - libfc: only restart discovery after timeout if not already running
     (bsc#1029140).
   - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).
   - math64: New div64_u64_rem helper (bnc#938352).
   - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
   - md/raid1: extend spinlock to protect raid1_end_read_request against
     inconsistencies (git-fixes).
   - md/raid1: fix test for 'was read error from last working device'
     (git-fixes).
   - md/raid5: Fix CPU hotplug callback registration (git-fixes).
   - md/raid5: do not record new size if resize_stripes fails (git-fixes).
   - md: ensure md devices are freed before module is unloaded (git-fixes).
   - md: fix a null dereference (bsc#1040351).
   - md: flush ->event_work before stopping array (git-fixes).
   - md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status
     (git-fixes).
   - md: use separate bio_pool for metadata writes (bsc#1040351).
   - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).
   - mlx4: reduce OOM risk on arches with large pages (bsc#919382).
   - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
     Functionality, bsc#1042832).
   - mm/memory-failure.c: use compound_head() flags for huge pages
     (bnc#971975 VM -- git fixes).
   - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
     Functionality, bsc#1042832).
   - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore
     (bsc#1045547).
   - mmc: ushc: fix NULL-deref at probe (bsc#1037191).
   - module: fix memory leak on early load_module() failures (bsc#1043014).
   - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).
   - net/mlx4: Fix the check in attaching steering rules (bsc#919382).
   - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
     to device managed flow steering (bsc#919382).
   - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
     (bsc#919382).
   - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to
     physical (bsc#919382).
   - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
     new probed PFs (bsc#919382).
   - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
     VGT transitions (bsc#919382).
   - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).
   - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).
   - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
     (bsc#919382).
   - net/mlx4_core: Use-after-free causes a resource leak in flow-steering
     detach (bsc#919382).
   - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).
   - net/mlx4_en: Change the error print to debug print (bsc#919382).
   - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).
   - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).
   - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).
   - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).
   - net: avoid reference counter overflows on fib_rules in multicast
     forwarding (git-fixes).
   - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).
   - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).
   - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).
   - netxen_nic: set rcode to the return status from the call to
     netxen_issue_cmd (bnc#784815).
   - nfs: fix nfs_size_to_loff_t (git-fixes).
   - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).
   - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).
   - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).
   - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
     ocfs2_unblock_lock (bsc#962257).
   - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).
   - perf/core: Fix event inheritance on fork() (bnc#1013018).
   - powerpc/ibmebus: Fix device reference leaks in sysfs interface
     (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).
   - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777
     [2017-04-24] Pending Base Kernel Fixes).
   - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()
     (bsc#1032471).
   - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471).
   - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471).
   - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID
     (bsc#1032471).
   - powerpc/mm/hash: Support 68 bit VA (bsc#1032471).
   - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471).
   - powerpc/mm/slice: Convert slice_mask high slice to a bitmap
     (bsc#1032471).
   - powerpc/mm/slice: Fix off-by-1 error when computing slice mask
     (bsc#1032471).
   - powerpc/mm/slice: Move slice_mask struct definition to slice.c
     (bsc#1032471).
   - powerpc/mm/slice: Update slice mask printing to use bitmap printing
     (bsc#1032471).
   - powerpc/mm/slice: Update the function prototype (bsc#1032471).
   - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET
     (bsc#928138).
   - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small
     (bsc#1032471).
   - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital
     (bsc#1032471).
   - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777
     [2017-04-24] Pending Base Kernel Fixes).
   - powerpc/pseries: Release DRC when configure_connector fails
     (bsc#1035777, Pending Base Kernel Fixes).
   - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471).
   - powerpc: Remove STAB code (bsc#1032471).
   - random32: fix off-by-one in seeding requirement (git-fixes).
   - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
   - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
   - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).
   - s390/qdio: clear DSCI prior to scanning multiple input queues
     (bnc#1046715, LTC#156234).
   - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).
   - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).
   - sched/core: Remove false-positive warning from wake_up_process()
     (bnc#1044882).
   - sched/cputime: Do not scale when utime == 0 (bnc#938352).
   - sched/debug: Print the scheduler topology group mask (bnc#1013018).
   - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).
   - sched/fair: Fix min_vruntime tracking (bnc#1013018).
   - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep
     for b60205c7c558 sched/fair: Fix min_vruntime tracking
   - sched/topology: Fix building of overlapping sched-groups (bnc#1013018).
   - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).
   - sched/topology: Fix overlapping sched_group_mask (bnc#1013018).
   - sched/topology: Move comment about asymmetric node setups (bnc#1013018).
   - sched/topology: Optimize build_group_mask() (bnc#1013018).
   - sched/topology: Refactor function build_overlap_sched_groups()
     (bnc#1013018).
   - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).
   - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).
   - sched/topology: Verify the first group matches the child domain
     (bnc#1013018).
   - sched: Always initialize cpu-power (bnc#1013018).
   - sched: Avoid cputime scaling overflow (bnc#938352).
   - sched: Avoid prev->stime underflow (bnc#938352).
   - sched: Do not account bogus utime (bnc#938352).
   - sched: Fix SD_OVERLAP (bnc#1013018).
   - sched: Fix domain iteration (bnc#1013018).
   - sched: Lower chances of cputime scaling overflow (bnc#938352).
   - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'
     (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime
     tracking
   - sched: Rename a misleading variable in build_overlap_sched_groups()
     (bnc#1013018).
   - sched: Use swap() macro in scale_stime() (bnc#938352).
   - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
   - scsi: fix race between simultaneous decrements of ->host_failed
     (bsc#1050154).
   - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck
     (bsc#1035920).
   - scsi: mvsas: fix command_active typo (bsc#1050154).
   - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
     (bsc#1050154).
   - sfc: do not device_attach if a reset is pending (bsc#909618).
   - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
   - splice: Stub splice_write_to_file (bsc#1043234).
   - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).
   - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).
   - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).
   - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).
   - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).
   - udf: Fix races with i_size changes during readpage (bsc#1013018).
   - usbtmc: remove redundant braces (bsc#1036288).
   - usbtmc: remove trailing spaces (bsc#1036288).
   - usbvision: fix NULL-deref at probe (bsc#1050431).
   - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).
   - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).
   - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).
   - vmxnet3: avoid calling pskb_may_pull with interrupts disabled
     (bsc#1045356).
   - vmxnet3: fix checks for dma mapping errors (bsc#1045356).
   - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).
   - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
     (bsc#948562).
   - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression
     greater than 0 (bsc#1051478).
   - xen: avoid deadlock in xenbus (bnc#1047523).
   - xfrm: NULL dereference on allocation failure (bsc#1047343).
   - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
   - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).
   - xfs: Synchronize xfs_buf disposal routines (bsc#1041160).
   - xfs: use ->b_state to fix buffer I/O accounting release race
     (bsc#1041160).
   - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kernel-13274=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kernel-13274=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-13274=1

