Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2593
Container-native Virtualization security, bug fix, and enhancement update
30 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat OpenShift Virtualization
Publisher: Red Hat
Operating System: Virtualisation
Red Hat
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-14316 CVE-2020-13777 CVE-2020-12888
CVE-2020-12663 CVE-2020-12662 CVE-2020-12654
CVE-2020-12653 CVE-2020-12049 CVE-2020-11501
CVE-2020-11080 CVE-2020-11008 CVE-2020-10768
CVE-2020-10767 CVE-2020-10766 CVE-2020-10757
CVE-2020-10754 CVE-2020-10749 CVE-2020-8617
CVE-2020-8616 CVE-2019-1010204 CVE-2019-1010180
CVE-2019-19959 CVE-2019-19925 CVE-2019-19924
CVE-2019-19923 CVE-2019-19807 CVE-2019-19232
CVE-2019-19126 CVE-2019-18934 CVE-2019-17451
CVE-2019-16056 CVE-2019-15847 CVE-2019-14822
CVE-2019-14563 CVE-2019-13753 CVE-2019-13752
CVE-2019-13232 CVE-2019-12449 CVE-2019-12448
CVE-2019-12447 CVE-2019-11324 CVE-2019-11236
CVE-2019-8457 CVE-2019-5482 CVE-2019-5481
CVE-2019-5436 CVE-2019-5094 CVE-2019-3844
CVE-2019-3843 CVE-2019-3825 CVE-2019-3016
CVE-2019-1563 CVE-2019-1549 CVE-2019-1547
CVE-2018-20852 CVE-2018-20337 CVE-2018-20060
CVE-2018-19519 CVE-2018-18074 CVE-2018-14404
CVE-2018-9251 CVE-2018-7263
Reference: ASB-2020.0087
ASB-2020.0031
ESB-2020.2503
ESB-2020.2498
ESB-2020.2383
ESB-2020.2375
ESB-2020.1977
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:3194
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Container-native Virtualization security,
bug fix, and enhancement update
Advisory ID: RHSA-2020:3194-01
Product: Container-native Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3194
Issue date: 2020-07-28
Keywords: cnv,kubevirt,virtualization
CVE Names: CVE-2018-7263 CVE-2018-9251 CVE-2018-14404
CVE-2018-18074 CVE-2018-19519 CVE-2018-20060
CVE-2018-20337 CVE-2018-20852 CVE-2019-1547
CVE-2019-1549 CVE-2019-1563 CVE-2019-3016
CVE-2019-3825 CVE-2019-3843 CVE-2019-3844
CVE-2019-5094 CVE-2019-5436 CVE-2019-5481
CVE-2019-5482 CVE-2019-8457 CVE-2019-11236
CVE-2019-11324 CVE-2019-12447 CVE-2019-12448
CVE-2019-12449 CVE-2019-13232 CVE-2019-13752
CVE-2019-13753 CVE-2019-14563 CVE-2019-14822
CVE-2019-15847 CVE-2019-16056 CVE-2019-17451
CVE-2019-18934 CVE-2019-19126 CVE-2019-19232
CVE-2019-19807 CVE-2019-19923 CVE-2019-19924
CVE-2019-19925 CVE-2019-19959 CVE-2019-1010180
CVE-2019-1010204 CVE-2020-8616 CVE-2020-8617
CVE-2020-10749 CVE-2020-10754 CVE-2020-10757
CVE-2020-10766 CVE-2020-10767 CVE-2020-10768
CVE-2020-11008 CVE-2020-11080 CVE-2020-11501
CVE-2020-12049 CVE-2020-12653 CVE-2020-12654
CVE-2020-12662 CVE-2020-12663 CVE-2020-12888
CVE-2020-13777 CVE-2020-14316
=====================================================================
1. Summary:
Red Hat OpenShift Virtualization release 2.4.0 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
Security Fix(es):
* kubevirt: VMIs can be used to access host files (CVE-2020-14316)
* containernetworking/plugins: IPv6 router advertisements allow for MitM
attacks on IPv4 clusters (CVE-2020-10749)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements.
