-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.1638
 SUSE-SU-2020:1190-1 Security update for ardana-ansible, ardana-barbican,
     ardana-cluster, ardana-db, ardana-designate, ardana-input-model,
ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia,
      ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, cro
                                11 May 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SUSE OpenStack Cloud 9
                   SUSE OpenStack Cloud Crowbar 9
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Cross-site Scripting     -- Remote/Unauthenticated
                   Unauthorised Access      -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-10663 CVE-2020-9543 CVE-2020-8130
                   CVE-2020-7595 CVE-2020-5267 CVE-2020-5247
                   CVE-2019-15026 CVE-2019-11596 CVE-2019-0201

Reference:         ESB-2020.1405
                   ESB-2020.1331
                   ESB-2020.1265

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20201190-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for ardana-ansible, ardana-barbican,
ardana-cluster, ardana-db, ardana-designate, ardana-input-model,
ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia,
ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha,
crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder,
openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image,
openstack-manila, openstack-neutron, openstack-nova, openstack-octavia,
openstack-octavia-amphora-image, python-cinderclient, python-glanceclient,
python-ironic-lib, python-ironicclient, python-keystonemiddleware,
python-manila-tempest-plugin, python-novaclient, python-octaviaclient,
python-openstackclient, python-os-brick, python-oslo.config,
python-oslo.rootwrap, python-oslo.utils, python-swiftclient,
python-watcherclient, release-notes-suse-openstack-cloud,
rubygem-crowbar-client, 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:1190-1
Rating:            moderate
References:        #1084739 #1124708 #1133817 #1135773 #1137622 #1149110
                   #1149535 #1163444 #1164838 #1165402 #1165723 #1166290
                   #1168512 #1168593 #1169770
Cross-References:  CVE-2019-0201 CVE-2019-11596 CVE-2019-15026 CVE-2020-5247
                   CVE-2020-9543
Affected Products:
                   SUSE OpenStack Cloud Crowbar 9
                   SUSE OpenStack Cloud 9
______________________________________________________________________________

rubygem-puma, zookeeper

An update that solves 5 vulnerabilities and has 10 fixes is now available.

Description:

This update for ardana-ansible, ardana-barbican, ardana-cluster, ardana-db,
ardana-designate, ardana-input-model, ardana-logging, ardana-monasca,
ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest,
ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached,
openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat,
openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron,
openstack-nova, openstack-octavia, openstack-octavia-amphora-image,
python-cinderclient, python-glanceclient, python-ironic-lib,
python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin,
python-novaclient, python-octaviaclient, python-openstackclient,
python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils,
python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud,
rubygem-crowbar-client, rubygem-puma, zookeeper contains the following fixes:
Security fixes for memcached:

  o CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() (bsc#
    1149110).
  o CVE-2019-11596: Fixed a denial of service when parsing crafted lru command
    messages in process_lru_comma() (bsc#1133817).


Security fixes for zookeeper:

  o CVE-2019-0201: Fixed a information disclosure vulnerability related to
    getACL() (bsc#1135773).


Changes in rubygem-crowbar-client:

  o Update to 3.9.2 - Enable SES commands in Cloud8 (SOC-11122)


Changes in rubygem-puma:

  o Add CVE-2020-5247.patch (bsc#1165402) "Fixes a problem where we were not
    splitting newlines in headers according to Rack spec" The patch is reduced
    compared to the upstream version, which was patching also the parts that
    are not implemented in our old Puma version. This applies to unit test as
    well.


Changes in ardana-ansible:

  o Update to version 9.0+git.1587034359.a12678b: * Include SLE 12 SP3 LTSS
    repos in list of managed repos (SOC-11223)


  o Update to version 9.0+git.1586793433.f7bbf1b: * Ensure rabbitmq-server not
    running during dist-upgrade (SOC-11083)


  o Update to version 9.0+git.1586521995.f709c73: * Upgrade packages before
    _osconfig-upgrade.yml (SOC-11149)


  o Update to version 9.0+git.1584135277.f4d488a: * Serialise the
    _ardana-update-base.yml zypper actions (SOC-11083)


  o Update to version 9.0+git.1583518616.d4eb33f: * Upgrade pre-checks in Cloud
    8 and Cloud 9 (SOC-10300)


Changes in ardana-barbican:

  o Update to version 9.0+git.1583953599.cd723bb: * monitor ardana-node-cert
    (SOC-10873)


Changes in ardana-cluster:

  o Update to version 9.0+git.1585653734.c1fe3b2: * Use bool filter to ensure
    valid boolean evaluation (SOC-11192)


Changes in ardana-db:

  o Update to version 9.0+git.1586543314.6b6aa20: * Improve boostrap error
    handling (SOC-11207)


  o Update to version 9.0+git.1583946648.0892bab: * monitor MySQL TLS
    certificate (SOC-10873)


  o Update to version 9.0+git.1583527362.d9e9436: * fix mysql output and root
    password update (SOC-11152)


Changes in ardana-designate:

  o Update to version 9.0+git.1583445435.4bd1793: * Designate zone/pool to
    worker/producer migration (SOC-10095)


Changes in ardana-input-model:

  o Update to version 9.0+git.1584632190.9541c56: * add port neutron security
    extension to CI models (SOC-11027)


Changes in ardana-logging:

  o Update to version 9.0+git.1585929695.f35b591: * Fix YAMLLoadWarning:
    calling yaml.load() without Loader (bsc#1168593)


Changes in ardana-monasca:

  o Update to version 9.0+git.1586769889.d43d736: * Retry systemctl status for
    auto-restarting services (SOC-11210)


  o Update to version 9.0+git.1583359379.b92a013: * Add certificate file check
    alarm (SOC-10873)


Changes in ardana-mq:

  o Update to version 9.0+git.1586350749.a463fd2: * Actually fail if sync HA
    queues retries exceeded (SOC-11083)


  o Update to version 9.0+git.1583428243.c1a72a8: * monitor RabbitMQ TLS
    certificate (SOC-10873)


