Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0013 A number of vulnerabilities have been identified in Oracle Java products 4 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle JDK and JRE 7 Update 11 and earlier Oracle JDK and JRE 6 Update 38 and earlier Oracle JDK and JRE 5.0 Update 38 and earlier Oracle SDK and JRE 1.4.2_40 and earlier Oracle JavaFX 2.2.4 and earlier Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Delete Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-1489 CVE-2013-1483 CVE-2013-1482 CVE-2013-1481 CVE-2013-1480 CVE-2013-1479 CVE-2013-1478 CVE-2013-1477 CVE-2013-1476 CVE-2013-1475 CVE-2013-1474 CVE-2013-1473 CVE-2013-1472 CVE-2013-0450 CVE-2013-0449 CVE-2013-0448 CVE-2013-0447 CVE-2013-0446 CVE-2013-0445 CVE-2013-0444 CVE-2013-0443 CVE-2013-0442 CVE-2013-0441 CVE-2013-0440 CVE-2013-0439 CVE-2013-0438 CVE-2013-0437 CVE-2013-0436 CVE-2013-0435 CVE-2013-0434 CVE-2013-0433 CVE-2013-0432 CVE-2013-0431 CVE-2013-0430 CVE-2013-0429 CVE-2013-0428 CVE-2013-0427 CVE-2013-0426 CVE-2013-0425 CVE-2013-0424 CVE-2013-0423 CVE-2013-0419 CVE-2013-0409 CVE-2013-0351 CVE-2012-4305 CVE-2012-4301 CVE-2012-3342 CVE-2012-3213 CVE-2012-1543 CVE-2012-1541 Member content until: Wednesday, March 6 2013 OVERVIEW Oracle have released updates to correct security vulnerabilities in the following Java products: JDK and JRE 7, JDK and JRE 6, JDK and JRE 5.0, SDK and JRE 1.4.2 and JavaFX 2.2.4. [1] IMPACT The vendor has provided the following details regarding these vulnerabilities: "CVE-2012-1541 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2012-1543 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2012-3213 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2012-3342 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2012-4301 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2012-4305 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0351 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data and ability to cause a partial denial of service (partial DOS) of Java Runtime Environment." [1] "CVE-2013-0409 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before and 5.0 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data." [1] "CVE-2013-0419 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0423 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0424 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data." [1] "CVE-2013-0425 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0426 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0427 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before and 5.0 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data." [1] "CVE-2013-0428 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0429 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before and 5.0 Update 38 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0430 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0431 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are 7 Update 11 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data." [1] "CVE-2013-0432 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data." [1] "CVE-2013-0433 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before and 5.0 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data." [1] "CVE-2013-0434 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data." [1] "CVE-2013-0435 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data." [1] "CVE-2013-0436 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0437 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are 7 Update 11 and before and JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0438 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data." [1] "CVE-2013-0439 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0440 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment." [1] "CVE-2013-0441 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0442 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0443 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data." [1] "CVE-2013-0444 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Beans). Supported versions that are affected are 7 Update 11 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0445 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before and 5.0 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0446 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0447 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-0448 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are 7 Update 11 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data." [1] "CVE-2013-0449 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data." [1] "CVE-2013-0450 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before and 5.0 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1472 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1473 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and before and 6 Update 38 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data." [1] "CVE-2013-1474 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1475 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1476 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1477 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1478 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1479 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before and JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1480 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are 7 Update 11 and before, 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1481 Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are 6 Update 38 and before, 5.0 Update 38 and before and 1.4.2_40 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1482 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1483 Vulnerability in the JavaFX component of Oracle Java SE. Supported versions that are affected are JavaFX 2.2.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." [1] "CVE-2013-1489 Security-in-Depth issue in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are 7 Update 11 and 7 Update 10." [1] MITIGATION Oracle recommends updating to the latest version of the affected Java products to correct these issues. [1] REFERENCES [1] Text Form of Oracle Java SE Critical Patch Update - February 2013 Risk Matrices http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html [2] Oracle Java SE Critical Patch Update Advisory - February 2013 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUQ8j3O4yVqjM2NGpAQIbKQ//QR+FrTTpqaM8zul8WYdftX+dIlVm/XkI FwFAtoz9pc/uHbWf6OFODqIMDksLZ6r7Fi/ZZs9XRuRiXktH+A0KfWhNIIEpYPR0 nNhiUrshxv+aPzQoMgkigI1+nOJI22ONRGQwd0SpWtCciXFc92Pi/uTrc6ixTXmP fHpH4PGn6ZD2deNeJgmhR0WlgocxkCo7yKTJAn69My3inc2THZLEdwgsWq0Sk4AL zcT3IGQqB/50Y/Bjo1o/0vaynUo7JyXFU9W2iU+XRap1WURL7QNv5aLDr5YsnncZ A24m9TLx1P9kYF8aJrdkVFef7fE91dFxtGvDKDfSJTtq3ydWlzOUipuQJWWomC+w 4cclnj8eEvdiW7qB74ANpNQN5AOTCaXh6MYefPIAYPPIjrAGlBej5EDg0p2F51Fe napEFdd8e9It6bB8oLI8Hl8xuJHW5xtuC2si9qj8VfnPcX/pT5Vt6r/FETDDzWCh tgeOuyxI7PypSxGfCtuYhOmI5MpdN+qvflc6M8WTymBGdW8v4BulIojShiXUy4aG x+eN0mewdTSiq4I7QSEwPhxzQLX5HBL71QpjcC0Gngm3kbvpG829/bKZUxuC8Q9Y psMufGpgJv1/lXUIL1alUITLNcOli3Wqrs/YbkCeLR0OvXzh7pfAF0J4K8PrR+Mu 8aR5a2jRcKE= =TU8y -----END PGP SIGNATURE-----