Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1179.2 SA148: Linux Kernel Vulnerabilities Feb-Apr 2017 30 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Symantec Network Protection products Publisher: Bluecoat Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Mitigation CVE Names: CVE-2017-7645 CVE-2017-6745 CVE-2017-6214 CVE-2017-5972 CVE-2017-5970 CVE-2017-5897 CVE-2016-10229 Reference: ASB-2017.0067 ESB-2017.1136 ESB-2017.0772 ESB-2017.0737 ESB-2017.0614 ESB-2017.0542 ESB-2017.0496 Original Bulletin: https://bto.bluecoat.com/security-advisory/sa148 Revision History: January 30 2020: Vendor updated advisory May 10 2017: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- SA148: Linux Kernel Vulnerabilities Feb-Apr 2017 Security Advisories ID: SYMSA1404 Last Updated January 20, 2020 Initial Publication Date May 09, 2017 o Status: Open o Severity: High o CVSS Base Score: CVSS v2: 10.0 Summary Affected Products The following products are vulnerable: +-----------------------------------------------------------------------------+ | Advanced Secure Gateway (ASG) | +--------------+----------------------------+---------------------------------+ | CVE |Affected Version(s) |Remediation | +--------------+----------------------------+---------------------------------+ | |6.7 (has vulnerable Linux |A fix will not be provided | |CVE-2017-5972 |kernel, but not vulnerable |because no suitable fix is | | |to known vectors of attack) |available for the upstream Linux | | | |kernel. | +--------------+----------------------------+---------------------------------+ | |6.7 (has vulnerable Linux | | |CVE-2017-7645 |kernel, but not vulnerable |Not available at this time. | | |to known vectors of attack) | | +--------------+----------------------------+---------------------------------+ |CVE-2017-5970,| | | |CVE-2017-6214,|6.6 |Upgrade to 6.6.5.10. | |CVE-2016-10229| | | +--------------+----------------------------+---------------------------------+ +-----------------------------------------------------------------------------+ | Content Analysis (CA) | +---------------------+---------+---------------------------------------------+ | |Affected | | | CVE |Version |Remediation | | |(s) | | +---------------------+---------+---------------------------------------------+ | |1.3 and |A fix will not be provided because no | | CVE-2017-5972 |later |suitable fix is available for the upstream | | | |Linux kernel. | +---------------------+---------+---------------------------------------------+ | All CVEs except |2.2 |Not vulnerable, fixed in 2.2.1.1. | | CVE-2017-5972, +---------+---------------------------------------------+ | CVE-2017-7645 |2.1 |Upgrade to later release with fixes. | +---------------------+---------+---------------------------------------------+ | CVE-2017-5970, | | | | CVE-2017-6214, |1.3 |Fixed in 1.3.7.8. | | CVE-2016-10229 | | | +---------------------+---------+---------------------------------------------+ +-------------------------------------------------------------+ | Director | +-------------+-------------------+---------------------------+ | CVE |Affected Version(s)|Remediation | +-------------+-------------------+---------------------------+ |CVE-2017-7645|6.1 |Not available at this time.| +-------------+-------------------+---------------------------+ +-----------------------------------------------------------------------------+ | Mail Threat Defense (MTD) | +---------------+----------+--------------------------------------------------+ | CVE |Affected |Remediation | | |Version(s)| | +---------------+----------+--------------------------------------------------+ |CVE-2017-5970, | | | |CVE-2017-6214, |1.1 |Not available at this time. | |CVE-2016-10229 | | | +---------------+----------+--------------------------------------------------+ | CVE-2017-5972 |1.1 |A fix will not be provided because no suitable fix| | | |is available for the upstream Linux kernel. | +---------------+----------+--------------------------------------------------+ +-----------------------------------------------------------------------------+ | Malware Analysis (MA) | +----------------+----------+-------------------------------------------------+ | CVE |Affected |Remediation | | |Version(s)| | +----------------+----------+-------------------------------------------------+ |CVE-2016-10229, | | | | CVE-2017-5970, | |Upgrade to 4.2.12. | | CVE-2017-6214 | | | +----------------+ +-------------------------------------------------+ |CVE-2017-5897, |4.2 |Upgrade to a version of Content Analysis with | | CVE-2017-7645 | |fixes. | +----------------+ +-------------------------------------------------+ | CVE-2017-5972 | |A fix will not be provided because no suitable | | | |fix is available for the upstream Linux kernel. | +----------------+----------+-------------------------------------------------+ +-----------------------------------------------------------------------------+ | Management Center (MC) | +---------------+----------+--------------------------------------------------+ | CVE |Affected |Remediation | | |Version(s)| | +---------------+----------+--------------------------------------------------+ |CVE-2017-5970, |1.10 and |Not vulnerable, fixed in 1.10.1.1 | |CVE-2017-6214, |later | | |CVE-2016-10229 +----------+--------------------------------------------------+ | |1.9 |Upgrade to later release with fixes. | +---------------+----------+--------------------------------------------------+ | CVE-2017-5972 |1.9 and |A fix will not be provided because no suitable fix| | |later |is available for the upstream Linux kernel. | +---------------+----------+--------------------------------------------------+ +----------------------------------------------------------------------------+ | Norman Shark Industrial Control System Protection (ICSP) | +----------------------------+------------------+----------------------------+ | CVE |Affected Version |Remediation | | |(s) | | +----------------------------+------------------+----------------------------+ | |5.4 |Not vulnerable, fixed in | | All CVEs except | |5.4.1 | | CVE-2016-10229 +------------------+----------------------------+ | |5.3 |Not available at this time | +----------------------------+------------------+----------------------------+ +-----------------------------------------------------------------------------+ | PacketShaper (PS) S-Series | +-------------+------------------------+--------------------------------------+ | CVE |Affected Version(s) |Remediation | +-------------+------------------------+--------------------------------------+ | |11.9 and later |Not vulnerable, fixed in 11.9.1.1 | | +------------------------+--------------------------------------+ | |11.7, 11.8 |Upgrade to later release with fixes. | |CVE-2017-6214+------------------------+--------------------------------------+ | |11.6 |Not available at this time | | +------------------------+--------------------------------------+ | |11.5 |Upgrade to later release with fixes. | +-------------+------------------------+--------------------------------------+ | | |A fix will not be provided because no | |CVE-2017-5972|11.5 and later |suitable fix is available for the | | | |upstream Linux kernel. | +-------------+------------------------+--------------------------------------+ | |11.5 and later (not | | |CVE-2017-7645|vulnerable to known |Not available at this time | | |vectors of attack) | | +-------------+------------------------+--------------------------------------+ +-----------------------------------------------------------------------------+ | PolicyCenter (PC) S-Series | +-------------+-----------+---------------------------------------------------+ | CVE |Affected |Remediation | | |Version(s) | | +-------------+-----------+---------------------------------------------------+ |CVE-2017-5972|1.1 |A fix will not be provided because no suitable fix | | | |is available for the upstream Linux kernel. | +-------------+-----------+---------------------------------------------------+ |CVE-2017-6214|1.1 |Not available at this time | +-------------+-----------+---------------------------------------------------+ +-----------------------------------------------------------------------------+ | Reporter | +--------------+----------------------+---------------------------------------+ | CVE |Affected Version(s) |Remediation | +--------------+----------------------+---------------------------------------+ | |10.3, 10.4 (not | | | |vulnerable to known |Not available at this time | | |vectors of attack) | | | +----------------------+---------------------------------------+ |CVE-2017-5897 |10.2 |Not vulnerable, fixed in 10.2.1.1 | | +----------------------+---------------------------------------+ | |10.1 (not vulnerable | | | |to known vectors of |Upgrade to 10.1.5.5. | | |attack) | | +--------------+----------------------+---------------------------------------+ |CVE-2017-5970,|10.2 and later |Not vulnerable, fixed in 10.2.1.1 | |CVE-2017-6214 +----------------------+---------------------------------------+ | |10.1 |Upgrade to 10.1.5.5. | +--------------+----------------------+---------------------------------------+ | | |A fix will not be provided because no | |CVE-2017-5972 |10.1 and later |suitable fix is available for the | | | |upstream Linux kernel. | +--------------+----------------------+---------------------------------------+ | All CVEs |9.4, 9.5 |Not vulnerable | +--------------+----------------------+---------------------------------------+ +-----------------------------------------------------------------------------+ | Security Analytics | +----------------+----------+-------------------------------------------------+ | CVE |Affected |Remediation | | |Version(s)| | +----------------+----------+-------------------------------------------------+ | |7.3 |Not available at this time | |All CVEs except +----------+-------------------------------------------------+ | CVE-2017-5972, |7.2 |Not available at this time | | CVE-2017-7645 +----------+-------------------------------------------------+ | |7.1 |Upgrade to later release with fixes. | +----------------+----------+-------------------------------------------------+ | CVE-2017-5972 |7.1 and |A fix will not be provided because no suitable | | |later |fix is available for the upstream Linux kernel. | +----------------+----------+-------------------------------------------------+ +-----------------------------------------------------------------------------+ | SSL Visibility (SSLV) | +-----------------+---------------------+-------------------------------------+ | CVE |Affected Version(s) |Remediation | +-----------------+---------------------+-------------------------------------+ | |3.12 |Not vulnerable, fixed in 3.12.1.1 | | CVE-2016-10229, +---------------------+-------------------------------------+ | CVE-2017-5897, |3.11 |Upgrade to later release with fixes. | | CVE-2017-5970, +---------------------+-------------------------------------+ | CVE-2017-6214 |3.10 |Upgrade to 3.10.4.1. | | +---------------------+-------------------------------------+ | |3.8.4FC, 3.9 |Upgrade to later release with fixes. | +-----------------+---------------------+-------------------------------------+ | CVE-2016-10229, |4.2 and later |Not vulnerable, fixed in 4.2.1.1 | | CVE-2017-5970, +---------------------+-------------------------------------+ | CVE-2017-6214 |4.0, 4.1 |Upgrade to later release with fixes. | +-----------------+---------------------+-------------------------------------+ | |4.2 and later |Not vulnerable, fixed in 4.2.1.1 | | +---------------------+-------------------------------------+ | CVE-2017-6745 |4.0, 4.1 (not | | | |vulnerable to known |Upgrade to later release with fixes. | | |vectors of attack) | | +-----------------+---------------------+-------------------------------------+ | | |A fix will not be provided because no| | CVE-2017-5972 |All versions |suitable fix is available for the | | | |upstream Linux kernel. | +-----------------+---------------------+-------------------------------------+ +-----------------------------------------------------------------------------+ | X-Series XOS | +--------------+----------+---------------------------------------------------+ | CVE |Affected |Remediation | | |Version(s)| | +--------------+----------+---------------------------------------------------+ |CVE-2017-5972 |9.7 and |A fix will not be provided because no suitable fix | | |later |is available for the upstream Linux kernel. | +--------------+----------+---------------------------------------------------+ | |11.0 |Not available at this time | |CVE-2017-6214,+----------+---------------------------------------------------+ |CVE-2017-7645 |10.0 |Not available at this time | | +----------+---------------------------------------------------+ | |9.7 |Not available at this time | +--------------+----------+---------------------------------------------------+ Additional Product Information Symantec Network Protection products that use a native installation of the Linux kernel but do not install or maintain the kernel are not vulnerable to the attacks using the CVEs in this Security Advisory. However, the underlying platform that installs and maintains the Linux kernel may be vulnerable. Symantec urges our customers to update the versions of the Linux kernel that are natively installed for Client Connector, Cloud Data Protection, ProxyClient, and Reporter 9.x for Linux. Some Symantec Network Protection products do not support UDP, IPv6, and NFS. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided. o ASG: CVE-2017-5897 (6.6 only), CVE-2017-5972 and CVE-2017-7645 (6.6 only) o CA: CVE-2017-5897 (1.3 only) and CVE-2017-7645 o MTD: CVE-2017-5897 and CVE-2017-7645 o MC: CVE-2017-5897 and CVE-2017-7645 o PacketShaper S-Series: CVE-2017-7645 o PolicyCenter S-Series: CVE-2017-7645 o Reporter 10.1: CVE-2016-10229, CVE-2017-5897, and CVE-2017-7645 o Security Analytics: CVE-2017-7645 o SSLV 4.0: CVE-2017-5897 and CVE-2017-7645 The following products are not vulnerable: Android Mobile Agent AuthConnector BCAAA Blue Coat HSM Agent for the Luna SP CacheFlow Client Connector Cloud Data Protection for Salesforce Cloud Data Protection for Salesforce Analytics Cloud Data Protection for ServiceNow Cloud Data Protection for Oracle CRM On Demand Cloud Data Protection for Oracle Field Service Cloud Cloud Data Protection for Oracle Sales Cloud Cloud Data Protection Integration Server Cloud Data Protection Communication Server Cloud Data Protection Policy Builder General Auth Connector Login Application IntelligenceCenter IntelligenceCenter Data Collector K9 PacketShaper PolicyCenter ProxyClient ProxyAV ProxyAV ConLog and ConLogXP ProxySG Unified Agent Web Isolation Issues +-----------------------------------------------------------------------------+ | CVE-2016-10229 | +-----------+-----------------------------------------------------------------+ |Severity / |High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) | | CVSSv2 | | +-----------+-----------------------------------------------------------------+ |References |SecurityFocus: BID 97397 / NVD: CVE-2016-10229 | +-----------+-----------------------------------------------------------------+ | Impact |Denial of service, code execution | +-----------+-----------------------------------------------------------------+ | |A flaw in UDP packet handling that allows a remote attacker to | |Description|send crafted UDP packets and cause memory corruption. The | | |attacker can execute arbitrary code or cause a system crash, | | |resulting in denial of service. | +-----------+-----------------------------------------------------------------+ +-----------------------------------------------------------------------------+ | CVE-2017-5897 | +-----------+-----------------------------------------------------------------+ |Severity / |High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | | CVSSv2 | | +-----------+-----------------------------------------------------------------+ |References |SecurityFocus: BID 96037 / NVD: CVE-2017-5897 | +-----------+-----------------------------------------------------------------+ | Impact |Unspecified | +-----------+-----------------------------------------------------------------+ |Description|A flaw in the IPv6 GRE implementation allows a remote attacker to| | |have unspecified impact via vectors related to GRE flags. | +-----------+-----------------------------------------------------------------+ +-----------------------------------------------------------------------------+ | CVE-2017-5970 | +-----------+-----------------------------------------------------------------+ |Severity / |Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) | | CVSSv2 | | +-----------+-----------------------------------------------------------------+ |References |SecurityFocus: BID 96233 / NVD: CVE-2017-5970 | +-----------+-----------------------------------------------------------------+ | Impact |Denial of service | +-----------+-----------------------------------------------------------------+ | |A flaw in IP option handling allows a remote attacker to send | |Description|crafted IP packets and cause a system crash, resulting in denial | | |of service. | +-----------+-----------------------------------------------------------------+ +-----------------------------------------------------------------------------+ | CVE-2017-5972 | +-----------+-----------------------------------------------------------------+ |Severity / |High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) | | CVSSv2 | | +-----------+-----------------------------------------------------------------+ |References |SecurityFocus: BID 96231 / NVD: CVE-2017-5972 | +-----------+-----------------------------------------------------------------+ | Impact |Denial of service | +-----------+-----------------------------------------------------------------+ | |A flaw in the TCP implementation allows remote attackers to send | |Description|TCP SYN packets and cause excessive CPU consumption, resulting in| | |denial of service. | +-----------+-----------------------------------------------------------------+ +-----------------------------------------------------------------------------+ | CVE-2017-6214 | +-----------+-----------------------------------------------------------------+ |Severity / |Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) | | CVSSv2 | | +-----------+-----------------------------------------------------------------+ |References |SecurityFocus: BID 96421 / NVD: CVE-2017-6214 | +-----------+-----------------------------------------------------------------+ | Impact |Denial of service | +-----------+-----------------------------------------------------------------+ | |A flaw in TCP packet handling allows a remote attacker to send | |Description|crafted TCP packets and cause an infinite loop in the Linux | | |kernel thread, resulting in denial of service. | +-----------+-----------------------------------------------------------------+ +-----------------------------------------------------------------------------+ | CVE-2017-7645 | +-----------+-----------------------------------------------------------------+ |Severity / |High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) | | CVSSv2 | | +-----------+-----------------------------------------------------------------+ |References |SecurityFocus: BID 97950 / NVD: CVE-2017-7645 | +-----------+-----------------------------------------------------------------+ | Impact |Denial of service | +-----------+-----------------------------------------------------------------+ | |A flaw in the NFSv2/NFSv3 implementation allows a remote attacker| |Description|to send crafted RPC responses and cause a system crash, resulting| | |in denial of service. | +-----------+-----------------------------------------------------------------+ Mitigation These vulnerabilities can be exploited only through the management interfaces for Director, MA, MC, ICSP, PS S-Series, PC S-Series, Reporter, Security Analytics, and SSLV. Allowing only machines, IP addresses and subnets from a trusted network to access the management interface reduces the threat of exploiting the vulnerabilities. By default, ICSP does not use NFS. Customers who leave this default behavior unchanged prevent attacks against these products using CVE-2017-7645. Revisions 2020-01-16 A fix for Malware Analysis will not be provided. Please upgrade to a version of Content Analysis with the vulnerability fixes. 2019-10-02 Web Isolation is not vulnerable. 2019-08-29 Reporter 10.3 and 10.4 have a vulnerable version of the Linux kernel, but are not vulnerable to known vectors of attack. 2019-01-23 ICSP 5.4 is not vulnerable because a fix is available in 5.4.1. 