-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2017.0572.2
                SA144: OpenSSH Vulnerabilities January 2017
                              31 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Symantec products
Publisher:         Symantec
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Increased Privileges            -- Existing Account      
                   Access Privileged Data          -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-100012 CVE-2016-10012 CVE-2016-10011
                   CVE-2016-10010 CVE-2016-10009 

Reference:         ESB-2017.0572

Original Bulletin: 
   http://support.symantec.com/us/en/article.SYMSA1397.html

Revision History:  January 31 2020: Web Isolation is not vulnerable and other updates.
                   March    3 2017: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

SA144 : OpenSSH Vulnerabilities January 2017

SYMSA1397
Last Updated October 03, 2019
Initial Publication Date March 02, 2017
Copy Article Title/URL
 
Feedback
 
Subscribe


  o Status: Open
  o Severity: High
  o CVSS Base Score: CVSS v2: 7.5

Summary

Affected Products



The following products are vulnerable:

+-------------------------------------------------------+
|                       Director                        |
+--------+-------------------+--------------------------+
|  CVE   |Affected Version(s)|Remediation               |
+--------+-------------------+--------------------------+
|All CVEs|6.1                |Not available at this time|
+--------+-------------------+--------------------------+

+---------------------------------------------------------------------+
|                  Malware Analysis Appliance (MAA)                   |
+------------------------------+-------------------+------------------+
|             CVE              |Affected Version(s)|Remediation       |
+------------------------------+-------------------+------------------+
|CVE-2016-10009, CVE-2016-10011|4.2                |Upgrade to 4.2.12.|
|        CVE-2016-10012        |                   |                  |
+------------------------------+-------------------+------------------+

+-----------------------------------------------------------+
| Norman Shark Industrial Control System Protection (ICSP)  |
+--------+-------------------+------------------------------+
|  CVE   |Affected Version(s)|Remediation                   |
+--------+-------------------+------------------------------+
|        |5.4                |Not vulnerable, fixed in 5.4.1|
|All CVEs+-------------------+------------------------------+
|        |5.3                |Not available at this time    |
+--------+-------------------+------------------------------+

+-----------------------------------------------------------------------------+
|                    Norman Shark Network Protection (NNP)                    |
+--------------------------------------+---------------+----------------------+
|                 CVE                  |Affected       |Remediation           |
|                                      |Version(s)     |                      |
+--------------------------------------+---------------+----------------------+
|   CVE-2016-10009, CVE-2016-10012,    |5.3            |A fix will not be     |
|            CVE-2016-10011            |               |provided.             |
+--------------------------------------+---------------+----------------------+

+-----------------------------------------------------------------------------+
|                     Norman Shark SCADA Protection (NSP)                     |
+--------------------+--------+-----------------------------------------------+
|                    |Affected|                                               |
|        CVE         |Version |Remediation                                    |
|                    |(s)     |                                               |
+--------------------+--------+-----------------------------------------------+
|  CVE-2016-10009,   |        |A fix will not be provided. Customers who use  |
|  CVE-2016-10012,   |5.3     |NSP for USB cleaning can switch to a version of|
|   CVE-2016-10011   |        |ICSP with fixes.                               |
+--------------------+--------+-----------------------------------------------+

+-----------------------------------------------------------------------------+
|                             Security Analytics                              |
+---------------------------+-----------------+-------------------------------+
|            CVE            |Affected Version |Remediation                    |
|                           |(s)              |                               |
+---------------------------+-----------------+-------------------------------+
|                           |7.3 and later    |Not vulnerable, fixed in 7.3.1.|
|                           +-----------------+-------------------------------+
|                           |7.2              |Upgrade to 7.2.3.              |
|      CVE-2016-10009,      +-----------------+-------------------------------+
|      CVE-2016-10011,      |7.1              |Upgrade to later release with  |
|      CVE-2016-10012       |                 |fixes.                         |
|                           +-----------------+-------------------------------+
|                           |6.6              |Upgrade to later release with  |
|                           |                 |fixes.                         |
+---------------------------+-----------------+-------------------------------+

+-----------------------------------------------------------------------------+
|                                X-Series XOS                                 |
+------------------------------+-------------------+--------------------------+
|             CVE              |Affected Version(s)|Remediation               |
+------------------------------+-------------------+--------------------------+
|                              |11.0               |Not available at this time|
|       CVE-2016-10009,        +-------------------+--------------------------+
|       CVE-2016-10011,        |10.0               |Not available at this time|
|        CVE-2016-10012        +-------------------+--------------------------+
|                              |9.7                |Not available at this time|
+------------------------------+-------------------+--------------------------+

