Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0229 -- [Debian] New sendmail packages fix arbitrary code execution 24 March 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sendmail Publisher: Debian Operating System: Debian GNU/Linux 3.1 Debian GNU/Linux 3.0 Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CVE-2006-0058 Ref: AL-2006.0020 Original Bulletin: http://www.debian.org/security/2006/dsa-1015 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 1015-1 security@debian.org http://www.debian.org/security/ Martin Schulze March 23rd, 2006 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : sendmail Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2006-0058 CERT advisory : VU#834865 Mark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent. This allows a remote attacker may to exploit a race condition to execute arbitrary code as root. For the old stable distribution (woody) this problem has been fixed in version 8.12.3-7.2. For the stable distribution (sarge) this problem has been fixed in version 8.13.4-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 8.13.6-1. We recommend that you upgrade your sendmail package immediately. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2.dsc Size/MD5 checksum: 753 e88f300c970924d33b8ba8ea2b3eae6b http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2.diff.gz Size/MD5 checksum: 277212 96008f9276955cd69add11424604e8e4 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d Architecture independent components: http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-7.2_all.deb Size/MD5 checksum: 747982 c253bf2db4f202a880396249318df054 Alpha architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_alpha.deb Size/MD5 checksum: 267946 5cc2f292308e753286150b9f5f0dc598 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_alpha.deb Size/MD5 checksum: 1107346 cee76bc87880b6d986337cb758bdd9e6 ARM architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_arm.deb Size/MD5 checksum: 247798 b47e73e4eb91410308ff3d7772986c9b http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_arm.deb Size/MD5 checksum: 979674 d03f90f8d57fa4bbe2f90776a487680e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_i386.deb Size/MD5 checksum: 237492 75116396559388f01e199773e2dda2a3 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_i386.deb Size/MD5 checksum: 917446 0fd30312a872b9a3d1ba7c3e6c3d46b5 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_ia64.deb Size/MD5 checksum: 282384 4ce505c68a5434df2a6d196b87884e78 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_ia64.deb Size/MD5 checksum: 1332476 863dd30db60027d3efe5028c09b12805 HP Precision architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_hppa.deb Size/MD5 checksum: 261800 b7d14fc3ef6fc0b07068970659c4916a http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_hppa.deb Size/MD5 checksum: 1081594 8c154a46eb55b2c65399ced49674fcac Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_m68k.deb Size/MD5 checksum: 231320 e8bcfb54013b87753ddf6f146a38ed1d http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_m68k.deb Size/MD5 checksum: 865750 0d10292b121fcaee2ec8e7362528ac45 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_mips.deb Size/MD5 checksum: 255544 f64577662a0d9385b2e451696f9d4d71 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_mips.deb Size/MD5 checksum: 1024626 68dd1d411341a29cec916d081c78653f Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_mipsel.deb Size/MD5 checksum: 255318 44a704f72834bd7e61e40419ed892f9a http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_mipsel.deb Size/MD5 checksum: 1025096 ebff9cf403b127d5c5b37678435c9a59 PowerPC architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_powerpc.deb Size/MD5 checksum: 257626 6c320d8d0eec5301975d14ec7632042e http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_powerpc.deb Size/MD5 checksum: 979760 9c0fd5bd23d59ca6dc461ffa21464d18 IBM S/390 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_s390.deb Size/MD5 checksum: 242998 ea909d1747afa18b2c11b8a73cee4d26 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_s390.deb Size/MD5 checksum: 966800 958bf2ddae058848aeb49bd7df86d0f4 Sun Sparc architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_sparc.deb Size/MD5 checksum: 245638 600345d0daac2924b9e186330a5f9f71 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_sparc.deb Size/MD5 checksum: 982872 b7f58435a7d8049a0678571f4e2cad16 Debian GNU/Linux 3.1 alias sarge - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1.dsc Size/MD5 checksum: 912 eced5184913171b9c96c58dc6b46279b http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1.diff.gz Size/MD5 checksum: 383581 400a529e2e745e5d54d0eb79b47d0e13 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz Size/MD5 checksum: 1968047 d80dc659df96c63d227ed80c0c71b708 Architecture independent components: http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge1_all.deb Size/MD5 checksum: 342146 76bd67d4b76fd9896475719e4bb83c52 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge1_all.deb Size/MD5 checksum: 280612 ae20d882572cd061347a21f3df777411 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge1_all.deb Size/MD5 checksum: 693884 c49f59ed7ddab7d925568bf9cca0a802 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1_all.deb Size/MD5 checksum: 193550 85d828672cb32f212d9c51ba9f4a59f4 Alpha architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_alpha.deb Size/MD5 checksum: 318962 054be9a965fe0d26a277f5a8a98e3860 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_alpha.deb Size/MD5 checksum: 215538 b6e82eb7fcfe8c6f6d70d086d797c41b http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_alpha.deb Size/MD5 checksum: 228768 0c6b3040154cc762802326d66b798e68 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_alpha.deb Size/MD5 checksum: 953656 81590285d76c7f1d1065fa256e3c0d16 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_alpha.deb Size/MD5 checksum: 198052 f32099dafc92f3cef8bb70aa724faa2d AMD64 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_amd64.deb Size/MD5 checksum: 296490 22966058918ee931eed27ffedd1845cf http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_amd64.deb Size/MD5 checksum: 213122 9aea29eb85643183224d32b8aaf2384d http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_amd64.deb Size/MD5 checksum: 225200 cefe11998072135ea099a415e79ba686 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_amd64.deb Size/MD5 checksum: 850848 d2861fe4cec727e76248860f04759194 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_amd64.deb Size/MD5 checksum: 197596 66cb61fbd5994a5ed8572e2161c212d0 ARM architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_arm.deb Size/MD5 checksum: 291872 35aae5c6f5979ad62f2c5fb948bad855 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_arm.deb Size/MD5 checksum: 211494 5d0c235fedc3fa665f492cc0eb405ca5 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_arm.deb Size/MD5 checksum: 223606 00e0deaa2f351d66e76aecd5b96cd7f2 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_arm.deb Size/MD5 checksum: 829146 ba91e23d646a78ab9bf81184d4105eed http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_arm.deb Size/MD5 checksum: 197170 09956736b466d15ed9bb7eb220547282 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_i386.deb Size/MD5 checksum: 288740 029c9c000ac133ce3c72aef194fb927e http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_i386.deb Size/MD5 checksum: 213300 acfda80137ef82bac707e737af27c28b http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_i386.deb Size/MD5 checksum: 223850 79f561f32701ffc65b3286c9d2b15c2e http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_i386.deb Size/MD5 checksum: 813824 cf8af93fb4c550a746f56312b5378196 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_i386.deb Size/MD5 checksum: 198798 95278a3b872edbc954eb3587faae2ff3 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_ia64.deb Size/MD5 checksum: 330628 f8accd0b6b54d974f5f6d0eb0c01d098 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_ia64.deb Size/MD5 checksum: 220376 08c4cc7b20eff79b9b7b42c89203f1ee http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_ia64.deb Size/MD5 checksum: 239602 68274560ddbb6341bee00250bb3966c2 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_ia64.deb Size/MD5 checksum: 1162354 ef069d23929b49f045ec4b87af118490 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_ia64.deb Size/MD5 checksum: 198910 42814633feb7d12ba9b86b0b99b5898a HP Precision architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_hppa.deb Size/MD5 checksum: 301436 6a44da8d49780bf89e8de21c333af1d3 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_hppa.deb Size/MD5 checksum: 215576 965aa367c614665b310cd8a62b287e4b http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_hppa.deb Size/MD5 checksum: 229332 d1b796e3714f112cd6e647a9401dcbf5 