ESB-2017.3238 - [RedHat] Ruby: Multiple vulnerabilities 2017-12-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.3238
    Moderate: rh-ruby24-ruby security, bug fix, and enhancement update
                             20 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Ruby
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
                   Red Hat Enterprise Linux EUS 6
                   Red Hat Enterprise Linux EUS 7
                   Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Create Arbitrary Files          -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-14064 CVE-2017-10784 CVE-2017-0903
                   CVE-2017-0902 CVE-2017-0901 CVE-2017-0900
                   CVE-2017-0899 CVE-2017-0898 

Reference:         ASB-2017.0137
                   ESB-2017.2869
                   ESB-2017.2557

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2017:3485

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-ruby24-ruby security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:3485-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:3485
Issue date:        2017-12-19
CVE Names:         CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 
                   CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 
                   CVE-2017-10784 CVE-2017-14064 
=====================================================================

1. Summary:

An update for rh-ruby24-ruby is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version:
rh-ruby24-ruby (2.4.2). (BZ#1506785)

Security Fix(es):

* A buffer underflow was found in ruby's sprintf function. An attacker,
with ability to control its format string parameter, could send a specially
crafted string that would disclose heap memory or crash the interpreter.
(CVE-2017-0898)

* It was found that rubygems did not sanitize gem names during installation
of a given gem. A specially crafted gem could use this flaw to install
files outside of the regular directory. (CVE-2017-0901)

* A vulnerability was found where rubygems did not sanitize DNS responses
when requesting the hostname of the rubygems server for a domain, via a
_rubygems._tcp DNS SRV query. An attacker with the ability to manipulate
DNS responses could direct the gem command towards a different domain.
(CVE-2017-0902)

* A vulnerability was found where the rubygems module was vulnerable to an
unsafe YAML deserialization when inspecting a gem. Applications inspecting
gem files without installing them can be tricked to execute arbitrary code
in the context of the ruby interpreter. (CVE-2017-0903)

* It was found that WEBrick did not sanitize all its log messages. If logs
were printed in a terminal, an attacker could interact with the terminal
via the use of escape sequences. (CVE-2017-10784)

* A vulnerability was found where rubygems did not properly sanitize gems'
specification text. A specially crafted gem could interact with the
terminal via the use of escape sequences. (CVE-2017-0899)

* It was found that rubygems could use an excessive amount of CPU while
parsing a sufficiently long gem summary. A specially crafted gem from a gem
repository could freeze gem commands attempting to parse its summary.
(CVE-2017-0900)

* A buffer overflow vulnerability was found in the JSON extension of ruby.
An attacker with the ability to pass a specially crafted JSON input to the
extension could use this flaw to expose the interpreter's heap memory.
(CVE-2017-14064)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call
1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name
1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec
1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability
1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec
1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
1500488 - CVE-2017-0903 rubygems: Unsafe object deserialization through YAML formatted gem specifications
1506785 - Rebase to the latest Ruby 2.4 point release [rhscl-3.0.z]

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-ruby24-ruby-2.4.2-86.el6.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.2-86.el6.noarch.rpm
rh-ruby24-ruby-irb-2.4.2-86.el6.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-86.el6.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-86.el6.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-86.el6.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-86.el6.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-86.el6.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-86.el6.noarch.rpm
rh-ruby24-rubygems-2.6.14-86.el6.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-86.el6.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-devel-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-libs-2.4.2-86.el6.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-86.el6.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-86.el6.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-86.el6.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-86.el6.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-86.el6.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-86.el6.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-86.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
rh-ruby24-ruby-2.4.2-86.el6.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.2-86.el6.noarch.rpm
rh-ruby24-ruby-irb-2.4.2-86.el6.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-86.el6.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-86.el6.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-86.el6.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-86.el6.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-86.el6.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-86.el6.noarch.rpm
rh-ruby24-rubygems-2.6.14-86.el6.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-86.el6.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-devel-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-libs-2.4.2-86.el6.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-86.el6.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-86.el6.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-86.el6.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-86.el6.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-86.el6.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-86.el6.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-86.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-ruby24-ruby-2.4.2-86.el6.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.2-86.el6.noarch.rpm
rh-ruby24-ruby-irb-2.4.2-86.el6.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-86.el6.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-86.el6.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-86.el6.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-86.el6.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-86.el6.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-86.el6.noarch.rpm
rh-ruby24-rubygems-2.6.14-86.el6.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-86.el6.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-devel-2.4.2-86.el6.x86_64.rpm
rh-ruby24-ruby-libs-2.4.2-86.el6.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-86.el6.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-86.el6.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-86.el6.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-86.el6.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-86.el6.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-86.el6.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-86.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-ruby24-ruby-2.4.2-86.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.2-86.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.2-86.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-86.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-86.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-86.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-86.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-86.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-86.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14-86.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-86.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.2-86.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-86.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-86.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-86.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-86.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-86.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-86.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-86.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
rh-ruby24-ruby-2.4.2-86.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.2-86.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.2-86.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-86.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-86.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-86.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-86.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-86.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-86.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14-86.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-86.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.2-86.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-86.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-86.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-86.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-86.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-86.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-86.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-86.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-ruby24-ruby-2.4.2-86.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.2-86.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.2-86.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-86.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-86.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-86.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-86.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-86.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-86.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14-86.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-86.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.2-86.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-86.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-86.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-86.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-86.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-86.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-86.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-86.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-ruby24-ruby-2.4.2-86.el7.src.rpm

