Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4487 BIG-IP APM multiple vulnerabilities 18 December 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP APM Publisher: F5 Networks Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-27729 CVE-2020-27726 CVE-2020-27724 CVE-2020-27722 CVE-2020-27716 Original Bulletin: https://support.f5.com/csp/article/K73657294 https://support.f5.com/csp/article/K30343902 https://support.f5.com/csp/article/K04518313 https://support.f5.com/csp/article/K15310332 https://support.f5.com/csp/article/K51574311 Comment: This bulletin contains five (5) F5 Networks security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- K73657294: BIG-IP APM VDI plugin vulnerability CVE-2020-27722 Original Publication Date: 17 Dec, 2020 Security Advisory Description Under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. (CVE-2020-27722) Impact This affects only a BIG-IP APM virtual server configured with a Virtual Desktop Infrastructure (VDI) profile. Your BIG-IP system affected by this vulnerability may consume excessive resources when processing VDI traffic, resulting in Traffic Management Microkernel (TMM) restarting and generating a core file in some cases and leading to disruption in traffic processing. Security Advisory Status F5 Product Development has assigned ID 811965 (BIG-IP) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding Security Advisory versioning. +-------------------+------+----------+----------+----------+------+----------+ | | |Versions |Fixes | |CVSSv3|Vulnerable| |Product |Branch|known to |introduced|Severity |score^|component | | | |be |in | |1 |or feature| | | |vulnerable| | | | | +-------------------+------+----------+----------+----------+------+----------+ | | | |15.1.0 | | | | | |15.x |15.0.0 - |15.0.1.4 | | | | | | |15.0.1 | | | | | | +------+----------+----------+ | | | | |14.x |14.1.0 - |14.1.3.1 | | | | | | |14.1.3 | | | | | | +------+----------+----------+ | |VDI | |BIG-IP (APM) |13.x |13.1.0 - |13.1.3.5 |Medium |4.8 |plug-in | | | |13.1.3 | | | | | | +------+----------+----------+ | | | | |12.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ | |15.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |14.x |None |Not | | | | |BIG-IP (LTM, AAM, | | |applicable| | | | |AFM, Analytics, +------+----------+----------+ | | | |ASM, DNS, FPS, GTM,|13.x |None |Not |Not |None |None | |Link Controller, | | |applicable|vulnerable| | | |PEM) +------+----------+----------+ | | | | |12.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ | |7.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | |BIG-IQ Centralized |6.x |None |Not |Not |None |None | |Management | | |applicable|vulnerable| | | | +------+----------+----------+ | | | | |5.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ |Traffix SDC |5.x |None |Not |Not |None |None | | | | |applicable|vulnerable| | | +-------------------+------+----------+----------+----------+------+----------+ ^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Security Advisory Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation None Supplemental Information o K41942608: Overview of Security Advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 15.x) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - -------------------------------------------------------------------------------- K30343902: BIG-IP APM XSS vulnerability CVE-2020-27726 Original Publication Date: 17 Dec, 2020 Security Advisory Description A reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. (CVE-2020-27726) Impact An attacker can craft a malicious URL and send it to an authenticated user to launch a XSS attack. Security Advisory Status F5 Product Development has assigned ID 905125 (BIG-IP) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding Security Advisory versioning. +-------------------+------+----------+----------+----------+------+----------+ | | |Versions |Fixes | |CVSSv3|Vulnerable| |Product |Branch|known to |introduced|Severity |score^|component | | | |be |in | |1 |or feature| | | |vulnerable| | | | | +-------------------+------+----------+----------+----------+------+----------+ | |16.x |16.0.0 |16.0.1 | | | | | +------+----------+----------+ | | | | |15.x |15.0.0 - |15.1.1 | | | | | | |15.1.0 | | | | | | +------+----------+----------+ | | | | |14.x |14.1.0 - |14.1.3.1 | | | | |BIG-IP (APM) | |14.1.3 | | | |BIG-IP APM| | +------+----------+----------+Medium |4.2 |with full | | |13.x |13.1.0 - |13.1.3.5 | | |webtop | | | |13.1.3 | | | | | | +------+----------+----------+ | | | | |12.x |12.1.0 - |None | | | | | | |12.1.5 | | | | | | +------+----------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ | |15.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |14.x |None |Not | | | | |BIG-IP (LTM, AAM, | | |applicable| | | | |AFM, Analytics, +------+----------+----------+ | | | |ASM, DNS, FPS, GTM,|13.x |None |Not |Not |None |None | |Link Controller, | | |applicable|vulnerable| | | |PEM) +------+----------+----------+ | | | | |12.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ | |7.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | |BIG-IQ Centralized |6.x |None |Not |Not |None |None | |Management | | |applicable|vulnerable| | | | +------+----------+----------+ | | | | |5.