Operating System:

[MAC]

Published:

01 November 2017

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2775
 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13
                              1 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Apple macOS
Publisher:        Apple
Operating System: OS X
Impact/Access:    Root Compromise                -- Remote with User Interaction
                  Access Privileged Data         -- Remote/Unauthenticated      
                  Denial of Service              -- Remote/Unauthenticated      
                  Provide Misleading Information -- Remote/Unauthenticated      
                  Unauthorised Access            -- Remote/Unauthenticated      
                  Access Confidential Data       -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2017-1000373 CVE-2017-13846 CVE-2017-13843
                  CVE-2017-13842 CVE-2017-13841 CVE-2017-13840
                  CVE-2017-13839 CVE-2017-13838 CVE-2017-13837
                  CVE-2017-13836 CVE-2017-13834 CVE-2017-13832
                  CVE-2017-13831 CVE-2017-13830 CVE-2017-13828
                  CVE-2017-13827 CVE-2017-13826 CVE-2017-13825
                  CVE-2017-13824 CVE-2017-13823 CVE-2017-13822
                  CVE-2017-13821 CVE-2017-13820 CVE-2017-13819
                  CVE-2017-13818 CVE-2017-13817 CVE-2017-13816
                  CVE-2017-13815 CVE-2017-13814 CVE-2017-13813
                  CVE-2017-13812 CVE-2017-13811 CVE-2017-13810
                  CVE-2017-13809 CVE-2017-13808 CVE-2017-13807
                  CVE-2017-13782 CVE-2017-10989 CVE-2017-9789
                  CVE-2017-9788 CVE-2017-9233 CVE-2017-7679
                  CVE-2017-7668 CVE-2017-7659 CVE-2017-7144
                  CVE-2017-7143 CVE-2017-7141 CVE-2017-7138
                  CVE-2017-7132 CVE-2017-7130 CVE-2017-7129
                  CVE-2017-7128 CVE-2017-7127 CVE-2017-7126
                  CVE-2017-7125 CVE-2017-7124 CVE-2017-7123
                  CVE-2017-7122 CVE-2017-7121 CVE-2017-7119
                  CVE-2017-7114 CVE-2017-7086 CVE-2017-7084
                  CVE-2017-7083 CVE-2017-7082 CVE-2017-7080
                  CVE-2017-7078 CVE-2017-7077 CVE-2017-7074
                  CVE-2017-6464 CVE-2017-6463 CVE-2017-6462
                  CVE-2017-6460 CVE-2017-6459 CVE-2017-6458
                  CVE-2017-6455 CVE-2017-6452 CVE-2017-6451
                  CVE-2017-3169 CVE-2017-3167 CVE-2017-0381
                  CVE-2016-9843 CVE-2016-9842 CVE-2016-9841
                  CVE-2016-9840 CVE-2016-9063 CVE-2016-9042
                  CVE-2016-8743 CVE-2016-8740 CVE-2016-5387
                  CVE-2016-4736 CVE-2016-2161 CVE-2016-736

Reference:        ASB-2017.0181
                  ASB-2017.0173
                  ASB-2017.0136
                  ASB-2017.0107
                  ESB-2017.2742
                  ESB-2017.2708
                  ESB-2017.2689
                  ESB-2017.2688
                  ESB-2017.2676
                  ESB-2017.2604

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-8
Additional information for APPLE-SA-2017-09-25-1
macOS High Sierra 10.13

macOS High Sierra 10.13 addresses the following:

802.1X
Available for: OS X Mountain Lion 10.8 and later
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol security issue was addressed by enabling TLS
1.1 and TLS 1.2.
CVE-2017-13832: an anonymous researcher
Entry added October 31, 2017

apache
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in Apache
Description: Multiple issues were addressed by updating to version
2.4.27.
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
CVE-2017-9789
Entry added October 31, 2017

apache
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in Apache
Description: Multiple issues existed in Apache. These were addressed
by updating Apache to version 2.4.25.
CVE-2016-736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
Entry added October 31, 2017

