Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1988
Multiple vulnerabilities affect IBM PureApplication System
4 June 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM PureApplication System
Publisher: IBM
Operating System: AIX
Linux variants
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Access Privileged Data -- Existing Account
Modify Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-4241 CVE-2019-4235 CVE-2019-4234
CVE-2019-4225 CVE-2019-4224 CVE-2018-19362
CVE-2018-19361 CVE-2018-19360 CVE-2018-14721
CVE-2018-7489 CVE-2018-3640 CVE-2018-3639
CVE-2018-1901 CVE-2018-1890 CVE-2017-17485
CVE-2017-15095 CVE-2017-7525 CVE-2016-8858
CVE-2016-5699
Reference: ASB-2019.0122
ASB-2019.0115
ESB-2019.1969
ESB-2019.1957
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10885608
http://www.ibm.com/support/docview.wss?uid=ibm10885602
http://www.ibm.com/support/docview.wss?uid=swg22017294
http://www.ibm.com/support/docview.wss?uid=ibm10885606
Comment: This bulletin contains four (4) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM
PureApplication System (January 2019 updates)
Security Bulletin
Document information
More support for: PureApplication System
Component: Security
Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1,
2.2.5.2, 2.2.5.3, 2.2.6.0
Operating system(s): AIX, Linux, Windows
Software edition: All Editions
Reference #: 0885608
Modified date: 31 May 2019
Summary
Multiple vulnerabilities in IBM(R) SDK Java(TM) Technology Edition, Version 6 and 7,
used by the IBM PureApplication System were disclosed as part of the IBM Java
SDK updates in January 2019. IBM PureApplication System has addressed the
vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-1890
DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform
uses absolute RPATHs which may facilitate code injection and privilege
elevation by local users.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152081 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)
Affected Products and Versions
IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
IBM PureApplication System V2.2.5.0
IBM PureApplication System V2.2.5.1
IBM PureApplication System V2.2.5.2
IBM PureApplication System V2.2.5.3
Remediation/Fixes
Upgrade the IBM PureApplication System to the following fix release:
o IBM PureApplication System V2.2.6.0
Information on upgrading can be found here: http://www-01.ibm.com/support/
docview.wss-uid=swg27039159
Workarounds and Mitigations
None
Reference
Complete CVSS v3 Guide
On-line Calculator v3
IBM Java SDK Security Bulletin
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
May 31, 2019: Original document published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- -------------------------------------------------------------------------------
Security Bulletin: Multiple vulnerabilities affect IBM PureApplication System
Security Bulletin
Document information
More support for: PureApplication System
Component: Security
Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1,
2.2.5.2, 2.2.5.3, 2.2.6.0
Operating system(s): AIX, Linux, Windows
Software edition: All Editions
Reference #: 0885602
Modified date: 31 May 2019
Summary
There are multiple vulnerabilities that affect IBM PureApplication System. IBM
PureApplication System has addressed vulnerabilities.
