-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1800
            Multiple vulnerabilities in products running Junos
                              9 October 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service   -- Remote/Unauthenticated
                   Unauthorised Access -- Remote/Unauthenticated
                   Reduced Security    -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-6380 CVE-2014-6379 CVE-2014-6378
                   CVE-2014-5139 CVE-2014-3818 CVE-2014-3512
                   CVE-2014-3511 CVE-2014-3509 

Reference:         ASB-2014.0096
                   ESB-2014.1796
                   ESB-2014.1646
                   ESB-2014.1550
                   ESB-2014.1335
                   ESB-2014.1334
                   ESB-2014.1467.2

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10649
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10652
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10653
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10654
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10655

Comment: This bulletin contains five (5) Juniper Networks security 
         advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

2014-10 Security Bulletin: Junos: Multiple vulnerabilities in OpenSSL (OpenSSL
Security Advisory 20140806)

Categories:

Junos

Router Products

Security Products

Switch Products

SIRT Advisory

Security Advisories ID: JSA10649

Last Updated: 08 Oct 2014

Version: 1.0

PRODUCT AFFECTED:

This issue can affect any product or platform running Junos OS 13.3R1 or 
later.

PROBLEM:

The OpenSSL project released a security advisory on 2014-08-06 that contained
nine security issues. The following four issues affect Junos:

CVE-2014-5139: Crash with SRP ciphersuite in Server Hello message

CVE-2014-3509: Race condition in ssl_parse_serverhello_tlsext

CVE-2014-3511: OpenSSL TLS protocol downgrade attack

CVE-2014-3512: SRP buffer overrun

More information about each of these vulnerabilities may be found in the 
OpenSSL Security Advisory 20140806 under Related Links below.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 13.3R3-S2, 13.3R4, 14.1R2-S2, 14.2R1, and all subsequent 
releases.

While only Junos OS 13.3R1 and higher versions are vulnerable to the issues 
announced by OpenSSL on 2014-08-06, Juniper also upgraded OpenSSL to 0.9.8zb 
in Junos OS 13.2 and earlier releases. Updated releases specifically include:
Junos OS 11.4R12-S4, 12.1X44-D45, 12.1X46-D30, 12.1X47-D15, 12.2R9, 
12.2X50-D70, 12.3R8, 12.3R9, 13.1R4-S3, 13.1X49-D55, 13.1X50-D30, 13.2R5-S1, 
13.2X50-D20, 13.2X51-D30, and 13.2X52-D20.

This issue is being tracked as PR 1016458 and is visible on the Customer 
Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

Since SSL is used for remote network configuration and management applications
such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for
this issue in Junos may include:

Disabling J-Web

Disable SSL service for JUNOScript and only use Netconf, which makes use of 
SSH, to make configuration changes

Limit access to J-Web and XNM-SSL from only trusted networks

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

OpenSSL Security Advisory 20140806

CVSS SCORE:

5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)

RISK LEVEL:

Medium

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

ACKNOWLEDGEMENTS:

- ----------------------------------------------------------------------------

2014-10 Security Bulletin: Junos: Receipt of malformed RSVP packet may lead to
denial of service (CVE-2014-6378)

Categories:

Junos

Router Products

Security Products

Switch Products

SIRT Advisory

Security Advisories ID: JSA10652

Last Updated: 08 Oct 2014

Version: 1.0

PRODUCT AFFECTED:

This issue can affect any product or platform running Junos OS with RSVP 
enabled.

PROBLEM:

Receipt of a crafted or malformed RSVP packet may cause the rpd (routing 
protocol daemon) to hang or crash. When rpd is unavailable, routing updates 
cannot be processed which can lead to an extended network outage.

This issue only occurs during processing of RSVP PATH messages. If RSVP is not
enabled on an interface, then the issue cannot be triggered via that 
interface.

