Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.3058
Important: Red Hat JBoss updates
8 December 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat JBoss Fuse 6.2.1
Red Hat JBoss A-MQ 6.2.1
Red Hat JBoss Fuse Service Works 6.2.1
Red Hat JBoss BRMS 6.2.0
Publisher: Red Hat
Operating System: Red Hat
Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-7501 CVE-2015-6748 CVE-2015-5181
CVE-2015-3253 CVE-2015-0264 CVE-2015-0263
CVE-2015-0250
Reference: ESB-2015.2935
ESB-2015.2012
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2015-2556.html
https://rhn.redhat.com/errata/RHSA-2015-2557.html
https://rhn.redhat.com/errata/RHSA-2015-2558.html
https://rhn.redhat.com/errata/RHSA-2015-2559.html
https://rhn.redhat.com/errata/RHSA-2015-2560.html
Comment: This bulletin contains five (5) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Fuse 6.2.1 update
Advisory ID: RHSA-2015:2556-01
Product: Red Hat JBoss Fuse
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2556.html
Issue date: 2015-12-07
CVE Names: CVE-2015-3253 CVE-2015-5181 CVE-2015-7501
=====================================================================
1. Summary:
Red Hat JBoss Fuse 6.2.1, which fixes three security issues, several bugs,
and adds various enhancements, is now available from the Red Hat Customer
Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Description:
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,
flexible, open source enterprise service bus and integration platform.
Red Hat JBoss Fuse 6.2.1 is a micro product release that updates Red Hat
JBoss Fuse 6.2.0, and includes several bug fixes and enhancements. Refer to
the Release Notes document, available from the link in the References
section, for a list of changes.
The following security fixes are addressed in this release:
It was found that the Apache commons-collections library permitted code
execution when deserializing objects involving a specially constructed
chain of classes. A remote attacker could use this flaw to execute
arbitrary code with the permissions of the application using the
commons-collections library. (CVE-2015-7501)
Further information about this issue may be found at:
https://access.redhat.com/solutions/2045023
A flaw was discovered that when an application uses Groovy (has it on the
classpath) and uses the standard Java serialization mechanism, an attacker
can bake a special serialized object that executes code directly when
deserialized. All applications which rely on serialization and do not
isolate the code which deserializes objects are subject to this
vulnerability. (CVE-2015-3253)
It was found that the JBoss A-MQ console would accept a string containing
JavaScript as the name of a new message queue. Execution of the UI would
subsequently execute the script. An attacker could use this flaw to access
sensitive information or perform other attacks. (CVE-2015-5181)
Red Hat would like to thank Naftali Rosenbaum of Comsec Consulting for
reporting CVE-2015-5181.
All users of Red Hat JBoss Fuse 6.2.0 are advised to apply this update.
3. Solution:
The References section of this erratum contains a download link (you must
log in to download the update).
4. Bugs fixed (https://bugzilla.redhat.com/):
1243934 - CVE-2015-3253 groovy: remote execution of untrusted code in class MethodClosure
1248804 - CVE-2015-5181 A-MQ Console: script injection into queue name
1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation
5. JIRA issues fixed (https://issues.jboss.org/):
ENTESB-4398 - Arbitrary remote code execution with InvokerTransformer
6. References:
https://access.redhat.com/security/cve/CVE-2015-3253
https://access.redhat.com/security/cve/CVE-2015-5181
https://access.redhat.com/security/cve/CVE-2015-7501
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.2.1
https://access.redhat.com/solutions/2045023
https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWZfDMXlSAg2UNWIIRAmfiAKCfO/H71Dlcij5D7R1xC0H5CvBlKACfRtIX
9dnbEFEqfTUl8U3zcV369Qw=
=m+SP
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss A-MQ 6.2.1 update
Advisory ID: RHSA-2015:2557-01
Product: Red Hat JBoss A-MQ
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2557.html
Issue date: 2015-12-07
CVE Names: CVE-2015-3253 CVE-2015-5181 CVE-2015-7501
=====================================================================
1. Summary:
Red Hat JBoss A-MQ 6.2.1, which fixes three security issues, several bugs,
and adds various enhancements, is now available from the Red Hat Customer
Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Description:
Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant
messaging system that is tailored for use in mission critical applications.
