ESB-2019.0213 - [Win][Linux][Cisco][Mac] Cisco Webex: Multiple vulnerabilities 2019-01-24

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.0213
                   Cisco Webex Multiple Vulnerabilities
                              24 January 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Webex
Publisher:         Cisco Systems
Operating System:  Windows
                   Linux variants
                   Cisco
                   Mac OS
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Cross-site Scripting            -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-1655 CVE-2019-1641 CVE-2019-1640
                   CVE-2019-1639 CVE-2019-1638 CVE-2019-1637
                   CVE-2019-1636  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss

Comment: This bulletin contains three (3) advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190123-webex-teams

First Published: 2019 January 23 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available

Cisco Bug IDs:   CSCvn02053

CVE-2019-1636    

CWE-78

CVSS Score:
7.8  AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark,
    could allow an attacker to execute arbitrary commands on a targeted
    system.

    This vulnerability is due to unsafe search paths used by the application
    URI that is defined in Windows operating systems. An attacker could
    exploit this vulnerability by convincing a targeted user to follow a
    malicious link. Successful exploitation could cause the application to
    load libraries from the directory targeted by the URI link. The attacker
    could use this behavior to execute arbitrary commands on the system with
    the privileges of the targeted user if the attacker can place a crafted
    library in a directory that is accessible to the vulnerable system.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams

Affected Products

  o Vulnerable Products

    This vulnerability affects all versions of Cisco Webex Teams prior to
    version 3.0.10260, which was released on November 21, 2018.

    To determine which Cisco Webex Teams version is running, users can click
    their profile picture, which is between the Home icon and search field in
    the application window. The user can choose Help > About to view the
    version information, which is similar to the following:

        Webex Teams
        Version: 3.0.10260.0

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page, to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the
    Cisco Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/
    tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco Webex Teams versions 3.0.10260 (released on November 21, 2018) and
    later contain the fix for this vulnerability.

    Customers are advised to upgrade to the latest version of Cisco Webex
    Teams. In the left panel of the app, click the Refresh icon (the circular
    green arrow) and then click Update. If the Refresh icon is not present,
    there is no update pending.

    For more information, see the Cisco Webex Teams help article Update the
    Cisco Webex Teams App to the Latest Release.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank rgod of 9sg Security Team, working with Trend
    Micro's Zero Day Initiative, for reporting the vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy. This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

  o Subscribe

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams

Revision History

  o 
    +----------+---------------------------+----------+--------+------------------+
    | Version  |        Description        | Section  | Status |       Date       |
    +----------+---------------------------+----------+--------+------------------+
    | 1.0      | Initial public release.   |          | Final  | 2019-January-23  |
    +----------+---------------------------+----------+--------+------------------+

- --------------------------------------------------------------------------------

Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities

Priority:        High

Advisory ID:     cisco-sa-20190123-webex-rce

First Published: 2019 January 23 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available

Cisco Bug IDs:   CSCvm65148 CSCvm65207 CSCvm65741 CSCvm65747
                 CSCvm65794 CSCvm65798 CSCvm86137 CSCvm86143
                 CSCvm86148 CSCvm86157 CSCvm86160 CSCvm86165

CVE-2019-1637    
CVE-2019-1638    
CVE-2019-1639    
CVE-2019-1640    
CVE-2019-1641    

CWE-119

CVSS Score:
7.8  AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o Multiple vulnerabilities in the Cisco Webex Network Recording Player for
    Microsoft Windows and the Cisco Webex Player for Microsoft Windows could
    allow an attacker to execute arbitrary code on an affected system.

    The vulnerabilities exist because the affected software improperly
    validates Advanced Recording Format (ARF) and Webex Recording Format (WRF)
    files. An attacker could exploit these vulnerabilities by sending a user a
    malicious ARF or WRF file via a link or email attachment and persuading
    the user to open the file with the affected software. A successful exploit
    could allow the attacker to execute arbitrary code on the affected system.