This issue was found during internal product security testing.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2014-6378.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 11.4R12-S4, 12.1X44-D35, 12.1X45-D30, 12.1X46-D25, 
12.1X47-D10, 12.2R9, 12.2X50-D70, 12.3R7, 13.1R4-S3, 13.1X49-D55, 13.1X50-D30,
13.2R5, 13.2X50-D20, 13.2X51-D26, 13.2X51-D30, 13.2X52-D15, 13.3R3, 14.1R1, 
and all subsequent releases.

This issue is being tracked via PRs 954509 and 954508 which are visible on the
Customer Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

Only enable RSVP on specific trusted interfaces as required for MPLS.

Use access lists or firewall filters to limit access to the router via MPLS TE
RSVP only from trusted nodes.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVE-2014-6378: Receipt of malformed RSVP packet may lead to denial of service

CVSS SCORE:

7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

RISK LEVEL:

High

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

ACKNOWLEDGEMENTS:

- --------------------------------------------------------------------------

2014-10 Security Bulletin: Junos: BGP UPDATE with crafted transitive 
attributes causes memory corruption and leads to RPD core (CVE-2014-3818)

Categories:

Junos

Router Products

Security Products

Switch Products

SIRT Advisory

Security Advisories ID: JSA10653

Last Updated: 08 Oct 2014

Version: 1.0

PRODUCT AFFECTED:

This issue can affect any product or platform running Junos OS 9.1 and later 
releases with BGP configured and enabled.

PROBLEM:

A BGP UPDATE containing a specifically crafted set of transitive attributes 
can cause corruption of memory ultimately leading to an RPD routing process 
crash and restart. The crash was only achieved through in-house routing 
protocol fuzz testing. This issue only affects routers supporting 4-byte AS 
numbers, introduced starting with Junos OS 9.1. Additionally, the router is 
only vulnerable if the BGP peer does not support 4-byte AS numbers.

This issue was found during internal product security testing.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2014-3818.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 11.4R11, 12.1R10, 12.1X44-D40, 12.1X46-D30, 12.1X47-D11, 
12.1X47-D15, 12.1X48-D41, 12.1X48-D62, 12.2R8, 12.2X50-D70, 12.3R6, 13.1R4-S2,
13.1X49-D49, 13.1X50-D30, 13.2R4, 13.2X50-D20, 13.2X51-D25, 13.2X52-D15, 
13.3R2, 14.1R1, and all subsequent releases.

This issue is being tracked as PR 953037 and is visible on the Customer 
Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

No known workaround exists for this issue.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVE-2014-3818: BGP UPDATE with crafted transitive attributes causes memory 
corruption and leads to RPD core

CVSS SCORE:

7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

RISK LEVEL:

High

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

ACKNOWLEDGEMENTS:

- --------------------------------------------------------------------------

2014-10 Security Bulletin: Junos: RADIUS accounting servers create additional
entries in pam_radius.conf (CVE-2014-6379)

Categories:

Junos

Router Products

Security Products

Switch Products

RADIUS

SIRT Advisory

Security Advisories ID: JSA10654

Last Updated: 08 Oct 2014

Version: 1.0

PRODUCT AFFECTED:

This issue can affect any product or platform running Junos OS configured for
RADIUS authentication and accounting.

PROBLEM:

In Junos, when a RADIUS authentication server is configured under [system 
radius-server], an entry is created in /var/etc/pam_radius.conf. An issue was
discovered where RADIUS accounting servers configured under [system accounting
destination radius] are also propagated to pam_radius.conf. This can cause 
authentication requests to be sent to the RADIUS accounting server which may 
allow for unintended successful authentication. If the same RADIUS server is 
used for both authentication and accounting a common configuration the issue 
is less severe since RADIUS authentication is sent to the intended server 
despite the duplicate entries. However, if the RADIUS authentication server is
later removed from the configuration, the duplicate entry created by 
configuration of the RADIUS accounting server will remain in pam_radius.conf,
also leading to possible unintended authentication success.