noarch:
rh-ruby24-ruby-doc-2.4.2-86.el7.noarch.rpm
rh-ruby24-ruby-irb-2.4.2-86.el7.noarch.rpm
rh-ruby24-rubygem-minitest-5.10.1-86.el7.noarch.rpm
rh-ruby24-rubygem-power_assert-0.4.1-86.el7.noarch.rpm
rh-ruby24-rubygem-rake-12.0.0-86.el7.noarch.rpm
rh-ruby24-rubygem-rdoc-5.0.0-86.el7.noarch.rpm
rh-ruby24-rubygem-test-unit-3.2.3-86.el7.noarch.rpm
rh-ruby24-rubygem-xmlrpc-0.2.1-86.el7.noarch.rpm
rh-ruby24-rubygems-2.6.14-86.el7.noarch.rpm
rh-ruby24-rubygems-devel-2.6.14-86.el7.noarch.rpm

x86_64:
rh-ruby24-ruby-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-debuginfo-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-devel-2.4.2-86.el7.x86_64.rpm
rh-ruby24-ruby-libs-2.4.2-86.el7.x86_64.rpm
rh-ruby24-rubygem-bigdecimal-1.3.0-86.el7.x86_64.rpm
rh-ruby24-rubygem-did_you_mean-1.1.0-86.el7.x86_64.rpm
rh-ruby24-rubygem-io-console-0.4.6-86.el7.x86_64.rpm
rh-ruby24-rubygem-json-2.0.4-86.el7.x86_64.rpm
rh-ruby24-rubygem-net-telnet-0.1.1-86.el7.x86_64.rpm
rh-ruby24-rubygem-openssl-2.0.5-86.el7.x86_64.rpm
rh-ruby24-rubygem-psych-2.2.2-86.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-0898
https://access.redhat.com/security/cve/CVE-2017-0899
https://access.redhat.com/security/cve/CVE-2017-0900
https://access.redhat.com/security/cve/CVE-2017-0901
https://access.redhat.com/security/cve/CVE-2017-0902
https://access.redhat.com/security/cve/CVE-2017-0903
https://access.redhat.com/security/cve/CVE-2017-10784
https://access.redhat.com/security/cve/CVE-2017-14064
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaOM+JXlSAg2UNWIIRAqaDAKC9Irw/Rln4CyNuCV/te7XFo4WhowCcCMH9
z34qLfRLYhdz170IYhPJdR0=
=EBZR
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWjn7Aox+lLeg9Ub1AQgbPA//cDxQ21eNg2djAfXQuEMdC+v3VsOIcWWo
xVGhK3M6biUbokGLq7Lx4TEb5uEyo2jJoxfx/I54YLD2Z0ayOm58R3ZkcssucrxI
/e99g0RtPCODBIiQ1ZDmZRF9YsoP1eM+2c3+sPrrAjJigFoiPY4mFyYyHbUB7v1x
WHDUSjkW2dRz4WBSfhr8smIqHvrs2Ol3JMV4J+MbRFqyL7FtzTRL4f/lL7+S6FUZ
yYoSEbNzkaeqxRc0eZSRSN958O+O/gwwtkCqHsNT864yxFwdmNYCi9HlIEl5zSPX
13oQdBHkRo9ytljlAWTShhhuMM5ECV5YFfIoh0c/2r9GTdwisGflTHVNqPiZP5DN
45RqtFvM8b3CQOG3X8kl7S3kY3Gc2eVRfyPLj+J9YS5IIZJhGHERJ2Jua9wm+E4i
9LVAkufa/HZyPRVVhrGyOUmRUiV26TxoTnRUd8f9fNcPPEVb0fHe6b88q1LFQ/jJ
PQ4RqoJJLA3gH6S0avDff4ZmfFoWFGxufoIynaT86Q0zfAAOTVqN7cSX68XWzDC+
B7hO0z7AXizKhNXcEvTA76bn9IwRYWiz2Namkbrps6zzcUNQDLOTbstoqTUXn/IS
Xq7DNuh1x4yffd3MX1Vw2kDli06aDTEtf7OmShpXvxjmFSL6WrPy/WZuJtuweOvc
vAXsO9I2bJ8=
=t6UY
-----END PGP SIGNATURE-----

« Back to bulletins