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ |Traffix SDC |5.x |None |Not |Not |None |None | | | | |applicable|vulnerable| | | +-------------------+------+----------+----------+----------+------+----------+ ^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Security Advisory Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation To mitigate this vulnerability, you can associate an iRule to the affected BIG-IP APM virtual server. For more information about the iRule, contact F5 Support referencing this article number. Supplemental Information o K51812227: Understanding Security Advisory versioning o K41942608: Overview of Security Advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 15.x) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - -------------------------------------------------------------------------------- K04518313: BIG-IP APM network access VPN vulnerability CVE-2020-27724 Original Publication Date: 17 Dec, 2020 Security Advisory Description In BIG-IP APM, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. (CVE-2020-27724) Impact This vulnerability may cause the Traffic Management Microkernel (TMM) to stop responding, leading to disruption in services and a failover event in high availability (HA) systems. Security Advisory Status F5 Product Development has assigned ID 898949 (BIG-IP) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding Security Advisory versioning. +-------------------+------+----------+----------+----------+------+----------+ | | |Versions |Fixes | |CVSSv3|Vulnerable| |Product |Branch|known to |introduced|Severity |score^|component | | | |be |in | |1 |or feature| | | |vulnerable| | | | | +-------------------+------+----------+----------+----------+------+----------+ | |16.x |16.0.0 |16.0.1 | | | | | +------+----------+----------+ | | | | | |15.1.0 |15.1.0.5 | | | | | |15.x |15.0.0 - |15.0.1.4 | | | | | | |15.0.1 | | | | | | +------+----------+----------+ | | | | |14.x |14.1.0 - |14.1.3.1 | | | | | | |14.1.3 | | | | | |BIG-IP (APM) +------+----------+----------+Medium |5.3 |TMM | | |13.x |13.1.0 - |13.1.3.5 | | | | | | |13.1.3 | | | | | | +------+----------+----------+ | | | | |12.x |12.1.0 - |None | | | | | | |12.1.5 | | | | | | +------+----------+----------+ | | | | |11.x |11.6.1 - |None | | | | | | |11.6.5 | | | | | +-------------------+------+----------+----------+----------+------+----------+ | |15.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |14.x |None |Not | | | | |BIG-IP (LTM, AAM, | | |applicable| | | | |AFM, Analytics, +------+----------+----------+ | | | |APM, ASM, DNS, FPS,|13.x |None |Not |Not |None |None | |GTM, Link | | |applicable|vulnerable| | | |Controller, PEM) +------+----------+----------+ | | | | |12.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ | |7.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | |BIG-IQ Centralized |6.x |None |Not |Not |None |None | |Management | | |applicable|vulnerable| | | | +------+----------+----------+ | | | | |5.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ |Traffix SDC |5.x |None |Not |Not |None |None | | | | |applicable|vulnerable| | | +-------------------+------+----------+----------+----------+------+----------+ ^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Security Advisory Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation None Supplemental Information o K51812227: Understanding Security Advisory versioning o K41942608: Overview of Security Advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 15.x) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - -------------------------------------------------------------------------------- K15310332: BIG-IP APM open redirect vulnerability CVE-2020-27729 Original Publication Date: 17 Dec, 2020 Security Advisory Description An undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI. (CVE-2020-27729) Impact An attacker can create a URL with a specially crafted value and trick BIG-IP APM users into visiting the link. Victims may be redirected to a malicious website by following the misleading URL. Security Advisory Status F5 Product Development has assigned ID 928037 (BIG-IP) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding security advisory versioning. +-------------------+------+----------+----------+----------+------+----------+ | | |Versions |Fixes | |CVSSv3|Vulnerable| |Product |Branch|known to |introduced|Severity |score^|component | | | |be |in | |1 |or feature| | | |vulnerable| | | | | +-------------------+------+----------+----------+----------+------+----------+ | |16.x |16.0.0 |16.0.1 | | | | | +------+----------+----------+ | | | | |15.x |15.1.0 |15.1.1 | | | | | +------+----------+----------+ | | | | |14.x |14.1.0 - |14.1.3.1 | | |BIG-IP APM| | | |14.1.3 | | | |virtual | | +------+----------+----------+ | |server | |BIG-IP (APM) |13.x |13.1.0 - |13.1.3.5 |Medium |6.1 |with | | | |13.1.3 | | | |access | | +------+----------+----------+ | |profile | | |12.x |12.1.0 - |None | | | | | | |12.1.5 | | | | | | +------+----------+----------+ | | | | |11.x |11.6.1 - |None | | | | | | |11.6.5 | | | | | +-------------------+------+----------+----------+----------+------+----------+ | |16.