The following products have a vulnerable version of OpenSSH, but are not
vulnerable to known vectors of attack:

+-----------------------------------------------------------------------------+
|                        Advanced Secure Gateway (ASG)                        |
+---------------------------+-----------------+-------------------------------+
|            CVE            |Affected Version |Remediation                    |
|                           |(s)              |                               |
+---------------------------+-----------------+-------------------------------+
|      CVE-2016-10009,      |6.7              |Not available at this time     |
|      CVE-2016-10011,      +-----------------+-------------------------------+
|      CVE-2016-10012       |6.6              |Upgrade to later release with  |
|                           |                 |fixes.                         |
+---------------------------+-----------------+-------------------------------+

+-----------------------------------------------------------------------------+
|                        Content Analysis System (CAS)                        |
+---------------------------+-----------------+-------------------------------+
|            CVE            |Affected Version |Remediation                    |
|                           |(s)              |                               |
+---------------------------+-----------------+-------------------------------+
|      CVE-2016-10009,      |2.3              |Not available at this time     |
|      CVE-2016-10011,      +-----------------+-------------------------------+
|      CVE-2016-10012       |1.3, 2.1, 2.2    |Upgrade to later release with  |
|                           |                 |fixes.                         |
+---------------------------+-----------------+-------------------------------+

+-----------------------------------------------------------------------------+
|                          Mail Threat Defense (MTD)                          |
+------------------------------+-------------------+--------------------------+
|             CVE              |Affected Version(s)|Remediation               |
+------------------------------+-------------------+--------------------------+
|       CVE-2016-10009,        |                   |                          |
|       CVE-2016-10011,        |1.1                |Not available at this time|
|        CVE-2016-10012        |                   |                          |
+------------------------------+-------------------+--------------------------+

+-----------------------------------------------------------------------------+
|                           Management Center (MC)                            |
+---------------------------+-----------------+-------------------------------+
|            CVE            |Affected Version |Remediation                    |
|                           |(s)              |                               |
+---------------------------+-----------------+-------------------------------+
|      CVE-2016-10009,      |2.2 and later    |Not available at this time     |
|      CVE-2016-10011,      +-----------------+-------------------------------+
|      CVE-2016-10012       |2.1 and earlier  |Upgrade to later release with  |
|                           |                 |fixes.                         |
+---------------------------+-----------------+-------------------------------+

+-----------------------------------------------------------------------------+
|                         PacketShaper (PS) S-Series                          |
+---------------------------+-----------------+-------------------------------+
|            CVE            |Affected Version |Remediation                    |
|                           |(s)              |                               |
+---------------------------+-----------------+-------------------------------+
|                           |11.10            |Not available at this time     |
|                           +-----------------+-------------------------------+
|                           |11.9             |Not available at this time     |
|                           +-----------------+-------------------------------+
|                           |11.8             |Upgrade to later release with  |
|      CVE-2016-10009,      |                 |fixes.                         |
|      CVE-2016-10011,      +-----------------+-------------------------------+
|      CVE-2016-10012       |11.7             |Upgrade to later release with  |
|                           |                 |fixes.                         |
|                           +-----------------+-------------------------------+
|                           |11.6             |Not available at this time     |
|                           +-----------------+-------------------------------+
|                           |11.5             |Upgrade to later release with  |
|                           |                 |fixes.                         |
+---------------------------+-----------------+-------------------------------+

+-----------------------------------------------------------------------------+
|                         PolicyCenter (PC) S-Series                          |
+------------------------------+-------------------+--------------------------+
|             CVE              |Affected Version(s)|Remediation               |
+------------------------------+-------------------+--------------------------+
|       CVE-2016-10009,        |                   |                          |
|       CVE-2016-10011,        |1.1                |Not available at this time|
|        CVE-2016-10012        |                   |                          |
+------------------------------+-------------------+--------------------------+

+-----------------------------------------------------------------------------+
|                                  Reporter                                   |
+---------------------------+-----------------+-------------------------------+
|            CVE            |Affected Version |Remediation                    |
|                           |(s)              |                               |
+---------------------------+-----------------+-------------------------------+
|                           |10.3 and later   |Not vulnerable, fixed in       |
|      CVE-2016-10009,      |                 |10.3.1.1                       |
|      CVE-2016-10011,      +-----------------+-------------------------------+
|      CVE-2016-10012       |10.1, 10.2       |Upgrade to later release with  |
|                           |                 |fixes.                         |
+---------------------------+-----------------+-------------------------------+
|                           |10.4 and later   |Not vulnerable, fixed in       |
|         All CVEs          |                 |10.4.1.1                       |
|                           +-----------------+-------------------------------+
|                           |9.4, 9.5         |Not vulnerable                 |
+---------------------------+-----------------+-------------------------------+