Changes in ardana-neutron:

  o Update to version 9.0+git.1587667603.507fb50: * Add network.target "After"
    option (bsc#1169770)


  o Update to version 9.0+git.1584635234.e7e6b08: * Add symlink for
    neutron-fwaas.json.j2 (bsc#1166290)


Changes in ardana-octavia:

  o Update to version 9.0+git.1587486004.8e99c6b: * Perform Neutron to Octavia
    migrate (SOC-11207)


  o Update to version 9.0+git.1584737314.873b84c: * Reconfigure monitor if
    needed (SOC-10873)


  o Update to version 9.0+git.1584682274.4693189: * fix Octavia client cert
    redeploy (SOC-10873)


  o Update to version 9.0+git.1584392355.7368ea3: * monitor Octavia client
    certificate (SOC-10873)


Changes in ardana-osconfig:

  o Update to version 9.0+git.1586546715.dbd07ab: * Ensure ovs_user and
    ovs_group defined (SOC-11149)


Changes in ardana-tempest:

  o Update to version 9.0+git.1587398456.b31cc4a: * Revert: Remove blacklisted
    octavia test(SOC-11027)


  o Update to version 9.0+git.1586901636.089de51: * Manila: Skip additional
    manila tests due to Ardana policy (SOC-11211)


  o Update to version 9.0+git.1586875796.43d9039: * Remove blacklisted octavia
    test(SOC-11027)


  o Update to version 9.0+git.1586350084.01a56ee: * Manila: Skip
    ShareNetworksTest due to Ardana policy (SOC-11211)


  o Update to version 9.0+git.1585746746.8f38be7: * Remove deprecated neutron
    extension from tempest (bsc#1124708)


  o Update to version 9.0+git.1582537125.359622b: * Enable port-security
    feature in tempest(SOC-11027)


Changes in ardana-tls:

  o Update to version 9.0+git.1586301209.c9413b4: * Simplify VNC cert
    deployment (SOC-9742)


Changes in crowbar-core:

  o Update to version 6.0+git.1587558898.313bb9fd3: * upgrade: Restart nova
    services at the end of disruptive upgrade (SOC-11202)


  o Update to version 6.0+git.1586175344.480d46e76: * Revert: Add lb-mgmt-net
    to network.json (SOC-10904)


  o Update to version 6.0+git.1585339930.336361e4c: * Add lb-mgmt-net to
    network.json (SOC-10904)


  o Update to version 6.0+git.1585229942.1ddd6e742: * upgrade: Point to config
    dir instead of config file (SOC-11171) * upgrade: Do not call
    neutron-evacuate-lbaasv2-agent with use_crm (SOC-11171)


  o Update to version 6.0+git.1584974229.c5a263be6: * Update the default value
    of OS version (trivial) * Ignore CVE-2020-5267 in CI (bsc#1167240) * Ignore
    CVE-2020-10663 in CI (bsc#1167244) * upgrade: Remove the assignement of
    crowbar-upgrade role (SOC-11166)


  o Update to version 6.0+git.1584564132.03cfcb5d0: * Remove comment that's no
    longer relevant (trivial) * Move role_to_proposal method from model to
    controller (trivial) * upgrade: proper check for remote elements (trivial)
    * Remove FIXME proposals that won't be fixed (trivial) * Drop unused
    suggestion (trivial) * Drop obsolete code (trivial)


  o Update to version 6.0+git.1583841628.7a9cacf85: * Ignore CVE-2020-8130 in
    CI (bsc#1164804) * Ignore CVE-2020-5247 (bsc#1165402) * Ignore
    CVE-2020-7595 in CI (bsc#1161517) * ses: Make SES UI safe for unknown
    options (trivial) * ses: Use cinder user for nova (SOC-5269)


  o Update to version 6.0+git.1583502199.abec5c91e: * upgrade: Raise the
    timeout for nodes evacuation (trivial)


Changes in crowbar-ha:

  o Update to version 6.0+git.1586256059.e6f67e1: * Hide libvirt STONITH option
    from the UI (bsc#1084739)


  o Update to version 6.0+git.1585316150.ee52acc: * add ssl termination on
    haproxy (bsc#1149535)


Changes in crowbar-openstack:

  o Update to version 6.0+git.1587753188.da39e44a7: * tempest: retry openstack
    commands (SOC-11238)


  o Update to version 6.0+git.1587560956.475ebae91: * nova: Hide
    setup_shared_instance_storage (SOC-11225)


  o Update to version 6.0+git.1587110382.e00bbeeb8: * octavia: remove mgmt_net
    from UI (SOC-10904)


  o Update to version 6.0+git.1586351116.5977d44ce: * neutron: fix neutron cli
    to use internal endpoint (bsc#1168512)


  o Update to version 6.0+git.1586249148.97e221138: * neutron: don't add
    physnets for non-enabled networks (SOC-11204) * octavia: move management
    network creation to octavia barclamp (SOC-10904) * octavia: move amphora
    changes check to worker recipe * octavia: use octavia network for health
    monitors (SOC-10904) * octavia: rework emanagement network config
    (SOC-10904)


  o Update to version 6.0+git.1585653227.5004f0a1f: * Disable "OpenStack RC
    File (identity API v2)" in horizon (bsc#1163444)


  o Update to version 6.0+git.1585444839.ec56032ca: * Revert "Octavia: Hide UI
    until complete (SOC-10550)"


  o Update to version 6.0+git.1585282212.df338c7f6: * Add lb-mgmt-net for
    Octavia (SOC-10904)


  o Update to version 6.0+git.1585237884.e441a435b: * fix travis CI to handle
    reverted commits properly (SOC-11180)


  o Update to version 6.0+git.1585143832.fa2fd2714: * nova: Populate cinder SES
    settings early (SOC-11179)


