TUCoPS :: Linux :: SUSE :: bt1410.txt

kernel - remote DoS, local priv esc. (SuSE-SA:2003:034)



----- Original Message -----
From: "Sebastian Krahmer" <krahmer@suse.de>
To: <bugtraq@securityfocus.com>
Sent: Tuesday, August 12, 2003 8:57 AM
Subject: SuSE Security Announcement: kernel (SuSE-SA:2003:034)


> -----BEGIN PGP SIGNED MESSAGE-----
>
>
____________________________________________________________________________
__
>
>                         SuSE Security Announcement
>
>         Package:                kernel
>         Announcement-ID:        SuSE-SA:2003:034
>         Date:                   Tue Aug 12 18:15:00 CEST 2003
>         Affected products:      7.2, 7.3, 8.0, 8.1, 8.2
>                                 SuSE Linux Database Server,
>                                 SuSE eMail Server III, 3.1
>                                 SuSE Linux Enterprise Server 7, 8
>                                 SuSE Linux Firewall on CD/Admin host
>                                 SuSE Linux Connectivity Server
>                                 SuSE Linux Office Server
>                                 SuSE Linux Openexchange Server
>                                 SuSE Linux Desktop 1.0
>                                 United Linux 1.0
>         Vulnerability Type:     local privilege escalation,
>                                 remote Denial of Service (DoS)
>         Severity (1-10):        7
>         SuSE default package:   yes
>         Cross References:       CAN-2003-0476
>                                 CAN-2003-0501
>                                 CAN-2003-0464
>
>     Content of this advisory:
>         1) security vulnerability resolved: a race condition in the ELF
loader,
>            a minor information leakage problem in the proc-fs,
>            re-binding problem of UDP port 2049 sockets,
>            DoS in netfilter and NFSv3 code
>         2) pending vulnerabilities, solutions, workarounds:
>             - xfstt
>             - heartbeat
>             - KDE config files
>             - several minor bug fixes
>         3) standard appendix (further information)
>
>
____________________________________________________________________________
__
>
> 1)  problem description, brief discussion, solution, upgrade information
>
>     During the last weeks a couple of security relevant fixes have been
>     accumulated for the kernel. These fix local vulnerabilities and
>     remote DoS conditions. The list of the fixed vulnerabilities is
>     as follows:
>
>       - fix for a possible denial of service attack (DoS) in the routing
code
>       - fix for a possible attack of an unpriviledged user via ioport
>       - fix for a re-binding problem of UDP port 2049 (NFS) sockets
>       - fix for a kernel panic with pptpd when mss > mtu
>       - fix for console redirect bug
>       - fix for the execve() file read race vulnerability
>       - fix for several race conditions in procfs
>       - fix for possible DoS in netfilter code
>       - fix for possible DoS in NFSv3 code
>
>     Not all kernel-versions are affected by all of these vulnerabilities.
>     However, since there is no easy workaround for all of the
vulnerabilities,
>     we recommend an update of the kernel package.
>
>     Please follow the steps in the "SPECIAL INSTALL INSTRUCTIONS" section
to
>     update your system.
>
>     Note: Managing the necessary patches, building and mostly testing
>     kernel update packages is an extremely worksome and therefore also
>     time-consuming process. SuSE wishes to provide the same quality and
>     reliability in update packages as customers are used to from the
>     shipped original products. Even though our kernel updates are
>     thoroughly tested, the numerous possible hardware configurations for
the
>     x86 platform give a certain probability for a functional failure of
>     parts of the kernel after the update has been performed. Some of the
>     possible failures cannot be handled by SuSE by definition. These
>     include (and are not limited to) possible problems with NVIDIA chipset
>     graphics boards that make use of hardware 3D acceleration.
>       SuSE cannot deliver the binary only driver for the NVIDIA graphics
>     boards in the kernel RPM. It is known that the NVIDIA hardware
acceleration
>     will not continue to work after a reboot, resulting in a failure to
start
>     the X-server. Hardware acceleration support for NVIDIA graphics
chipsets on
>     SuSE Linux 8.1 and 8.2 will be automatically disabled if the kernel
update
>     is performed by YOU (Yast Online Update). If you are committing the
update
>     by hand (necessary for SuSE Linux 8.0 and older), you should either
turn
>     off hardware acceleration support for your X Server configuration, or
you
>     may want to link the acceleration driver with binaries directly from
>     nvidia's ftp server yourself, using the provided kernel-source RPM
package.