Red Hat JBoss A-MQ 6.2.1 is a micro product release that updates Red Hat
JBoss A-MQ 6.2.0, and includes several bug fixes and enhancements. Refer to
the Release Notes document, available from the link in the References
section, for a list of changes.
The following security fixes are addressed in this release:
It was found that the Apache commons-collections library permitted code
execution when deserializing objects involving a specially constructed
chain of classes. A remote attacker could use this flaw to execute
arbitrary code with the permissions of the application using the
commons-collections library. (CVE-2015-7501)
Further information about this issue may be found at:
https://access.redhat.com/solutions/2045023
A flaw was discovered that when an application uses Groovy (has it on the
classpath) and uses the standard Java serialization mechanism, an attacker
can bake a special serialized object that executes code directly when
deserialized. All applications which rely on serialization and do not
isolate the code which deserializes objects are subject to this
vulnerability. (CVE-2015-3253)
It was found that the JBoss A-MQ console would accept a string containing
JavaScript as the name of a new message queue. Execution of the UI would
subsequently execute the script. An attacker could use this flaw to access
sensitive information or perform other attacks. (CVE-2015-5181)
Red Hat would like to thank Naftali Rosenbaum of Comsec Consulting for
reporting CVE-2015-5181.
All users of Red Hat JBoss A-MQ 6.2.0 as provided from the Red Hat Customer
Portal are advised to apply this update.
3. Solution:
The References section of this erratum contains a download link (you must
log in to download the update).
4. Bugs fixed (https://bugzilla.redhat.com/):
1243934 - CVE-2015-3253 groovy: remote execution of untrusted code in class MethodClosure
1248804 - CVE-2015-5181 A-MQ Console: script injection into queue name
1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation
5. JIRA issues fixed (https://issues.jboss.org/):
ENTESB-4398 - Arbitrary remote code execution with InvokerTransformer
6. References:
https://access.redhat.com/security/cve/CVE-2015-3253
https://access.redhat.com/security/cve/CVE-2015-5181
https://access.redhat.com/security/cve/CVE-2015-7501
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq&downloadType=distributions&version=6.2.1
https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_A-MQ/
https://access.redhat.com/solutions/2045023
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWZfDTXlSAg2UNWIIRAqQWAKCpTMbovQc86F5F7S/qYSm7epk/SwCgkRp3
Q/CL1ZUdh8dNmyM/xz89F24=
=/MKe
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Fuse Service Works 6.2.1 update
Advisory ID: RHSA-2015:2558-01
Product: Red Hat JBoss Fuse Service Works
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2558.html
Issue date: 2015-12-07
CVE Names: CVE-2015-0263 CVE-2015-0264 CVE-2015-3253
=====================================================================
1. Summary:
Red Hat JBoss Fuse Service Works 6.2.1, which fixes three security issues
and various bugs, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Description:
Red Hat JBoss Fuse Service Works is the next-generation ESB and business
process automation infrastructure.
This release of Red Hat JBoss Fuse Service Works 6.2.1 serves as a
replacement for Red Hat JBoss Fuse Service Works 6.0.0. It includes various
bug fixes, which are listed in the README file included with the patch
files.
The following security issues are fixed with this release:
A flaw was discovered that when an application uses Groovy (has it on the
classpath) and uses the standard Java serialization mechanism, an attacker
can bake a special serialized object that executes code directly when
deserialized. All applications which rely on serialization and do not
isolate the code which deserializes objects are subject to this
vulnerability. (CVE-2015-3253)
It was found that Apache Camel's XML converter performed XML External
Entity (XXE) expansion. A remote attacker able to submit an SAXSource
containing an XXE declaration could use this flaw to read files accessible
to the user running the application server, and potentially perform other
more advanced XXE attacks. (CVE-2015-0263)
It was found that Apache Camel performed XML External Entity (XXE)
expansion when evaluating invalid XML Strings or invalid XML GenericFile
objects. A remote attacker able to submit a crafted XML message could use
this flaw to read files accessible to the user running the application
server, and potentially perform other more advanced XXE attacks.
(CVE-2015-0264)
All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the
Red Hat Customer Portal are advised to apply this security update.