  o Update to version 6.0+git.1585068621.f53f95864: * tempest: blacklist shelve
    tests when using RBD ephemeral (SOC-11176) * tempest: disable block
    migration when using RBD (SOC-11176)


  o Update to version 6.0+git.1584967542.06b4f7cda: * magnum: Populate SSL
    configuration (SOC-9849) * magnum: Add SSL support (SOC-9849)


  o Update to version 6.0+git.1584603207.1dc71c848: * nova: Drop redundant
    disk_cachemodes (trivial) * nova: Add option to disable ephemeral on ceph
    (SOC-5269)


  o Update to version 6.0+git.1584540693.0d3b72090: * keystone: fix keystone
    node lookup (SOC-11333, bsc#1164838) * keystone: Register SES RadosGW
    endpoints (SOC-5270) * heat: Increase heat_register syncmark timeout
    (SOC-11103) * heat: Simplify domain registration code (SOC-11103)


  o Update to version 6.0+git.1584437931.10aebd310: * nova: Setup CEPH secrets
    later (SOC-11141)


  o Update to version 6.0+git.1584347033.7472a6925: * nova: Enable ephemeral
    volumes on SES (SOC-5269)


Changes in memcached:

  o version update to 1.5.17 * bugfixes fix strncpy call in stats conns to
    avoid ASAN violation (bsc#1149110, CVE-2019-15026) extstore: fix
    indentation add error handling when calling dup function add unlock when
    item_cachedump malloc failed extstore: emulate pread(v) for macOS fix
    off-by-one in logger to allow CAS commands to be logged. use strdup for
    explicitly configured slab sizes move mem_requested from slabs.c to items.c
    (internal cleanup) * new features add server address to the "stats conns"
    output log client connection id with fetchers and mutations Add a handler
    for seccomp crashes
  o version update to 1.5.16 * bugfixes When nsuffix is 0 space for flags
    hasn't been allocated so don't memcpy them.
  o version update to 1.5.15 * bugfixes Speed up incr/decr by replacing
    snprintf. Use correct buffer size for internal URI encoding. change some
    links from http to https Fix small memory leak in testapp.c. free
    window_global in slab_automove_extstore.c remove inline_ascii_response
    option -Y [filename] for ascii authentication mode fix: idle-timeout wasn't
    compatible with binprot * features -Y [authfile] enables an authentication
    mode for ASCII protocol.
  o modified patches % memcached-autofoo.patch (refreshed)


  o version update to 1.5.14 * update -h output for -I (max item size) * fix
    segfault in "lru" command (bsc#1133817, CVE-2019-11596) * fix compile error
    on centos7 * extstore: error adjusting page_size after ext_path * extstore:
    fix segfault if page_count is too high. * close delete + incr item survival
    race bug * memcached-tool dump fix loss of exp value * Fix "qw" in
    "MemcachedTest.pm" so wait_ext_flush is exported properly * Experimental
    TLS support. * Basic implementation of TLS for memcached. * Improve Get And
    Touch documentation * fix INCR/DECR refcount leak for invalid items
  o modified patches % memcached-autofoo.patch (refreshed)


Changes in openstack-ceilometer:

  o Update to version ceilometer-11.1.1.dev5: * [stable-only] Cap stestr for
    python 2


  o Update to version ceilometer-11.1.1.dev3: 11.1.0 * Add availability\_zone
    attribute to gnocchi instance resources * Set instance\_type\_id in event
    traits to be a string * Fix name of option group removed in Rocky


Changes in openstack-ceilometer:

  o Update to version ceilometer-11.1.1.dev5: * [stable-only] Cap stestr for
    python 2


  o Update to version ceilometer-11.1.1.dev3: 11.1.0 * Add availability\_zone
    attribute to gnocchi instance resources * Set instance\_type\_id in event
    traits to be a string * Fix name of option group removed in Rocky


Changes in openstack-cinder:

  o Update to version cinder-13.0.10.dev9: * PowerMax Driver - Legacy volume
    not found * NEC driver: fix an undefined variable


  o Update to version cinder-13.0.10.dev6: * RBD: fix volume reference handling
    in clone logic


  o Update to version cinder-13.0.10.dev4: * [Unity] Fix TypeError for test
    case test\_delete\_host\_wo\_lock


  o Update to version cinder-13.0.10.dev3: * ChunkedBackupDriver: Freeing
    memory on restore


  o Update to version cinder-13.0.10.dev1: * Don't quote {posargs} in tox.ini
    13.0.9


Changes in openstack-cinder:

  o Update to version cinder-13.0.10.dev9: * PowerMax Driver - Legacy volume
    not found * NEC driver: fix an undefined variable


  o Update to version cinder-13.0.10.dev6: * RBD: fix volume reference handling
    in clone logic


  o Update to version cinder-13.0.10.dev4: * [Unity] Fix TypeError for test
    case test\_delete\_host\_wo\_lock


  o Update to version cinder-13.0.10.dev3: * ChunkedBackupDriver: Freeing
    memory on restore


  o Update to version cinder-13.0.10.dev1: * Don't quote {posargs} in tox.ini
    13.0.9


Changes in openstack-designate:

  o Update to version designate-7.0.1.dev25: * Clean up zone locking


Changes in openstack-designate:

  o Update to version designate-7.0.1.dev25: * Clean up zone locking


Changes in openstack-heat:

  o Update to version openstack-heat-11.0.3.dev35: * Ignore Not Found when
    deleting Keystone role assignment * Handle OS::Mistral::Workflow resource
    replacement properly


Changes in openstack-heat:

  o Update to version openstack-heat-11.0.3.dev35: * Ignore Not Found when
    deleting Keystone role assignment * Handle OS::Mistral::Workflow resource
    replacement properly


Changes in openstack-ironic:

  o Update to version ironic-11.1.5.dev3: * Make deploy step failure logging
    indicate the error 11.1.4


  o Update to version ironic-11.1.4.dev26: * Remove rocky grenade jobs * tell
    reno to ignore the kilo branch * [stable] consume virtualbmc from pip
    packages


Changes in openstack-ironic:

  o Update to version ironic-11.1.5.dev3: * Make deploy step failure logging
    indicate the error 11.1.4


  o Update to version ironic-11.1.4.dev26: * Remove rocky grenade jobs * tell
    reno to ignore the kilo branch * [stable] consume virtualbmc from pip
    packages


Changes in openstack-ironic-image:

  o Add haveged package (bsc#1137622) It is needed to ensure there's enough
    entroy available to perform the iSCSI operations.