>
>     The kernel of a Linux system is the most critical component with
respect
>     to stability, reliability and security. By consequence, an update of
that
>     component requires some care and full attention to succeed.
>
>     SPECIAL INSTALL INSTRUCTIONS:
>     ==============================
>     The following paragraphs will guide you through the installation
>     process in a step-by-step fashion. The character sequence "****"
>     marks the beginning of a new paragraph. In some cases, you decide
>     if the paragraph is needed for you or not. Please read through all
>     of the steps down to the end. All of the commands that need to be
>     executed are required to be run as the superuser (root). Each step
>     relies on the steps before to complete successfully.
>
>
>   **** Step 1: Determine the needed kernel type
>
>     Please use the following command to find the kernel type that is
>     installed on your system:
>
>       rpm -qf /boot/vmlinuz
>
>     The following options are possible (disregarding the version and build
>     number following the name, separated by the "-" character):
>
>       k_deflt   # default kernel, good for most systems.
>       k_i386    # kernel for older processors and chipsets
>       k_athlon  # kernel made specifically for AMD Athlon(tm) family
processors
>       k_psmp    # kernel for Pentium-I dual processor systems
>       k_smp     # kernel for SMP systems (Pentium-II and above)
>
>   **** Step 2: Download the package for your system
>
>     Please download the kernel RPM package for your distribution with the
>     name starting as indicated by Step 1. The list of all kernel rpm
>     packages is appended below. Note: The kernel-source package does not
>     contain any binary kernel in bootable form. Instead, it contains the
>     sources that the binary kernel rpm packages are made from. It can be
>     used by administrators who have decided to build their own kernel.
>     Since the kernel-source.rpm is an installable (compiled) package that
>     contains sources for the linux kernel, it is not the source RPM for
>     the kernel RPM binary packages.
>
>     The kernel RPM binary packages for the distributions can be found at
these
>     locations under ftp://ftp.suse.com/pub/suse/i386/update/ :
>
>       7.2/kernel/2.4.18-20030812
>       7.3/kernel/2.4.18-20030812
>       8.0/kernel/2.4.18-20030812
>       8.1/rpm/i586
>       8.2/rpm/i586
>
>     After downloading the kernel RPM package for your system, you should
>     verify the authenticity of the kernel rpm package using the methods as
>     listed in section 3) of each SuSE Security Announcement.
>
>
>   **** Step 3: Installing your kernel rpm package
>
>     Install the rpm package that you have downloaded in Steps 3 or 4 with
>     the command
>         rpm -Uhv --nodeps --force <K_FILE.RPM>
>     where <K_FILE.RPM> is the name of the rpm package that you downloaded.
>
>     Warning: After performing this step, your system will likely not be
>              able to boot if the following steps have not been fully
>              applied.
>
>
>     If you run SuSE Linux 8.1 and use the freeswan package, you also need
>     to update the freeswan rpm as a dependency as offered by YOU (Yast
>     Online Update). The package can be downloaded from
>     ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
>
>   **** Step 4: configuring and creating the initrd
>
>     The initrd is a ramdisk that is being loaded into the memory of your
>     system together with the kernel boot image by the bootloader. The
>     kernel uses the content of this ramdisk to execute commands that must
>     be run before the kernel can mount its actual root filesystem. It is
>     usually used to initialize scsi drivers or NIC drivers for diskless
>     operation.
>
>     The variable INITRD_MODULES (set in the files /etc/rc.config up to
>     7.3) or /etc/sysconfig/kernel (after and including 8.0)) determines
>     which kernel modules will be loaded in the initrd before the kernel
>     has mounted its actual root filesystem. The variable should contain
>     your scsi adapter (if any) or filesystem driver modules.
>
>     With the installation of the new kernel, the initrd has to be
>     re-packed with the update kernel modules. Please run the command
>
>       mk_initrd
>
>     as root to create a new init rmadisk (initrd) for your system.