+------------------------------------------------------------------+
|                      SSL Visibility (SSLV)                       |
+--------+-------------------+-------------------------------------+
|  CVE   |Affected Version(s)|Remediation                          |
+--------+-------------------+-------------------------------------+
|        |5.0                |Not vulnerable, fixed in 5.0.2.1.    |
|        +-------------------+-------------------------------------+
|        |4.5                |Not vulnerable, fixed in 4.5.1.1.    |
|        +-------------------+-------------------------------------+
|        |4.4                |Not available at this time           |
|        +-------------------+-------------------------------------+
|        |4.0, 4.1, 4.2, 4.3 |Upgrade to later release with fixes. |
|        +-------------------+-------------------------------------+
|All CVEs|3.12               |Not available at this time           |
|        +-------------------+-------------------------------------+
|        |3.11               |Upgrade to later release with fixes. |
|        +-------------------+-------------------------------------+
|        |3.10               |Not available at this time           |
|        +-------------------+-------------------------------------+
|        |3.9                |Upgrade to later releases with fixes.|
|        +-------------------+-------------------------------------+
|        |3.8.4FC            |Upgrade to later releases with fixes.|
+--------+-------------------+-------------------------------------+

Additional Product Information



Blue Coat products do not enable or use all functionality within OpenSSH. The
products listed below do not utilize the functionality described in the CVEs
below and are thus not known to be vulnerable to them. However, fixes for these
CVEs will be included in the patches that are provided.

  o ASG: CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012
  o CAS: CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012
  o MTD: CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012
  o MC: CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012
  o PacketShaper S-Series: CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012
  o PolicyCenter S-Series: CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012
  o Reporter 10.x: CVE-2016-10009, CVE-2016-10011, and CVE-2016-10012
  o SSLV: all CVEs
  o XOS 9.7: CVE-2016-10010

The following products are not vulnerable:
Android Mobile Agent
AuthConnector
BCAAA
Blue Coat HSM Agent for the Luna SP
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
IntelligenceCenter
IntelligenceCenter Data Collector
K9
PacketShaper
PolicyCenter
ProxyAV
ProxyAV ConLog and ConLogXP
ProxyClient
ProxySG
Unified Agent
Web Isolation

Blue Coat no longer provides vulnerability information for the following
products:

DLP
Please, contact Digital Guardian technical support regarding vulnerability
information for DLP.

Issues


+-----------------------------------------------------------------------------+
|                               CVE-2016-10009                                |
+-----------+-----------------------------------------------------------------+
|Severity / |High / 7.5(AV:N/AC:L/Au:N/C:P/I:P/A:P)                           |
|  CVSSv2   |                                                                 |
+-----------+-----------------------------------------------------------------+
|References |SecurityFocus: BID 94968 / NVD: CVE-2016-10009                   |
+-----------+-----------------------------------------------------------------+
|  Impact   |Code execution                                                   |
+-----------+-----------------------------------------------------------------+
|           |A flaw in ssh-agent allows a remote attacker with local access to|
|Description|an SSH server to execute arbitrary code on an SSH client host    |
|           |that enables agent forwarding.                                   |
+-----------+-----------------------------------------------------------------+

+-----------------------------------------------------------------------------+
|                               CVE-2016-10010                                |
+-----------+-----------------------------------------------------------------+
|Severity / |Medium / 6.9(AV:L/AC:M/Au:N/C:C/I:C/A:C)                         |
|  CVSSv2   |                                                                 |
+-----------+-----------------------------------------------------------------+
|References |SecurityFocus: BID 94972 / NVD: CVE-2016-10010                   |
+-----------+-----------------------------------------------------------------+
|  Impact   |Privilege escalation                                             |
+-----------+-----------------------------------------------------------------+
|           |A flaw in the SSH daemon with privilege separation disabled      |
|Description|allows a local attacker escalate their privileges on the system  |
|           |via unspecified vectors.                                         |
+-----------+-----------------------------------------------------------------+