3. Solution:
The References section of this erratum contains a download link (you must
log in to download the updates). Before applying the updates, back up your
existing installation, including all applications, configuration files,
databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update, and then after installing
the update, restart the server by starting the JBoss Application Server
process.
4. Bugs fixed (https://bugzilla.redhat.com/):
1203341 - CVE-2015-0264 Camel: XXE via XPath expression evaluation
1203344 - CVE-2015-0263 Camel: XXE in via SAXSource expansion
1243934 - CVE-2015-3253 groovy: remote execution of untrusted code in class MethodClosure
5. References:
https://access.redhat.com/security/cve/CVE-2015-0263
https://access.redhat.com/security/cve/CVE-2015-0264
https://access.redhat.com/security/cve/CVE-2015-3253
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse.serviceworks&downloadType=distributions&version=6.2.1
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWZfDaXlSAg2UNWIIRAqo4AKCAWdR9+9lWONKC4u22zgWHHyhyjACeMn1R
ccS1nUZyXktfSdxuT2KBN6g=
=v1JM
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat JBoss BRMS 6.2.0 update
Advisory ID: RHSA-2015:2559-01
Product: Red Hat JBoss BRMS
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2559.html
Issue date: 2015-12-07
CVE Names: CVE-2015-0250 CVE-2015-6748 CVE-2015-7501
=====================================================================
1. Summary:
Red Hat JBoss BRMS 6.2.0, which fixes three security issues, several
bugs, and adds various enhancements, is now available from the Red Hat
Customer Portal.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Description:
Red Hat JBoss BRMS is a business rules management system for the
management, storage, creation, modification, and deployment of JBoss Rules.
This release of Red Hat JBoss BRMS 6.2.0 serves as a replacement for Red
Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements. Refer to the
Red Hat JBoss BRMS 6.2.0 Release Notes for information on the most
significant of these changes. The Release Notes are available at
https://access.redhat.com/documentation/en/red-hat-jboss-brms/
The following security issues are also fixed with this release:
It was found that the Apache commons-collections library permitted code
execution when deserializing objects involving a specially constructed
chain of classes. A remote attacker could use this flaw to execute
arbitrary code with the permissions of the application using the
commons-collections library. (CVE-2015-7501)
Further information about this security flaw may be found at:
https://access.redhat.com/solutions/2045023
It was found that batik was vulnerable to XML External Entity attacks when
parsing SVG files. A remote attacker able to send malicious SVG content to
the affected server could use this flaw to read files accessible to the
user running the application server, and potentially perform other more
advanced XXE attacks. (CVE-2015-0250)
It was found that jsoup did not properly validate user-supplied HTML
content; certain HTML snippets could get past the validator without being
detected as unsafe. A remote attacker could use a specially crafted HTML
snippet to execute arbitrary web script in the user's browser.
(CVE-2015-6748)
All users of Red Hat JBoss BRMS 6.1.2 as provided from the Red Hat Customer
Portal are advised to upgrade to Red Hat JBoss BRMS 6.2.0.
3. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing installation, including all applications, configuration files,
databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update, and then after installing the
update, restart the server by starting the JBoss Application Server
process.
4. Bugs fixed (https://bugzilla.redhat.com/):
1203762 - CVE-2015-0250 batik: XML External Entity (XXE) injection in SVG parsing
1258310 - CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF
1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation
5. References:
https://access.redhat.com/security/cve/CVE-2015-0250
https://access.redhat.com/security/cve/CVE-2015-6748
https://access.redhat.com/security/cve/CVE-2015-7501
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions&version=6.2.0
https://access.redhat.com/documentation/en/red-hat-jboss-brms/
https://access.redhat.com/solutions/2045023
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWZfDhXlSAg2UNWIIRAvDKAKClwhyanboC5lO2WQXu6871vyZy8ACfTr4p
DEXQISjnuE1tLdAFItUPXcg=
=BO5h
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat JBoss BPM Suite 6.2.0 update
Advisory ID: RHSA-2015:2560-01
Product: Red Hat JBoss BPM Suite
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2560.html
Issue date: 2015-12-07
CVE Names: CVE-2015-0250 CVE-2015-6748 CVE-2015-7501
=====================================================================
1. Summary:
Red Hat JBoss BPM Suite 6.2.0, which fixes three security issues, several
bugs, and adds various enhancements, is now available from the Red Hat
Customer Portal.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Description:
Red Hat JBoss BPM Suite is a business rules and processes management system
for the management, storage, creation, modification, and deployment of
JBoss rules and BPMN2-compliant business processes.