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |15.x |None |Not | | | | | | | |applicable| | | | |BIG-IP (LTM, AAM, +------+----------+----------+ | | | |Advanced WAF, AFM, |14.x |None |Not | | | | |Analytics, ASM, | | |applicable|Not | | | |DDHD, DNS, FPS, +------+----------+----------+vulnerable|None |None | |GTM, Link |13.x |None |Not | | | | |Controller, PEM, | | |applicable| | | | |SSLO) +------+----------+----------+ | | | | |12.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ | |7.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | |BIG-IQ Centralized |6.x |None |Not |Not |None |None | |Management | | |applicable|vulnerable| | | | +------+----------+----------+ | | | | |5.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ |Traffix SDC |5.x |None |Not |Not |None |None | | | | |applicable|vulnerable| | | +-------------------+------+----------+----------+----------+------+----------+ ^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Security Advisory Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation None Acknowledgements F5 acknowledges the Sanjay Gondaliya of NotSoSecure for bringing this issue to our attention and for following the highest standards of coordinated disclosure. Supplemental Information o K41942608: Overview of security advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 16.x) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - -------------------------------------------------------------------------------- K51574311: BIG-IP APM vulnerability CVE-2020-27716 Original Publication Date: 17 Dec, 2020 Security Advisory Description When a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts. ( CVE-2020-27716) Impact Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, the system triggers a failover to the peer device. Security Advisory Status F5 Product Development has assigned ID 904165 (BIG-IP) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding Security Advisory versioning. +-------------------+------+----------+----------+----------+------+----------+ | | |Versions |Fixes | |CVSSv3|Vulnerable| |Product |Branch|known to |introduced|Severity |score^|component | | | |be |in | |1 |or feature| | | |vulnerable| | | | | +-------------------+------+----------+----------+----------+------+----------+ | |16.x |None |16.0.0 | | | | | +------+----------+----------+ | | | | |15.x |15.0.0 - |15.1.1 | | | | | | |15.1.0 | | | | | | +------+----------+----------+ | | | | |14.x |14.1.0 - |14.1.3.1 | | | | | | |14.1.3 | | | |BIG-IP APM| |BIG-IP (APM) +------+----------+----------+High |7.5 |virtual | | |13.x |13.1.0 - |None | | |server | | | |13.1.3 | | | | | | +------+----------+----------+ | | | | |12.x |12.1.0 - |None | | | | | | |12.1.5 | | | | | | +------+----------+----------+ | | | | |11.x |11.6.1 - |None | | | | | | |11.6.5 | | | | | +-------------------+------+----------+----------+----------+------+----------+ | |15.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |14.x |None |Not | | | | |BIG-IP (LTM, AAM, | | |applicable| | | | |AFM, Analytics, +------+----------+----------+ | | | |ASM, DNS, FPS, GTM,|13.x |None |Not |Not |None |None | |Link Controller, | | |applicable|vulnerable| | | |PEM) +------+----------+----------+ | | | | |12.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ | |7.x |None |Not | | | | | | | |applicable| | | | | +------+----------+----------+ | | | |BIG-IQ Centralized |6.x |None |Not |Not |None |None | |Management | | |applicable|vulnerable| | | | +------+----------+----------+ | | | | |5.x |None |Not | | | | | | | |applicable| | | | +-------------------+------+----------+----------+----------+------+----------+ |Traffix SDC |5.x |None |Not |Not |None |None | | | | |applicable|vulnerable| | | +-------------------+------+----------+----------+----------+------+----------+ ^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Security Advisory Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation None Acknowledgements F5 acknowledges Nikita Abramov of Positive Technologies for bringing this issue to our attention and following the highest standards of coordinated disclosure. Supplemental Information o K51812227: Understanding Security Advisory versioning o K41942608: Overview of Security Advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 16.x) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX9wTNeNLKJtyKPYoAQjrnxAAh58IyMrWL9UlsaUjkxBxTZEtdD8t/8t5 dXlTx/P8vtdW+70oHdpBobf6UG1zo2JZ87qP3zzUjj5rAF6hpEcEgGhWMLRX9mx/ gJmcONnr4CbVyNsCboL7RTjmcnwqHxkMvQ2o9QnvQLQBrJqCB0gV14mMw0CH5SaK WNisqyM4F+yH3mNZYqxnvxbm3/LhHjmmmjtUl3UNDbxNGttMch4qgFqeliWlfUfX hfhzj+eg9q+LPtHjdTIovUM7KeHEt1W1iC0DrJHjjggPDo0qpzrRgVpvXyu9f4XU tl/+ItigHmvo+vkxkLDKAPhsxI1RC23v2vuFKr/Y5rRG+6ZaUg9AWqyo/5C4BuPy p6P/VNkFoA9uJxSdvTl7Pg4oKYnXh013fcYHzKPCugISrTpuMOpnUsB+Pr7Dabmo r4WNqrl4bjLHBfpnmnoci4U2b0uYc4VC+8yg1JOW9UC7Ri3sVSDQ5q3VJcfcFYes +2zVO6OvwDoc6zSyb0+RJD0k+JbGCjIfIQZCBeTOZ7XPHT4rekwX3gqkP7cEDdN3 SA/zK1MGfZQUFSrxFzn1lwwJqDyf+ULcjpJGNTT+6JQb/XPUX+ygM43c8BNwHrwr l+owX+0qav9r+YDF5y278zvNrL1wsPnw8owTYRG7uQ3kD4Meeh6NJ2zAZlFAV24G OC7fHvpcBSg= =ZN9w -----END PGP SIGNATURE-----