+-----------------------------------------------------------------------------+
|                               CVE-2016-10011                                |
+-----------+-----------------------------------------------------------------+
|Severity / |Low / 2.1(AV:L/AC:L/Au:N/C:P/I:N/A:N)                            |
|  CVSSv2   |                                                                 |
+-----------+-----------------------------------------------------------------+
|References |SecurityFocus: BID 94977 / NVD: CVE-2016-10011                   |
+-----------+-----------------------------------------------------------------+
|  Impact   |Information disclosure                                           |
+-----------+-----------------------------------------------------------------+
|           |A flaw in the SSH daemon with privilege separation enabled allows|
|Description|a local attacker with access to a privilege-separated child      |
|           |process to obtain private key information.                       |
+-----------+-----------------------------------------------------------------+

+-----------------------------------------------------------------------------+
|                               CVE-2016-10012                                |
+-----------+-----------------------------------------------------------------+
|Severity / |High / 7.2(AV:L/AC:L/Au:N/C:C/I:C/A:C)                           |
|  CVSSv2   |                                                                 |
+-----------+-----------------------------------------------------------------+
|References |SecurityFocus: BID 94975 / NVD: CVE-2016-10012                   |
+-----------+-----------------------------------------------------------------+
|  Impact   |Privilege escalation                                             |
+-----------+-----------------------------------------------------------------+
|           |A flaw in the SSH daemon pre-authentication compression          |
|Description|implementation allows a local attacker with access to a sandboxed|
|           |privelege-separated child process to escalate their privileges on|
|           |the system.                                                      |
+-----------+-----------------------------------------------------------------+

Mitigation



By default, Director does not enable privilege separation and
pre-authentication compression. Customers who leave this default behavior
unchanged prevent attacks against these products using CVE-2016-10010,
CVE-2016-10011, and CVE-2016-10012.

By default, MAA, ICSP, NNP, and NSP do not use ssh-agent and do not enable SSH
agent forwarding and pre-authentication compression. Customers who leave this
default behavior unchanged prevent attacks against these products using
CVE-2016-10009 and CVE-2016-10011.

By default, Security Analytics does not use ssh-agent and does not enable SSH
agent forwarding and pre-authentication compression. Customers who leave this
default behavior unchanged prevent attacks against these products using
CVE-2016-10009 and CVE-2016-10012.