Changes in openstack-manila:

  o Update to version manila-7.4.2.dev4: * Increase MANILA\_SERVICE\_VM\_FLAVOR
    \_DISK


  o Update to version manila-7.4.2.dev3: * If only .pyc exist, the extension
    API will be disabled


  o Update to version manila-7.4.2.dev2: * Enforce policy checks for share
    export locations


  o Update to version manila-7.4.2.dev1: * [stable-only] Pin
    neutron-tempest-plugin to 0.9.0 7.4.1


  o Update to version manila-7.4.1.dev2: * share\_networks: enable project\
    _only API only * Fix over-quota exception of snapshot creation 7.4.0


  o Update to version manila-7.4.1.dev1: * Fix over-quota exception of snapshot
    creation 7.4.0


Changes in openstack-manila:

  o Update to version manila-7.4.2.dev4: * Increase MANILA\_SERVICE\_VM\_FLAVOR
    \_DISK


  o Update to version manila-7.4.2.dev3: * If only .pyc exist, the extension
    API will be disabled


  o Update to version manila-7.4.2.dev2: * Enforce policy checks for share
    export locations


  o Update to version manila-7.4.2.dev1: * [stable-only] Pin
    neutron-tempest-plugin to 0.9.0 7.4.1


  o Rebased patches: + cve-2020-9543-stable-rocky.patch dropped (merged
    upstream)


  o Update to version manila-7.4.1.dev2: * share\_networks: enable project\
    _only API only * Fix over-quota exception of snapshot creation 7.4.0


Changes in openstack-neutron:

  o Update to version neutron-13.0.8.dev28: * Prioritize port create and update
    ready messages


  o Update to version neutron-13.0.8.dev26: * Support iproute2 4.15 in l3\_tc\
    _lib


  o Update to version neutron-13.0.8.dev24: * Add trunk subports to be one of
    dvr serviced device owners


  o Update to version neutron-13.0.8.dev22: * Filter by owner SGs when
    retrieving the SG rules * Delay HA router transition from "backup" to
    "master" * Increase waiting time for network rescheduling * Check dnsmasq
    process is active when spawned * Wait before deleting trunk bridges for
    DPDK vhu * [DVR] Don't populate unbound ports in router's ARP cache *
    Optimize DVR related port DB query


  o Update to version neutron-13.0.8.dev9: * Add bulk IP address assignment to
    ipam driver


  o Update to version neutron-13.0.8.dev7: * Add accepted egress direct flow


  o Update to version neutron-13.0.8.dev6: * Add VLAN type conntrack direct
    flow


  o Update to version neutron-13.0.8.dev4: * Use rally-openstack 1.7.0 for
    stable/rocky


  o Update to version neutron-13.0.8.dev3: * Remove extra header fields in
    proxied metadata requests * Ensure that default SG exists during list of SG
    rules API call 13.0.7


Changes in openstack-neutron:

  o Update to version neutron-13.0.8.dev28: * Prioritize port create and update
    ready messages


  o Update to version neutron-13.0.8.dev26: * Support iproute2 4.15 in l3\_tc\
    _lib


  o Update to version neutron-13.0.8.dev24: * Add trunk subports to be one of
    dvr serviced device owners


  o Update to version neutron-13.0.8.dev22: * Filter by owner SGs when
    retrieving the SG rules * Delay HA router transition from "backup" to
    "master" * Increase waiting time for network rescheduling * Check dnsmasq
    process is active when spawned * Wait before deleting trunk bridges for
    DPDK vhu * [DVR] Don't populate unbound ports in router's ARP cache *
    Optimize DVR related port DB query


  o Update to version neutron-13.0.8.dev9: * Add bulk IP address assignment to
    ipam driver


  o Update to version neutron-13.0.8.dev7: * Add accepted egress direct flow


  o Update to version neutron-13.0.8.dev6: * Add VLAN type conntrack direct
    flow


  o Update to version neutron-13.0.8.dev4: * Use rally-openstack 1.7.0 for
    stable/rocky


  o Update to version neutron-13.0.8.dev3: * Remove extra header fields in
    proxied metadata requests * Ensure that default SG exists during list of SG
    rules API call 13.0.7


Changes in openstack-nova:

  o Update to version nova-18.3.1.dev17: * Unplug VIFs as part of cleanup of
    networks


  o Update to version nova-18.3.1.dev16: * Functional test for
    UnexpectedDeletingTaskStateError


  o Update to version nova-18.3.1.dev15: * nova-live-migration: Wait for n-cpu
    services to come up after configuring Ceph * Replace ansible --sudo with
    --become in live\_migration/hooks scripts


  o Update to version nova-18.3.1.dev11: * Fix os-keypairs pagination links


  o Update to version nova-18.3.1.dev9: * Enhance service restart in functional
    env * Fix hypervisors paginted collection\_name * Avoid circular reference
    during serialization


  o Update to version nova-18.3.1.dev4: * Remove global state from the
    FakeDriver


  o Update to version nova-18.3.1.dev3: * Add retry\_on\_deadlock to migration\
    _update DB API * libvirt: Ignore DiskNotFound during update\_available\
    _resource 18.3.0


