Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0503 Important: kernel security, bug fix, and enhancement update 6 March 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Root Compromise -- Existing Account Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Existing Account Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-0274 CVE-2014-8884 CVE-2014-8709 CVE-2014-8173 CVE-2014-8172 CVE-2014-8160 CVE-2014-8086 CVE-2014-7826 CVE-2014-7825 CVE-2014-3940 CVE-2014-3690 Reference: ESB-2015.0485 ESB-2015.0137 ESB-2014.2275 ESB-2014.2016 ESB-2014.1208 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2015-0290.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2015:0290-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0290.html Issue date: 2015-03-05 CVE Names: CVE-2014-3690 CVE-2014-3940 CVE-2014-7825 CVE-2014-7826 CVE-2014-8086 CVE-2014-8160 CVE-2014-8172 CVE-2014-8173 CVE-2014-8709 CVE-2014-8884 CVE-2015-0274 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the first regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important) * It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system. (CVE-2014-3690, Moderate) * A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate) * An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-7825, Moderate) * An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges. (CVE-2014-7826, Moderate) * A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate) * A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. (CVE-2014-8160, Moderate) * It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate) * An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low) * A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system. (CVE-2014-8884, Low) Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and Robert Å\x{154}wiÄ\x{153}cki for reporting CVE-2014-7825 and CVE-2014-7826. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information: https://access.redhat.com/articles/1352803 All Red Hat Enterprise Linux 7 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 839966 - Trigger RHEL7 crash in guest domU, host don't generate core file 915335 - RFE: Multiple virtio-rng devices support 968147 - enable online multiple hot-added CPUs cause RHEL7.0 guest hang(soft lockup) 1043379 - guest screen fail to return back to the originally screen after resume from S3(still black screen) 1050834 - lockdep warning in flush_work() when hotunplugging a virtio-scsi disk (scsi-block + iscsi://) 1058608 - [RFE] btrfs-progs: btrfs resize doesn't support T/P/E suffix 1065474 - Size of external origin needs to be aligned with thin pool chunk size 1067126 - Virt-manager doesn't configure bridge for VM 1068627 - implement lazy save/restore of debug registers 1071340 - FCoE target: kernel panic when initiator connects to target 1074747 - kvm unit test "realmode" fails 1078775 - During query cpuinfo during guest boot from ipxe repeatedly in AMD hosts, vm repeatedly reboot. 1079841 - kvm unit test "debug" fails 1080894 - dm-cache: crash on creating cache 1083860 - kernel panic when virtscsi_init fails 1083969 - libguestfs-test-tool hangs when the guest is boot with -cpu host 1086058 - fail to boot L2 guest on wildcatpass Haswell host 1088784 - qemu ' KVM internal error. Suberror: 1' when query cpu frequently during pxe boot in Intel "Q95xx" host 1091818 - Windows guest booting failed with apicv and hv_vapic 1095099 - RHEL7.0 guest hang during kdump with qxl shared irq 1098643 - sync with latest upstream dm-thin provisioning improvements and fixes (through 3.15) 1102641 - BUG: It is not possible to communicate between local program and local ipv6 address when at least one 'netlabelctl unlbl' rule is added 1104097 - CVE-2014-3940 Kernel: missing check during hugepage migration 1115201 - [xfs] can't create inodes in newly added space after xfs_growfs 1117542 - Support for movntdq 1119662 - BUG: NetLabel lead to kernel panic on some SELinux levels 1120850 - unable recover NFSv3 locks NLM_DENIED_NOLOCK 1124880 - [fuse] java.io.FileNotFoundException (FNF) during time period with unrecovered disk errors 1127218 - Include fix commit daba287b299ec7a ("ipv4: fix DO and PROBE pmtu mode regarding local fragmentation with UFO/CORK") 1131552 - Solarflare devices do not provide PCIe ACS support, limiting device assignment use case due to IOMMU grouping 1141399 - Device 'vfio-pci' could not be initialized when passing through Intel 82599 1151353 - CVE-2014-8086 Kernel: fs: ext4 race condition 1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries 1161565 - CVE-2014-7825 CVE-2014-7826 kernel: insufficient syscall number validation in perf and ftrace subsystems 1164266 - CVE-2014-8884 kernel: usb: buffer overflow in ttusb-dec 1173580 - CVE-2014-8709 kernel: net: mac80211: plain text information leak 1182059 - CVE-2014-8160 kernel: iptables restriction bypass if a protocol handler kernel module not loaded 1195248 - CVE-2015-0274 kernel: xfs: replacing remote attributes memory corruption 1198457 - CVE-2014-8173 kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support 1198503 - CVE-2014-8172 kernel: soft lockup on aio 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-229.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.el7.noarch.rpm kernel-doc-3.10.0-229.el7.noarch.rpm x86_64: kernel-3.10.0-229.el7.x86_64.rpm kernel-debug-3.10.0-229.