AppleScript
Available for: OS X Mountain Lion 10.8 and later
Impact: Decompiling an AppleScript with osadecompile may lead to
arbitrary code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13809: an anonymous researcher
Entry added October 31, 2017

Application Firewall
Available for:  OS X Lion v10.8 and later
Impact: A previously denied application firewall setting may take
effect after upgrading
Description: An upgrade issue existed in the handling of firewall
settings. This issue was addressed through improved handling of
firewall settings during upgrades.
CVE-2017-7084: an anonymous researcher

AppSandbox
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7074: Daniel Jalkut of Red Sweater Software

ATS
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2017-13820: John Villamil, Doyensec
Entry added October 31, 2017

Audio
Available for: OS X Mountain Lion 10.8 and later
Impact: Parsing a maliciously crafted QuickTime file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team
Entry added October 31, 2017

Captive Network Assistant
Available for:  OS X Lion v10.8 and later
Impact: A local user may unknowingly send a password unencrypted over
the network
Description: The security state of the captive portal browser was not
obvious. This issue was addressed with improved visibility of the
captive portal browser security state.
CVE-2017-7143: an anonymous researcher

CFNetwork Proxies
Available for:  OS X Lion v10.8 and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.

CFString
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13821: Australian Cyber Security Centre â\x{128}\x{147} Australian Signals
Directorate
Entry added October 31, 2017

CoreAudio
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro

CoreText
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-13825: Australian Cyber Security Centre â\x{128}\x{147} Australian Signals
Directorate
Entry added October 31, 2017

Directory Utility
Available for:  OS X Lion v10.8 and later
Impact: A local attacker may be able to determine the Apple ID of the
owner of the computer
Description: A permissions issue existed in the handling of the Apple
ID. This issue was addressed with improved access controls.
CVE-2017-7138: an anonymous researcher

file
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.30.
CVE-2017-7121: found by OSS-Fuzz
CVE-2017-7122: found by OSS-Fuzz
CVE-2017-7123: found by OSS-Fuzz
CVE-2017-7124: found by OSS-Fuzz
CVE-2017-7125: found by OSS-Fuzz
CVE-2017-7126: found by OSS-Fuzz

file
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.31.
CVE-2017-13815
Entry added October 31, 2017

Fonts
Available for: OS X Mountain Lion 10.8 and later
Impact: Rendering untrusted text may lead to spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13828: an anonymous researcher
Entry added October 31, 2017

fsck_msdos
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13811: an anonymous researcher
Entry added October 31, 2017

HelpViewer
Available for: OS X Mountain Lion 10.8 and later
Impact: A quarantined HTML file may execute arbitrary JavaScript
cross-origin
Description: A cross-site scripting issue existed in HelpViewer. This
issue was addressed by removing the affected file.
CVE-2017-13819: an anonymous researcher
Entry added October 31, 2017

HFS
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum
Entry added October 31, 2017

ImageIO
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-13814: Australian Cyber Security Centre â\x{128}\x{147} Australian Signals
Directorate
Entry added October 31, 2017

ImageIO
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An information disclosure issue existed in the
processing of disk images. This issue was addressed through improved
memory management.
CVE-2017-13831: an anonymous researcher
Entry added October 31, 2017

Installer
Available for: OS X Mountain Lion 10.8 and later
Impact: A malicious application may be able to access the FileVault
unlock key
Description: This issue was addressed by removing additional
entitlements.
CVE-2017-13837: Patrick Wardle of Synack
Entry added October 31, 2017

IOFireWireFamily
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7077: Brandon Azad

IOFireWireFamily
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc.,
Benjamin Gnahm (@mitp0sh) of PDX

Kernel
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity

Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A permissions issue existed in kernel packet counters.
This issue was addressed through improved permission validation.
CVE-2017-13810: an anonymous researcher
Entry added October 31, 2017

Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13817: Maxime Villard (m00nbsd)
Entry added October 31, 2017

Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13818: The UK's National Cyber Security Centre (NCSC)
CVE-2017-13836: an anonymous researcher, an anonymous researcher
CVE-2017-13841: an anonymous researcher
CVE-2017-13840: an anonymous researcher
CVE-2017-13842: an anonymous researcher
CVE-2017-13782: Kevin Backhouse of Semmle Ltd.
Entry added October 31, 2017

Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13843: an anonymous researcher
Entry added October 31, 2017

Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a malformed mach binary may lead to arbitrary code
execution
Description: A memory corruption issue was addressed through improved
validation.
CVE-2017-13834: Maxime Villard (m00nbsd)
Entry added October 31, 2017

kext tools
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic error in kext loading was addressed with
improved state handling.
CVE-2017-13827: an anonymous researcher
Entry added October 31, 2017

libarchive
Available for: OS X Mountain Lion 10.8 and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-13813: found by OSS-Fuzz
CVE-2017-13816: found by OSS-Fuzz
Entry added October 31, 2017

libarchive
Available for: OS X Mountain Lion 10.8 and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in libarchive.
These issues were addressed through improved input validation.
CVE-2017-13812: found by OSS-Fuzz
Entry added October 31, 2017

libarchive
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2016-4736: Proteas of Qihoo 360 Nirvan Team
Entry added October 31, 2017

libc
Available for:  OS X Lion v10.8 and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-7086: Russ Cox of Google

libc
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-1000373

libexpat
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233

Mail
Available for:  OS X Lion v10.8 and later
Impact: The sender of an email may be able to determine the IP
address of the recipient
Description: Turning off "Load remote content in messages" did not
apply to all mailboxes. This issue was addressed with improved
setting propagation.
CVE-2017-7141: an anonymous researcher

Mail Drafts
Available for:  OS X Lion v10.8 and later
Impact: An attacker with a privileged network position may be able to
intercept mail contents
Description: An encryption issue existed in the handling of mail
drafts. This issue was addressed with improved handling of mail
drafts meant to be sent encrypted.
CVE-2017-7078: an anonymous researcher, an anonymous researcher, an
anonymous researcher

ntp
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in ntp
Description: Multiple issues were addressed by updating to version
4.2.8p10
CVE-2017-6451: Cure53
CVE-2017-6452: Cure53
CVE-2017-6455: Cure53
CVE-2017-6458: Cure53
CVE-2017-6459: Cure53
CVE-2017-6460: Cure53
CVE-2017-6462: Cure53
CVE-2017-6463: Cure53
CVE-2017-6464: Cure53
CVE-2016-9042: Matthew Van Gundy of Cisco

Open Scripting Architecture
Available for: OS X Mountain Lion 10.8 and later
Impact: Decompiling an AppleScript with osadecompile may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13824: an anonymous researcher
Entry added October 31, 2017

PCRE
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.40.
CVE-2017-13846
Entry added October 31, 2017

Postfix
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in Postfix
Description: Multiple issues were addressed by updating to version
3.2.2.
CVE-2017-13826: an anonymous researcher
Entry added October 31, 2017

Quick Look
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13822: Australian Cyber Security Centre â\x{128}\x{147} Australian Signals
Directorate
Entry added October 31, 2017

Quick Look
Available for: OS X Mountain Lion 10.8 and later
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-7132: Australian Cyber Security Centre â\x{128}\x{147} Australian Signals
Directorate
Entry added October 31, 2017

QuickTime
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13823: an anonymous researcher
Entry added October 31, 2017

Remote Management
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13808: an anonymous researcher
Entry added October 31, 2017

Sandbox
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13838: an anonymous researcher
Entry added October 31, 2017

Screen Lock
Available for:  OS X Lion v10.8 and later
Impact: Application Firewall prompts may appear over Login Window
Description: A window management issue was addressed through improved
state management.
CVE-2017-7082: Tim Kingman

Security
Available for:  OS X Lion v10.8 and later
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data. This issue was addressed through improved
validation.
CVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune
Darrud (@theflyingcorpse) of Bærum kommune, an anonymous researcher,
an anonymous researcher

Spotlight
Available for: OS X Mountain Lion 10.8 and later
Impact: Spotlight may display results for files not belonging to the
user
Description: An access issue existed in Spotlight. This issue was
addressed through improved access restrictions.
CVE-2017-13839: an anonymous researcher
Entry added October 31, 2017