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kernel-13274=1

   - SUSE Linux Enterprise High Availability Extension 11-SP4:

      zypper in -t patch slehasp4-kernel-13274=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-13274=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-108.7.2

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.7.1
      kernel-default-base-3.0.101-108.7.1
      kernel-default-devel-3.0.101-108.7.1
      kernel-source-3.0.101-108.7.1
      kernel-syms-3.0.101-108.7.1
      kernel-trace-3.0.101-108.7.1
      kernel-trace-base-3.0.101-108.7.1
      kernel-trace-devel-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-108.7.1
      kernel-ec2-base-3.0.101-108.7.1
      kernel-ec2-devel-3.0.101-108.7.1
      kernel-xen-3.0.101-108.7.1
      kernel-xen-base-3.0.101-108.7.1
      kernel-xen-devel-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-108.7.1
      kernel-bigmem-base-3.0.101-108.7.1
      kernel-bigmem-devel-3.0.101-108.7.1
      kernel-ppc64-3.0.101-108.7.1
      kernel-ppc64-base-3.0.101-108.7.1
      kernel-ppc64-devel-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-108.7.1
      kernel-pae-base-3.0.101-108.7.1
      kernel-pae-devel-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.7.1

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      cluster-network-kmp-rt-1.4_3.0.101_rt130_68-2.32.2.14
      cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_68-2.32.2.14
      drbd-kmp-rt-8.4.4_3.0.101_rt130_68-0.27.2.13
      drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_68-0.27.2.13
      gfs2-kmp-rt-2_3.0.101_rt130_68-0.24.2.14
      gfs2-kmp-rt_trace-2_3.0.101_rt130_68-0.24.2.14
      ocfs2-kmp-rt-1.6_3.0.101_rt130_68-0.28.3.4
      ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_68-0.28.3.4

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.101_108.7-2.32.2.14
      cluster-network-kmp-trace-1.4_3.0.101_108.7-2.32.2.14
      drbd-8.4.4-0.27.2.1
      drbd-bash-completion-8.4.4-0.27.2.1
      drbd-heartbeat-8.4.4-0.27.2.1
      drbd-kmp-default-8.4.4_3.0.101_108.7-0.27.2.13
      drbd-kmp-trace-8.4.4_3.0.101_108.7-0.27.2.13
      drbd-pacemaker-8.4.4-0.27.2.1
      drbd-udev-8.4.4-0.27.2.1
      drbd-utils-8.4.4-0.27.2.1
      gfs2-kmp-default-2_3.0.101_108.7-0.24.2.14
      gfs2-kmp-trace-2_3.0.101_108.7-0.24.2.14
      ocfs2-kmp-default-1.6_3.0.101_108.7-0.28.3.4
      ocfs2-kmp-trace-1.6_3.0.101_108.7-0.28.3.4

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.101_108.7-2.32.2.14
      drbd-kmp-xen-8.4.4_3.0.101_108.7-0.27.2.13
      gfs2-kmp-xen-2_3.0.101_108.7-0.24.2.14
      ocfs2-kmp-xen-1.6_3.0.101_108.7-0.28.3.4

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64):

      drbd-xen-8.4.4-0.27.2.1

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):

      cluster-network-kmp-bigmem-1.4_3.0.101_108.7-2.32.2.14
      cluster-network-kmp-ppc64-1.4_3.0.101_108.7-2.32.2.14
      drbd-kmp-bigmem-8.4.4_3.0.101_108.7-0.27.2.13
      drbd-kmp-ppc64-8.4.4_3.0.101_108.7-0.27.2.13
      gfs2-kmp-bigmem-2_3.0.101_108.7-0.24.2.14
      gfs2-kmp-ppc64-2_3.0.101_108.7-0.24.2.14
      ocfs2-kmp-bigmem-1.6_3.0.101_108.7-0.28.3.4
      ocfs2-kmp-ppc64-1.6_3.0.101_108.7-0.28.3.4

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):

      cluster-network-kmp-pae-1.4_3.0.101_108.7-2.32.2.14
      drbd-kmp-pae-8.4.4_3.0.101_108.7-0.27.2.13
      gfs2-kmp-pae-2_3.0.101_108.7-0.24.2.14
      ocfs2-kmp-pae-1.6_3.0.101_108.7-0.28.3.4

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      drbd-debuginfo-8.4.4-0.27.2.1
      drbd-debugsource-8.4.4-0.27.2.1
      kernel-default-debuginfo-3.0.101-108.7.1
      kernel-default-debugsource-3.0.101-108.7.1
      kernel-trace-debuginfo-3.0.101-108.7.1
      kernel-trace-debugsource-3.0.101-108.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.7.1
      kernel-trace-devel-debuginfo-3.0.101-108.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.7.1
      kernel-ec2-debugsource-3.0.101-108.7.1
      kernel-xen-debuginfo-3.0.101-108.7.1
      kernel-xen-debugsource-3.0.101-108.7.1
      kernel-xen-devel-debuginfo-3.0.101-108.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.7.1
      kernel-bigmem-debugsource-3.0.101-108.7.1
      kernel-ppc64-debuginfo-3.0.101-108.7.1
      kernel-ppc64-debugsource-3.0.101-108.7.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.7.1
      kernel-pae-debugsource-3.0.101-108.7.1
      kernel-pae-devel-debuginfo-3.0.101-108.7.1


