Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2814 Multiple vulnerabilities identified in Xen 28 November 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xen Publisher: Xen Operating System: Xen UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-9384 CVE-2016-9383 CVE-2016-9381 CVE-2016-9380 CVE-2016-9379 CVE-2016-9378 CVE-2016-9377 Original Bulletin: https://xenbits.xen.org/xsa/advisory-194.html https://xenbits.xen.org/xsa/advisory-195.html https://xenbits.xen.org/xsa/advisory-196.html https://xenbits.xen.org/xsa/advisory-197.html https://xenbits.xen.org/xsa/advisory-198.html Comment: This bulletin contains five (5) Xen security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-9384 / XSA-194 version 3 guest 32-bit ELF symbol table load leaking host data UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Along with their main kernel binary, unprivileged guests may arrange to have their Xen environment load (kernel) symbol tables for their use. The ELF image metadata created for this purpose has a few unused bytes when the symbol table binary is in 32-bit ELF format. These unused bytes were not properly cleared during symbol table loading. IMPACT ====== A malicious unprivileged guest may be able to obtain sensitive information from the host. The information leak is small and not under the control of the guest, so effectively exploiting this vulnerability is probably difficult. VULNERABLE SYSTEMS ================== Only Xen version 4.7 is affected. Xen versions 4.6 and earlier are not affected. The vulnerability is not exposed to x86 HVM guests, unless the host toolstack has configured to load the guest with a non-default loader, rather than hvmloader. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Roger Pau Monné of Citrix. RESOLUTION ========== Applying the attached patch resolves this issue. xsa194.patch xen-unstable, Xen 4.7.x $ sha256sum xsa194* 4dad65417d9ff3c86e763d3c88cf8de79b58a9981d531f641ae0dd0dcedce911 xsa194.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJYNDLYAAoJEIP+FMlX6CvZqAoH/39GSWwDpYnflz3TcFyQUViM j36XzzStWya71ewaXiguUbTHHg6mK47pK4EA/3zFwerczz/5yQzhlToitPkP/8WE 5Qbg9Wyg4STylzeKaiTvLzqUK6XSiJ4oKZwLsnU7tFPLcb6FBMm9t3bzg9NECaft /6zYj1SVCvoLJB/gtgbwrz2MCjVZQZ9Q2+mpirvu0ePQRD73M0cwfj1ncqjUkFd9 ZNdk14gmxOk1/wWAm/oD1QKUWmjpzByT5dbGcMV3OxGs1V2Px+o4c1u1t/agldr0 wC2LvCK9IED9JcBaH/M85TTAGR7GqfU8l9x3ep97GkrUpquX4OGFt7na28M1YUQ= =Gc8O - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-9383 / XSA-195 version 3 x86 64-bit bit test instruction emulation broken UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The x86 instructions BT, BTC, BTR, and BTS, when used with a destination memory operand and a source register rather than an immediate operand, access a memory location offset from that specified by the memory operand as specified by the high bits of the register source. When Xen needs to emulate such an instruction, to efficiently handle the emulation, the memory address and register operand are recalculated internally to Xen. In this process, the high bits of an intermediate expression were discarded, leading to both the memory location and the register operand being wrong. The wrong memory location would have only a guest local effect (either access to an unintended location, or a fault delivered to the guest), whereas the wrong register value could lead to either a host crash or an unintended host memory access. IMPACT ====== A malicious guest can modify arbitrary memory, allowing for arbitrary code execution (and therefore privilege escalation affecting the whole host), a crash of the host (leading to a DoS), or information leaks. The vulnerability is sometimes exploitable by unprivileged guest user processes. VULNERABLE SYSTEMS ================== All Xen versions are affected. The vulnerability is only exposed to x86 guests running in 64-bit mode. On Xen 4.6 and earlier the vulnerability is exposed to all guest user processes, including unprivileged processes, in such guests. On Xen 4.7 and later, the vulnerability is exposed only to guest user processes granted a degree of privilege (such as direct hardware access) by the guest administrator; or, to all user processes when the when the VM has been explicitly configured with a non-default cpu vendor string (in xm/xl, this would be done with a `cpuid=' domain config option). The vulnerability is not exposed to 32-bit PV guests. ARM systems are not vulnerable. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by George Dunlap of Citrix, using American Fuzzy Lop v2.35b. RESOLUTION ========== Applying the attached patch resolves this issue. xsa195.patch xen-unstable, Xen 4.7.x, Xen 4.6.x, Xen 4.5.x, Xen 4.4.x $ sha256sum xsa195* 6ab5f13b81e3bbf6096020f4c3beeffaff67a075cab67e033ba27d199b41cec1 xsa195.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJYNDL4AAoJEIP+FMlX6CvZnzYH/RtmqS8kpqLKShvrQx5Ueh+M LaHBWJiU0z1m9FaF9RvEgfvWpUCcD/qyC4rLHmkwhkyS6aIToh2XVXzQyebIqw/7 CCDXaY8TkYlLPYRdNseX5X5blpu1EnqW5yQMJz6QkgDK+Qu4F1jDimSd5JffrFkJ WkpWwsoppNHwYyaENq59lg7R1WxNq0uSLxMPTnk/RpMmizKyU8gK7RrQWHJNoy6n l3vSTKx9sCDo+AgMQgbDMdpvv1l1It+QcRXXBrBp7qAdz+0H7VRkUFOnBUFMQQo3 OjmjStKxnE9E7Uh6+373xj2Z6Nts+wkD72vRHHg/1KTZ5FN5XnS2CvPDNuGZD50= =AtOu - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-9377,CVE-2016-9378 / XSA-196 version 3 x86 software interrupt injection mis-handled UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= There are two closely-related bugs. When Xen emulates instructions which generate software interrupts it needs to perform a privilege check involving an IDT lookup. This check is sometimes erroneously conducted as if the IDT had the format for a 32-bit guest, when in fact it is in the 64-bit format. Xen will then read the wrong part of the IDT and interpret it in an unintended manner. (CVE-2016-9377) When Xen emulates instructions which generate software interrupts, and chooses to deliver the software interrupt, it may try to use the method intended for injecting exceptions. This is incorrect, and results in a guest crash. (CVE-2016-9378) These instructions are not ususally handled by the emulator. Exploiting the bug requires ability to force use of the emulator. IMPACT ====== An unprivileged guest user program may be able to crash the guest. VULNERABLE SYSTEMS ================== Xen versions 4.5 and newer are vulnerable. Older versions are not vulnerable. The vulnerability is only exposed on AMD hardware lacking the NRip feature. AMD hardware with the NRip feature, and all Intel hardware, is not vulnerable. Xen prints information about CPU features on boot. If you see this: (XEN) SVM: Supported advanced features: ... (XEN) - Next-RIP Saved on #VMEXIT then you are not vulnerable because you have an AMD CPU with NRip. If you see this: (XEN) VMX: Supported advanced features: then you are not vulnerable because you have an Intel CPU. The vulnerability is only exposed on HVM guests. ARM systems are NOT vulnerable. MITIGATION ========== Running only PV guests will avoid this issue. CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the attached patches resolves this issue. xsa196-000*.patch xen-unstable, Xen 4.7.x, Xen 4.6.x, Xen 4.5.x $ sha256sum xsa196* c4122280f3786416231ae5f0660123446d29e9ac5cd3ffb92784ed36edeec8b7 xsa196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject.patch 25671c44c746d4d0e8f7e2b109926c013b440e0bf225156282052ec38536e347 xsa196-0002-x86-svm-Fix-injection-of-software-interrupts.