>
>
>   **** Step 5: bootloader
>
>     If you have a 7.x system, you must now run the command
>
>       lilo
>
>     as root to initialize the lilo bootloader for your system. Then
>     proceed to the next step.
>
>     If you run a SuSE Linux 8.x or a SLES8 system, there are two options:
>     Depending on your software configuration, you have the lilo bootloader
>     or the grub bootloader installed and initialized on your system.
>     The grub bootloader does not require any further actions to be
>     performed after the new kernel images have been moved in place by the
>     rpm Update command.
>     If you have a lilo bootloader installed and initialized, then the lilo
>     program must be run as root. Use the command
>
>       grep LOADER_TYPE /etc/sysconfig/bootloader
>
>     to find out which boot loader is configured. If it is lilo, then you
>     must run the lilo command as root. If grub is listed, then your system
>     does not require any bootloader initialization.
>
>     Warning: An improperly installed bootloader may render your system
>              unbootable.
>
>   **** Step 6: reboot
>
>     If all of the steps above have been successfully applied to your
>     system, then the new kernel including the kernel modules and the
>     initrd should be ready to boot. The system needs to be rebooted for
>     the changes to become active. Please make sure that all steps are
>     complete, then reboot using the command
>         shutdown -r now
>     or
>         init 6
>
>     Your system should now shut down and reboot with the new kernel.
>
>
>     Download sources for all kernel RPM packages:
>     Our maintenance customers are being notified individually. The
packages
>     are being offered to install from the maintenance web.
>
>     Due to the large amount of package-names you will not find the usual
>     list of package-names with the corresponding MD5 sums here. However
the
>     integrity of the packages is ensured and can be verified as described
in
>     section 3.2.
>
>
____________________________________________________________________________
__
>
> 2)  Pending vulnerabilities in SuSE Distributions and Workarounds:
>
>     - xfstt
>     The X truetype font-server can be crashed my sending
>     malicious packets over the network. It may even be
>     possible to execute arbitrary commands with the
>     privileges of the xfstt server.
>     Update packages are available on our FTP servers now.
>
>     - heartbeat
>     New heartbeat packages which fix an overflow are available on our
>     ftp servers.
>
>     - KDE config files
>     Due to an mistake some files in /etc/opt/kde3/share/config/
>     of SuSe Linux 8.2 are world-writeable. Under certain
>     circumstances these files can be used to gain higher
>     privileges. Please add an entry for each file in your
>     /etc/permissions.local file. Example:
>        /etc/opt/kde3/share/config/kmailrc root.root 0644
>
>     This bug was reported by nordi <nordi@addcom.de>.
>
>     - several minor bug fixes
>     There are alot more minor security updates in the queue. YOU (Yast
>     Online Update) will inform you when they appear. Alternatively you
>     may want to monitor the following website:
>       http://www.suse.de/de/private/download/updates/index.html
>     or:
>       http://www.suse.de/en/private/download/updates/index.html
>
>
____________________________________________________________________________
__
>
> 3)  standard appendix: authenticity verification, additional information
>
>   - Package authenticity verification:
>
>     SuSE update packages are available on many mirror ftp servers all over
>     the world. While this service is being considered valuable and
important
>     to the free and open source software community, many users wish to be
>     sure about the origin of the package and its content before installing
>     the package. There are two verification methods that can be used
>     independently from each other to prove the authenticity of a
downloaded
>     file or rpm package:
>     1) md5sums as provided in the (cryptographically signed) announcement.
>     2) using the internal gpg signatures of the rpm package.
>
>     1) execute the command
>         md5sum <name-of-the-file.rpm>
>        after you downloaded the file from a SuSE ftp server or its
mirrors.
>        Then, compare the resulting md5sum with the one that is listed in
the
>        announcement. Since the announcement containing the checksums is
>        cryptographically signed (usually using the key security@suse.de),
>        the checksums show proof of the authenticity of the package.
>        We disrecommend to subscribe to security lists which cause the
>        email message containing the announcement to be modified so that
>        the signature does not match after transport through the mailing
>        list software.
>        Downsides: You must be able to verify the authenticity of the
>        announcement in the first place. If RPM packages are being rebuilt
>        and a new version of a package is published on the ftp server, all
>        md5 sums for the files are useless.