References:

   https://www.suse.com/security/cve/CVE-2014-9922.html
   https://www.suse.com/security/cve/CVE-2016-10277.html
   https://www.suse.com/security/cve/CVE-2017-1000363.html
   https://www.suse.com/security/cve/CVE-2017-1000365.html
   https://www.suse.com/security/cve/CVE-2017-1000380.html
   https://www.suse.com/security/cve/CVE-2017-11176.html
   https://www.suse.com/security/cve/CVE-2017-11473.html
   https://www.suse.com/security/cve/CVE-2017-2647.html
   https://www.suse.com/security/cve/CVE-2017-6951.html
   https://www.suse.com/security/cve/CVE-2017-7482.html
   https://www.suse.com/security/cve/CVE-2017-7487.html
   https://www.suse.com/security/cve/CVE-2017-7533.html
   https://www.suse.com/security/cve/CVE-2017-7542.html
   https://www.suse.com/security/cve/CVE-2017-8890.html
   https://www.suse.com/security/cve/CVE-2017-8924.html
   https://www.suse.com/security/cve/CVE-2017-8925.html
   https://www.suse.com/security/cve/CVE-2017-9074.html
   https://www.suse.com/security/cve/CVE-2017-9075.html
   https://www.suse.com/security/cve/CVE-2017-9076.html
   https://www.suse.com/security/cve/CVE-2017-9077.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1000365
   https://bugzilla.suse.com/1000380
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1013018
   https://bugzilla.suse.com/1015452
   https://bugzilla.suse.com/1023051
   https://bugzilla.suse.com/1029140
   https://bugzilla.suse.com/1029850
   https://bugzilla.suse.com/1030552
   https://bugzilla.suse.com/1030593
   https://bugzilla.suse.com/1030814
   https://bugzilla.suse.com/1032340
   https://bugzilla.suse.com/1032471
   https://bugzilla.suse.com/1034026
   https://bugzilla.suse.com/1034670
   https://bugzilla.suse.com/1035576
   https://bugzilla.suse.com/1035721
   https://bugzilla.suse.com/1035777
   https://bugzilla.suse.com/1035920
   https://bugzilla.suse.com/1036056
   https://bugzilla.suse.com/1036288
   https://bugzilla.suse.com/1036629
   https://bugzilla.suse.com/1037191
   https://bugzilla.suse.com/1037193
   https://bugzilla.suse.com/1037227
   https://bugzilla.suse.com/1037232
   https://bugzilla.suse.com/1037233
   https://bugzilla.suse.com/1037356
   https://bugzilla.suse.com/1037358
   https://bugzilla.suse.com/1037359
   https://bugzilla.suse.com/1037441
   https://bugzilla.suse.com/1038544
   https://bugzilla.suse.com/1038879
   https://bugzilla.suse.com/1038981
   https://bugzilla.suse.com/1038982
   https://bugzilla.suse.com/1039258
   https://bugzilla.suse.com/1039354
   https://bugzilla.suse.com/1039456
   https://bugzilla.suse.com/1039594
   https://bugzilla.suse.com/1039882
   https://bugzilla.suse.com/1039883
   https://bugzilla.suse.com/1039885
   https://bugzilla.suse.com/1040069
   https://bugzilla.suse.com/1040351
   https://bugzilla.suse.com/1041160
   https://bugzilla.suse.com/1041431
   https://bugzilla.suse.com/1041762
   https://bugzilla.suse.com/1041975
   https://bugzilla.suse.com/1042045
   https://bugzilla.suse.com/1042615
   https://bugzilla.suse.com/1042633
   https://bugzilla.suse.com/1042687
   https://bugzilla.suse.com/1042832
   https://bugzilla.suse.com/1042863
   https://bugzilla.suse.com/1043014
   https://bugzilla.suse.com/1043234
   https://bugzilla.suse.com/1043935
   https://bugzilla.suse.com/1044015
   https://bugzilla.suse.com/1044125
   https://bugzilla.suse.com/1044216
   https://bugzilla.suse.com/1044230
   https://bugzilla.suse.com/1044854
   https://bugzilla.suse.com/1044882
   https://bugzilla.suse.com/1044913
   https://bugzilla.suse.com/1045154
   https://bugzilla.suse.com/1045356
   https://bugzilla.suse.com/1045416
   https://bugzilla.suse.com/1045479
   https://bugzilla.suse.com/1045487
   https://bugzilla.suse.com/1045525
   https://bugzilla.suse.com/1045538
   https://bugzilla.suse.com/1045547
   https://bugzilla.suse.com/1045615
   https://bugzilla.suse.com/1046107
   https://bugzilla.suse.com/1046192
   https://bugzilla.suse.com/1046715
   https://bugzilla.suse.com/1047027
   https://bugzilla.suse.com/1047053
   https://bugzilla.suse.com/1047343
   https://bugzilla.suse.com/1047354
   https://bugzilla.suse.com/1047487
   https://bugzilla.suse.com/1047523
   https://bugzilla.suse.com/1047653
   https://bugzilla.suse.com/1048185
   https://bugzilla.suse.com/1048221
   https://bugzilla.suse.com/1048232
   https://bugzilla.suse.com/1048275
   https://bugzilla.suse.com/1049128
   https://bugzilla.suse.com/1049483
   https://bugzilla.suse.com/1049603
   https://bugzilla.suse.com/1049688
   https://bugzilla.suse.com/1049882
   https://bugzilla.suse.com/1050154
   https://bugzilla.suse.com/1050431
   https://bugzilla.suse.com/1051478
   https://bugzilla.suse.com/1051515
   https://bugzilla.suse.com/1051770
   https://bugzilla.suse.com/1055680
   https://bugzilla.suse.com/784815
   https://bugzilla.suse.com/792863
   https://bugzilla.suse.com/799133
   https://bugzilla.suse.com/909618
   https://bugzilla.suse.com/919382
   https://bugzilla.suse.com/928138
   https://bugzilla.suse.com/938352
   https://bugzilla.suse.com/943786
   https://bugzilla.suse.com/948562
   https://bugzilla.suse.com/962257
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/972891
   https://bugzilla.suse.com/986924
   https://bugzilla.suse.com/990682
   https://bugzilla.suse.com/995542

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWbXPk4x+lLeg9Ub1AQgxXxAAhzMNEqtmxyTgexV4RkxUE/Jkc3uquHZD
WYdcMInSF1JHw9kGI+MeN4t/ggvYK5gM2TasjHtZmygA/mlDu06WUVj6ajdDIoDE
SZI9bP2xZ8tHMwrBMfLPl82XW2JTV+PJkTViS3Zqb53oN8zaoj3vXFxRqMQUO4ZK
OXBezDcNRfQys94zu8nPU8ZlKM72wGvN7sT/HR+V9StlC4j62hzRxV1f4zSp94Y4
Sr0H6qK3JpUPOENNmUvnWiSokznj3R1IRihuyRrJKp+S6ATcDM6C73dA+EFVu1tL
Spl3CJHoaGtGeU5sH91zq4t5y1QBZzFHqjGqYB3o6UdFq2CuhEMd1FhnJ3psdrMB
MdLyT/sjpOrkPEjnt7x9mQGEROHHYw0ePwkFdyC2scuyUxQZXFRm+3hkxpYIhLSs
4qXtg8TqNzIk2YkZgzAvQ2atyjpON+5wlLEBR4kn0m3TqH3LaHuSS/E5E2cm9a/0
tI1oTpz6CmNpNkt6aUWkdwGCYimmbPXFRoidZLdrHv/Bfrru+XhjIplk8FWtpgOA
2+qu1NVYSjO7HjwaXAwrNZNF+e9uUUQjqG6cHabn2g82nAB/FjwwaAkxuyFFLoBN
JITmFuyZUvJZVr5SG1qNF9aXbWrorzk5nH07WsLok8GhDSjlZYeNwqxMSFUqES5Z
dbFOmUFKyXc=
=BH5p
-----END PGP SIGNATURE-----

« Back to bulletins