This advisory contains the following OpenShift Virtualization 2.4.0 images:
RHEL-7-CNV-2.4
==============
kubevirt-ssp-operator-container-v2.4.0-71
RHEL-8-CNV-2.4
==============
virt-cdi-controller-container-v2.4.0-29
virt-cdi-uploadproxy-container-v2.4.0-29
hostpath-provisioner-container-v2.4.0-25
virt-cdi-operator-container-v2.4.0-29
kubevirt-metrics-collector-container-v2.4.0-18
cnv-containernetworking-plugins-container-v2.4.0-36
kubevirt-kvm-info-nfd-plugin-container-v2.4.0-18
hostpath-provisioner-operator-container-v2.4.0-31
virt-cdi-uploadserver-container-v2.4.0-29
virt-cdi-apiserver-container-v2.4.0-29
virt-controller-container-v2.4.0-58
virt-cdi-cloner-container-v2.4.0-29
kubevirt-template-validator-container-v2.4.0-21
vm-import-operator-container-v2.4.0-21
kubernetes-nmstate-handler-container-v2.4.0-37
node-maintenance-operator-container-v2.4.0-27
virt-operator-container-v2.4.0-58
kubevirt-v2v-conversion-container-v2.4.0-23
cnv-must-gather-container-v2.4.0-73
virtio-win-container-v2.4.0-15
kubevirt-cpu-node-labeller-container-v2.4.0-19
ovs-cni-plugin-container-v2.4.0-37
kubevirt-vmware-container-v2.4.0-21
hyperconverged-cluster-operator-container-v2.4.0-70
virt-handler-container-v2.4.0-58
virt-cdi-importer-container-v2.4.0-29
virt-launcher-container-v2.4.0-58
kubevirt-cpu-model-nfd-plugin-container-v2.4.0-17
virt-api-container-v2.4.0-58
ovs-cni-marker-container-v2.4.0-38
kubemacpool-container-v2.4.0-39
cluster-network-addons-operator-container-v2.4.0-38
bridge-marker-container-v2.4.0-39
vm-import-controller-container-v2.4.0-21
hco-bundle-registry-container-v2.3.0-497
3. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
1684772 - virt-launcher images do not have the edk2-ovmf package installed
1716329 - missing Status, Version and Label for a number of CNV components,
and Status term inconsistency
1724978 - [RFE][v2v] Improve the way we display progress percent in UI
1725672 - CDI: getting error with "unknown reason" when trying to create
UploadTokenRequest for a none existing pvc
1727117 - [RFE] Reduce installed libvirt components
1780473 - Delete VM is hanging if the corresponding template does not exist anymore
1787213 - KubeMacpool may not work from time to time since it is skipped when
we face certificate issue.
1789564 - Failed to allocate a SRIOV VF to VMI
1795889 - internal IP shown on VMI spec instead of public one on VMI with guest-agent
1796342 - VM Failing to start since hard disk not ready
1802554 - [SSP] cpu-feature-lahf_lm and Conroe are enabled on one worker (test issue)
1805044 - No mem/filesystem/Network Utilization in VM overview
1806288 - [CDI] fails to import images that comes from url that reject HEAD requests
1806436 - [SSP] Windows common templates - Windows10 should be removed
from windows-server* templates, windows-server* should not have desktop version
1811111 - All the VM templates are visible in the developer catalog but not
really/easily instantiable
1811417 - Failed to install cnv-2.4 on top of ocp 4.4 (hco operator in crashLoopBackOff state)
1816518 - [SSP] Common templates - template name under objects -> metadata ->
labels should be identical to the template actual name
1817080 - node maintenance CRD is marked with NonStructuralSchema condition
1819252 - kubevirt-ssp-operator cannot create ServiceMonitor object
1820651 - CDI import fails using block volume (available size -1)
1821209 - Debug log message looks unprofessional
1822079 - nmstate-handler fails to start and keeps restarting
1822315 - status.desiredState: doesn't pick the correct value and is null
1823342 - Invalid qcow2 image causes HTTP range error and difficult to read stack trace
1823699 - [CNV-2.4] Failing to deploy NetworkAddons
1823701 - [CNV-2.4] when a single component is failing, HCO can continue reporting outdated
negative conditions also on other components
1825801 - [CNV-2.4] Failing to deploy due issues in CRD of cluster network operator
1826044 - [CNV-2.4] Failing to deploy due issues in CRD of cluster host-path-provisioner operator
1827257 - VMs' connectivity is available even the two VMs are in different vlan
1828401 - misconfigured prow job e2e-aws-4.5-cnv resulting in step e2e-aws failed:
step needs a lease but no lease client provided
1829376 - VMs with blank block volumes fail to spin up
1830780 - virt-v2v-wrapper - 0% VM migration progress in UI