>
>     2) rpm package signatures provide an easy way to verify the
authenticity
>        of an rpm package. Use the command
>         rpm -v --checksig <file.rpm>
>        to verify the signature of the package, where <file.rpm> is the
>        filename of the rpm package that you have downloaded. Of course,
>        package authenticity verification can only target an un-installed
rpm
>        package file.
>        Prerequisites:
>         a) gpg is installed
>         b) The package is signed using a certain key. The public part of
this
>            key must be installed by the gpg program in the directory
>            ~/.gnupg/ under the user's home directory who performs the
>            signature verification (usually root). You can import the key
>            that is used by SuSE in rpm packages for SuSE Linux by saving
>            this announcement to a file ("announcement.txt") and
>            running the command (do "su -" to be root):
>             gpg --batch; gpg < announcement.txt | gpg --import
>            SuSE Linux distributions version 7.1 and thereafter install the
>            key "build@suse.de" upon installation or upgrade, provided that
>            the package gpg is installed. The file containing the public
key
>            is placed at the top-level directory of the first CD
(pubring.gpg)
>            and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
>
>
>   - SuSE runs two security mailing lists to which any interested party may
>     subscribe:
>
>     suse-security@suse.com
>         -   general/linux/SuSE security discussion.
>             All SuSE security announcements are sent to this list.
>             To subscribe, send an email to
>                 <suse-security-subscribe@suse.com>.
>
>     suse-security-announce@suse.com
>         -   SuSE's announce-only mailing list.
>             Only SuSE's security announcements are sent to this list.
>             To subscribe, send an email to
>                 <suse-security-announce-subscribe@suse.com>.
>
>     For general information or the frequently asked questions (faq)
>     send mail to:
>         <suse-security-info@suse.com> or
>         <suse-security-faq@suse.com> respectively.
>
>     =====================================================================
>     SuSE's security contact is <security@suse.com> or <security@suse.de>.
>     The <security@suse.de> public key is listed below.
>     =====================================================================
>
____________________________________________________________________________
__
>
>     The information in this advisory may be distributed or reproduced,
>     provided that the advisory is not modified in any way. In particular,
>     it is desired that the clear-text signature shows proof of the
>     authenticity of the text.
>     SuSE Linux AG makes no warranties of any kind whatsoever with respect
>     to the information contained in this security advisory.
>
> Type Bits/KeyID    Date       User ID
> pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
> pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
>
> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
> 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
> M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
> QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
> XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
> D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
> G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
> CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
> myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
> YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
> wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
> NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
> QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
> LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
> XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
> D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
> 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
> 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
> cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
> ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
> AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
> Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
> HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
> t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
> tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
> 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
> 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
> QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
> JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
> 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
> ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
> wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
> EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
> 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
> CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
> SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
> omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
> A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
> /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
> GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
> ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
> ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
> RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
> 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
> B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
> 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
> 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
> qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
> WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
> hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
> BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
> AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
> RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
> zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
> /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
> whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
> D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
> dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
> RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
> DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
> =LRKC
> - -----END PGP PUBLIC KEY BLOCK-----
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iQEVAwUBPzkasney5gA9JdPZAQGuvQf/eObGpN295r+3OIdWdQyx7NVuP/otU3ut
> G+HPJ5WaQxXYTBRj2hAOXsJmudJ1p2rEiYY7aX4ggO3A8Fvz8MfCGbnLxXo7/TLw
> GgTFFwfYMvgETHDPvq6Kjrk8Tf1ngLHRYB7gHTifMgJXo9iuR63qKbxkykP0Palf
> Cp8D8Rut49VEAfRQYfcLniyNpUNkaadLUaAm/xQyUw9GzMRuAKQE/mBuhCVQXoNJ
> 5GkcPjrtBuTHeNFOtmoLKZ42aRqOzsjuMZSBD6fS76B1tppuE7Y6naLmJoy+nJe/
> Fio1PYmT8tZTMtaaAP0CnWLFD7MJlfx3twZ2i5sipJeXcc8xFMSZUA==
> =/T1o
> -----END PGP SIGNATURE-----
>

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH