Published:
13 April 2017
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0960 Multiple vulnerabilities have been identified in JunOS 13 April 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Juniper Junos Publisher: Juniper Networks Impact/Access: Root Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-2340 CVE-2017-2313 CVE-2017-2312 CVE-2016-10142 CVE-2016-9311 CVE-2016-9310 CVE-2016-7431 CVE-2016-7429 CVE-2016-7427 CVE-2016-1886 CVE-2015-8158 CVE-2015-8138 CVE-2015-7979 CVE-2015-7973 Reference: ESB-2016.1246 ESB-2016.1041 Original Bulletin: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10786 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10784 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10777 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10780 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10776 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10778 Comment: This bulletin contains six (6) Juniper Networks security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- 2017-04 Security Bulletin: Junos: PFE crash while handling IPv6 ND advertisements (CVE-2017-2340) Article ID: JSA10786 Last Updated: 12 Apr 2017 Version: 3.0 PRODUCT AFFECTED: This issue can affect any M/MX platform running Junos OS where DHCPv6 subscribers are configured. PROBLEM: A vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers configured with Enhanced Subscriber Management for DHCPv6 subscribers can result in a PFE (Packet Forwarding Engine) hang or crash. The Enhanced Subscriber Management feature was introduced in Junos OS 15.1R3 for M/MX-Series devices. Devices are vulnerable only when the system configuration contains: subscriber-management enable force This issue does not affect devices with only IPv4 configured. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue has been assigned CVE-2017-2340. SOLUTION: The following software releases have been updated to resolve this specific issue: Junos OS 15.1R5, 16.1R3, 16.2R1 and all subsequent releases. This issue is being tracked as PR 1212431 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. WORKAROUND: It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the router only from trusted, administrative networks or hosts. IMPLEMENTATION: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. MODIFICATION HISTORY: 2017-04-12: Initial release. RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVSS SCORE: 4.3 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) RISK LEVEL: Medium RISK ASSESSMENT: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -- 2017-04 Security Bulletin: Junos: Integer signedness buffer overflow vulnerability in keyboard driver (CVE-2016-1886) Article ID: JSA10784 Last Updated: 12 Apr 2017 Version: 3.0 PRODUCT AFFECTED: This issue can affect any product or platform running Junos OS. PROBLEM: Incorrect signedness comparison in the ioctl(2) handler allows a malicious local user to overwrite a portion of the kernel memory. A local user may crash the kernel, read a portion of kernel memory and execute arbitrary code in kernel context. The result of executing an arbitrary kernel code is privilege escalation. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue has been assigned CVE-2016-1886. SOLUTION: The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D55, 14.1R9, 14.1X53-D50, 14.2R7, 15.1F5-S5, 15.1F7, 15.1R5, 15.1X49-D60, 15.1X53-D230, 16.1R2, 16.2R1, 17.1R1, and all subsequent releases. This issue is being tracked as PR 1184592 and is visible on the Customer Support website. WORKAROUND: Use access lists or firewall filters to limit access to the device only from trusted administrative users, networks, and hosts. IMPLEMENTATION: How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. MODIFICATION HISTORY: 2017-04-12: Initial publication RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVE-2016-1886: Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow." CVSS SCORE: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) RISK LEVEL: High RISK ASSESSMENT: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -- 2017-04 Security Bulletin: Junos: Crafted LDP packets cause a memory leak that could lead to rpd crash (CVE-2017-2312) Article ID: JSA10777 Last Updated: 12 Apr 2017 Version: 2.0 PRODUCT AFFECTED: This issue can affect any product or platform running Junos OS with LDP enabled. PROBLEM: A specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network due to LDP packets originating from a different vendor's device. No other Juniper Networks products or platforms are affected by this issue. This issue has been assigned CVE-2017-2312. SOLUTION: The following software releases have been updated to resolve this specific issue: Junos OS 13.3R10, 14.1R8, 14.2R7-S6, 14.2R8, 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5, 15.1X49-D70, 15.1X53-D230, 15.1X53-D63, 15.1X53-D70, 16.1R2, 16.2R1, and all subsequent releases. This issue is being tracked as PR 1197631 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. WORKAROUND: Use access lists or firewall filters to limit access to the device via LDP only from trusted networks or hosts, or enable MD5 authentication on all authorized LDP sessions. IMPLEMENTATION: How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. MODIFICATION HISTORY: 2017-04-12: Initial publication RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVE-2017-2312: Crafted LDP packets cause memory leak that could lead to rpd crash CVSS SCORE: 5.7 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) RISK LEVEL: Medium RISK ASSESSMENT: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -- 2017-04 Security Bulletin: Junos: ICMPv6 PTB atomic fragment denial of service attack (CVE-2016-10142) Article ID: JSA10780 Last Updated: 12 Apr 2017 Version: 2.0 PRODUCT AFFECTED: This issue can affect any product or platform running Junos OS with IPv6 enabled. PROBLEM: An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. The security implications of IP fragmentation have been discussed at length in various RFCs. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement RFC 6946. However, even nodes that already implement RFC 6946 can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Since most nodes are configured to reject all packets that contain fragment headers, as recommended in RFC 6192, if a Junos OS router emits atomic fragments (containing IPv6 Fragment Extension Headers) towards its legitimate communication peer, traffic may be dropped by the peer causing a secondary denial of service condition. This issue is triggered by ICMPv6 traffic destined to the device. Transit IPv6 traffic will not cause this issue to occur, and IPv4 is unaffected by this vulnerability. This issue has been assigned CVE-2016-10142. SOLUTION: Junos OS now follows the recommendations from RFC 8021, section 4, to prevent this issue. When such a PTB message is received, it will be ignored unless Junos OS is explicitly instructed to allow atomic fragments via a sysctl setting. The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D50, 14.1R8-S3, 14.1R9, 14.2R7-S6, 14.2R8, 15.1F2-S16, 15.1F6-S5, 15.1R4-S7, 15.1R5-S2, 15.1R6, 15.1X49-D80, 16.1R3-S3, 16.1R4-S1, 16.1R5, 16.2R1-S3, 16.2R2, 17.1R1, 17.2R1, and all subsequent releases. This issue is being tracked as PR 1250832 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. WORKAROUND: Malicious exploitation of this vulnerability may be mitigated by employing anti-spoofing IP address filters and unicast reverse-path-forwarding (uRPF) checking to limit spoofed ICMPv6 traffic from entering your network. See BCP 38/RFC 2827 for additional details. IMPLEMENTATION: How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. MODIFICATION HISTORY: 2017-04-12: Initial publication RELATED LINKS: Configuring Unicast Reverse-Path-Forwarding (uRPF) Check KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVE-2016-10142: ICMPv6 PTB atomic fragment denial of service attack CVSS SCORE: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) RISK LEVEL: High RISK ASSESSMENT: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -- 2017-04 Security Bulletin: Junos: Multiple vulnerabilities in NTP [VU#633847] Article ID: JSA10776 Last Updated: 12 Apr 2017 Version: 2.0 PRODUCT AFFECTED: These issues can affect any product or platform running Junos OS with NTP services enabled PROBLEM: NTP.org and FreeBSD have published security advisories for vulnerabilities resolved in ntpd (NTP daemon). The following is a summary of the