dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories, April 14, 2005

Apr 15, 2005, 04:45 (0 Talkback[s])

Fedora Core


Fedora Update Notification
FEDORA-2005-319
2005-04-14

Product : Fedora Core 3
Name : sharutils
Version : 4.2.1
Release : 22.2.FC3
Summary : The GNU shar utilities for packaging and unpackaging shell

Description :
The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files (in binary or text format) in a special plain text format called shell archives (shar). This format can be sent through e-mail (which can be problematic for regular binary files). The shar utility supports a wide range of capabilities (compressing, uuencoding, splitting long files for multi-part mailings, providing checksums), which make it very flexible at ns mail messages looking for shar files. Unshar automatically strips off mail headers and introductory text and then unpacks the shar files.

Install sharutils if you send binary files through e-mail.


  • Mon Apr 11 2005 Than Ngo <than@redhat.com> 4.2.1-22.2.FC3
    • apply debian patch to fix insecure temporary file creation in unshar #154049, CAN-2005-0990

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

fc07dcf37e66806304cee15aa08cb25e SRPMS/sharutils-4.2.1-22.2.FC3.src.rpm
a7e0a420752de2891694471293c33d9b x86_64/sharutils-4.2.1-22.2.FC3.x86_64.rpm
2da2ac96023131c2611b051a73366248 x86_64/debug/sharutils-debuginfo-4.2.1-22.2.FC3.x86_64.rpm
95cd246dd03612edb6962cfc23c6beb9 i386/sharutils-4.2.1-22.2.FC3.i386.rpm
f05e7c1e156116a70a9980bbcdc6874c i386/debug/sharutils-debuginfo-4.2.1-22.2.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Mandriva Linux

Mandriva Linux Security Update Advisory


Package name: gaim
Advisory ID: MDKSA-2005:071
Date: April 13th, 2005
Affected versions: 10.1, Corporate 3.0


Problem Description:

More vulnerabilities have been discovered in the gaim instant messaging client:

A buffer overflow vulnerability was found in the way that gaim escapes HTML, allowing a remote attacker to send a specially crafted message to a gaim client and causing it to crash (CAN-2005-0965).

A bug was discovered in several of gaim's IRC processing functions that fail to properly remove various markup tags within an IRC message. This could allow a remote attacker to send specially crafted message to a gaim client connected to an IRC server, causing it to crash (CAN-2005-0966).

Finally, a problem was found in gaim's Jabber message parser that would allow a remote Jabber user to send a specially crafted message to a gaim client, bausing it to crash (CAN-2005-0967).

Gaim version 1.2.1 is not vulnerable to these issues and is provided with this update.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967


Updated Packages:

Mandrakelinux 10.1:
f0c9f84d95541ffba3baf9e24d85e87a 10.1/RPMS/gaim-1.2.1-0.1.101mdk.i586.rpm
75941740b8e5db4603816d3ea73cfddf 10.1/RPMS/gaim-devel-1.2.1-0.1.101mdk.i586.rpm
334adccd0d97f287a0282f236311c495 10.1/RPMS/gaim-gevolution-1.2.1-0.1.101mdk.i586.rpm
7c8c86d36881bca9f539c7c8dfc543cc 10.1/RPMS/gaim-perl-1.2.1-0.1.101mdk.i586.rpm
361e053e145405c5cf95c9fadafa21b1 10.1/RPMS/gaim-tcl-1.2.1-0.1.101mdk.i586.rpm
dc4c479784bda506fc895441028b2985 10.1/RPMS/libgaim-remote0-1.2.1-0.1.101mdk.i586.rpm
342d279dbb9a076a03c596d6c1729d77 10.1/RPMS/libgaim-remote0-devel-1.2.1-0.1.101mdk.i586.rpm
6de0f7edf8c55a755c4b64809e1a246f 10.1/SRPMS/gaim-1.2.1-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
c51c050ac997d33f37cff42f1ddd8ee3 x86_64/10.1/RPMS/gaim-1.2.1-0.1.101mdk.x86_64.rpm
ce76925c9ea35890fe06c2266f87f1a4 x86_64/10.1/RPMS/gaim-devel-1.2.1-0.1.101mdk.x86_64.rpm
f862609115d62357ee65409e3accb9a0 x86_64/10.1/RPMS/gaim-gevolution-1.2.1-0.1.101mdk.x86_64.rpm
f53dee67ae2ddfa5a46b8eccd7e8ffc8 x86_64/10.1/RPMS/gaim-perl-1.2.1-0.1.101mdk.x86_64.rpm
705b7a40f55d4c2c71f69b6d074cb879 x86_64/10.1/RPMS/gaim-tcl-1.2.1-0.1.101mdk.x86_64.rpm
18330f6a2b207cad6d8456c724ea9a1f x86_64/10.1/RPMS/lib64gaim-remote0-1.2.1-0.1.101mdk.x86_64.rpm
e05d76f087b39d233ba73eedcc3e7063 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.2.1-0.1.101mdk.x86_64.rpm
6de0f7edf8c55a755c4b64809e1a246f x86_64/10.1/SRPMS/gaim-1.2.1-0.1.101mdk.src.rpm