Revisions

2019-10-02 Web Isolation is not vulnerable.
2019-09-05 A fix for MC 2.1 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2019-08-29 Reporter 10.3 and 10.4 are not vulnerable because a fix for all CVEs
is available in 10.3.1.1.
2019-08-12 MC 2.2 and MC 2.3 have vulnerable versions of OpenSSH, but are not
vulnerable to known vectors of attack. A fix for MC 2.0 will not be provided.
Please upgrade to a later version with the vulnerability fixes.
2019-08-09 SSLV 4.5 is not vulnerable because a fix is available in 4.5.1.1.
2019-08-07 A fix for ASG 6.6 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please
upgrade to a later version with the vulnerability fixes.
2019-08-05 A fix for SSLV 4.3 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2019-02-04 A fix will not be provided for CA 1.3 and 2.2. Please upgrade to a
later version with the vulnerability fixes.
2019-01-21 Security Analytics 8.0 is not vulnerable. ICSP 5.3 is vulnerable to
all CVEs. ICSP 5.4 is not vulnerable because a fix is available in 5.4.1.
2019-01-18 SSLV 4.3 and 4.4 have vulnerable version of OpenSSH, but are not
vulnerable to known vectors of attack. SSLV 5.0 is not vulnerable because a fix
is available in 5.0.2.1.
2019-01-14 MC 2.1 and Reporter 10.3 have vulnerable versions of OpenSSH, but
are not vulnerable to known vectors of attack. A fix for MC 1.11 will not be
provided. Please upgrade to a later version with the vulnerability fixes.
2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please
upgrade to a later version with the vulnerability fixes.
2019-01-11 A fix for CA 2.1 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2018-09-24 A fix for SSLV 3.8.4FC will not be provided. Please upgrade to a
later version with the vulnerability fixes.
2018-08-03 Customers who use NSP for USB cleaning can switch to a version of
Industrial Control System Protection (ICSP) with fixes.
2018-07-27 A fix for MA 4.2 is available in 4.2.12.
2018-07-26 MC 2.0 has a vulnerable version of OpenSSH, but is not vulnerable to
known vectors of attack.
2018-06-29 A fix for Norman Shark Network Protection (NNP) 5.3 and Norman Shark
SCADA Protection (NSP) 5.3 will not be provided.
2018-06-26 A fix for SSLV 4.1 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2018-06-25 A fix for SSLV 3.11 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2018-04-26 A fix for SSLV 4.0 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2018-04-22 CA 2.3, PacketShaper S-Series 11.10, and Reporter 10.2 have a
vulnerable version of OpenSSH, but are not vulnerable to known vectors of
attack.
2017-11-16 A fix for PS S-Series 11.5, 11.7, and 11.8 will not be provided.
Please upgrade to a later version with the vulnerability fixes.
2017-11-16 A fix for SSLV 3.9 will not be provided. Please upgrade to a later
version with the vulnerability fixes.
2017-11-15 SSLV 3.12 has a vulnerable version of OpenSSH, but is not vulnerable
to known vectors of attack. A fix is not available at this time.
2017-11-15 SSLV 4.2 has a vulnerable version of OpenSSH, but is not vulnerable
to known vectors of attack. A fix is not available at this time.
2017-11-09 MC 1.11 has a vulnerable version of OpenSSH, but is not vulnerable
to known vectors of attack. A fix for MC 1.10 will not be provided. Please
upgrade to a later version with the vulnerability fixes.
2017-11-08 CAS 2.2 has a vulnerable version of OpenSSH, but is not vulnerable
to known vectors of attack.
2017-11-06 ASG 6.7 has a vulnerable version of OpenSSH, but is not vulnerable
to known vectors of attack.
2017-08-03 SSLV 4.1 has a vulnerable version of OpenSSH, but is not vulnerable
to known vectors of attack. A fix is not available at this time.
2017-06-05 PS S-Series 11.9 has a vulnerable version of OpenSSH, but is not
vulnerable to known vectors of attack.
2017-07-23 MC 1.10 has a vulnerable version of OpenSSH, but is not vulnerable
to known vectors of attack. A fix for MC 1.9 will not be provided. Please
upgrade to a later version with the vulnerability fixes.
2017-06-22 Security Ananlytics 7.3 is not vulnerable.
2017-06-08 Reporter 10.1 has a vulnerable version of OpenSSH, but is not
vulnerable to known vectors of attack. Reporter 9.4 and 9.5 are not vulnerable.
2017-06-05 PS S-Series 11.8 has a vulnerable version of OpenSSH, but is not
vulnerable to known vectors of attack.
2017-05-29 A fix for Security Analytics 6.6 will not be provided. Please
upgrade to a later version with the vulnerability fixes.
2017-05-19 CAS 2.1 has a vulnerable version of OpenSSH, but is not vulnerable
to known vectors of attack.
2017-05-03 Director 6.1 is vulnerable to all CVEs.
2017-03-30 MC 1.9 has a vulnerable version of OpenSSH, but is not vulnerable to
known vectors of attack.
2017-03-02 initial public release

Legacy ID: SA144

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXjNh5GaOgq3Tt24GAQh3nRAA3IhndGVlrcoHNJkCyEe/Cb5YQgYb3efo
H0Gt5ihOUrk0LYr/Z/uNCZOVyy473yEFxrqcMlbfD5Le+IxYhcj9Aq/mw9Jmqyd2
k5VvDsRPQppeh73CQpFVq+ajPBOCUHePnv2wTFPk/bv0ebxL8l7InR2KUzRct+SA
Q8/YoDAsNLUwhBVTq69bU7inqj4vZs+FHWJAODherej21o3vP3eGzKF3+AaDs+oZ
8+ASgIejjM0ge3auHmASCLobymaeOjzI+lnC6++W4w3yHC2qIe7YR+OG65BxjqYF
fkpTMq/Aiq9taTjbY7GHHYTT1KPCbt+BBRhocGD+KJaZMXFqPBs/M9kv5qA+rC45
QegLVsnMSOCtRZ7/uDz18QuM2Legtva7Z3eQ2Oou6GyMnOEdSWq3/UHP0rBhu53x
vMyW2eGWudKGZ4V3ILB02Pt0IltZ/HABd45opX3woNtT+TDZXcj2bWj5CyudnWW7
dWa7G2EmaUEFf5qvks6pTcCCq45mWeIaTkZWt+kdkk3UTu2/PhbrTKysueJPe2K5
dORQIgRpiX5xqqhrRJvhVZSdTqxOBOK52B2CLdeKKOTJP/s2mABYXMWrT3Qbu1Y5
WDFkhvez1/iftHZRMu2FuDKWy31IwYQrf3oWsLv5CtXmgRL8hFZ+Dtn8RR0hFxBJ
3c9FYPFZXic=
=g3uY
-----END PGP SIGNATURE-----