2019-01-12 A fix for Security Analytics 7.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2019-01-11 A fix for CA 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-10-25 A fix for CVE-2017-5970, CVE-2017-6214, and CVE-2016-10229 in CA 1.3 is available in 1.3.7.8. 2018-09-24 A fix for SSLV 3.8.4FC will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-08-07 A fix for CVE-2016-10229, CVE-2017-5970, and CVE-2017-6214 in MA is available in 4.2.12. 2018-08-03 A fix for CVE-2017-5972 will not be provided for any Network Protection products because no suitable fix is available for the Linux kernel. 2018-07-26 MC 2.0 is vulnerable to CVE-2017-5972. 2018-06-26 A fix for CVE-2016-10229, CVE-2017-5970, CVE-2017-6214,CVE-2017-6745, and CVE-2017-5972 in SSLV 4.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-06-25 A fix for SSLV 3.11 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-04-26 A fix for SSLV 4.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-04-22 CA 2.3, PacketShaper S-Series 11.10, and Reporter 10.2 are vulnerable to CVE-2017-5972. 2018-04-12 A fix for all CVEs except CVE-2017-5972 in Reporter 10.1 is available in 10.1.5.5. 2018-02-22 A fix for all CVEs except CVE-2017-5972 in SSLV 3.10 is available in 3.10.4.1. 2017-11-16 A fix for PS S-Series 11.5, 11.7, and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-16 A fix for SSLV 3.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-15 A fix for all CVEs except CVE-2017-5972 in SSLV 3.12 is available in 3.12.1.1. 2017-11-15 A fix for all CVEs except CVE-2017-5972 in SSLV 4.2 is available in 4.2.1.1. 2017-11-09 MC 1.11 is vulnerable to CVE-2017-5972. MC 1.11 is not vulnerable to CVE-2016-10229,CVE-2017-5897, CVE-2017-5970, CVE-2017-6214, andCVE-2017-7645 because a fix is available in 1.11.1.1. A fix for MC 1.10 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-11-08 A fix for all CVEs except CVE-2017-5972 in CA 2.2 is available in 2.2.1.1. 2017-11-06 ASG 6.7 has a vulnerable version of the Linux kernel for CVE-2017-5972, but is not vulnerable to known vectors of attack. 2017-08-03 SSLV 4.1 is vulnerable to CVE-2016-10229, CVE-2017-5970, CVE-2017-5972, and CVE-2017-6214. It also has vulnerable code for CVE-2017-5897 and CVE-2017-7645, but is not vulnerable to known vectors of attack. 2017-07-25PS S-Series 11.9 is vulnerable to CVE-2017-5972 and CVE-2017-7645. PS S-Series 11.9 is not vulnerable toCVE-2017-6214 because a fix is available in 11.9.1.1. 2017-07-23 MC 1.10 is vulnerable to CVE-2017-5972. MC 1.10 is not vulnerable toCVE-2016-10229,CVE-2017-5897, CVE-2017-5970, CVE-2017-6214, andCVE-2017-7645 because a fix is available in 1.10.1.1. A fix for MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2017-06-26 A fix for all CVEs except CVE-2017-5972 in ASG 6.6 is available in 6.6.5.10. 2017-06-22 Security Analytics 7.3 is vulnerable to CVE-2016-10229, CVE-2017-5897, CVE-2017-5970, CVE-2017-5972, and CVE-2017-6214. It also has a vulnerable version of the Linux kernel for CVE-2017-7645, but is not vulnerable to known vectors of attack. 2017-06-05 PS S-Series 11.8 is vulnerable to CVE-2017-5972 and CVE-2017-6214. 2017-05-19 CA 2.1 is vulnerable to CVE-2016-10229, CVE-2017-5897, CVE-2017-5970, CVE-2017-5972, and CVE-2017-6214. 2017-05-09 initial public release Legacy ID: SA148 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXjJq1GaOgq3Tt24GAQiHaBAA0MWRaR/VWPuCT1/sU84kaqNSVISN0hwW HKChAAHBobbURkVqbuwCEzm71pUdU3uu3JvN6SzvHbhBSOe+NXqwTqc+fiTHVbj9 C79IcF/mnb53TZyUjRvNEaNLFpVX1a1LUN1inOq6d8ponh0amfTrR5s2B10HAJ7W CNoMWcmyC5yGS+rchtXCrXhwA5XRc+pJIfnHP9VB5QsjeIrVAJgEEYlCQrjtoJND fjavFdmJ1ZSM8DMK68GvsqxDXYeA/JhC0XiNK7nS9iq/i75/sZGW4n5/bQcpWwzv 5mL312F1XxfsWUdXAB8H7zlKbVue5wrmQnS0phXQuP2GBD1qn1AH5jE4IUCAHyxY jzeq8CW2DW914u5Kqt1YuljJAR1yBRT1BVWzm85L80TjLj7jyJ9whUXqwCBvsSrM XprcVrVk0OIY3tQG84k7yMbGP4ewWiSdZEcljaMOvr2oS36Zyn9XwrarIMC3OTtZ D+iTAMPJnXrhfx2VxkjgoQPqPbW8b2iwg8PsYKe4XPLxn0/T8S1kKPmDtvPHidED WG/t19xn5PdfYdb38OmnvbEAYgH53u5m8MRoGvuscDqDNHF1aYAIhvY037Wn34mG sss1Y7B8Nj6GsEQejtB9KJbkZoib3W4S3wIGnIw/vQ9QpfGXb5UEP3SmscC7gNZ5 WM/Wa1L9lPY= =1kjw -----END PGP SIGNATURE-----