    Cisco has released software updates that address these vulnerabilities.
    There are no workarounds that address these vulnerabilities.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce

Affected Products

  o Vulnerable Products

    These vulnerabilities affect the following versions of the Cisco Webex
    Network Recording Player for Microsoft Windows and the Cisco Webex Player
    for Microsoft Windows, which are available from Cisco Webex Business Suite
    sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server:

       Cisco Webex Business Suite WBS32 sites -- All Webex Network Recording
        Player and Webex Player versions prior to Version WBS32.15.33
       Cisco Webex Business Suite WBS33 sites -- All Webex Network Recording
        Player and Webex Player versions prior to Version WBS33.6.1 or WBS
        33.7.0
       Cisco Webex Meetings Online -- All Webex Network Recording Player and
        Webex Player versions prior to Version 1.3.40
       Cisco Webex Meetings Server -- All Webex Network Recording Player
        versions prior to Version 2.8MR3 SecurityPatch1 or 3.0MR2
        SecurityPatch2

    To determine which version of the Cisco Webex Network Recording Player or
    the Cisco Webex Player is installed on a system, users can open the player
    and choose Help > About.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by these vulnerabilities.

    Cisco Webex Network Recording Player for Mac OS is not affected.

Details

  o Cisco Webex Business Suite services and Cisco Webex Meetings Online are
    hosted, multimedia conferencing solutions that are managed and maintained
    by Cisco Webex. Cisco Webex Meetings Server is a multimedia conferencing
    solution that customers host, manage, and maintain in their private
    clouds.

    Cisco Webex Business Suite services can be configured to allow users to
    store meeting recordings online and download those recordings as ARF
    files. These services can also be configured to allow users to record
    meetings directly on their local computers as WRF files.

    The Cisco Webex Network Recording Player is the application that is used
    to play back ARF files. It is available from Cisco Webex Business Suite
    sites (WBS31, WBS32, and WBS33), Cisco Webex Meetings Online, and Cisco
    Webex Meetings Server. The player can be installed manually from the Cisco
    Webex website or automatically when a user accesses an ARF file for
    streaming playback from a Cisco Webex Business Suite site.

    The Cisco Webex Player is the application that is used to play back WRF
    files. It is available from Cisco Webex Business Suite sites (WBS31,
    WBS32, and WBS33) and Cisco Webex Meetings Online. It is not available
    from Cisco Webex Meetings Server. The player can also be installed
    manually from the Cisco Webex website.

Workarounds

  o There are no workarounds that address these vulnerabilities. However,
    customers may remove the Cisco Webex Network Recording Player and the
    Cisco Webex Player from a system by using the software-removal procedure
    for the operating system. For example, to remove a player from a Microsoft
    Windows 10 system, customers can use the Apps & Features app in Windows
    Settings.

    To remove all Cisco Webex software from a Microsoft Windows system,
    customers can use the Meeting Services Removal Tool, which is available
    for download from the Cisco Collaboration Help article, Cisco Webex and
    3rd Party Support Utilities.

    By removing the Cisco Webex Network Recording Player, a user will be
    unable to play media. However, the next time media is accessed, the system
    will download a new version of the software, providing the user with an
    updated version.

Fixed Software

  o Cisco has released free software updates that address the vulnerabilities
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page, to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the
    Cisco Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/
    tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Version Information

    Cisco has fixed these vulnerabilities in the following versions of the
    Cisco Webex Network Recording Player and the Cisco Webex Player:

       Cisco Webex Business Suite WBS32 sites -- Webex Network Recording
        Player and Webex Player Versions WBS32.15.33 and later
       Cisco Webex Business Suite WBS33 sites -- Webex Network Recording
        Player and Webex Player Versions WBS33.6.1 and later
       Cisco Webex Meetings Online -- Webex Network Recording Player and Webex
        Player Versions 1.3.40 and later
       Cisco Webex Meetings Server -- Webex Network Recording Player
        Versions 2.8MR3 SecurityPatch1 or 3.0MR2 SecurityPatch2 and later

    Cisco has not and will not fix all these vulnerabilities in Cisco Webex
    Business Suite WBS31 sites because those sites have reached the
    end-of-version-support milestone. For information about this milestone and
    the upgrade plans for WBS31 sites, see Cisco Webex Meetings Suite
    End-of-Version Support Policy.

    Customers can upgrade to a fixed version of the Cisco Webex Network
    Recording Player in either of two ways:

       Automatically: The player will be automatically upgraded to the latest
        version of the software when a user accesses an ARF file that is
        hosted on a Cisco Webex Business Suite site (WBS32 or WBS33), Cisco
        Webex Meetings Online site, or Cisco Webex Meetings Server.
       Manually: The player can be downloaded and installed from https://
        www.webex.com/play-webex-recording.html.
    Note: Customers who use locked-down Cisco Webex sites will not receive
    updated versions of the Cisco Webex Network Recording Player
    automatically. These customers should contact Cisco Webex Customer Support
    to obtain updates or the latest version of the player from https://
    www.webex.com/play-webex-recording.html.

    Customers can upgrade to a fixed version of the Cisco Webex Player by
    uninstalling their current version of the player and then downloading and
    installing the latest version of the player from https://www.webex.com/
    play-webex-recording.html.

    The following table lists the Cisco bug IDs and fixed versions of the
    software for each vulnerability that is described in this advisory.
    Customers are advised to upgrade to an appropriate version as indicated in
    the table.

    Fixed Versions

                                          Fixed Versions
                Webex Meetings  Webex Meetings                           Webex
    Cisco Bug   Suite           Suite                                    Meetings
    ID          WBS32 Sites     WBS33 Sites     Webex Meetings Server    Online
                                    CVE-2019-1637
    CSCvm86148, 32.15.33 or     33.7.0 or later                           
    CSCvm86157  later
    CSCvm86137,                                 2.8MR3, 2.8MR3
    CSCvm86160                                  SecurityPatch1, 3.0MR2    
                                                SecurityPatch2
    CSCvm86143,                                                          1.3.40
    CSCvm86165
                                    CVE-2019-1638
    CSCvm65207  32.15.31 or     33.6.1 or later                           
                later
                                                2.8MR3, 2.8MR3
    CSCvm65747                                  SecurityPatch1, 3.0MR2    
                                                SecurityPatch2
    CSCvm65741                                                           1.3.39

                                    CVE-2019-1639
    CSCvm65148  32.15.31 or     33.6.1 or later                           
                later
                                                2.8MR3, 2.8MR3
    CSCvm65794                                  SecurityPatch1, 3.0MR2    
                                                SecurityPatch2
    CSCvm65798                                                           1.3.39
                                    CVE-2019-1640
    CSCvm97538  32.15.33 or     33.7.0 or later                           
                later
                                                2.8MR3, 2.8MR3
    CSCvm97540                                  SecurityPatch1, 3.0MR2    
                                                SecurityPatch2
    CSCvm97541                                                           1.3.39
                                    CVE-2019-1641
    CSCvm97484  32.15.33 or     33.7.0 or later                           
                later
                                                2.8MR3, 2.8MR3
    CSCvm97536                                  SecurityPatch1, 3.0MR2    
                                                SecurityPatch2
    CSCvm97537                                                           1.3.40

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerabilities that are
    described in this advisory.

Source

  o Cisco would like to thank the Zero Day Initiative for reporting the
    following vulnerabilities: CVE-2019-1638 and CVE-2019-1639.