This release of Red Hat JBoss BPM Suite 6.2.0 serves as a replacement for
Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements.
Refer to the Red Hat JBoss BPM Suite 6.2.0 Release Notes for information on
the most significant of these changes. The Release Notes are available at
https://access.redhat.com/documentation/en/red-hat-jboss-brms/
The following security issues are also fixed with this release:
It was found that the Apache commons-collections library permitted code
execution when deserializing objects involving a specially constructed
chain of classes. A remote attacker could use this flaw to execute
arbitrary code with the permissions of the application using the
commons-collections library. (CVE-2015-7501)
Further information about this security flaw may be found at:
https://access.redhat.com/solutions/2045023
It was found that batik was vulnerable to XML External Entity attacks when
parsing SVG files. A remote attacker able to send malicious SVG content to
the affected server could use this flaw to read files accessible to the
user running the application server, and potentially perform other more
advanced XXE attacks. (CVE-2015-0250)
It was found that jsoup did not properly validate user-supplied HTML
content; certain HTML snippets could get past the validator without being
detected as unsafe. A remote attacker could use a specially crafted HTML
snippet to execute arbitrary web script in the user's browser.
(CVE-2015-6748)
All users of Red Hat JBoss BPM Suite 6.1.2 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.2.0.
3. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing installation, including all applications, configuration files,
databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update, and then after installing
the update, restart the server by starting the JBoss Application Server
process.
4. Bugs fixed (https://bugzilla.redhat.com/):
1203762 - CVE-2015-0250 batik: XML External Entity (XXE) injection in SVG parsing
1258310 - CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF
1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation
5. References:
https://access.redhat.com/security/cve/CVE-2015-0250
https://access.redhat.com/security/cve/CVE-2015-6748
https://access.redhat.com/security/cve/CVE-2015-7501
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite&downloadType=distributions&version=6.2.0
https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/
https://access.redhat.com/solutions/2045023
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWZfDoXlSAg2UNWIIRAohBAJ9MfGsVH9cga1METwUuBpeAUwl7OACfV8d2
HrTmzDEH6eFp2FkRTOLmFyA=
=dypX
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVmZNIn6ZAP0PgtI9AQJZPA//TjvMwUAxIRULGkd/Y7ke2VnCQ95ZuONr
ZTkXKI+3LTstMnkDetzYls86LGjgS7bT21AHzUGvHJFIIvNiuu7lDuFS5j1558FG
ZYA9hXhWNPCQX8EvLQJXMoiBfBYwedmDlK1g3erMSf4ZH+qvKoIYWy4xuxplXPMc
ipKhC0r9hf4+1JuTtYejG6n6+YlAWy+hsowZ2QM0hDE7mqs6VJDIMBW+y/rtkRsm
+z3/9rGuffTH/YevgFbpl9vOS/P5evyq9HO/ueNUBs7awws3qTilAtpCQHDCQso9
GBf1A/FxCfkl64W98ytSKUHAI4m2BmbhVeqvpdLPhXXzFZptUVDc8kn8tDxiowNv
fre52d5GNCH9JjOmG+Hx4zFeOrxci1NCR8IFgv6grG9aHNrz7LNcIyoA/pdVSOu8
Uq+CUAAzpvJwzw7bC3WbT+kVM0dOSzq7xyp9ftKbd2JHFz1JHi+UYxCG/wBjLfZi
Z2wMHOn8RMTc1qJqkODPCiMR/cae2KpvdU491aGg2ztLzQaprObg44GR7ctEGHzq
SuWtGdv90FWcG9DQPqAaECf9QkSJQUywCDQFIAJO/MJo4P1bOLWwXXllraCV09vn
kCh0dES4011N9bI/V/5QPpz8saGcJ7zxBhYL9QDgX7bASOFazoPMzvzp+oUu9BiI
ZRFumLoa/Wo=
=oWWe
-----END PGP SIGNATURE-----