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm kernel-devel-3.10.0-229.el7.x86_64.rpm kernel-headers-3.10.0-229.el7.x86_64.rpm kernel-tools-3.10.0-229.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.el7.x86_64.rpm perf-3.10.0-229.el7.x86_64.rpm perf-debuginfo-3.10.0-229.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.el7.x86_64.rpm perf-debuginfo-3.10.0-229.el7.x86_64.rpm python-perf-3.10.0-229.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-229.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.el7.noarch.rpm kernel-doc-3.10.0-229.el7.noarch.rpm x86_64: kernel-3.10.0-229.el7.x86_64.rpm kernel-debug-3.10.0-229.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm kernel-devel-3.10.0-229.el7.x86_64.rpm kernel-headers-3.10.0-229.el7.x86_64.rpm kernel-tools-3.10.0-229.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.el7.x86_64.rpm perf-3.10.0-229.el7.x86_64.rpm perf-debuginfo-3.10.0-229.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.el7.x86_64.rpm perf-debuginfo-3.10.0-229.el7.x86_64.rpm python-perf-3.10.0-229.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-229.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.el7.noarch.rpm kernel-doc-3.10.0-229.el7.noarch.rpm ppc64: kernel-3.10.0-229.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.el7.ppc64.rpm kernel-debug-3.10.0-229.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.el7.ppc64.rpm kernel-devel-3.10.0-229.el7.ppc64.rpm kernel-headers-3.10.0-229.el7.ppc64.rpm kernel-tools-3.10.0-229.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.el7.ppc64.rpm perf-3.10.0-229.el7.ppc64.rpm perf-debuginfo-3.10.0-229.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.el7.ppc64.rpm s390x: kernel-3.10.0-229.el7.s390x.rpm kernel-debug-3.10.0-229.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.el7.s390x.rpm kernel-debug-devel-3.10.0-229.el7.s390x.rpm kernel-debuginfo-3.10.0-229.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.el7.s390x.rpm kernel-devel-3.10.0-229.el7.s390x.rpm kernel-headers-3.10.0-229.el7.s390x.rpm kernel-kdump-3.10.0-229.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.el7.s390x.rpm perf-3.10.0-229.el7.s390x.rpm perf-debuginfo-3.10.0-229.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.el7.s390x.rpm x86_64: kernel-3.10.0-229.el7.x86_64.rpm kernel-debug-3.10.0-229.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm kernel-devel-3.10.0-229.el7.x86_64.rpm kernel-headers-3.10.0-229.el7.x86_64.rpm kernel-tools-3.10.0-229.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.el7.x86_64.rpm perf-3.10.0-229.el7.x86_64.rpm perf-debuginfo-3.10.0-229.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-229.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.el7.ppc64.rpm perf-debuginfo-3.10.0-229.el7.ppc64.rpm python-perf-3.10.0-229.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.el7.s390x.rpm kernel-debuginfo-3.10.0-229.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.el7.s390x.rpm perf-debuginfo-3.10.0-229.el7.s390x.rpm python-perf-3.10.0-229.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.el7.x86_64.rpm perf-debuginfo-3.10.0-229.el7.x86_64.rpm python-perf-3.10.0-229.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-229.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.el7.noarch.rpm kernel-doc-3.10.0-229.el7.noarch.rpm x86_64: kernel-3.10.0-229.el7.x86_64.rpm kernel-debug-3.10.0-229.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm kernel-devel-3.10.0-229.el7.x86_64.rpm kernel-headers-3.10.0-229.el7.x86_64.rpm kernel-tools-3.10.0-229.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.el7.x86_64.rpm perf-3.10.0-229.el7.x86_64.rpm perf-debuginfo-3.10.0-229.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.el7.x86_64.rpm perf-debuginfo-3.10.0-229.el7.x86_64.rpm python-perf-3.10.0-229.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3690 https://access.redhat.com/security/cve/CVE-2014-3940 https://access.redhat.com/security/cve/CVE-2014-7825 https://access.redhat.com/security/cve/CVE-2014-7826 https://access.redhat.com/security/cve/CVE-2014-8086 https://access.redhat.com/security/cve/CVE-2014-8160 https://access.redhat.com/security/cve/CVE-2014-8172 https://access.redhat.com/security/cve/CVE-2014-8173 https://access.redhat.com/security/cve/CVE-2014-8709 https://access.redhat.com/security/cve/CVE-2014-8884 https://access.redhat.com/security/cve/CVE-2015-0274 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1352803 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU+GmuXlSAg2UNWIIRAsuVAJ0cw57y0gf8PHaHBm+h2iMw579L0QCgj2Yx RbiWM5G7puiwtgziJ75pAwM= =0gV7 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVPjnaxLndAQH1ShLAQIm5RAAgMG2AuBG7QDZfw0hirMrnHpc1XAYP6Px 54/mMSyPcWpMimk43lp+8J/kYo2nGa3ZTXgNB9U53qeH8IVnqJImWBYxlDxzGTxj 12cDZ0IGBj9GZOLtb8iR3X1MmiA5h4F7Z0fbgbwYTEPpc+QDLxybpE4m6UpbkauP K5q56uxTzd+H5oEMMn4fAqiuZfsOvjiUL3eSyIcjSyYfXwAyuvsIpImw6QXQ9NLK 3GQcnkd7aweSSiIZmbV9mMo6xRFWfSuzOjEEXpbdKfJ5QOPFDKVqtkJef5q/SCp0 9i36ZkJL5t5T0EDcaX/MK74bha4jyUcyj1LT868onD/tS/ek63cSf9EJVZAIRpxI uu2uHKmhScMppMsK8pblumRdGBM1ys9296QdjyONmlRSczeEMmo48OCdMsWIs3wJ 1fr9qC35oHtQaHcah1j5ATuPYTcY8RJZzqfxN970jyTmnLQ0HmIXkIknXSwzMaFg A87f39edNxP4Rst5XuouGUzwu8Gh+romH4N5s66x4VyvntRfpPz/Qv4O9NsX+aJF VlmqH2hwbR7gMg8Qap32yRQKB8C1jKXZIqXAh0GxiPPYNSnEE5hoyMa9cSTj21SH vN4rJOMD5SPJEtR0PWZHwtN5mr2IXnGAAoj/MT/wSjMJPpUSoqKfkpW7CsWVDB0s SH7CsPE34cY= =3V+x -----END PGP SIGNATURE-----