Changes in openstack-nova:

  o Update to version nova-18.3.1.dev17: * Unplug VIFs as part of cleanup of
    networks


  o Update to version nova-18.3.1.dev16: * Functional test for
    UnexpectedDeletingTaskStateError


  o Update to version nova-18.3.1.dev15: * nova-live-migration: Wait for n-cpu
    services to come up after configuring Ceph * Replace ansible --sudo with
    --become in live\_migration/hooks scripts


  o Update to version nova-18.3.1.dev11: * Fix os-keypairs pagination links


  o Update to version nova-18.3.1.dev9: * Enhance service restart in functional
    env * Fix hypervisors paginted collection\_name * Avoid circular reference
    during serialization


  o Update to version nova-18.3.1.dev4: * Remove global state from the
    FakeDriver


  o Update to version nova-18.3.1.dev3: * Add retry\_on\_deadlock to migration\
    _update DB API * libvirt: Ignore DiskNotFound during update\_available\
    _resource 18.3.0


Changes in openstack-octavia:

  o Update to version octavia-3.2.3.dev2: * Pick stale amphora randomly


  o Update to version octavia-3.2.3.dev1: * Remove the barbican "Grant access"
    from cookbook 3.2.2


  o Add patch 0001-HTTPS-HMs-need-the-same-validation-path-as-HTTP.patch (bsc#
    1165723) https://review.opendev.org/#/c/710161/ Change-Id:
    I2fd51664336dca51f134b3fccd3e8c936b809839


Changes in openstack-octavia-amphora-image:

  o Update image to 0.1.3 to include latest changes


Changes in python-cinderclient:

  o update to version 4.0.3 - Add missed 'Server ID' output in attachment-list


Changes in python-glanceclient:

  o update to version 2.13.2 - OpenDev Migration Patch


Changes in python-ironic-lib:

  o update to version 2.14.3 - Use last digit to determine paritition naming
    scheme - Erase expected GPT locations in metadata wipe - Rescan after
    making partition changes


Changes in python-ironicclient:

  o update to version 2.5.4 - fix session cert arguments


Changes in python-keystonemiddleware:

  o update to version 5.2.2 - Make tests pass in 2022 - Make sure audit
    middleware use own context


Changes in python-manila-tempest-plugin:

  o added 0002-Fix-export-locations-tests.patch


Changes in python-novaclient:

  o update to version 11.0.1 - Add test for console-log and docs for bug
    1746534 - Use SHA256 instead of MD5 in completion cache - Improve the
    description of optional arguments - Revert "Fix crashing console-log" - Fix
    up userdata argument to rebuild. - OpenDev Migration Patch - Stop silently
    ignoring invalid 'nova boot --hint' options - Add missing options in CLI
    reference - import zuul job settings from project-config - Update
    .gitreview for stable/rocky - Replace openstack.org git:// URLs with https:
    // - Update UPPER_CONSTRAINTS_FILE for stable/rocky - Follow up "Fix up
    userdata argument to rebuild"


Changes in python-octaviaclient:

  o update to version 1.6.2 - Fix long CLI error messages - Update tox.ini for
    new upper constraints strategy


Changes in python-openstackclient:

  o update to version 3.16.3 - Fix bug in endpoint group deletion - OpenDev
    Migration Patch - Fix: Restore output 'VolumeBackupsRestore' object is not
    iterable - Stable branch combination fix - Add --name-lookup-one-by-one
    option to server list - Fix BFV server list handling with
    --name-lookup-one-by-one - Fix compute service set handling for 2.53+ -
    Don't display router's is_ha and is_distributed attributes always -
    Document 2.53 behavior for compute service list/delete - Remove str() when
    setting network objects names


Changes in python-os-brick:

  o update to version 2.5.10 - Check path alive before get scsi wwn - Skip
    cryptsetup password quality checking - iscsi: Add _get_device_link retry
    when waiting for /dev/disk/by-id/ to populate - linuxscsi: Stop waiting for
    multipath devices during extend_volume - Handle None value
    'inititator_target_map' - Fix FC scan too broad - Ignore pep8 W503/W504


Changes in python-oslo.config:

  o update to version 6.4.2 - Use constraints when building docs - Ensure
    option groups don't change during logging - OpenDev Migration Patch


Changes in python-oslo.rootwrap:

  o update to version 5.14.2 - Run rootwrap with lower fd ulimit by default -
    Update UPPER_CONSTRAINTS_FILE for stable/rocky - import zuul job settings
    from project-config - Update .gitreview for stable/rocky - OpenDev
    Migration Patch


Changes in python-oslo.utils:

  o update to version 3.36.5 - import zuul job settings from project-config -
    Update UPPER_CONSTRAINTS_FILE for stable/rocky - Make mask_dict_password
    case insensitive and add new patterns - Update .gitreview for stable/rocky
    - OpenDev Migration Patch - Make mask_password case insensitive, and add
    new patterns - Mask encryption_key_id


Changes in python-swiftclient:

  o update to version 3.6.1 - OpenDev Migration Patch - Fix SLO re-upload -
    Update .gitreview for stable/rocky - Changelog for 3.6.1 - import zuul job
    settings from project-config - Fix up stable gate - Use Swift's in-tree
    DSVM test


Changes in python-watcherclient:

  o update to version 2.1.1 - Update .gitreview for stable/rocky - OpenDev
    Migration Patch - Update UPPER_CONSTRAINTS_FILE for stable/rocky - import
    zuul job settings from project-config - Replace openstack.org git:// URLs
    with https:// - fix watcher actionplan show command


Changes in release-notes-suse-openstack-cloud:

  o Update to version 9.20200319: * Update release notes to indicate Designate
    support has shipped


Changes in zookeeper:

  o Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch This applies the
    patch for ZOOKEEPER-1392 to resolve CVE-2019-0201 Should not allow to read
    ACL when not authorized to read node (bsc#1135773)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 9:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1190=1
  o SUSE OpenStack Cloud 9:
    zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1190=1