This issue was found during internal product security testing.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2014-6379.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 11.4R12, 12.1R10, 12.1X44-D35, 12.1X45-D25, 12.1X46-D20, 
12.1X47-D10, 12.2R8, 12.2X50-D70, 12.3R6, 13.1R4-S3, 13.1X49-D55, 13.1X50-D30,
13.2R4, 13.2X50-D20, 13.2X51-D26, 13.2X51-D30, 13.2X52-D15, 13.3R2, 14.1R1, 
and all subsequent releases.

This issue is being tracked as PR 947307 and is visible on the Customer 
Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

No viable workaround exists for this issue. Manual edits to pam_radius.conf 
will be overwritten when the configuration is committed. Duplicate entries 
will, however, be cleaned up after upgrading to a fixed release.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVE-2014-6379: RADIUS accounting servers create additional entries in 
pam_radius.conf

CVSS SCORE:

5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)

RISK LEVEL:

Medium

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

- ---------------------------------------------------------------------------

2014-10 Security Bulletin: Junos: Crafted fragmented packets can lead to FPCs
resetting or going offline (CVE-2014-6380)

Categories:

Junos

Router Products

Security Products

Switch Products

SIRT Advisory

Security Advisories ID: JSA10655

Last Updated: 08 Oct 2014

Version: 1.0

PRODUCT AFFECTED:

This issue can affect any product or platform utilizing an em interface for 
communications, including M, T, MX, high-end SRX, EX, QFX and PTX Series.

PROBLEM:

Traffic between the RE and transit interfaces is carried over an internal 
network between the PFEs and REs. Some REs use em interfaces (usually, em0 and
em1) to connect to this network. Receipt of a carefully crafted set of 
fragmented packets, destined to the router, can cause the em driver to become
permanently blocked when trying to formulate a reply. This will cause the RE 
to be unable to communicate over the private network that connects the FPCs 
and REs eventually causing all FPCs to go offline and stay offline. Systems 
with redundant REs will failover, but would then be subject to the same issue.
For systems without modular FPCs (for example, MX80), the FPC will reboot and
clear the em0 interface output queue. However, additional crafted fragments 
will cause the issue to reoccur.

This issue is applicable to IPv4, IPv6, and CLNP fragmentation and reassembly
scenarios. Transit traffic does not trigger this issue. Additionally, CLNP is
only vulnerable if clns-routing or ESIS is explicitly configured,

This issue is specific to em interfaces. J Series and SRX Branch models do not
have an em0 interface, and are therefore not affected by this issue. In 
addition, some REs (e.g. K2RE based systems) may use an em driver for their 
"fxp0" interface. On such REs, reply traffic sent out the fxp0 interface may 
trigger the same condition on that interface. Refer to the "Supported Routing
Engines by Router" link below for more information about internal Ethernet 
interface types for specific platforms. Customers can confirm the presence of
em interfaces by typing:

% pciconf -l | grep em

em0@pci3:0:0: class="0x020000" card=0x00901059 chip=0x10d38086 rev=0x00 
hdr=0x00

em1@pci4:0:0: class="0x020000" card=0x00901059 chip=0x10d38086 rev=0x00 
hdr=0x00

em2@pci5:0:0: class="0x020000" card=0x00901059 chip=0x10d38086 rev=0x00 
hdr=0x00

This issue was found during internal product security testing.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2014-6380.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 11.4R11, 12.1R9, 12.1X44-D30, 12.1X45-D20, 12.1X46-D15, 
12.1X47-D10, 12.2R8, 12.2X50-D70, 12.3R6, 13.1R4, 13.1X49-D55, 13.1X50-D30, 
13.2R4, 13.2X50-D20, 13.2X51-D15, 13.2X52-D15, 13.3R1, and all subsequent 
releases.