Vulnerability Details
CVEID: CVE-2019-4224
DESCRIPTION: IBM PureApplication System is vulnerable to SQL injection. A
remote attacker could send specially-crafted SQL statements, which could allow
the attacker to view, add, modify or delete information in the back-end
database.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159240 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-4241
DESCRIPTION: IBM Pure Application System could allow an authenticated user with
local access to bypass authentication and obtain administrative access.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159467 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-4234
DESCRIPTION: IBM Pure Application System weakness in the implementation of
locking feature in pattern editor. An attacker by intercepting the subsequent
requests can bypass business logic to modify the pattern to unlocked state.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159416 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2019-4225
DESCRIPTION: IBM PureApplication System stores potentially sensitive
information in log files that could be read by a local user.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159242 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-4235
DESCRIPTION: IBM Pure Application System does not require that users should
have strong passwords by default, which makes it easier for attackers to
compromise user accounts.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159417 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-5699
DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header
injection, caused by improper validation of input. By persuading a victim to
visit a specially-crafted Web page, a remote attacker could exploit this
vulnerability to inject arbitrary HTTP headers, which will allow the attacker
to conduct various attacks against the vulnerable system, including cross-site
scripting, cache poisoning or session hijacking.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
114200 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2016-8858
DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error
in the kex_input_kexinit() function. By sending specially crafted data during
the key exchange process, a remote attacker could exploit this vulnerability to
consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
118127 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7489
DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to
execute arbitrary code on the system, caused by a deserialization flaw in the
readValue method of the ObjectMapper. By sending specially crafted JSON input,
an attacker could exploit this vulnerability to execute arbitrary code on the
system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139549 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-19362
DESCRIPTION: An unspecified error with failure to block the jboss-common-core
class from polymorphic deserialization in FasterXML jackson-databind has an
unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155093 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-19360
DESCRIPTION: An unspecified error with failure to block the axis2-transport-jms
class from polymorphic deserialization in FasterXML jackson-databind has an
unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155091 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-14721
DESCRIPTION: FasterXML jackson-databind is vulnerable to server-side request
forgery, caused by the failure to block the axis2-jaxws class from polymorphic
deserialization. A remote authenticated attacker could exploit this
vulnerability to obtain sensitive data.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155136 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-7525
DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary
code on the system, caused by a deserialization flaw within the Jackson JSON
library in the readValue method of the ObjectMapper. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
134639 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-17485
DESCRIPTION: Jackson-databind could allow a remote attacker to execute
arbitrary code on the system, caused by a flaw in the default-typing feature.
An attacker could exploit this vulnerability to execute arbitrary code on the
system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
137340 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-15095
DESCRIPTION: Jackson Library could allow a remote attacker to execute arbitrary
code on the system, caused by a deserialization flaw in the readValue() method
of the ObjectMapper. By sending specially crafted data, an attacker could
exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
135123 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-19361
DESCRIPTION: An unspecified error with failure to block the openjpa class from
polymorphic deserialization in FasterXML jackson-databind has an unknown impact
and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155092 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
IBM PureApplication System V2.2.5.0
IBM PureApplication System V2.2.5.1
IBM PureApplication System V2.2.5.2
IBM PureApplication System V2.2.5.3
Remediation/Fixes
Upgrade the IBM PureApplication System to the following fix release:
o IBM PureApplication System V2.2.6.0
Information on upgrading can be found here: http://www-01.ibm.com/support/
docview.wss-uid=swg27039159
Workarounds and Mitigations
None
Reference
Complete CVSS v3 Guide
On-line Calculator v3
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
May 31, 2019: Original document published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- -------------------------------------------------------------------------------
Security Bulletin: IBM PureApplication Service is affected by vulnerabilities
(CVE-2018-3639, CVE-2018-3640)
Security Bulletin
Document information
More support for: PureApplication Service
Component: Security
Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1, 2.2.5.2
Operating system(s): AIX, Linux, Windows
Software edition: All Editions
Reference #: 2017294
Modified date: 31 May 2019
Summary
IBM has released Version 2.2.5.3 for IBM PureApplication Service, which
includes IBM OS Images for Red Hat Linux Systems, as well as AIX-based and
Windows-based deployments, in response to CVE-2018-3639 and CVE-2018-3640. IBM
PureApplication Service has addressed the following vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-3639
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain
sensitive information, caused by utilizing sequences of speculative execution
and speculative execution of memory reads before the addresses of all prior
memory writes are known. By conducting targeted cache side-channel attacks, an
attacker could exploit this vulnerability to bypass security restrictions and
gain read access to privileged memory. Note: This vulnerability is the
Speculative Store Bypass (SSB), also known as Variant 4 or "SpectreNG".
