Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1988 Multiple vulnerabilities affect IBM PureApplication System 4 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM PureApplication System Publisher: IBM Operating System: AIX Linux variants Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Modify Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-4241 CVE-2019-4235 CVE-2019-4234 CVE-2019-4225 CVE-2019-4224 CVE-2018-19362 CVE-2018-19361 CVE-2018-19360 CVE-2018-14721 CVE-2018-7489 CVE-2018-3640 CVE-2018-3639 CVE-2018-1901 CVE-2018-1890 CVE-2017-17485 CVE-2017-15095 CVE-2017-7525 CVE-2016-8858 CVE-2016-5699 Reference: ASB-2019.0122 ASB-2019.0115 ESB-2019.1969 ESB-2019.1957 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885608 http://www.ibm.com/support/docview.wss?uid=ibm10885602 http://www.ibm.com/support/docview.wss?uid=swg22017294 http://www.ibm.com/support/docview.wss?uid=ibm10885606 Comment: This bulletin contains four (4) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (January 2019 updates) Security Bulletin Document information More support for: PureApplication System Component: Security Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1, 2.2.5.2, 2.2.5.3, 2.2.6.0 Operating system(s): AIX, Linux, Windows Software edition: All Editions Reference #: 0885608 Modified date: 31 May 2019 Summary Multiple vulnerabilities in IBM(R) SDK Java(TM) Technology Edition, Version 6 and 7, used by the IBM PureApplication System were disclosed as part of the IBM Java SDK updates in January 2019. IBM PureApplication System has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. CVSS Base Score: 5.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152081 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L) Affected Products and Versions IBM PureApplication System V2.2.3.0 IBM PureApplication System V2.2.3.1 IBM PureApplication System V2.2.3.2 IBM PureApplication System V2.2.4.0 IBM PureApplication System V2.2.5.0 IBM PureApplication System V2.2.5.1 IBM PureApplication System V2.2.5.2 IBM PureApplication System V2.2.5.3 Remediation/Fixes Upgrade the IBM PureApplication System to the following fix release: o IBM PureApplication System V2.2.6.0 Information on upgrading can be found here: http://www-01.ibm.com/support/ docview.wss-uid=swg27039159 Workarounds and Mitigations None Reference Complete CVSS v3 Guide On-line Calculator v3 IBM Java SDK Security Bulletin Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History May 31, 2019: Original document published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: Multiple vulnerabilities affect IBM PureApplication System Security Bulletin Document information More support for: PureApplication System Component: Security Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1, 2.2.5.2, 2.2.5.3, 2.2.6.0 Operating system(s): AIX, Linux, Windows Software edition: All Editions Reference #: 0885602 Modified date: 31 May 2019 Summary There are multiple vulnerabilities that affect IBM PureApplication System. IBM PureApplication System has addressed vulnerabilities. Vulnerability Details CVEID: CVE-2019-4224 DESCRIPTION: IBM PureApplication System is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. CVSS Base Score: 6.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159240 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2019-4241 DESCRIPTION: IBM Pure Application System could allow an authenticated user with local access to bypass authentication and obtain administrative access. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159467 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-4234 DESCRIPTION: IBM Pure Application System weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159416 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2019-4225 DESCRIPTION: IBM PureApplication System stores potentially sensitive information in log files that could be read by a local user. CVSS Base Score: 4.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159242 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2019-4235 DESCRIPTION: IBM Pure Application System does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159417 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2016-5699 DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 114200 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2016-8858 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the kex_input_kexinit() function. By sending specially crafted data during the key exchange process, a remote attacker could exploit this vulnerability to consume all available memory resources. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 118127 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139549 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2018-19362 DESCRIPTION: An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155093 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-19360 DESCRIPTION: An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155091 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-14721 DESCRIPTION: FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could exploit this vulnerability to obtain sensitive data. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155136 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-7525 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134639 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the default-typing feature. An attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 137340 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135123 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-19361 DESCRIPTION: An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155092 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions IBM PureApplication System V2.2.3.0 IBM PureApplication System V2.2.3.1 IBM PureApplication System V2.2.3.2 IBM PureApplication System V2.2.4.0 IBM PureApplication System V2.2.5.0 IBM PureApplication System V2.2.5.1 IBM PureApplication System V2.2.5.2 IBM PureApplication System V2.2.5.3 Remediation/Fixes Upgrade the IBM PureApplication System to the following fix release: o IBM PureApplication System V2.2.6.0 Information on upgrading can be found here: http://www-01.ibm.com/support/ docview.wss-uid=swg27039159 Workarounds and Mitigations None Reference Complete CVSS v3 Guide On-line Calculator v3 Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History May 31, 2019: Original document published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: IBM PureApplication Service is affected by vulnerabilities (CVE-2018-3639, CVE-2018-3640) Security Bulletin Document information More support for: PureApplication Service Component: Security Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1, 2.2.5.2 Operating system(s): AIX, Linux, Windows Software edition: All Editions Reference #: 2017294 Modified date: 31 May 2019 Summary IBM has released Version 2.2.5.3 for IBM PureApplication Service, which includes IBM OS Images for Red Hat Linux Systems, as well as AIX-based and Windows-based deployments, in response to CVE-2018-3639 and CVE-2018-3640. IBM PureApplication Service has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or "SpectreNG". CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143569 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) CVEID: CVE-2018-3640 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution that perform speculative reads of system registers. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to determine the values stored in system registers. Note: This vulnerability is the Rogue System Register Read (RSRE), also known as Variant 3a. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143570 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) Affected Products and Versions IBM PureApplication System V2.2.3.0 IBM PureApplication System V2.2.3.1 IBM PureApplication System V2.2.3.2 IBM PureApplication System V2.2.4.0 IBM PureApplication System V2.2.5.0 IBM PureApplication System V2.2.5.1 IBM PureApplication System V2.2.5.2 Remediation/Fixes Follow the steps from this bulletin to apply the fixes: http://www-01.ibm.com/ support/docview.wss-uid=isg3T1027700 The solution is to upgrade IBM PureApplication System to the following fix pack release: IBM PureApplication V2.2.5.3 Contact IBM for assistance. Information on upgrading can be found here: http://www-01.ibm.com/support/ docview.wss-uid=swg27039159 Workarounds and Mitigations None Reference Complete CVSS v3 Guide On-line Calculator v3 Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History January 25, 2019: Original document published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM PureApplication System Security Bulletin Document information More support for: PureApplication System Component: Security Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1, 2.2.5.2, 2.2.5.3, 2.2.6.0 Operating system(s): AIX, Linux, Windows Software edition: All Editions Reference #: 0885606 Modified date: 31 May 2019 Summary A vulnerability in IBM WebSphere Application Server affects PureApplication System. IBM PureApplication System has addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152530 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions IBM PureApplication System V2.2.3.0 IBM PureApplication System V2.2.3.1 IBM PureApplication System V2.2.3.2 IBM PureApplication System V2.2.4.0 IBM PureApplication System V2.2.5.0 IBM PureApplication System V2.2.5.1 IBM PureApplication System V2.2.5.2 IBM PureApplication System V2.2.5.3 The affected WebSphere Application Server versions are: IBM WebSphere Application Server Traditional v8.5 IBM WebSphere Application Server Liberty v9 Remediation/Fixes Upgrade the IBM PureApplication System to the following fix release: o IBM PureApplication System V2.2.6.0 Information on upgrading can be found here: http://www-01.ibm.com/support/ docview.wss-uid=swg27039159 Workarounds and Mitigations None Reference Complete CVSS v3 Guide On-line Calculator v3 IBM Security Bulletin WebSphere Application Server Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History May 31, 2019: Original document published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXPW9SGaOgq3Tt24GAQg2DQ//cWagxL1gE0uI98uYXbCRTpKg8MvNIz1r VjS7EA04RRy2JYwUzu+nkhLtVTBiqsZb0Bg2k5SFlZ6Wf7OXGUrOt6GlCKvGinOQ 0LoelrYHL73+4heX3gA+LzDg0F5AR0fRCUwpxDUQbETZiFnjwRCldRDKnka8Ia9K GkdJHwJ+dqtGV/Ut+dmjJUixGQ9IPBnYOV8Y7SJEfSq57icTbWXPgCkBNvfWurcF ioiWDBncfvugn5vyDwOPajJ41pDP1Ls7mglUm0WaFBNXzqync7PstwMtM1K+J9AP xl3lA71vkl58ATBL+qp+PvhRbitc+th57fDWSP/z5cmF28nDWI8OMLSaO6J1AjdV hANg5vHbX6xWHa/74OUxpnIiowrxoyGZDGnRC4d1NSlmVMPzYOdm3AWE5/AwUsg2 ZIOcTfTXe7UQhawGPCqtLsEBnteAULjXX5XrN8hdmjwb9dfKXQXagbug4dwuo6Tc z1nlgToACG1MOvyR5XpOe1Ud6jJwriyei4hpafek64H0I1XWJ1E1fPpKIpPncPyR 2stAGI0o4f1O0guDCpSkI72L6B1wRFBZucr2YegWwQsK1dkdmQk/JOcUpYtW2ghF DnIO6pntpHKiqp6gqXx3IBBi8DBWfhtZVGg8/MMdx8+hj0lPyIIUhm817VDtFPXh W9Wi56BDULc= =VUqq -----END PGP SIGNATURE-----