This issue is being tracked as PR 942437 and is visible on the Customer 
Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

Today's network infrastructure typically will not have fragmented packets 
destined for the router's control or management plane. In most cases, it is 
safe to apply packet filters which will prevent fragmented packets from 
arriving on the router. Usually, fragmented packets received by a router 
indicate a problem with the network or a DoS attack against the router. In 
either case, fragmented packets should be dropped to protect the router's 
control and management plane.

Below is a sample firewall filter to demonstrate this recommendation for IPv4
traffic:

[edit firewall family inet filter fragment]

user@junos# show

term first-frag {

    from {

        first-fragment; }

    then {

        discard;

    }

}

term next-frag {

    from {

        is-fragment;

    }

    then {

        discard;

    }

}

And for IPv6:

[edit firewall family inet6 filter fragment6]

user@junos# show

term fragment-headers {

    from {

        next-header [ hop-by-hop dstopts routing fragment ah esp ];

    }

    then {

        discard;

    }

}

Caution: Some routing protocols, such as BGP and OSPF, may rely upon 
fragmented traffic being received by the RE. In addition, proper operation of
IPv6 multicast may require that the router accept some traffic with hop-by-hop
headers. As with any control plane firewall filter, perform careful testing in
your environment to ensure that dropping all fragmented traffic will not have
a negative impact. If necessary, add explicit exceptions for fragmented BGP 
and/or OSPF traffic to the sample IPv4 firewall filter above, or add limited 
exceptions to the IPv6 firewall filter above to allow hop-by-hop headers for 
multicast control traffic (such as MLD).

Note that some platforms most notably the EX Series do not support the 
'first-fragment' filter criterion. In these cases, simply discarding all 
fragments via 'is-fragment' will be sufficient. Additionally, the EX-8200 does
not support either criteria, in which case the only option is to upgrade.

For CLNP, disabling CLNS routing and ESIS, which are disabled by default, will
mitigate this issue.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

RFC6192: Protecting the Router Control Plane

Junos Reference: Supported Routing Engines by Router

CVE-2014-6380: Crafted fragmented packets can lead to FPCs resetting or going
offline

CVSS SCORE:

7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

RISK LEVEL:

High

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

ACKNOWLEDGEMENTS:

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVDXtSBLndAQH1ShLAQJGXBAAmT8HHrxhiNllq+MqO6XXMzs4vrYgV1Ki
k0KYVAWMgKn1fHXU85YTxjwfFvoE5aEFdze8j8hC5t4mI3R+k2dAyQ74R2Dxik1S
yx5lCB/YzA29M1aRXTSEaAdTrcKgU7Q2MCB40VwHNidpRNwVy4UmtCwg+VEeyOE3
ca6JMoF+66YF5YuIl+vbTlv+kM2JVXCHvC5RquM7/1fz93Kur7BbS3UGXQYU4Ah5
LgvfK6H/t8HUaNO/FKjZETPDOCt7Rra7jstKuI8QpxcKpbBLuiE1nmeZZqWGJm4A
LkJfRaqzLuvS6cCmrrLx619rbYok/J4l/ZA/IdWJO6/AkL9yKd6M5tTjv7YRGl5/
cVtGBWTXzG04OIxaLA+Bv1SX3E5Xr0wmxphIAlICpk3V3TllmnTCmIbHVVDwKSQ/
Ybnjy24o/jg8dbNzeaNofiblXC+i23i5yI6txr/HAkODCUxulnzdFm37SXlgUWLh
vdqjfFWYtHtN8e5S21odReJCipBoZkgoVD8B1Kz0+YYunpeYlAPfyZHIYAs+32CZ
GOCVvt+eSn/A6ZQIrqE45L2w7Y9G/bkUB6aIs9nRnMu/1P34cqBM7fzzkcBTuXCv
DxvrABTqKuXsxzftxOMj3esTPNkiDq3l+lsu65EnnfeW7BzePwfTXLn8XOYR6N85
tyCOf9D+TNE=
=BBDd
-----END PGP SIGNATURE-----