Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4656 Multiple vulnerabilities in found Xen 12 December 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xen Publisher: Xen Operating System: Virtualisation Impact/Access: Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Existing Account Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-19583 CVE-2019-19582 CVE-2019-19581 CVE-2019-19580 CVE-2019-19578 CVE-2019-19577 Original Bulletin: http://xenbits.xen.org/xsa/advisory-311.html http://xenbits.xen.org/xsa/advisory-310.html http://xenbits.xen.org/xsa/advisory-309.html http://xenbits.xen.org/xsa/advisory-308.html http://xenbits.xen.org/xsa/advisory-307.html Comment: This bulletin contains five (5) xenbits security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19577 / XSA-311 version 4 Bugs in dynamic height handling for AMD IOMMU pagetables UPDATES IN VERSION 4 ==================== Public release. Re-base 4.12 patch onto latest stable tree commits. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. IMPACT ====== A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. VULNERABLE SYSTEMS ================== Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable. MITIGATION ========== In some configurations, use of passthrough can be replaced with a higher-level protocol such as Xen PV block or network devices. There is no other mitigation. CREDITS ======= This issue was discovered by Sander Eikelenboom, along with Andrew Cooper of Citrix. RESOLUTION ========== Applying the appropriate (set of) attached patch(es) resolves this issue. xsa311.patch xen-unstable, Xen 4.13.x xsa311-4.12.patch Xen 4.12.x xsa311-4.11.patch Xen 4.11.x xsa311-4.10-*.patch Xen 4.10.x xsa311-4.9-*.patch Xen 4.9.x xsa311-4.8-*.patch Xen 4.8.x $ sha256sum xsa311* ea929752043b5d4659cb605314887441daa33ee6450e755d6f077e57fc7abf9e xsa311.meta 732975f33b6d893b984540c4c748eb5cdf1cf81bd565e41b57795458cae3ccad xsa311.patch 27e30da9360eec850f6e7d8f2ea465d2f00a5a5a45c43042e4c18786c6c9338f xsa311-4.8-1.patch 6e2372eb18f3ca25093445a93bcdf674ed2d7d3012e8611911ea2b9ca8d58bd4 xsa311-4.8-2.patch c73bee7aa8fac02d0982b4fb21de053918f80cc0158bd5bfca68e3dc994759be xsa311-4.9-1.patch e89f5c381bd6a8fa8c5f63a829b586fdbefefe311c0f1084d2baeea3e933da66 xsa311-4.9-2.patch c73bee7aa8fac02d0982b4fb21de053918f80cc0158bd5bfca68e3dc994759be xsa311-4.10-1.patch 189a51048ad88efd855e6e78a307fff68e0c139225ce528c253558d266fffe02 xsa311-4.10-2.patch 1aaf26d1c231c8b5dd00900c00c18bf884d23b9568c9746866d92f39daf1c02f xsa311-4.11.patch 5f43fa4628f6d1a8f6f903e662226a09524b8c354e06e1a6039837db656c0218 xsa311-4.12.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w3F8MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZgF0IAIOtY9LMbRkBWgc16lOs+MTDOC7h4fYqofjQetFN wAJ2Q3w2QXN+Zt54L8dmc6+Zzvn9Do4AJeMvfCzFxuw2OaMBwcwI9DcEbZ+CvYsa hiXf9xKBBEfCu8PjisRnBqKuyqrLQdBSad9vXcGOVloXiFzJ1wbKnSMBNig9ZTi2 us3c9MeUTnf95W/KTQNe2Gu8KQiogzzBUUifdB6YU0MNNhL60OzfSwgautD9XHfA +NcRogDnf6KgAs6VKgHSDxyVWbvnaWvKWGF2M2QXwXHjqCH/ox87OIIgZ/HSodXB e07vCaweCG4GgWDGQN5K3+9Cu1B6+t0RYzPYmuhPDy/kWF0= =RJ0B - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19580 / XSA-310 version 3 Further issues with restartable PV type change operations UPDATES IN VERSION 3 ==================== Public release. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. IMPACT ====== A malicious PV guest administrator may be able to escalate their privilege to that of the host. VULNERABLE SYSTEMS ================== All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice. MITIGATION ========== Running only HVM or PVH guests will avoid this vulnerability. Running PV guests in "shim" mode will also avoid this vulnerability. CREDITS ======= This issue was discovered by Sarah Newman at prgmr.com. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa310/*.patch xen-unstable, Xen 4.13 - 4.10 xsa310-4.9/*.patch Xen 4.9 - 4.8 $ sha256sum xsa310* xsa310*/* 2208e40c71aa521ae487782bd751963ce696be451d10a179fcecdff7a0065369 xsa310.meta 8e75f0fb5fe890a661c8d46ec622131bc650f1a95b170b99569b50dd2224616c xsa310-4.9/0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch 3da404a0c088936ed92377ccef1fa6fdeb23900358ca9284e3488e8e1dcb5dd2 xsa310-4.9/0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch cd1a77c2f767474dcfbd1e6282ad3219ce2abcac2021b040120d40b52fc76bc8 xsa310-4.9/0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch 44c670a1b1b8164202766d52fb741e62c104118525eb7a3e56f4b232bcb8be3f xsa310/0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch 173dc0ffb4c572c8493bd9d5f3309b113e51888bdc9e462c78933f5c85f69b7a xsa310/0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch 1833fbfc2cdea9b37f161b09df947dffdd8db5e60a2f3512913de0e0c0d4b3ef xsa310/0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w3F0MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ1noH/i6Sb3F6ZiaSl460OvdCRKd9lZm3ONunOH4IHuc6 +Q/G0G4b48UYfK/8FSAAjldv8tPOA5+j3GAFr2JgVtTWjP7tZyzSs0tDvn37sZrZ D3l0AeOHxLCuSRxnoRDtpKiuJv71DrnYEfCDdc6R4DTZuciOWYpYq6PQTac5bLZX 8G5nR+33SvzdIpncvONa0Xqm1+Cgy8yOOQQJHeQvN7GJfVvs6AHepU5zuP2Ez42W ReNA6o13xwiI8LGKvf8cV7s74JklIxR9gzkv4bBtMKInUY2loSIbKpI8E9GsVa3n VOJ2kwKgGgszewBoVyJdGYY1ZlXeIdPjOj7+575bsRnDlGo= =f2/B - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19578 / XSA-309 version 3 Linear pagetable use / entry miscounts UPDATES IN VERSION 3 ==================== Public release. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. IMPACT ====== A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable. MITIGATION ========== If you don't have any guests which need linear pagetables, you can disable the feature by adding pv-linear-pt=false to your Xen command-line. NetBSD is known to use linear pagetables; Linux and MiniOS are known not to use linear pagetables. CREDITS ======= This issue was discovered by Manuel Bouyer and diagnosed as a security issue by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa309.patch xen-unstable, Xen 4.13 - Xen 4.8 $ sha256sum xsa309* ddd00dfbc85bada4e4cee8a51b989e3138cc47c58992657054246bc95c8ae34d xsa309.meta 0e4b75f4416624de698f3ed619c28418917ab0a5c9663c1641804e1d0a0dec1b xsa309.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Deployment of the `pv-linear-pt=false` mitigation is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because someone may notice the feature going away, and armed with the knowledge of where the issue is, re-discover it. Deployment of the mitigation is permitted only AFTER the embargo ends. Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w3FwMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZt+QIAL4wU2XUXRQZFk4uS9m4EYV3tlzOidJVcAOvr4pC x9O0rCRrUTnXvaqDj/X7fqPC4e/uHy4yPgg2gnRqb4y/jXJexPBkY/fsZJ64JdWJ Fo+0a9CK8IrlzhXFcxVff49kUC3Vv/X2FMa5mY07wfg3ww2qyh9rUiKSFEX4B8vV 6lfMbFZNyOiO2vm1RnQzUCRnUeHnLXmR22BIvwLX6496qoI/ubHDBOK8NX0RU81e N1wdKlOlfmX1SuXfYzKPcdulmKLHnxiVgxG5FAsaQ5At3luA0+WEn5scoBXG99uB e6EkbmDpLabceQufMPR7Bvad3uVSzg3qLe/NvW4bd4Fvzb0= =Td+m - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19583 / XSA-308 version 3 VMX: VMentry failure with debug exceptions and blocked states UPDATES IN VERSION 3 ==================== Public release. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= Please see XSA-260 for background on the MovSS shadow: http://xenbits.xen.org/xsa/advisory-260.html Please see XSA-156 for background on the need for #DB interception: http://xenbits.xen.org/xsa/advisory-156.html The VMX VMEntry checks does not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. IMPACT ====== HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. VULNERABLE SYSTEMS ================== All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. MITIGATION ========== Running only PV guests will avoid this vulnerability. Running HVM guests on only AMD hardware will also avoid this vulnerability. CREDITS ======= This issue was discovered by Hakon Alstadheim and diagnosed as a security issue by Andrew Cooper of Citrix. RESOLUTION ========== Applying the attached patch resolves this issue. xsa308.patch xen-unstable, Xen 4.13.x .. Xen 4.8.x $ sha256sum xsa308* 4aa06d21478d9debb12388ff14d8abc31982e18895db40d0cec78fcc9fe68ef2 xsa308.meta 7e782b09b16f7534c8db52042f7bb3bd730d108571c8b10af184ae0b02fdae9d xsa308.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. - -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w3FsMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZWHwIAIfuiZE/IyxMwTAkZL3EugBnlxxHodoBuj6imn+n c9DvMk3TCi3vSgvZQtVpP0eNuuLN5285hVyI95lRE0LTmtRLc7jATktStRTgGkua znW8U1sqkVRWJcVuN4uAM2zIY60pMZnFjZxdJW12+wpcA13LInE1cDWnlRv+cdD9 7DtVkGUWXjfbcm3KXGZw8YpKvTgVp983VpywR/1lzXZ+MexWzKuEco8fZFayw0ne 3nT/23Y1ofjCflNFjc7HoeJZl+zy493J/rqHS8yYI3d4vTdIfjue3rZ/X6305el9 zjCG5zXygrWVAoKGWVnPZweX1jw8rd6BlsPTqQb53UH94zc= =yTxW - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-19581,CVE-2019-19582 / XSA-307 version 3 find_next_bit() issues UPDATES IN VERSION 3 ==================== Public release. Updated metadata to add 4.13, update StableRef's ISSUE DESCRIPTION ================= In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: - - - On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. (CVE-2019-19581) - - - On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. (CVE-2019-19582) IMPACT ====== A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. x86 systems with 64 or more nodes are vulnerable. We are unaware of any such systems that Xen would run on. 64-bit Arm systems as well as x86 systems with less than 64 nodes are not vulnerable. MITIGATION ========== There is no known mitigation for 32-bit Arm systems. For x86 systems the issue can be avoided by suppressing the use of NUMA information provided by firmware, via the "numa=off" command line option. RESOLUTION ========== Applying the attached patch resolves this issue. xsa307.patch xen-unstable, Xen 4.13.x ... 4.8.x $ sha256sum xsa307* e589e96a0b3ec66f1d2d6393b82fab13ed18fd9fb112044a12263336b8499c68 xsa307.meta 7df052768cc05329bc44bf724897227885da8bb2cde9ff01d0ba2a34611bde97 xsa307.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w24gMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZxokH/2bGTmGUZP0tyc+oDHjlrr3+FarhoJnRTl4EoqJS hzsa5OkcqzcEgrQ+7VL7dLW3AboT2zcx2RQ9HyxCz61BfDY1XF8EDDr6chJiNofN J7OGirNzSBHFFQJOc2KFG8al+1F8WzzKP3UMbqNBrqB07/tQc5lttdbA/t5Tnp9c xreCAkkBscDk1LFR8HiUA3YeykiHQtF09O+VnxXO2AD/Dpo8e+K6AmJkCZ4+ysNP JKMc13vQ3UKjMmYzgbuNCIswNu1Wy3EnNZMf2zvGIhuw6iN6vSJJgoz0OSPUb4yY =7XWU - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXfHUMWaOgq3Tt24GAQhJORAAsT7eJxivnLJ0Lk724xxRUJRW7UuebJ9I VKij/K0rkmIN8U0NSaf7ipntzwd3WfBCWVf0Jpn332o3Fz3h6Lag49FPdMtptB3T kXpZD+rPvE7dcn7iToB6u01qcwNhhk31LCWNIpvQ8TVzrgypLmdGNMXNg0K3ki1p NAnf4ed3D4rKrPqKroo2l44aGiFVC92wDxXRmjk/3MIDzNEyzzxhBAryvM/2WplY zrkNYMTw97P7A7L6/wGsg2xyH0XU40JqXX1VgMNk4pxbvu2XVBJc0ushdyHyR83n 2WoCGuKIQt37/+CZWlajWp1fnDtfaWQeB0ey2Z6T4d12F+wrJwkBBGpdUa/+aceK ULe4UyAR9gEHlMO4oZXdfMX7lroO/q5N0IvuvELCEsZA4slUDnM7eec2vPWs0QGQ Z2C2SrfyamTXybF2zL4RH/sTacVy7tZlc7XvIH0JwYHyDzs+5865Ini0UbJj3z0w hPQJjv3RbXJqvmyPDqLPPlGRUuyppdTG+iPkekCvhBNYGzXfUKoFyyrSmVop5b8O /iSiJo1b2C7dNVwjA/S/HjB2MhQmzJFtz7B76ksEd90vSEweBheLmYEs9cyojBcu xUsYlAXDwLCXGRtU41VyTsfGrkDM9KxTgQR4G3WVA7LEvbfsTLEfDYVakGPKp8OS yXNY+/AmkdA= =Dvzk -----END PGP SIGNATURE-----