Package List:

  o SUSE OpenStack Cloud Crowbar 9 (x86_64):
       crowbar-core-6.0+git.1587558898.313bb9fd3-3.22.2
       crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22.2
       memcached-1.5.17-3.3.1
       memcached-debuginfo-1.5.17-3.3.1
       memcached-debugsource-1.5.17-3.3.1
       ruby2.1-rubygem-crowbar-client-3.9.2-3.6.1
       ruby2.1-rubygem-puma-2.16.0-4.6.1
       ruby2.1-rubygem-puma-debuginfo-2.16.0-4.6.1
       rubygem-puma-debugsource-2.16.0-4.6.1
  o SUSE OpenStack Cloud Crowbar 9 (noarch):
       crowbar-ha-6.0+git.1586256059.e6f67e1-3.16.1
       crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22.1
       openstack-ceilometer-11.1.1~dev5-3.13.2
       openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2
       openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2
       openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2
       openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2
       openstack-ceilometer-polling-11.1.1~dev5-3.13.2
       openstack-cinder-13.0.10~dev9-3.19.1
       openstack-cinder-api-13.0.10~dev9-3.19.1
       openstack-cinder-backup-13.0.10~dev9-3.19.1
       openstack-cinder-scheduler-13.0.10~dev9-3.19.1
       openstack-cinder-volume-13.0.10~dev9-3.19.1
       openstack-designate-7.0.1~dev25-3.16.2
       openstack-designate-agent-7.0.1~dev25-3.16.2
       openstack-designate-api-7.0.1~dev25-3.16.2
       openstack-designate-central-7.0.1~dev25-3.16.2
       openstack-designate-producer-7.0.1~dev25-3.16.2
       openstack-designate-sink-7.0.1~dev25-3.16.2
       openstack-designate-worker-7.0.1~dev25-3.16.2
       openstack-heat-11.0.3~dev35-3.16.1
       openstack-heat-api-11.0.3~dev35-3.16.1
       openstack-heat-api-cfn-11.0.3~dev35-3.16.1
       openstack-heat-engine-11.0.3~dev35-3.16.1
       openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1
       openstack-ironic-11.1.5~dev3-3.16.1
       openstack-ironic-api-11.1.5~dev3-3.16.1
       openstack-ironic-conductor-11.1.5~dev3-3.16.1
       openstack-ironic-image-debugsource-9.0.0-3.6.1
       openstack-ironic-image-x86_64-9.0.0-3.6.1
       openstack-manila-7.4.2~dev4-4.21.1
       openstack-manila-api-7.4.2~dev4-4.21.1
       openstack-manila-data-7.4.2~dev4-4.21.1
       openstack-manila-scheduler-7.4.2~dev4-4.21.1
       openstack-manila-share-7.4.2~dev4-4.21.1
       openstack-neutron-13.0.8~dev28-3.22.1
       openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1
       openstack-neutron-ha-tool-13.0.8~dev28-3.22.1
       openstack-neutron-l3-agent-13.0.8~dev28-3.22.1
       openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1
       openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1
       openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1
       openstack-neutron-metering-agent-13.0.8~dev28-3.22.1
       openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1
       openstack-neutron-server-13.0.8~dev28-3.22.1
       openstack-nova-18.3.1~dev17-3.22.1
       openstack-nova-api-18.3.1~dev17-3.22.1
       openstack-nova-cells-18.3.1~dev17-3.22.1
       openstack-nova-compute-18.3.1~dev17-3.22.1
       openstack-nova-conductor-18.3.1~dev17-3.22.1
       openstack-nova-console-18.3.1~dev17-3.22.1
       openstack-nova-novncproxy-18.3.1~dev17-3.22.1
       openstack-nova-placement-api-18.3.1~dev17-3.22.1
       openstack-nova-scheduler-18.3.1~dev17-3.22.1
       openstack-nova-serialproxy-18.3.1~dev17-3.22.1
       openstack-nova-vncproxy-18.3.1~dev17-3.22.1
       openstack-octavia-3.2.3~dev2-3.22.1
       openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1
       openstack-octavia-amphora-image-debugsource-0.1.3-7.9.2
       openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2
       openstack-octavia-api-3.2.3~dev2-3.22.1
       openstack-octavia-health-manager-3.2.3~dev2-3.22.1
       openstack-octavia-housekeeping-3.2.3~dev2-3.22.1
       openstack-octavia-worker-3.2.3~dev2-3.22.1
       python-ceilometer-11.1.1~dev5-3.13.2
       python-cinder-13.0.10~dev9-3.19.1
       python-cinderclient-4.0.3-3.6.2
       python-cinderclient-doc-4.0.3-3.6.2
       python-designate-7.0.1~dev25-3.16.2
       python-glanceclient-2.13.2-3.3.2
       python-glanceclient-doc-2.13.2-3.3.2
       python-heat-11.0.3~dev35-3.16.1
       python-ironic-11.1.5~dev3-3.16.1
       python-ironic-lib-2.14.3-3.6.1
       python-ironicclient-2.5.4-4.10.1
       python-ironicclient-doc-2.5.4-4.10.1
       python-keystonemiddleware-5.2.2-17.1
       python-manila-7.4.2~dev4-4.21.1
       python-manila-tempest-plugin-0.1.0-3.6.1
       python-neutron-13.0.8~dev28-3.22.1
       python-nova-18.3.1~dev17-3.22.1
       python-novaclient-11.0.1-3.3.1
       python-novaclient-doc-11.0.1-3.3.1
       python-octavia-3.2.3~dev2-3.22.1
       python-octaviaclient-1.6.2-3.6.1
       python-openstackclient-3.16.3-11.1
       python-os-brick-2.5.10-3.9.2
       python-os-brick-common-2.5.10-3.9.2
       python-oslo.config-6.4.2-3.3.1
       python-oslo.config-doc-6.4.2-3.3.1
       python-oslo.rootwrap-5.14.2-3.3.1
       python-oslo.utils-3.36.5-3.3.1
       python-swiftclient-3.6.1-3.3.1
       python-swiftclient-doc-3.6.1-3.3.1
       python-watcherclient-2.1.1-3.3.1
       release-notes-suse-openstack-cloud-9.20200319-3.18.1
       zookeeper-server-3.4.13-3.3.1
  o SUSE OpenStack Cloud 9 (noarch):
       ardana-ansible-9.0+git.1587034359.a12678b-3.19.1
       ardana-barbican-9.0+git.1583953599.cd723bb-3.10.1
       ardana-cluster-9.0+git.1585653734.c1fe3b2-3.13.1
       ardana-db-9.0+git.1586543314.6b6aa20-3.19.1
       ardana-designate-9.0+git.1583445435.4bd1793-3.10.1
       ardana-input-model-9.0+git.1584632190.9541c56-3.16.1
       ardana-logging-9.0+git.1585929695.f35b591-3.10.1
       ardana-monasca-9.0+git.1586769889.d43d736-3.16.1
       ardana-mq-9.0+git.1586350749.a463fd2-3.13.1
       ardana-neutron-9.0+git.1587667603.507fb50-3.19.1
