Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2190 VMSA-2020-0015 - VMware ESXi, Workstation, and Fusion vulnerability updates 24 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware ESXi VMware Workstation VMware Fusion VMware Cloud Foundation Publisher: VMWare Operating System: VMware ESX Server Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-3971 CVE-2020-3970 CVE-2020-3969 CVE-2020-3968 CVE-2020-3967 CVE-2020-3966 CVE-2020-3965 CVE-2020-3964 CVE-2020-3963 CVE-2020-3962 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2020-0015.html Comment: This advisory references vulnerabilities in products which run on platforms other than VMWare. It is recommended that administrators running check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- Advisory ID: VMSA-2020-0015 CVSSv3 Range: 4.0 - 9.3 Issue Date: 2020-06-23 Updated On: 2020-06-23 (Initial Advisory) CVE(s): CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971) 1. Impacted Products o VMware ESXi o VMware Workstation Pro / Player (Workstation) o VMware Fusion Pro / Fusion (Fusion) o VMware Cloud Foundation 2. Introduction Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products as well as workarounds. 3a. Use-after-free vulnerability in SVGA device (CVE-2020-3962) Description VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in the SVGA device. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3. Known Attack Vectors A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Resolution To remediate CVE-2020-3962 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2020-3962 have been been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements VMware would like to thank Corentin Bayet (@OnlyTheDuck) and Bruno Pujos (@BrunoPujos) from Synacktiv (@Synacktiv) working with Trend Micro's Zero Day Initiative for reporting this issue to us. Notes [1] 3D graphics are not enabled by default on ESXi. [2] 3D graphics are enabled by default on Workstation and Fusion. 3b. Off-by-one heap-overflow vulnerability in SVGA device (CVE-2020-3969) Description VMware ESXi, Workstation and Fusion contain an off-by-one heap-overflow vulnerability in the SVGA device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1. Known Attack Vectors A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. Resolution To remediate CVE-2020-3969 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2020-3969 have been been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements VMware would like to thank Corentin Bayet (@OnlyTheDuck) and Bruno Pujos (@BrunoPujos) from Synacktiv (@Synacktiv) working with Trend Micro's Zero Day Initiative for reporting this issue to us. Notes [1] 3D graphics are not enabled by default on ESXi. [2] 3D graphics are enabled by default on Workstation and Fusion. [3] CVE-2020-3969 does not affect the ESXi 6.7 or 6.5 release lines. 3c. Out-of-bound read issue in Shader Functionality (CVE-2020-3970) Description VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in the Shader functionality. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.0. Known Attack Vectors A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition. Resolution To remediate CVE-2020-3970 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2020-3970 have been been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements VMware would like to thank Wei Lei and anhdaden of STAR Labs working with Trend Micro Zero Day Initiative for reporting this issue to us. Notes [1] 3D graphics are not enabled by default on ESXi. [2] 3D graphics are enabled by default on Workstation and Fusion. Response Matrix - 3a, 3b, 3c Product Version Running CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional On Documentation CVE-2020-3962, ESXi[1] 7.0 Any CVE-2020-3969, 9.3 critical ESXi_7.0.0-1.20.16321839 See Item 34 None CVE-2020-3970 CVE-2020-3962, ESXi[1] 6.7 Any [3] 9.3 critical ESXi670-202004101-SG See Item 34 None CVE-2020-3969, CVE-2020-3970 CVE-2020-3962, ESXi[1] 6.5 Any [3] 9.3 critical ESXi650-202005401-SG See Item 34 None CVE-2020-3969, CVE-2020-3970 CVE-2020-3962, Fusion[2] 11.x Any CVE-2020-3969, 9.3 critical 11.5.5 KB59146 None CVE-2020-3970 Workstation CVE-2020-3962, [2] 15.x Any CVE-2020-3969, 9.3 critical 15.5.5 KB59146 None CVE-2020-3970 VMware CVE-2020-3962, Cloud 4.x Any CVE-2020-3969, 9.3 critical Release Pending (4.0.1) See Item 34 None Foundation CVE-2020-3970 VMware CVE-2020-3962, Cloud 3.x Any [3] 9.3 critical 3.10 See Item 34 None Foundation CVE-2020-3969 CVE-2020-3970 3d. Heap-overflow issue in EHCI controller (CVE-2020-3967) Description VMware ESXi, Workstation and Fusion contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1. Known Attack Vectors A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. Resolution To remediate CVE-2020-3967 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2020-3967 have been been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements VMware would like to thank Reno Robert working with Trend Micro Zero Day Initiative for reporting this issue to us. Notes None. 3e. Out-of-bounds write vulnerability in xHCI controller (CVE-2020-3968) Description VMware ESXi, Workstation and Fusion contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1. Known Attack Vectors A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. Resolution To remediate CVE-2020-3968 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2020-3968 have been been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements VMware would like to thank Reno Robert working with Trend Micro Zero Day Initiative for reporting this issue to us. Notes None. Response Matrix - 3d, 3e Product Version Running CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional On Documentation ESXi 7.0 Any CVE-2020-3967, 8.1 important ESXi_7.0.0-1.20.16321839 Remove USB None CVE-2020-3968 Controller ESXi 6.7 Any CVE-2020-3967, 8.1 important ESXi670-202004101-SG Remove USB None CVE-2020-3968 Controller ESXi 6.5 Any CVE-2020-3967, 8.1 important ESXi650-202005401-SG Remove USB None CVE-2020-3968 Controller Fusion 11.x Any CVE-2020-3967, 8.1 important 11.5.5 Remove USB None CVE-2020-3968 Controller Workstation 15.x Any CVE-2020-3967, 8.1 important 15.5.5 Remove USB None CVE-2020-3968 Controller VMware CVE-2020-3967, Remove USB Cloud 4.x Any CVE-2020-3968 8.1 important Release Pending (4.0.1) Controller None. Foundation VMware CVE-2020-3967, Remove USB Cloud 3.x Any CVE-2020-3968 8.1 important 3.10 Controller None Foundation 3f. Heap-overflow due to race condition in EHCI controller (CVE-2020-3966) Description VMware ESXi, Workstation and Fusion contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1. Known Attack Vectors A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. Resolution To remediate CVE-2020-3966 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2020-3966 have been been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements VMware would like to thank Reno Robert working with Trend Micro Zero Day Initiative for reporting this issue to us. Notes None. Response Matrix - 3f Product Version Running CVE CVSSv3 Severity Fixed Version Workarounds Additional On Identifier Documentation ESXi 7.0 Any CVE-2020-3966 8.1 important ESXi_7.0.0-1.20.16321839 Remove USB None Controller ESXi 6.7 Any CVE-2020-3966 8.1 important ESXi670-202004101-SG Remove USB None Controller ESXi 6.5 Any CVE-2020-3966 8.1 important ESXi650-202005401-SG Remove USB None Controller Fusion 11.x Any CVE-2020-3966 8.1 important 11.5.2 Remove USB None Controller Workstation 15.x Any CVE-2020-3966 8.1 important 15.5.2 Remove USB None Controller VMware Remove USB Cloud 4.x Any CVE-2020-3966 8.1 important Release Pending (4.0.1) Controller None Foundation VMware Remove USB Cloud 3.x Any CVE-2020-3966 8.1 important 3.10 Controller None Foundation 3g. Information leak in the XHCI USB controller (CVE-2020-3965) Description VMware ESXi, Workstation and Fusion contain an information leak in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1. Known Attack Vectors A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. Resolution To remediate CVE-2020-3965 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2020-3965 have been been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements VMware would like to thank Cfir Cohen of Google Cloud security for reporting this issue to us. Notes None. 3h. Information Leak in the EHCI USB controller (CVE-2020-3964) Description VMware ESXi, Workstation and Fusion contain an information leak in the EHCI USB controller. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 5.9. Known Attack Vectors A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. Resolution To remediate CVE-2020-3964 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds Workarounds for CVE-2020-3964 have been been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements VMware would like to thank Cfir Cohen of Google Cloud security for reporting this issue to us. Notes None. 3i. Use-after-free vulnerability in PVNVRAM (CVE-2020-3963) Description VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in PVNVRAM. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9. Known Attack Vectors A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. Resolution To remediate CVE-2020-3963 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Acknowledgements VMware would like to thank Cfir Cohen of Google Cloud security for reporting this issue to us. Notes [4]The workarounds documented in the Response Matrix below are not applicable to CVE-2020-3963. Response Matrix - 3g, 3h, 3i Product Version Running CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional On Documentation CVE-2020-3965, [4]Remove ESXi 7.0 Any CVE-2020-3963, 7.1 important ESXi_7.0.0-1.20.16321839 USB None CVE-2020-3964 Controller CVE-2020-3965, [4]Remove ESXi 6.7 Any CVE-2020-3963, 7.1 important ESXi670-202006401-SG USB None CVE-2020-3964 Controller CVE-2020-3965, [4]Remove ESXi 6.5 Any CVE-2020-3963, 7.1 important ESXi650-202005401-SG USB None CVE-2020-3964 Controller CVE-2020-3965, [4]Remove Fusion 11.x Any CVE-2020-3963, 7.1 important 11.5.2 USB None CVE-2020-3964 Controller CVE-2020-3965, [4]Remove Workstation 15.x Any CVE-2020-3963, 7.1 important 15.5.2 USB None CVE-2020-3964 Controller VMware CVE-2020-3965, [4]Remove Cloud 4.x Any CVE-2020-3963, 7.1 important Release Pending (4.0.1) USB None Foundation CVE-2020-3964 