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJYNDMVAAoJEIP+FMlX6CvZZ7MH/36KnwbAxmRHtUDIpQF/Syoh Lc8s6gNV1oOzcCpFgz+gSyIOMzp7KWieKQiVX1HbI0lnLYK/sRa77VNV/Y9bUt+Y y9b9QOZRDHoO92dZ4Ym/hzdtaNkdOQX/JAfy+E5pCGuqPtH/Jy5NuwVL8W7V8PNM QTHmvbgB4/Y2U6QqWpIP+S7oC0A9iuIf9eekd6ZTpqTadPFylTe2WX22mns1TEtN 3Z0NX737AjQLyUVnUoJ32sITCBk6tGutvvEmOc2Y+4eMrUvKSoafVy+5IZcTGwLp 3ke5sDNN1tOpzmqbXgWXBsVkpjWf2i0NW0dl5jh8/tN5FtrTuByd193dJGSKzEE= =IE45 - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-9381 / XSA-197 version 3 qemu incautious about shared ring processing UPDATES IN VERSION 3 ==================== Added email header syntax to patches, for e.g. git-am. Public release. ISSUE DESCRIPTION ================= The compiler can emit optimizations in qemu which can lead to double fetch vulnerabilities. Specifically data on the rings shared between qemu and the hypervisor (which the guest under control can obtain mappings of) can be fetched twice (during which time the guest can alter the contents) possibly leading to arbitrary code execution in qemu. IMPACT ====== Malicious administrators can exploit this vulnerability to take over the qemu process, elevating its privilege to that of the qemu process. In a system not using a device model stub domain (or other techniques for deprivileging qemu), malicious guest administrators can thus elevate their privilege to that of the host. VULNERABLE SYSTEMS ================== All Xen versions with all flavors of qemu are affected. Only x86 HVM guests expose the vulnerability. x86 PV guests do not expose the vulnerability. ARM systems are not vulnerable. MITIGATION ========== Running only PV guests will avoid the vulnerability. Enabling stubdomains will mitigate this issue, by reducing the escalation to only those privileges accorded to the service domain. In a usual configuration, a service domain has only the privilege of the guest, so this eliminates the vulnerability. The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. CREDITS ======= This issue was discovered by yanghongke of Huawei Security Test Team. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa197-qemuu.patch qemu-upstream xen-unstable, Xen 4.7.x xsa197-qemut.patch qemu-traditional xen-unstable, Xen 4.7.x, Xen 4.6.x xsa197-4.6-qemuu.patch qemu-upstream Xen 4.6.x xsa197-4.5-qemuu.patch qemu-upstream Xen 4.5.x xsa197-4.5-qemut.patch qemu-traditional Xen 4.5.x, Xen 4.4.x xsa197-4.4-qemuu.patch qemu-upstream Xen 4.4.x $ sha256sum xsa197* a7d63958e3d3afc21c0585ec4690886a3191f01127583b4a29766c45fe4dd611 xsa197-4.4-qemuu.patch 56d037b3eaa0c3f5a7c474ad5087d8a41c2769d0d8b39c8f64699215a33e17a6 xsa197-4.5-qemut.patch 902836f0e5c6c46193c06f7c133a3bdd59f902ee490b962857640a6cd73e4be7 xsa197-4.5-qemuu.patch 20a418606f5536ac4fb009f21548a28b1b32dfb08fc97a259c40240d37a2abe8 xsa197-4.6-qemuu.patch 266996b2b5ac65ded76af63b3d57d4972ab95522b517e7bc9c5ff554d8c2d5e0 xsa197-qemut.patch cd08b149c97b3f94dcda14b1f280dbb92911d93ffcd5dbcf5ee5ab2bebdc7878 xsa197-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patch described above (or others which are substantially similar) and the PV guest mitigation are permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. HOWEVER deployment of the stubdomain mitigation described above is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because in that case the configuration change may be visible to the guest which could lead to the rediscovery of the vulnerability. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJYNDNLAAoJEIP+FMlX6CvZTvUIALi45XVEJv4ZqNsB1kX3mXIF 5ocmSFCrSDDIcKEg2xQ49PKwqE/ZwMLhKuX0dFi/inidqx7FynYknziaR3svIeir ALTDP6Emsk/OB7T4epjGnuFW05RTfkQmwzEyY/XCAJVrJlkzKGh3WYVtwk+/PELT 3ab9dMEcziaUM+Ax3phJ4PHi315If2rLS4gNfqGO5jv/gnMyXk4DHQ8QZUHIGs4F 8tA/ATPaZxNK8OIwGEIz32PlLxwWHsQQz6JEAtvNwGDTNMDwlx3RzHSvjJSLOIKB Aap6qw4c9olK172LQbvBqvP09Eupi3YSevx3AD0gmqKVwj8ql/lNUSNBf9CSfPc= =SBVo - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2016-9379,CVE-2016-9380 / XSA-198 version 3 delimiter injection vulnerabilities in pygrub UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= pygrub, the boot loader emulator, fails to quote (or sanity check) its results when reporting them to its caller. pygrub supports a number of output formats. When the S-expression output format is requested, putting string quotes