    Cisco would like to thank Kushal Arvind Shah and Yonghui Han of Fortinet
    for reporting the following vulnerabilities: CVE-2019-1637, CVE-2019-1640,
    and CVE-2019-1641.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy. This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

  o Subscribe

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce

Revision History

  o 
    +----------+---------------------------+----------+--------+------------------+
    | Version  |        Description        | Section  | Status |       Date       |
    +----------+---------------------------+----------+--------+------------------+
    | 1.0      | Initial public release.   |          | Final  | 2019-January-23  |
    +----------+---------------------------+----------+--------+------------------+


- --------------------------------------------------------------------------------

Cisco Webex Meetings Server Cross-Site Scripting Vulnerability

Priority:        Medium

Advisory ID:     cisco-sa-20190123-meetings-xss

First Published: 2019 January 23 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available

Cisco Bug IDs:   CSCvn10993

CVE-2019-1655    

CWE-79

CVSS Score:
6.1  AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X

Summary

  o 
    A vulnerability in the web-based management interface of Cisco Webex
    Meetings Server could allow an unauthenticated, remote attacker to conduct
    a cross-site scripting (XSS) attack against a user of the web-based
    interface of the affected software.

    The vulnerability is due to insufficient validation of user-supplied input
    by the affected software. An attacker could exploit this vulnerability by
    persuading a user of the interface to click a maliciously crafted link. A
    successful exploit could allow the attacker to execute arbitrary script
    code in the context of the affected interface or access sensitive,
    browser-based information.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco Webex Meetings Server. For information
    about affected software releases, consult the Cisco bug ID(s) at the top
    of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o For information about fixed software releases, consult the Cisco bug ID(s)
    at the top of this advisory.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page, to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the
    Cisco Technical Assistance Center (TAC) or their contracted maintenance
    providers.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Deniz CEVIK from Biznet Bilisim A.S for
    reporting this vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy. This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

  o Subscribe

Action Links for This Advisory

  o Understanding Cross-Site Scripting (XSS) Threat Vectors

Related to This Advisory

  o Cross-Site Scripting

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-meetings-xss

Revision History

  o 
    +----------+---------------------------+----------+--------+------------------+
    | Version  |        Description        | Section  | Status |       Date       |
    +----------+---------------------------+----------+--------+------------------+
    | 1.0      | Initial public release.   | --        | Final  | 2019-January-23  |
    +----------+---------------------------+----------+--------+------------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXElFFWaOgq3Tt24GAQiU0hAApbEzqOZBLz1QQexKAeNGKXWmta+yLs2Y
vQfXHpqS5lbow/Zj2rXMhw6j+w4vWi3uIEIEHUd1PFclvcMNGjeg96I4H8d9/pVg
GV9QhnrQagRI4CITTX9/QtQgwEeldMkhu5dKd5MvyS9jHZuLnPvdIFIJNqozyCUT
FAd11LqyziC3apIvH8nCJq3PesI8yVdudwmooc3+gHUc7q+L7ViLnIn+ZUyJeadP
IzSFpOOmP3QpJzNT0UJwh9we8pgmddYyUTUTb2vO25dLvFh1J64syd6C+LJKWm/0
tWyeFmmpykbR3DZYoRpTF4VcDaGBOxinJiZWvR0cmHv77XJaZVn4ZdHMzxJRBqSq
m90QndsZ6s5bxpqP60SMaLUf7cdIGfi7mlZHwN42lS9uWKUr+tS5kR9f1ad+UxEq
04OhzT5IaalapapU3NCqi2D5QlUkDdS4xnflQ6TpdRYiEVHjMp7AHpzhs6yliYQY
q9Hi0hP1pUWonIYRQm/Iw4se6JK+qUm4YyPKCvbLYhYYwWpKME7x4Ar7maiyvG40
YjRjf7yw/Xnn8TVvcPZcrMrygwene9qHDTh+4I1xXSO1Q39/qdxIEN9dyeITdOHg
7+rqUVyVFviyvFiMY6N9TqM+nttNqBdE1TP7ifUQThIdsxX26yvBYHyOrRjhTT3b
Zx2BeEq3i0o=
=w+rp
-----END PGP SIGNATURE-----

« Back to bulletins