Controller VMware CVE-2020-3965, Release Pending [4]Remove Cloud 3.x Any CVE-2020-3963, 7.1 important (3.10.0.1) USB None Foundation CVE-2020-3964 Controller 3j. Heap overflow vulnerability in vmxnet3 (CVE-2020-3971) Description VMware ESXi, Fusion and Workstation contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9. Known Attack Vectors A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. Resolution To remediate CVE-2020-3971 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Acknowledgements VMware would like to thank Tianwen Tang(VictorV) of Qihoo 360Vulcan Team for reporting this issue to us. Notes None. Response Matrix - 3j Product Version Running CVE CVSSv3 Severity Fixed Version Workarounds Additional On Identifier Documentation ESXi 7.0 Any CVE-2020-3971 N/A N/A Unaffected N/A N/A ESXi 6.7 Any CVE-2020-3971 5.9 moderate ESXi670-201904101-SG None. None ESXi 6.5 Any CVE-2020-3971 5.9 moderate ESXi650-201907101-SG None None Fusion 11.x Any CVE-2020-3971 5.9 moderate 11.0.2 None None Workstation 15.x Any CVE-2020-3971 5.9 moderate 15.0.2 None None VMware Cloud 4.x Any CVE-2020-3971 N/A N/A Unaffected None None Foundation VMware Cloud 3.x Any CVE-2020-3971 5.9 moderate 3.7.2 None None Foundation 4. References Downloads and Documentation: VMware Patch Release ESXi 7.0b https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/7.0/rn/ vsphere-esxi-vcenter-server-70-release-notes.html VMware ESXi 6.7 ESXi670-202004101-SG https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202004002.html VMware ESXi 6.7 ESXi670-201904101-SG https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/6.7/rn/ vsphere-esxi-67u2-release-notes.html VMware ESXi 6.5 ESXi650-202005401-SG https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202005001.html VMware ESXi 6.5 ESXi650-201907101-SG https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/6.5/rn/ vsphere-esxi-65u3-release-notes.html VMware Workstation Pro 15.5.5 (Latest) https://www.vmware.com/go/downloadworkstation https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 15.5.5 (Latest) https://www.vmware.com/go/downloadplayer https://docs.vmware.com/en/VMware-Workstation-Player/index.html VMware Fusion 11.5.5 (Latest) https://www.vmware.com/go/downloadfusion https://docs.vmware.com/en/VMware-Fusion/index.html VMware Cloud Foundation 4.0.1 *release pending* VMware Cloud Foundation 3.10.0.1 *release pending* VMware Cloud Foundation 3.7.2 https://docs.vmware.com/en/VMware-Cloud-Foundation/3.7.2/rn/ VMware-Cloud-Foundation-372-Release-Notes.html VMware Cloud Foundation https://docs.vmware.com/en/VMware-Cloud-Foundation/3.10/rn/ VMware-Cloud-Foundation-310-Release-Notes.html Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3962 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3963 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3964 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3965 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3967 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3968 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3969 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3970 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3971 FIRST CVSSv3 Calculator: CVE-2020-3962 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/ PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-3963 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/ PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2020-3964 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/ PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2020-3965 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/ PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2020-3966 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/ PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-3967 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/ PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-3968 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/ PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-3969 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/ PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-3970 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/ PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-3971 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/ PR:L/UI:N/S:C/C:H/I:N/A:N 5. Change Log 2020-06-23 VMSA-2020-0014 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXvLfDuNLKJtyKPYoAQhR8Q/+NPnsjLrgb2DqkE0qovfNrXw2G1/vxKxg VhAhQpj9yVIScM0lWWabt+BVEzNkzKTuMcRu8AqfsPnJ7fJ88ozJRsnQFXcDHCMD Bno4mZBZjRoH/JVZf07nD8WfqW7wSGBuFwf39tQnh3zhXLjA8qCHeOu6VLuOBhDQ B3KYth9ZXFtF+w4wiZmBC50SrH6X3f2BlloI4QEtaW2nkhpr1M+gJ8a6RmGhIWGT KEwCarVt46V8wIF8Lp1z70Wd/PxpgXvJ7Mfikcz5FujRaa2bll1EXUXekkdyGJdh nuoKmAc7kbxbP9fMyGcAgrQUQLMaIuBUTctVKgbTwCabYXqe0ay4vOvEvT4PCHaO 0jYLNZqJ7xNFqvIM3iFr8CGmKpI5aXYkeYdeM5UTbqx4EG3MDEdhRe0wnrK0rxli Gr39OyAkKAa3Ckir4qtmMyBqDXfIojOXh4aJWB+rCU+ihFIcGizxNLDbmqCsflXL 3wFxg9ajRQ1nRmcOmtOeAYGyasAbV/reZt+TKWJzuwGLQf0Bme8+gbrCiK9xr+wC DjJiD5viBDBHy7eY1yaigNP0KpVQ4JiJWw9+53kxB94VJgxsfPBfQZjBhp2q23Dw p+8HhcIwRLt5472OI8EkBo42adw2GtD3MBhU6DWSuWyps+EKVe0EW/uQ38GGe+6l bqr1JCncMMQ= =GUnZ -----END PGP SIGNATURE-----