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143569 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVEID: CVE-2018-3640
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain
sensitive information, caused by utilizing sequences of speculative execution
that perform speculative reads of system registers. By conducting targeted
cache side-channel attacks, an attacker could exploit this vulnerability to
determine the values stored in system registers. Note: This vulnerability is
the Rogue System Register Read (RSRE), also known as Variant 3a.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143570 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
Affected Products and Versions
IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
IBM PureApplication System V2.2.5.0
IBM PureApplication System V2.2.5.1
IBM PureApplication System V2.2.5.2
Remediation/Fixes
Follow the steps from this bulletin to apply the fixes: http://www-01.ibm.com/
support/docview.wss-uid=isg3T1027700
The solution is to upgrade IBM PureApplication System to the following fix pack
release:
IBM PureApplication V2.2.5.3
Contact IBM for assistance.
Information on upgrading can be found here: http://www-01.ibm.com/support/
docview.wss-uid=swg27039159
Workarounds and Mitigations
None
Reference
Complete CVSS v3 Guide
On-line Calculator v3
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
January 25, 2019: Original document published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- -------------------------------------------------------------------------------
Security Bulletin: A vulnerability in IBM WebSphere Application Server affects
IBM PureApplication System
Security Bulletin
Document information
More support for: PureApplication System
Component: Security
Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1,
2.2.5.2, 2.2.5.3, 2.2.6.0
Operating system(s): AIX, Linux, Windows
Software edition: All Editions
Reference #: 0885606
Modified date: 31 May 2019
Summary
A vulnerability in IBM WebSphere Application Server affects PureApplication
System. IBM PureApplication System has addressed this vulnerability.
Vulnerability Details
CVEID: CVE-2018-1901
DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to
temporarily gain elevated privileges on the system, caused by incorrect cached
value being used.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152530 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
IBM PureApplication System V2.2.5.0
IBM PureApplication System V2.2.5.1
IBM PureApplication System V2.2.5.2
IBM PureApplication System V2.2.5.3
The affected WebSphere Application Server versions are:
IBM WebSphere Application Server Traditional v8.5
IBM WebSphere Application Server Liberty v9
Remediation/Fixes
Upgrade the IBM PureApplication System to the following fix release:
o IBM PureApplication System V2.2.6.0
Information on upgrading can be found here: http://www-01.ibm.com/support/
docview.wss-uid=swg27039159
Workarounds and Mitigations
None
Reference
Complete CVSS v3 Guide
On-line Calculator v3
IBM Security Bulletin WebSphere Application Server
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
May 31, 2019: Original document published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXPW9SGaOgq3Tt24GAQg2DQ//cWagxL1gE0uI98uYXbCRTpKg8MvNIz1r
VjS7EA04RRy2JYwUzu+nkhLtVTBiqsZb0Bg2k5SFlZ6Wf7OXGUrOt6GlCKvGinOQ
0LoelrYHL73+4heX3gA+LzDg0F5AR0fRCUwpxDUQbETZiFnjwRCldRDKnka8Ia9K
GkdJHwJ+dqtGV/Ut+dmjJUixGQ9IPBnYOV8Y7SJEfSq57icTbWXPgCkBNvfWurcF
ioiWDBncfvugn5vyDwOPajJ41pDP1Ls7mglUm0WaFBNXzqync7PstwMtM1K+J9AP
xl3lA71vkl58ATBL+qp+PvhRbitc+th57fDWSP/z5cmF28nDWI8OMLSaO6J1AjdV
hANg5vHbX6xWHa/74OUxpnIiowrxoyGZDGnRC4d1NSlmVMPzYOdm3AWE5/AwUsg2
ZIOcTfTXe7UQhawGPCqtLsEBnteAULjXX5XrN8hdmjwb9dfKXQXagbug4dwuo6Tc
z1nlgToACG1MOvyR5XpOe1Ud6jJwriyei4hpafek64H0I1XWJ1E1fPpKIpPncPyR
2stAGI0o4f1O0guDCpSkI72L6B1wRFBZucr2YegWwQsK1dkdmQk/JOcUpYtW2ghF
DnIO6pntpHKiqp6gqXx3IBBi8DBWfhtZVGg8/MMdx8+hj0lPyIIUhm817VDtFPXh
W9Wi56BDULc=
=VUqq
-----END PGP SIGNATURE-----