vulnerabilities that may impact Junos OS: CVE CVSS v2 base score Summary CVE-2016-9311 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. CVE-2016-9310 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVE-2015-7973 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. CVE-2015-7979 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. CVE-2016-7431 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. CVE-2015-8158 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. CVE-2016-7429 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. CVE-2016-7427 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P) The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. Server-side vulnerabilities are only exploitable on systems where NTP server is enabled within the [edit system ntp] hierarchy level. SOLUTION: The following software releases have been updated to resolve these specific issues: Junos OS 12.3X48-D45, 14.1R8-S3, 14.1R9, 14.2R7-S6, 14.2R8, 15.1F2-S16, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6, 15.1X49-D80, 16.1R3-S3, 16.1R4-S1, 16.1R5, 16.2R1-S3, 16.2R2, 17.1R1, 17.2R1, and all subsequent releases. These issues are being tracked as PRs 1234119 and 1159544, and are visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. WORKAROUND: Standard security best current practices (control plane firewall filters, edge filtering, access lists, etc.) will protect against any remote malicious attacks against NTP. Customers who have already applied the workaround described in JSA10613 are already protected against any remote exploitation of these vulnerabilities. Refer to the Workaround section of JSA10613 for specific applicable mitigation techniques. IMPLEMENTATION: How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. MODIFICATION HISTORY: 2017-04-12: Initial publication RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team November 2016 ntp-4.2.8p9 NTP Security Vulnerability Announcement FreeBSD-SA-16:09.ntp: Multiple vulnerabilities of ntp CVSS SCORE: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) RISK LEVEL: Medium RISK ASSESSMENT: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -- 2017-04 Security Bulletin: Junos: rpd crash due to crafted BGP UPDATE (CVE-2017-2313) Article ID: JSA10778 Last Updated: 12 Apr 2017 Version: 3.0 PRODUCT AFFECTED: This issue can affect any product or platform running Junos OS 15.1 or later with BGP enabled PROBLEM: Junos OS 15.1 and later releases may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. This issue only affects Junos OS 15.1 and later releases. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue has been assigned CVE-2017-2313. SOLUTION: The following software releases have been updated to resolve this specific issue: Junos OS 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6, 15.1X49-D78, 15.1X49-D80, 15.1X53-D230, 15.1X53-D63, 15.1X53-D70, 16.1R3-S3, 16.1R4, 16.2R1-S3, 16.2R2, 17.1R1, 17.2R1, and all subsequent releases. This issue is being tracked as PR 1229868 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. WORKAROUND: No published workaround exists for this issue. IMPLEMENTATION: How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. MODIFICATION HISTORY: 2017-04-12: Initial publication RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVE-2017-2313: RPD crash due to crafted BGP UPDATE CVSS SCORE: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) RISK LEVEL: High RISK ASSESSMENT: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWO7/2Ix+lLeg9Ub1AQjO8A//bhE24YnSy7nWY+4XciRkmH19pAkhXQuV 8b3wIG/+Bj+lDX2Ct0tfglT7vIyaz9Esp9RBXAFOWfgpmaoQuf9d6ptccjjncXtL 560Yj6j4PJWKjDbCH3IQ1fX49ijh0eT+0nGY9pyTiztDoSM3/UuMWqoQvsyjGpO4 cuKCauDjqAKpWLC7zy62fx8P1KXS4ba1yiJuszMNpIXmFqyn061v3Ehy9az8hMS6 /VVs6xE4VTExjKIBwoVFt5kWYr8MBw1LWBxegDpEpAh6KvzGskm66z/yNu0O5e0A 4pptUXdbMcsAhImDNNkVKZvuywGhZvCbFyrxDGvNwSZ6BGnjiS+j1rmUtBxq8qTq blr25YGnedKTZj5U95SIUl73ANqMkq5hmEL7pKH5AHn8FONP7o4gOF7D+znxjiiX mKw/djeQJln4hKxRIvVpaHUEkRKvbjkkAUFEDWghSqvavOetLW7TQx7VWM3p3v7N ui4dQ7PjB/k6QrzcGtX8IpoAErZYlqlH/U1cpI9KKeRv3DJLMI0VxeVY6i6qN3f1 DT39GqwlsZSUtDNP1jOMVWAAoF0lC7omNIONkxA/w8RuvCJbzTtCRCfPKCL/xXr8 in2gDbDioPbGIpXatB7jUtJtZVQdAao1BwTzX3IjSLq65uSWassLgSnELbdyBx9f FMGXikLG5gU= =orvf -----END PGP SIGNATURE-----