SQLite
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to version
3.19.3.
CVE-2017-10989: found by OSS-Fuzz
CVE-2017-7128: found by OSS-Fuzz
CVE-2017-7129: found by OSS-Fuzz
CVE-2017-7130: found by OSS-Fuzz

SQLite
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher

WebKit
Available for:  OS X Lion v10.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2017-7144: an anonymous researcher

zlib
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843

Installation note:

macOS High Sierra 10.13 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8MpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaV7BAA
oPmo5pAA/HORVC3jl7tvStUpsUUiiez204FhuoVFsvHq0w7eYjsYDilzw7f6yveV
e9Xhlbz7jhFpa1SXQhtiK5SSA1aJqhXIzZPSSf4ex/6qBZCSUrAZi1vC05TuQFi2
bvZ9N2mr3Mwd4GlxN7XZ6DLi3BqQPaKIavmuxOLkUSCpkwj9npS1oPDvMCP8DX4q
goywFq4QOgvSJnohH/G8IGSm2Txy/IES68vvxdPRUi3IzjGM7E88QHkwKBDiqZRG
ozuhx8Zs+cEh8yIzLO2UoTJe5gVgz1si7J4tgCPTT65r3Uf2sizkOMMdX8PHmCCi
WTs3adVyJgC8nNql24cvPpJ4UM7bia0adzNf7cjTf7KKtVomIzR6IFaa+V737a+A
jESOB5J0iy1oqzfGN8/zf724N+rc5jp/QejM6tTvcNuc807Z4jVpR3CEr+GkMENz
Hq1Vr06gnBolmwnwlhCHujYwOpJXJ2xllQavNoe6r57XTYid1rjuRG5KXNWPlEgw
GyoB8rTLY+BzLszUtrQlhh5QXa8WaQLg0uPJJDHH3DUM7jEXRBrk7nhrz4z2qq7S
j1hlkhZbW2HuYg9URLhgYtkMgVjbTneZkWhEqER+AIbqFKdwTkuNgu5sHnWCrXG0
N+hmcqhXbgblWwiT0ma/I7Yn0b7O9g9stN88cL9cr3I=
=887+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWflsh4x+lLeg9Ub1AQitAxAAomwProD0Qt3TDdro0OJaIqU0M6hQrfsF
ttwmJQVYFlo7QUUly41JSpweIFmGd7xmZM9mVeDywNskOgXF9bcOOQRpM3vdYy+5
NNesIBbU7XQLqZB44gqaQ1GAYKxIZHdU6BL08x5CyFK1S0s/3QU/KMrCFrlhqTdW
G7Atx0ulCraH8QEJBb9kDtBJSi0HKiR0HIeXWeSkUNkHw8wpyLE5kSOL9MG8XghB
g0YYGhBxwNYPSY3uhf2arYj1AUap87hHEDq3+p8+9K88xuxfDoYirKthEUcenoaW
kDv3APqNiuV8L/CejvogDQXbbYS+GXplAB156ZqZcvQ6xzHs3lFCmOIY0ErQHBM1
9QpnnMqXz0S/OhqOrbRehgPlVhQ2x27xfeCbOFpEUBuAq9dClPosKJbtZlP2jkfX
hFoLabUIHuVJrkcduD+CHnx2FGvX9EVVxlStXHApTFU45RoIY2m8+mu5zNrMYKwT
Wy8zjMbY8zIv9RjiOamYM+9UNVyoFcdwQelZt1vhMTFK22uzrPtLprqUjjzz2jBZ
c66KyZfYFIbjuKsoU4maHZD+Ezf/R6wlf92msZxWLfH+/3ILLd3wfAzsZOxcnlau
CaUS9c/RW5t7nwQcZDX2h86gv1cz7GTShc0yHatEuWQKQbxEpDcCwmX7RZvhWfI2
2Y5JtAk0FgE=
=MPiS
-----END PGP SIGNATURE-----