Corporate 3.0:
02619cb85a0a8846294c8ecdc2697231 corporate/3.0/RPMS/gaim-1.2.1-0.1.C30mdk.i586.rpm
0686d195bd0e1a69c9fd8e2952d6e31e corporate/3.0/RPMS/gaim-devel-1.2.1-0.1.C30mdk.i586.rpm
1057d2753906d97367b596be55694546 corporate/3.0/RPMS/gaim-perl-1.2.1-0.1.C30mdk.i586.rpm
d69fc3be71d44677023d4902af8081a4 corporate/3.0/RPMS/gaim-tcl-1.2.1-0.1.C30mdk.i586.rpm
a3d62bec1d30efef4cde7ae80cc6f3b1 corporate/3.0/RPMS/libgaim-remote0-1.2.1-0.1.C30mdk.i586.rpm
ae7cec269ef28eb3664ad6941ff02e88 corporate/3.0/RPMS/libgaim-remote0-devel-1.2.1-0.1.C30mdk.i586.rpm
9ca50a9a0a46f5e616f9dd3f00e7dc52 corporate/3.0/SRPMS/gaim-1.2.1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
5e69467d59933b94614a9567e50f22dc x86_64/corporate/3.0/RPMS/gaim-1.2.1-0.1.C30mdk.x86_64.rpm
00f868d0fce79a2557bcc7cc6f9a04f2 x86_64/corporate/3.0/RPMS/gaim-devel-1.2.1-0.1.C30mdk.x86_64.rpm
703d5bca6aea8fa580500a19096ef8e5 x86_64/corporate/3.0/RPMS/gaim-perl-1.2.1-0.1.C30mdk.x86_64.rpm
f76af359b96e10c8707b14f110031491 x86_64/corporate/3.0/RPMS/gaim-tcl-1.2.1-0.1.C30mdk.x86_64.rpm
760124434b0c5b6e8420dc1e13c3533f x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.2.1-0.1.C30mdk.x86_64.rpm
f53b90f50d2934bc070ca6ebb1a9324e x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.2.1-0.1.C30mdk.x86_64.rpm
9ca50a9a0a46f5e616f9dd3f00e7dc52 x86_64/corporate/3.0/SRPMS/gaim-1.2.1-0.1.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Ubuntu Linux


Ubuntu Security Notice USN-111-1 April 14, 2005
squid vulnerability
CAN-2005-0718

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.7. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability has been discovered in Squid. If the remote end aborted the connection during a PUT or POST request, Squid tried to free an already freed part of memory, which eventually caused the server to crash.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.diff.gz
Size/MD5: 275491 d294a0441d7e2de0da9341eace2c7e73
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.dsc
Size/MD5: 652 1816d94b51dc62c5377504600fe84b91
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.7_all.deb
Size/MD5: 190750 ff6a2988ea2399fcaa916ae5c39323e1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 90162 64c8782355756f2dc21a2a4bd405f512
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 812954 b2d4e53f212ce58fd33e650dd2b5014a
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 71526 1ce2d80bda1f61c56b1541fd3eda4e77

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 88692 67b6ed2744f38d3e0033445f7ddd30e2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 728956 0383caf202387afd18855a77f7a349a0
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 70260 5765c384fdaa1bb4c172f5bb2ecf2bc8

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 89612 7c28105327bf3fc664d4a679e231625f
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 796392 70e394cace6837edc6643ddd33916d45
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 71030 edc5b5f6f79e958bb701ba4f4fb9c19d



