Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4219
Security update for the Linux Kernel
30 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Increased Privileges -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-27675 CVE-2020-27673 CVE-2020-26088
CVE-2020-25705 CVE-2020-25704 CVE-2020-25668
CVE-2020-25656 CVE-2020-25645 CVE-2020-25643
CVE-2020-25641 CVE-2020-25285 CVE-2020-25284
CVE-2020-25212 CVE-2020-16120 CVE-2020-14390
CVE-2020-14381 CVE-2020-14351 CVE-2020-12352
CVE-2020-12351 CVE-2020-8694 CVE-2020-2521
CVE-2020-0432 CVE-2020-0431 CVE-2020-0430
CVE-2020-0427 CVE-2020-0404
Reference: ESB-2020.4211
ESB-2020.4191
ESB-2020.4168
ESB-2020.4132
Original Bulletin:
https://www.suse.com/support/update/announcement/2020/suse-su-20203532-1
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3532-1
Rating: important
References: #1051510 #1058115 #1065600 #1131277 #1160947 #1161360
#1163524 #1166965 #1170232 #1170415 #1171417 #1172073
#1172366 #1173115 #1173233 #1175306 #1175721 #1175749
#1175882 #1176011 #1176235 #1176278 #1176381 #1176423
#1176482 #1176485 #1176698 #1176721 #1176722 #1176723
#1176725 #1176732 #1176877 #1176907 #1176922 #1176990
#1177027 #1177086 #1177121 #1177165 #1177206 #1177226
#1177410 #1177411 #1177470 #1177511 #1177513 #1177724
#1177725 #1177766 #1178003 #1178123 #1178330 #1178393
#1178622 #1178765 #1178782 #1178838
Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431
CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-14351
CVE-2020-14381 CVE-2020-14390 CVE-2020-16120 CVE-2020-2521
CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641
CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668
CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27673
CVE-2020-27675 CVE-2020-8694
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Availability 15
______________________________________________________________________________
An update that solves 26 vulnerabilities and has 32 fixes is now available.
Description:
The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various
security and bug fixes.
The following security bugs were fixed:
o CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was
found that allowed to quickly scan open UDP ports. This flaw allowed an
off-path remote user to effectively bypassing source port UDP
randomization. The highest threat from this vulnerability is to
confidentiality and possibly integrity, because software and services that
rely on UDP source port randomization (like DNS) are indirectly affected as
well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#
1178782).
o CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#
1178393).
o CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123).
o CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl
(bnc#1177766).
o CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in
mm/hugetlb.c (bnc#1176485).
o CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h
(bnc#1176723).
o CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#
1177086).
o CVE-2020-16120: Fixed permission check to open real file when using
overlayfs. It was possible to have a file not readable by an unprivileged
user be copied to a mountpoint controlled by that user and then be able to
access the file (bsc#1177470).
o CVE-2020-8694: Restricted energy meter to root access (bsc#1170415).
o CVE-2020-12351: Fixed a type confusion while processing AMP packets aka
"BleedingTooth" aka "BadKarma" (bsc#1177724).
o CVE-2020-12352: Fixed an information leak when processing certain AMP
packets aka "BleedingTooth" (bsc#1177725).
o CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#
1176381).
o CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two
Geneve endpoints to be unencrypted (bnc#1177511).
o CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#
1176381).
o CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait
operation, which could have lead to memory corruption and possibly
privilege escalation (bsc#1176011).
o CVE-2020-25643: Fixed a memory corruption and a read overflow which could
have caused by improper input validation in the ppp_cp_parse_cr function
(bsc#1177206).
o CVE-2020-25641: Fixed a zero-length biovec request issued by the block
subsystem could have caused the kernel to enter an infinite loop, causing a
denial of service (bsc#1177121).
o CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation
could have been used by local attackers to create raw sockets, bypassing
security mechanisms (bsc#1176990).
o CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory
corruption or a denial of service when changing screen size (bnc#1176235).
o CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc
#1176721).
o CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#
1176725).
o CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check
(bsc#1176722).
o CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause
(bsc#1176423).
o CVE-2020-25284: Fixed an incomplete permission checking for access to rbd
devices, which could have been leveraged by local attackers to map or unmap
rbd block devices (bsc#1176482).
o CVE-2020-27673: Fixed an issue where rogue guests could have caused denial
of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
o CVE-2020-27675: Fixed a race condition in event handler which may crash
dom0 (XSA-331 bsc#1177410).
The following non-security bugs were fixed:
o btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1131277).
o btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway
balance (bsc#1171417 bsc#1160947 bsc#1172366 bsc#1176922).
o btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417
bsc#1160947 bsc#1172366 bsc#1176922).
o btrfs: remove root usage from can_overcommit (bsc#1131277).
o hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306).
o hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
o livepatch: Add -fdump-ipa-clones to build (). Add support for
-fdump-ipa-clones GCC option. Update config files accordingly.
o livepatch: Test if -fdump-ipa-clones is really available As of now we add
-fdump-ipa-clones unconditionally. It does not cause a trouble if the
kernel is build with the supported toolchain. Otherwise it could fail
easily. Do the correct thing and test for the availability.
o powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#
1178765 ltc#188968).
o scsi: qla2xxx: Do not consume srb greedily (bsc#1173233).
o scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233).
o video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#
1175306).
o video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer
driver (bsc#1175306).
o video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs
(bsc#1175306).
o x86/hyperv: Create and use Hyper-V page definitions (bsc#1176877).
o x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#
1175306).
o x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10
compiled kernels (bsc#1058115 bsc#1176907).
o xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
o xen: do not reschedule in preemption off sections (bsc#1175749).
o xen/events: add a new "late EOI" evtchn framework (XSA-332 bsc#1177411).
o xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#
1177411).
o xen/events: avoid removing an event channel while handling it (XSA-331 bsc#
1177410).
o xen/events: block rogue events for some time (XSA-332 bsc#1177411).
o xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#
1177411).
o xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
o xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
o xen/events: switch user event channels to lateeoi model (XSA-332 bsc#
1177411).
o xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#
1177411).
o xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
o xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
o xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3532=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3532=1
o SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-3532=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3532=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3532=1
o SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2020-3532=1
Package List:
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
kernel-default-4.12.14-150.63.1
kernel-default-base-4.12.14-150.63.1
kernel-default-debuginfo-4.12.14-150.63.1
kernel-default-debugsource-4.12.14-150.63.1
kernel-default-devel-4.12.14-150.63.1
kernel-default-devel-debuginfo-4.12.14-150.63.1
kernel-obs-build-4.12.14-150.63.1
kernel-obs-build-debugsource-4.12.14-150.63.1
kernel-syms-4.12.14-150.63.1
kernel-vanilla-base-4.12.14-150.63.1
kernel-vanilla-base-debuginfo-4.12.14-150.63.1
kernel-vanilla-debuginfo-4.12.14-150.63.1
kernel-vanilla-debugsource-4.12.14-150.63.1
reiserfs-kmp-default-4.12.14-150.63.1
reiserfs-kmp-default-debuginfo-4.12.14-150.63.1
o SUSE Linux Enterprise Server for SAP 15 (noarch):
kernel-devel-4.12.14-150.63.1
kernel-docs-4.12.14-150.63.1
kernel-macros-4.12.14-150.63.1
kernel-source-4.12.14-150.63.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
kernel-default-4.12.14-150.63.1
kernel-default-base-4.12.14-150.63.1
kernel-default-debuginfo-4.12.14-150.63.1
kernel-default-debugsource-4.12.14-150.63.1
kernel-default-devel-4.12.14-150.63.1
kernel-default-devel-debuginfo-4.12.14-150.63.1
kernel-obs-build-4.12.14-150.63.1
kernel-obs-build-debugsource-4.12.14-150.63.1
kernel-syms-4.12.14-150.63.1
kernel-vanilla-base-4.12.14-150.63.1
kernel-vanilla-base-debuginfo-4.12.14-150.63.1
kernel-vanilla-debuginfo-4.12.14-150.63.1
kernel-vanilla-debugsource-4.12.14-150.63.1
reiserfs-kmp-default-4.12.14-150.63.1
reiserfs-kmp-default-debuginfo-4.12.14-150.63.1
o SUSE Linux Enterprise Server 15-LTSS (noarch):
kernel-devel-4.12.14-150.63.1
kernel-docs-4.12.14-150.63.1
kernel-macros-4.12.14-150.63.1
kernel-source-4.12.14-150.63.1
o SUSE Linux Enterprise Server 15-LTSS (s390x):
kernel-default-man-4.12.14-150.63.1
kernel-zfcpdump-debuginfo-4.12.14-150.63.1
kernel-zfcpdump-debugsource-4.12.14-150.63.1
o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150.63.1
kernel-default-debugsource-4.12.14-150.63.1
kernel-default-livepatch-4.12.14-150.63.1
kernel-livepatch-4_12_14-150_63-default-1-1.5.1
kernel-livepatch-4_12_14-150_63-default-debuginfo-1-1.5.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150.63.1
kernel-default-base-4.12.14-150.63.1
kernel-default-debuginfo-4.12.14-150.63.1
kernel-default-debugsource-4.12.14-150.63.1
kernel-default-devel-4.12.14-150.63.1
kernel-default-devel-debuginfo-4.12.14-150.63.1
kernel-obs-build-4.12.14-150.63.1
kernel-obs-build-debugsource-4.12.14-150.63.1
kernel-syms-4.12.14-150.63.1
kernel-vanilla-base-4.12.14-150.63.1
kernel-vanilla-base-debuginfo-4.12.14-150.63.1
kernel-vanilla-debuginfo-4.12.14-150.63.1
kernel-vanilla-debugsource-4.12.14-150.63.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
kernel-devel-4.12.14-150.63.1
kernel-docs-4.12.14-150.63.1
kernel-macros-4.12.14-150.63.1
kernel-source-4.12.14-150.63.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150.63.1
kernel-default-base-4.12.14-150.63.1
kernel-default-debuginfo-4.12.14-150.63.1
kernel-default-debugsource-4.12.14-150.63.1
kernel-default-devel-4.12.14-150.63.1
kernel-default-devel-debuginfo-4.12.14-150.63.1
kernel-obs-build-4.12.14-150.63.1
kernel-obs-build-debugsource-4.12.14-150.63.1
kernel-syms-4.12.14-150.63.1
kernel-vanilla-base-4.12.14-150.63.1
kernel-vanilla-base-debuginfo-4.12.14-150.63.1
kernel-vanilla-debuginfo-4.12.14-150.63.1
kernel-vanilla-debugsource-4.12.14-150.63.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
kernel-devel-4.12.14-150.63.1
kernel-docs-4.12.14-150.63.1
kernel-macros-4.12.14-150.63.1
kernel-source-4.12.14-150.63.1
o SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150.63.1
cluster-md-kmp-default-debuginfo-4.12.14-150.63.1
dlm-kmp-default-4.12.14-150.63.1
dlm-kmp-default-debuginfo-4.12.14-150.63.1
gfs2-kmp-default-4.12.14-150.63.1
gfs2-kmp-default-debuginfo-4.12.14-150.63.1
kernel-default-debuginfo-4.12.14-150.63.1
kernel-default-debugsource-4.12.14-150.63.1
ocfs2-kmp-default-4.12.14-150.63.1
ocfs2-kmp-default-debuginfo-4.12.14-150.63.1
References:
o https://www.suse.com/security/cve/CVE-2020-0404.html
o https://www.suse.com/security/cve/CVE-2020-0427.html
o https://www.suse.com/security/cve/CVE-2020-0430.html
o https://www.suse.com/security/cve/CVE-2020-0431.html
o https://www.suse.com/security/cve/CVE-2020-0432.html
o https://www.suse.com/security/cve/CVE-2020-12351.html
o https://www.suse.com/security/cve/CVE-2020-12352.html
o https://www.suse.com/security/cve/CVE-2020-14351.html
o https://www.suse.com/security/cve/CVE-2020-14381.html
o https://www.suse.com/security/cve/CVE-2020-14390.html
o https://www.suse.com/security/cve/CVE-2020-16120.html
o https://www.suse.com/security/cve/CVE-2020-2521.html
o https://www.suse.com/security/cve/CVE-2020-25212.html
o https://www.suse.com/security/cve/CVE-2020-25284.html
o https://www.suse.com/security/cve/CVE-2020-25285.html
o https://www.suse.com/security/cve/CVE-2020-25641.html
o https://www.suse.com/security/cve/CVE-2020-25643.html
o https://www.suse.com/security/cve/CVE-2020-25645.html
o https://www.suse.com/security/cve/CVE-2020-25656.html
o https://www.suse.com/security/cve/CVE-2020-25668.html
o https://www.suse.com/security/cve/CVE-2020-25704.html
o https://www.suse.com/security/cve/CVE-2020-25705.html
o https://www.suse.com/security/cve/CVE-2020-26088.html
o https://www.suse.com/security/cve/CVE-2020-27673.html
o https://www.suse.com/security/cve/CVE-2020-27675.html
o https://www.suse.com/security/cve/CVE-2020-8694.html
o https://bugzilla.suse.com/1051510
o https://bugzilla.suse.com/1058115
o https://bugzilla.suse.com/1065600
o https://bugzilla.suse.com/1131277
o https://bugzilla.suse.com/1160947
o https://bugzilla.suse.com/1161360
o https://bugzilla.suse.com/1163524
o https://bugzilla.suse.com/1166965
o https://bugzilla.suse.com/1170232
o https://bugzilla.suse.com/1170415
o https://bugzilla.suse.com/1171417
o https://bugzilla.suse.com/1172073
o https://bugzilla.suse.com/1172366
o https://bugzilla.suse.com/1173115
o https://bugzilla.suse.com/1173233
o https://bugzilla.suse.com/1175306
o https://bugzilla.suse.com/1175721
o https://bugzilla.suse.com/1175749
o https://bugzilla.suse.com/1175882
o https://bugzilla.suse.com/1176011
o https://bugzilla.suse.com/1176235
o https://bugzilla.suse.com/1176278
o https://bugzilla.suse.com/1176381
o https://bugzilla.suse.com/1176423
o https://bugzilla.suse.com/1176482
o https://bugzilla.suse.com/1176485
o https://bugzilla.suse.com/1176698
o https://bugzilla.suse.com/1176721
o https://bugzilla.suse.com/1176722
o https://bugzilla.suse.com/1176723
o https://bugzilla.suse.com/1176725
o https://bugzilla.suse.com/1176732
o https://bugzilla.suse.com/1176877
o https://bugzilla.suse.com/1176907
o https://bugzilla.suse.com/1176922
o https://bugzilla.suse.com/1176990
o https://bugzilla.suse.com/1177027
o https://bugzilla.suse.com/1177086
o https://bugzilla.suse.com/1177121
o https://bugzilla.suse.com/1177165
o https://bugzilla.suse.com/1177206
o https://bugzilla.suse.com/1177226
o https://bugzilla.suse.com/1177410
o https://bugzilla.suse.com/1177411
o https://bugzilla.suse.com/1177470
o https://bugzilla.suse.com/1177511
o https://bugzilla.suse.com/1177513
o https://bugzilla.suse.com/1177724
o https://bugzilla.suse.com/1177725
o https://bugzilla.suse.com/1177766
o https://bugzilla.suse.com/1178003
o https://bugzilla.suse.com/1178123
o https://bugzilla.suse.com/1178330
o https://bugzilla.suse.com/1178393
o https://bugzilla.suse.com/1178622
o https://bugzilla.suse.com/1178765
o https://bugzilla.suse.com/1178782
o https://bugzilla.suse.com/1178838
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX8RLH+NLKJtyKPYoAQiCvA//YD+nzyEXg8V494kwjl+DLTRmEfpcYL2U
TDAMs6QFcY+HPGdaEYnYvPHGousshRjup4tS6xbgqng04xpMzTtgh6mI9Mn99nEk
J7WSe3rpunwwRyegukCMtZKHa9RRlqM12ZmBcw0MaBiScYtdlc67fZfF9RbnWWG7
D2tmb9v9/0/7mPJT6somBdHNlWcXGzri4o0u1jye6ox9F1dhMxNcD/vWsY2TI4qm
Pny8Cuy3wqbn3ywXxGSIqfj534p4yuM/UKssmymd2BmcsbKjquHCs3NX4l1/FU/N
gwcjMIKRhxO5hNRNQEZD5LcmbViAWbYI6dAUhDzE9i1z388EQaOPrm+nCHDs67yL
pqgq2y4I7mqnDn3ujt/3wkgkpT2EJNb3wGp9vcu0P/PRte6X2IINfCye82sQakGu
Nht04yjJA5wHxq/zhanO8ep2mXzar8XoNbVqNOmsv6gtOMnwPCuxeMIgrV1hhaUR
0mmLWNPc5/Ajl83DodQf9T9vL4PuKg9N1Zh4tDfbNAQoGtxU7AeS0Rs3CG0P2MsA
wm0ypWs3i7fGaHwGHW4s9NxF99sfe+fAhLE2LCd0cqoeFplRMSooIiZrW2wqX7yb
kpqOM/9QhUpVl7Z51GtoQcUbaKdXzr+tmdc3Iq1zC/es1O13uhiZStC1PGoTTByf
gMapiIvQpEg=
=XrEd
-----END PGP SIGNATURE-----