       ardana-octavia-9.0+git.1587486004.8e99c6b-3.16.1
       ardana-osconfig-9.0+git.1586546715.dbd07ab-3.16.1
       ardana-tempest-9.0+git.1587398456.b31cc4a-3.13.1
       ardana-tls-9.0+git.1586301209.c9413b4-3.12.1
       openstack-ceilometer-11.1.1~dev5-3.13.2
       openstack-ceilometer-agent-central-11.1.1~dev5-3.13.2
       openstack-ceilometer-agent-compute-11.1.1~dev5-3.13.2
       openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13.2
       openstack-ceilometer-agent-notification-11.1.1~dev5-3.13.2
       openstack-ceilometer-polling-11.1.1~dev5-3.13.2
       openstack-cinder-13.0.10~dev9-3.19.1
       openstack-cinder-api-13.0.10~dev9-3.19.1
       openstack-cinder-backup-13.0.10~dev9-3.19.1
       openstack-cinder-scheduler-13.0.10~dev9-3.19.1
       openstack-cinder-volume-13.0.10~dev9-3.19.1
       openstack-designate-7.0.1~dev25-3.16.2
       openstack-designate-agent-7.0.1~dev25-3.16.2
       openstack-designate-api-7.0.1~dev25-3.16.2
       openstack-designate-central-7.0.1~dev25-3.16.2
       openstack-designate-producer-7.0.1~dev25-3.16.2
       openstack-designate-sink-7.0.1~dev25-3.16.2
       openstack-designate-worker-7.0.1~dev25-3.16.2
       openstack-heat-11.0.3~dev35-3.16.1
       openstack-heat-api-11.0.3~dev35-3.16.1
       openstack-heat-api-cfn-11.0.3~dev35-3.16.1
       openstack-heat-engine-11.0.3~dev35-3.16.1
       openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16.1
       openstack-ironic-11.1.5~dev3-3.16.1
       openstack-ironic-api-11.1.5~dev3-3.16.1
       openstack-ironic-conductor-11.1.5~dev3-3.16.1
       openstack-ironic-image-debugsource-9.0.0-3.6.1
       openstack-ironic-image-x86_64-9.0.0-3.6.1
       openstack-manila-7.4.2~dev4-4.21.1
       openstack-manila-api-7.4.2~dev4-4.21.1
       openstack-manila-data-7.4.2~dev4-4.21.1
       openstack-manila-scheduler-7.4.2~dev4-4.21.1
       openstack-manila-share-7.4.2~dev4-4.21.1
       openstack-neutron-13.0.8~dev28-3.22.1
       openstack-neutron-dhcp-agent-13.0.8~dev28-3.22.1
       openstack-neutron-ha-tool-13.0.8~dev28-3.22.1
       openstack-neutron-l3-agent-13.0.8~dev28-3.22.1
       openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22.1
       openstack-neutron-macvtap-agent-13.0.8~dev28-3.22.1
       openstack-neutron-metadata-agent-13.0.8~dev28-3.22.1
       openstack-neutron-metering-agent-13.0.8~dev28-3.22.1
       openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22.1
       openstack-neutron-server-13.0.8~dev28-3.22.1
       openstack-nova-18.3.1~dev17-3.22.1
       openstack-nova-api-18.3.1~dev17-3.22.1
       openstack-nova-cells-18.3.1~dev17-3.22.1
       openstack-nova-compute-18.3.1~dev17-3.22.1
       openstack-nova-conductor-18.3.1~dev17-3.22.1
       openstack-nova-console-18.3.1~dev17-3.22.1
       openstack-nova-novncproxy-18.3.1~dev17-3.22.1
       openstack-nova-placement-api-18.3.1~dev17-3.22.1
       openstack-nova-scheduler-18.3.1~dev17-3.22.1
       openstack-nova-serialproxy-18.3.1~dev17-3.22.1
       openstack-nova-vncproxy-18.3.1~dev17-3.22.1
       openstack-octavia-3.2.3~dev2-3.22.1
       openstack-octavia-amphora-agent-3.2.3~dev2-3.22.1
       openstack-octavia-amphora-image-debugsource-0.1.3-7.9.2
       openstack-octavia-amphora-image-x86_64-0.1.3-7.9.2
       openstack-octavia-api-3.2.3~dev2-3.22.1
       openstack-octavia-health-manager-3.2.3~dev2-3.22.1
       openstack-octavia-housekeeping-3.2.3~dev2-3.22.1
       openstack-octavia-worker-3.2.3~dev2-3.22.1
       python-ceilometer-11.1.1~dev5-3.13.2
       python-cinder-13.0.10~dev9-3.19.1
       python-cinderclient-4.0.3-3.6.2
       python-cinderclient-doc-4.0.3-3.6.2
       python-designate-7.0.1~dev25-3.16.2
       python-glanceclient-2.13.2-3.3.2
       python-glanceclient-doc-2.13.2-3.3.2
       python-heat-11.0.3~dev35-3.16.1
       python-ironic-11.1.5~dev3-3.16.1
       python-ironic-lib-2.14.3-3.6.1
       python-ironicclient-2.5.4-4.10.1
       python-ironicclient-doc-2.5.4-4.10.1
       python-keystonemiddleware-5.2.2-17.1
       python-manila-7.4.2~dev4-4.21.1
       python-manila-tempest-plugin-0.1.0-3.6.1
       python-neutron-13.0.8~dev28-3.22.1
       python-nova-18.3.1~dev17-3.22.1
       python-novaclient-11.0.1-3.3.1
       python-novaclient-doc-11.0.1-3.3.1
       python-octavia-3.2.3~dev2-3.22.1
       python-octaviaclient-1.6.2-3.6.1
       python-openstackclient-3.16.3-11.1
       python-os-brick-2.5.10-3.9.2
       python-os-brick-common-2.5.10-3.9.2
       python-oslo.config-6.4.2-3.3.1
       python-oslo.config-doc-6.4.2-3.3.1
       python-oslo.rootwrap-5.14.2-3.3.1
       python-oslo.utils-3.36.5-3.3.1
       python-swiftclient-3.6.1-3.3.1
       python-swiftclient-doc-3.6.1-3.3.1
       python-watcherclient-2.1.1-3.3.1
       release-notes-suse-openstack-cloud-9.20200319-3.18.1
       venv-openstack-barbican-x86_64-7.0.1~dev24-3.17.1
       venv-openstack-cinder-x86_64-13.0.10~dev9-3.17.1
       venv-openstack-designate-x86_64-7.0.1~dev25-3.17.1
       venv-openstack-glance-x86_64-17.0.1~dev30-3.15.1
       venv-openstack-heat-x86_64-11.0.3~dev35-3.17.1
       venv-openstack-horizon-x86_64-14.1.1~dev1-4.16.1
       venv-openstack-ironic-x86_64-11.1.5~dev3-4.13.1
       venv-openstack-keystone-x86_64-14.1.1~dev36-3.17.1
       venv-openstack-magnum-x86_64-7.2.1~dev1-4.17.1
       venv-openstack-manila-x86_64-7.4.2~dev4-3.19.1
       venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.17.1
       venv-openstack-monasca-x86_64-2.7.1~dev10-3.15.1
       venv-openstack-neutron-x86_64-13.0.8~dev28-6.17.1
       venv-openstack-nova-x86_64-18.3.1~dev17-3.17.1
       venv-openstack-octavia-x86_64-3.2.3~dev2-4.17.1
       venv-openstack-sahara-x86_64-9.0.2~dev15-3.17.1
       venv-openstack-swift-x86_64-2.19.2~dev48-2.12.1
       zookeeper-server-3.4.13-3.3.1
  o SUSE OpenStack Cloud 9 (x86_64):
       memcached-1.5.17-3.3.1
       memcached-debuginfo-1.5.17-3.3.1
       memcached-debugsource-1.5.17-3.3.1