Ubuntu Security Notice USN-112-1 April 14, 2005
php4 vulnerabilities
CAN-2005-1042, CAN-2005-1043

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-php4
php4-cgi

The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.8. After performing a standard system upgrade you need to reload the PHP module in the webserver by executing

sudo /etc/init.d/apache2 reload

to effect the necessary changes.=20

Details follow:

An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP4's EXIF module. EXIF tags with a specially crafted "Image File Directory" (IFD) tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. (CAN-2005-1042)

The same module also contained a Denial of Service vulnerability. EXIF headers with a large IFD nesting level caused an unbound recursion which would eventually overflow the stack and cause the executed program to crash. (CAN-2005-1043)

In web applications that automatically process EXIF tags of uploaded images, both vulnerabilities could be exploited remotely.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.8.diff.gz
Size/MD5: 615279 bccbf61fbd657d604778ef0807602269
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.8.dsc
Size/MD5: 1624 50fb00c9c97235f29bd5e0b5be38719f
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.8_all.deb
Size/MD5: 332212 c7b9169952458bc1c9c6bb38894e44dd
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.8_all.deb
Size/MD5: 333344 8df62c694a6f3161c9856ce3ddc72880

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_= 4.3.8-3ubuntu7.8_amd64.deb

Size/MD5: 1689076 ea68676e40465cfaf63e9c040097cf5e
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubun= tu7.8_amd64.deb

Size/MD5: 3198192 73d27ba5818baffd5364bf600bde839d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 17268 af6a393057cbc02db58bf8161971c920
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 40424 68c1a0c15a6cf8a73e34312ab4490fda
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 33490 04e4f118c9c254f124647d3f79331b40
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 21228 7b3a3ec6ee219d8a20b5ae4908356223
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 18402 3ccc063e13e057bb046134106f7a4af0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 7984 3a6f3b7fa3c05de874ff133efed8a005
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 23106 c5eb05dc58ec37535f4abbcca2fd376b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 28318 ba50aa51d1878db08656192e4942a672
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 7612 492f40b7948f52691ba10aefda76509c
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 12966 e4c676a19934de18daea3c7c5558c6bb
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 21504 5634e0379238d42bbd446c768f19d865
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 17244 b3ade86c59d1bf070936cc8d3e0798ec
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 1704972 48b6f63a1bd9e74a32d1765f83a7a766

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 1630966 33f6c6e64aeee06c9f4ce5529bfb5270
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 3044286 a0d8f50a76ba83181ff3120086615610
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 16846 452346f69df9d3610c1e49be50c20bda
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 35546 33628c2ce0a6c4dce3ffd9191004a7c0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 31064 d04e46c79926bfe840141ae8de168e71
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 19464 3b1e7da084cc652c54ed7ee809262bc5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 17038 320f44d0b84c2d1907f85f16464b05f7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 7742 a82e71021460f23a3c27258a60dec76d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 20898 0bdc2c8eb237dcbd9fcdb65348f583d2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 26058 0fb042c54fcdf259142a599f287597e0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 7374 60bff288d952728c56839059830a46d0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 12318 1873822251912089841c8b9ad5087fa2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 20002 5073920959f7e45ba0440cc40d5d2a0b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 15878 c5bb3e00817367294f83e239e16876ec
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 1645576 f0f01be88bdc787ab135d1a865f4f308

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 1690872 071804bfe714bbfa054aade588d40023
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 3203670 3fa86de2cf426a6eaa6e99a5c7bdd4b7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 19086 7acaf730006b0a0ebc103057c28b74e2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 38282 010967a7de5cd770e9748937376f0560
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 34008 ad454fc9b99f41b76c76b58b54a7f32f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 21478 7a57f51114a5990b40aa326b6224afaa
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 19312 e4d275a2e44183a608e3a120ec23175a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 9320 3566967bd9d610d91106222756584dcc
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 22690 c1a2e74f03baba2cedc8dec36329e794
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 28408 090402935f36668bcd42b459935b1fa3
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 9006 87db57559484b64fd0e4d68909859710
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 14322 fa6f48dc42e8734e260c83a8efbd2703
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 22192 e4d2b2a283cfd4a8d1ac92d6e2327b0e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 18058 18411dc4784022996fcc5e7387b32ac7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 1708846 82dee976e21613a81b3e5935a1e2f590