and S-expressions in the bootloader configuration file can produce incorrect output. (CVE-2016-9379) When the nul-delimited output format is requested, nul bytes in the bootloader configuration file can produce an ambiguous or confusing output file, which is interpreted by libxl in a vulnerable way. (CVE-2016-9380) The existing bootloader config interpreters all read input in a line-based way from their bootloaders, and none of them support any kind of escaping. So the newline-delimited output format is safe. The attacker can use this to cause the toolstack to treat any file accessible to the toolstack as if it were the guest's initial ramdisk file. The file contents are provided to the guest kernel; also, normally, these files are deleted by the toolstack as the guest starts to boot; alternatively they may be deleted later. IMPACT ====== A malicious guest administrator can obtain the contents of sensitive host files (an information leak). Additionally, a malicious guest administrator can cause files on the host to be removed, causing a denial of service. In some unusual host configurations, ability to remove certain files may be useable for privilege escalation. VULNERABLE SYSTEMS ================== Xen versions 2.0 and later are vulnerable. The vulnerability is only exposed to guests configured by the host administrator to boot using pygrub. In the xl and xm domain configuration file, this is typically achieved with bootloader="pygrub" On x86 this would typically apply only to PV domains. All systems using xl, libxl, or libvirt are vulnerable to pygrub-using guests. Systems using other (third-party) toolstacks may or may not be vulnerable, depending on whether pygrub is configured, and what pygrub output format they use. Please consult your toolstack provider. MITIGATION ========== Configuring guests not to use pygrub will avoid the vulnerability. For x86 PV guests currently using pygrub, booting the guest as HVM is often a practical option to avoid pygrub. CREDITS ======= This issue was discovered by Daniel Richman and Gábor Szarka of the Cambridge University Student-Run Computing Facility. RESOLUTION ========== Applying the attached patch resolves this issue. xsa198.patch All Xen versions (at least Xen 4.4 and later) $ sha256sum xsa198* 0e4533ad2157c03ab309bd12a54f5ff325f03edbe97f23c60a16a3f378c75eae xsa198.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patch described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. Deployment of the mitigations is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because switching away from the use of pygrub would reveal where the vulnerability lies. Deployment of mitigations is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJYNDN4AAoJEIP+FMlX6CvZX8AH/1FL3pw4RbbuFd/b23Qmo25U F7qELx001C4C+uXtlxaIg6MT467pRphihSkLcLQ2vgIp57iVTXhufc4TVqhdADgp bL3h1zd7Ot4f+iA5RYlGIJ4is3I2A6lNvLwydi2PIGgmalSad5B3Ed0vrvRwfLKY qpsVm0LrM24aFX2IaygmmziQIQVeXSYpmKmVebOEAFL0uj9g8D3VhgWIMtZxW+9K A6c2NTrt01ZbsVRx2wTcRdRhEJLeFbBZOPS9RrbjJzbuFcAzsGR8m/pS4hJBhik/ 9MG4b7FBMYZTaBd4wcbbHM81py1KkcoreC2jL1qb1JMG7BQVP1USdz21rJ05DY8= =P2XT - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWDuBHYx+lLeg9Ub1AQiXlg//Qzrj6hFhamfw8xeJ1+7kD7iBDB9BWW7b WgMEVAtQJq9LiYWbihYGsZSGFQ/CenZ3guBf9lwBuwMq21e1GlqBaH+9UOxUtEI9 TYc0VMiOALgars/w6VaiOftJhTgCsLMGstO9S5oQDc2lIcwbAjfwglfKaOC8blXu /iYWTtFXSCyV4j1wJ72AhUfNHrph+StZ2H7uBsfxu7c+A9LRQX7v5D2F8g0A3K/F uSofEVnGTCK9ZVP8anlFUGw3UJInHZRI/8/KOXoh21knoIaHs0rfx6+W8GYnFcA4 FwGdYO20eNuT0XVi6K2lunXsXFM1BYQrG4XYdfpraMkvYDBVRjQ94MEB0C+fTlsh cTZZ9NAGgZAopTLP5vSdZkIqCRQzcGv9TPcxCmfCLD78MQjlHKpN3huQ5KGy3206 0g4Itw8EbfwJV5f0wCppd3hkY8Bag7z0bhLKAMX1+xdgQLRVxVPK/k3nrqvRNZ5L dpY3Gk+9xsKeN7Tnbn0B0vHhps8czJlc9opVMhM5ve60JxZZ1hnnzP/B+MxlfIcU gecEer8gecM6p85YCfdEOZz4b9xYz1FvUtjOgA9focUKWc6D531AbOy50Yen365r yNQdfZtKzWwLZ6hJ/qsiyaYfpNos5OhhZCwuIvKxYpNSQ6w8jeoZ/JzokWexGoxZ qkyAzNjvuGI= =ObrJ -----END PGP SIGNATURE-----