1831536 - kubevirt-{handler,apiserver,controller} service accounts added to the privileged SCC
1832179 - [virt] VM with runStrategy attribute (instead of 'running' attribute) does not have
'RUNNING' state in cli
1832283 - [SSP operator] Common templates and template_validator are missing after clean installation
1832291 - SSP installation is successful even with some components missing
1832769 - [kubevirt version] is not reported correctly
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1833376 - Hardcoded VMware-vix-disklib version 6 - import fail with version 7
1833786 - kubevirt hyperconverged-cluster-operator deploy_marketplace.sh fails in disconnected cluster
1834253 - VMs are stuck in Starting state
1835242 - Can't query SSP CRs after upgrade from 2.3 to 2.4
1835426 - [RFE] Provide a clear error message when VM and VMI name does not match
1836792 - [CNV deployment] kubevirt components are missing
1837182 - VMI virt-launcher reaches Error state after running for 10-24 hours
1837670 - Specifying "Ubuntu 18.04 LTS" force the Conroe CPU model
1838066 - [CNV deployment] kubevirt failing to create cpu-plugin-configmap obsoleteCPUs
1838424 - [Installation] CNV 2.4.0 virt-handler and kubevirt-node-labeller pods are not showing up
1839982 - [CNV][DOC] Lack of explanation for StorageClass default accessMode in
openshift-cnv kubevirt-storage-class-defaults
1840047 - [CNV-2.4] virt-handler failing on /usr/bin/container-disk: no such file or directory
1840220 - [CNV-2.4] node-maintenance-operator failing to create deployment - invalid format of manifest
1840652 - Upgrade indication is missing
1841065 - [v2v] RHV to CNV: VM import fail on network mapping validation
1841325 - [CNV][V2V] VM migration fails if VMWare host isn't under Cluster but directly under Datacenter
1841505 - [CNV-2.4] virt-template-validator container fails to start
1842869 - vmi cannot be scheduled, because node labeller doesn't report correct labels
1842958 - [SSP] Fail to create Windows VMs from templates - windows-cd-bus validation added but
drom is missing from the template
1843219 - node-labeller SCC is privileged, which appears too relaxed
1843456 - virt-launcher goes from running to error state due to panic: timed out waiting for domain to be defined
1843467 - [CNV network KMP] kubemacpool causes worker node to be Ready,SchedulingDisabled
1843519 - HCO CR is not listed when running "kubectl get all" from command line
1843948 - [Network operator] Upgrade from 2.3 to 2.4 - Network operator fails to upgrade
ovs-cni pods, upgrade is not completed
1844057 - [CNV-2.4] cluster-network-addons-operator failing to start
1844105 - [SSP operator] Upgrade from 2.3.0 to 2.4.0- SSP operator fails to upgrade node
labeller and template validator
1844907 - kubemacpool deployment status errors regarding replicas
1845060 - Node-labeller is in pending state when node doesn't have kvm device
1845061 - Version displayed in Container Native Virtualization OperatorHub side panel
1845477 - [SSP] Template validator fails to "Extract the CA bundle"; template validator is not
called when a VM is created
1845557 - [CNV-2.4] template validator webhook fails with certification issues
1845604 - [v2v] RHV to CNV VM import: Prevent a second vm-import from starting.
1845899 - [CNV-2.5] cluster-network-addons-operator failing to start
1845901 - Filesystem corruption related to smart clone
1847070 - vmi cannot be scheduled , qemu-kvm core dump
1847594 - pods in openshift-cnv namespace no longer have openshift.io/scc under metadata.annotations
1848004 - [CNV-2.5] Deployment fails on NetworkAddonsConfigNotAvailable
1848007 - [CNV-2.4] Deployment fails on NetworkAddonsConfigNotAvailable
1848951 - CVE-2020-14316 kubevirt: VMIs can be used to access host files
1849527 - [v2v] [api] VM import RHV to CNV importer should stop send requests to RHV
if they are rejected because of wrong user/pass
1849915 - [v2v] VM import RHV to CNV: The timezone data is not available in the vm-import-controller image.
1850425 - [v2v][VM import RHV to CNV] Add validation for network target type in network mapping
1850467 - [v2v] [api] VM import RHV to CNV invalid target network type should not crash the controller
1850482 - [v2v][VM import from RHV to CNV] 2 nics are mapped to a new network though second was mapped to pod.
1850937 - kubemacpool fails in a specific order of components startup
1851856 - Deployment not progressing due to PriorityClass missing
1851886 - [CNV][V2V] VMWare pod is failing when running wizard to migrate from RHV
1852446 - [v2v][RHV to CNV VM import] Windows10 VM import fail on: timezone is not UTC-compatible
1853028 - CNV must-gather failure on CNV-QE BM-RHCOS environment
1853133 - [CNV-2.4] Deployment fails on KubeVirtMetricsAggregationNotAvailable
1853373 - virtctl image-upload fails to upload an image if the dv name includes a "."
1854419 - [Re-brand] Align CSV
1854744 - To stabilize some tests I need to backport PRs which change production code
1855256 - [v2v][RHV to CNV VM import] Empty directories created for vm-import-operator/controller
logs in cnv-must-gather
1856438 - [CNAO] Upgrade is not completed (wrong operatorVersion), CR is not updated.
1856447 - CNV upgrade - HCO fails to identify wrong observedVersion in CR, HCO is reported as READY
1856979 - Domain notify errors break VMI migrations and graceful shutdown
5. References:
https://access.redhat.com/security/cve/CVE-2018-7263
https://access.redhat.com/security/cve/CVE-2018-9251
https://access.redhat.com/security/cve/CVE-2018-14404
https://access.redhat.com/security/cve/CVE-2018-18074
https://access.redhat.com/security/cve/CVE-2018-19519
https://access.redhat.com/security/cve/CVE-2018-20060
https://access.redhat.com/security/cve/CVE-2018-20337
https://access.redhat.com/security/cve/CVE-2018-20852
https://access.redhat.com/security/cve/CVE-2019-1547
https://access.redhat.com/security/cve/CVE-2019-1549
https://access.redhat.com/security/cve/CVE-2019-1563
https://access.redhat.com/security/cve/CVE-2019-3016
https://access.redhat.com/security/cve/CVE-2019-3825
https://access.redhat.com/security/cve/CVE-2019-3843
https://access.redhat.com/security/cve/CVE-2019-3844
https://access.redhat.com/security/cve/CVE-2019-5094
https://access.redhat.com/security/cve/CVE-2019-5436
https://access.redhat.com/security/cve/CVE-2019-5481
https://access.redhat.com/security/cve/CVE-2019-5482
https://access.redhat.com/security/cve/CVE-2019-8457
https://access.redhat.com/security/cve/CVE-2019-11236
https://access.redhat.com/security/cve/CVE-2019-11324
https://access.redhat.com/security/cve/CVE-2019-12447
https://access.redhat.com/security/cve/CVE-2019-12448
https://access.redhat.com/security/cve/CVE-2019-12449
https://access.redhat.com/security/cve/CVE-2019-13232
https://access.redhat.com/security/cve/CVE-2019-13752
https://access.redhat.com/security/cve/CVE-2019-13753
https://access.redhat.com/security/cve/CVE-2019-14563
https://access.redhat.com/security/cve/CVE-2019-14822
https://access.redhat.com/security/cve/CVE-2019-15847
https://access.redhat.com/security/cve/CVE-2019-16056
https://access.redhat.com/security/cve/CVE-2019-17451
https://access.redhat.com/security/cve/CVE-2019-18934
https://access.redhat.com/security/cve/CVE-2019-19126
https://access.redhat.com/security/cve/CVE-2019-19232
https://access.redhat.com/security/cve/CVE-2019-19807
https://access.redhat.com/security/cve/CVE-2019-19923
https://access.redhat.com/security/cve/CVE-2019-19924
https://access.redhat.com/security/cve/CVE-2019-19925
https://access.redhat.com/security/cve/CVE-2019-19959
https://access.redhat.com/security/cve/CVE-2019-1010180
https://access.redhat.com/security/cve/CVE-2019-1010204
https://access.redhat.com/security/cve/CVE-2020-8616
https://access.redhat.com/security/cve/CVE-2020-8617
https://access.redhat.com/security/cve/CVE-2020-10749
https://access.redhat.com/security/cve/CVE-2020-10754
https://access.redhat.com/security/cve/CVE-2020-10757
https://access.redhat.com/security/cve/CVE-2020-10766
https://access.redhat.com/security/cve/CVE-2020-10767
https://access.redhat.com/security/cve/CVE-2020-10768
https://access.redhat.com/security/cve/CVE-2020-11008
https://access.redhat.com/security/cve/CVE-2020-11080
https://access.redhat.com/security/cve/CVE-2020-11501
https://access.redhat.com/security/cve/CVE-2020-12049
https://access.redhat.com/security/cve/CVE-2020-12653
https://access.redhat.com/security/cve/CVE-2020-12654
https://access.redhat.com/security/cve/CVE-2020-12662
https://access.redhat.com/security/cve/CVE-2020-12663
https://access.redhat.com/security/cve/CVE-2020-12888
https://access.redhat.com/security/cve/CVE-2020-13777
https://access.redhat.com/security/cve/CVE-2020-14316
https://access.redhat.com/security/updates/classification/#important
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXyB4V9zjgjWX9erEAQgEkw//TUQMVu8y+RkZPuxOMosHU+4FcddeynZC
wt5OYBAxDXBbxHxCrpJidV5KbJhkVQbYSoJUun7p9iXRofoxCGPqKKruKBPAIj77
hAD+MoIOHi5aUQsTX4ogQDbf0jijtva33RZyxdVYMQHyToDYDBRVQaUgrHmaBeBD
c/byBT/vwwf9rmjSYVUDg3tlqDZlI9RZiYt+0nLJgo/13NHZYHmgQ7OiUiCDSi5l
ALugtSccgqIZowz36esN0oifyoLNfmafDLD3zUZq/ie+xb3TNYeNQRdu5Xq5S6OY
q7UyNrJTZTXUhuhTqd9S/UXaR0vHL0mv9i0IULXb/cIP164Ar2Udu891UJ4JBvUD
EutWT6u85kfKMchRC1ykoIWimmpy4Hv+95YfjXhkOt9hy0TKfEWPiKoyRkOtSv9h
OG2ZMUhYbNL9v+BI53zXN73TIgmIeg85m26ZSMioMBb69CAPkblvhZtCeB72/XMP
pf/aS7E9J2v0cu7HlmtpyO0dXVE+3S6nixZKKEqC8piTgRUAwVEpi+YH2W4uwECI
QWSMlaL4bdjI2ZkwNtRwYUTtqRjnA9KXEAhyMJ7O+9fCLxLsGM7QcyhfKIBoMPqe
8HZQ+HLnnfQl+dDhIwEq6iElbaeF0WjiH0+jG7C4Q6EuvvhCJ9ZSQS2EGiwR8S0U
uPzd4aQeLto=
=pAQg
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXyJRHeNLKJtyKPYoAQjueg//WJB8PD/cyCSMKceYt6XT6opSOENnLboN
28bVyxHUFyixmuH2meVHZeazsvOaA7Pxwl7LDPxvQxAOj60C9CeVVpX02//KE2gw
orCmdIzBX2e+btkLE0mo95+xFEJCrSuQaQ6WG0gesna1dVpsWVhZLqhmEvNxYuJU
yMFn9nPApC0tRJAq0Gz2wm/9HnrhLCwuRdJivHHyJu4Xuo4YvRE52nEVbfnzOOvy
tiIpKrWLAymTZ79++ZvlEsKc1F4nyQwgM9c9afF48y9rJagBzuB8pT3HTVpX/rU4
JrSAybDyvQGHrMqWE2SDadk0LJrcgnjZOAosQT4tWakQUtmqFflmuy9bh52spJ6F
qzpVOmagjqIaRByi/57UspFP3YPO8hkaa0O9lXW1LE7XOmET3R5W5XO7oUUDNh0B
2UACZfsFOp/K8jw/4v7MQ4A66eQpplpuLJc2P0Cy9a+SH7HjnANebeyaB4dCEDA/
eknLd28UIT6/6VBhkHygPJRl6KP4mrM2iith8oboPn2On0f6ujIpeuk390DkElrL
aHsRpfhu5GQoxsAmxf9mOm0xbi52AuN/ZDZSHJH868D8G2mDi8GI9gZBZmL+iqIB
IjUWTWhKm1k+imRJijPGCtt3BrQ7qhNZr15u/rvSK7pj4CMtVLOXxwb/pCvm6gSR
S1IjWY+ZYE4=
=BBEK
-----END PGP SIGNATURE-----