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_hppa.deb Size/MD5 checksum: 919600 69abc5aa11ccf4abfef10d42e1a46310 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_hppa.deb Size/MD5 checksum: 198046 52fc9ce8ca0e65ef2bc3cb8f11b7a6f5 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_m68k.deb Size/MD5 checksum: 272712 66c27a318830a6fa64819477338cd23f http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_m68k.deb Size/MD5 checksum: 210798 39e8ab1bcb81a8a7284c9b418eca0e29 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_m68k.deb Size/MD5 checksum: 218808 bb1f4007b54c4e8a23aa279b3ab67cf2 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_m68k.deb Size/MD5 checksum: 728192 9a5ab3d6aecdd1148519b0686ba71aff http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_m68k.deb Size/MD5 checksum: 197104 cbe649dd8c0748821c9ab214b00bf2f0 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_mips.deb Size/MD5 checksum: 293096 696541d7935855697b3ca74f34bce650 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_mips.deb Size/MD5 checksum: 211980 aa0bf589a3b15a6b5cb5d0c2a2c51f2a http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_mips.deb Size/MD5 checksum: 227312 2db4f638a58d94799e14deb882386e87 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_mips.deb Size/MD5 checksum: 883120 55ff1991c6ce32475afdd292a8ba895f http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_mips.deb Size/MD5 checksum: 198070 f689f690fbe8dd7726f2bb2c419caff8 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_mipsel.deb Size/MD5 checksum: 293902 bd277684c70732ab5edbf8c339ff1f1f http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_mipsel.deb Size/MD5 checksum: 212276 4f1ea8a69fbde664a60dec325ab4294d http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_mipsel.deb Size/MD5 checksum: 227598 52a98a34b8d7d82d34f500c047f1876c http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_mipsel.deb Size/MD5 checksum: 886812 ad4d962d2eaceb9123143d66d984fda3 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_mipsel.deb Size/MD5 checksum: 198250 eb756c3f90723f4feb9b1b4475531064 PowerPC architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_powerpc.deb Size/MD5 checksum: 294318 3416024842aa172fea686e2ed7e93f95 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_powerpc.deb Size/MD5 checksum: 214374 a532541dcb05fe73f650e65e5ec391d8 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_powerpc.deb Size/MD5 checksum: 226788 90c4e2b480235434bd8a101ec88a1b66 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_powerpc.deb Size/MD5 checksum: 864680 19b18eef4e5267eb5a79aa5d272a89c1 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_powerpc.deb Size/MD5 checksum: 197658 9c53a99a1cdfcd5eb88e3bb60ffac707 IBM S/390 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_s390.deb Size/MD5 checksum: 295110 6d5a6645a56f5f1e5b96ee1edf74d014 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_s390.deb Size/MD5 checksum: 213228 4939dd0e6135eaef97186dc78ea0f6a0 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_s390.deb Size/MD5 checksum: 228616 3c0e7578d0307e8a766d93ab3e8398bd http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_s390.deb Size/MD5 checksum: 875030 e6630e78597b3fa8beea3fe0ed6c0570 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_s390.deb Size/MD5 checksum: 197610 a9b8ff1c29eb5d832f46f37360be0da7 Sun Sparc architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_sparc.deb Size/MD5 checksum: 285328 af47ebab7c6f2c40947d3db63d096b2b http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_sparc.deb Size/MD5 checksum: 211552 1ff3266e7fd86a23f75bb893e5e3b293 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_sparc.deb Size/MD5 checksum: 222818 f4003549477da95806b491419fffd743 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_sparc.deb Size/MD5 checksum: 819308 a4ed26ef9608278f2ddbb4342af8df35 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_sparc.deb Size/MD5 checksum: 197330 7a51e38cfbb62b22752935f4a91af2d8 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEImpxW5ql+IAeqTIRAkHRAJ9S+GMJ5kv/GAtu9li4KwH+1pU7qwCgujna wDAqdVyXC6vQHUADX5faxXg= =hAjg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCUAwUBRCNohih9+71yA2DNAQLgygP4+YlJJtGXQX2mjQ60GbjithFx2V4f3BaX rjd9XwJuRCVDSjtEUZ3rHxFIkcF93AQ0x4KM0DCdraSSXMV4TX76lLBz5UIySD0a WKXpJpD8Q4E5gDtHcQ19KovdLQYyoUEq+VPUCiz4U5rz1ymn20R4zwU+BjUvoQVJ m+IFsOChdg== =N71l -----END PGP SIGNATURE-----