References:

  o https://www.suse.com/security/cve/CVE-2019-0201.html
  o https://www.suse.com/security/cve/CVE-2019-11596.html
  o https://www.suse.com/security/cve/CVE-2019-15026.html
  o https://www.suse.com/security/cve/CVE-2020-5247.html
  o https://www.suse.com/security/cve/CVE-2020-9543.html
  o https://bugzilla.suse.com/1084739
  o https://bugzilla.suse.com/1124708
  o https://bugzilla.suse.com/1133817
  o https://bugzilla.suse.com/1135773
  o https://bugzilla.suse.com/1137622
  o https://bugzilla.suse.com/1149110
  o https://bugzilla.suse.com/1149535
  o https://bugzilla.suse.com/1163444
  o https://bugzilla.suse.com/1164838
  o https://bugzilla.suse.com/1165402
  o https://bugzilla.suse.com/1165723
  o https://bugzilla.suse.com/1166290
  o https://bugzilla.suse.com/1168512
  o https://bugzilla.suse.com/1168593
  o https://bugzilla.suse.com/1169770

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXrjOK2aOgq3Tt24GAQhWiA/6AzeD1BdXMLdRWy8R3bCAQnlGGnKjGWWH
BeX9eckcquzoTLnYnoRsT5LQyqL9lssnRoH0sUKCUc4HRL7VUzt1BPnG6YjWS4J5
roma9Y8gDJK8dwFNWQhZmJhFLM2bkvNW0QRHXUP6C9xzT2/CnIUHx1HARmW4ZNVI
A7fgotwUSMx3bZ0khzxE/k7+H+Bo90ootSPVdWQmPCWUnamFfFS9A4GYX4GzlD81
lVmGx8zzX9KaIeq3lg9zIUqgXqpcuoMopk+4D9567PV7vERvwUj9cnUxJtPB3ytv
8TjM0h/P3S1/8OuOKsYexFdzUOPwV+VbpA9g9KacAVtPXMRxn+ve8z3i6g8WRh6K
n1IHPw5yiMtSl8B2BmZ9cPIdH2D/cgXqrL7LgKykfArXCHjcImMx3SAL6qV1RzM0
MZ7TFsYF2+1EecYsNNXBHe7khZa/8NJ84QA5YRUVfFyVTcB00ALfj+QVxJB5a2gy
k9Co7/90ip8t5g5j/E1FVKnQ+KMo29h+qhKZsAdxnWFuGRzs+bP4+T/fiBOAtDzb
9Dw5KGxuE6/6xQwo8jEJ+1FmMeFxh/iGpVWfDyD7i4KPJNMzucpi7tVQFOhwIBj1
yRkJtxCmzMM2u/kfY6mqmcS+L3+uYKlAlpsn53182mvIBqVZW5NB5EOg2zC/Op9j
Yn+M2pzkpLM=
=jNdM
-----END PGP SIGNATURE-----