diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-07-06 08:06:16 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-07-06 08:06:16 +0100 |
| commit | 4187bba080530c5ca1c7dae9c233e88f3fc8f535 (patch) | |
| tree | b6f535e053876097ced1b6bda14a4da890c730d4 /metadata/glsa | |
| parent | 2a8d2f71d1d9963368e0ef3d641d75979a689d12 (diff) | |
gentoo auto-resync : 06:07:2024 - 08:06:15
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 577111 -> 578695 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202407-10.xml | 41 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-11.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-12.xml | 56 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-13.xml | 64 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-14.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-15.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-16.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-17.xml | 55 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-18.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-19.xml | 59 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
14 files changed, 510 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index b41a986f64dd..32b9633dac07 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 577111 BLAKE2B 0cdb2f4b37d989ec4779ab2668429fad6726d0f8262d3b4c3b6e33e9dc73ed0cef5a69d0d12e69f34f1ea8a92d72ef9e77fd098a8c9f70b001120570e5caedac SHA512 8633861ca75b10437b48ae2c2f704cd739ad0c965fd468529f3c4310836c613f1c2c3a3a0e31e8cc9f53f73bed636d933165206a4bbd67d96bc5e4ca6bcd4b36 -TIMESTAMP 2024-07-04T06:40:42Z +MANIFEST Manifest.files.gz 578695 BLAKE2B 83336190b9db8ef17789198cdcd94b93ded8e3517f2a97f1c20b8822eed5e6b0b5eb3ced060bb3507ec84b889e927fc798f66d29cbf9eb6e887b9965946a290d SHA512 0f0e20bf349c4697ccf022b03425f130dde9817f7156836e59ab595a116902b21ef17cfdaa931f7d352c2e0cef6812f8551245ae1736d423ae95d1dbfc08592f +TIMESTAMP 2024-07-06T06:40:23Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaGQ+pfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaI5tdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAFSw//RkaTE3/KMovSf3ut7F091ch9KM6AAxYHYK36kgV1hRPgjONbYg8Rtn+S -PtUIRIUP+mcGOQ2gV+YzRepQuEJ8bSmTJTp4PtMPL98vXFdmMxK3RovqfWy65xhx -4ZrwUR68Wu7SqVOEES085sgVsP7H6lUACABprJHq1lKx97zqP2J/+g5q0DU9svE1 -GfyJAHAYYV6N34FQ49Tcjif6M9mh1/1G7Ne20kRoYhsxYquZgS17IxNvmBOk7xMr -+RJ6JqG1bvjXo32fhgKI1EJS8uE5+hnIBtx52lnyqeKVOLs9hhAXbNgtgHDNNXpS -cpZgmGligLmt7lzZrZ9fLvDJbgA0ZggSk8Zb/FK9JGG0NsDfk49Ms3dvom1XjXa4 -B/2N/HNOSo4CT9avS72Kjjz/BfXR5Y2wrW4f8JKL9WoTGbC3LFRNam1BU4U3Vtb+ -40zX4lsmS6TCYRq1oXlBQq3wS+pvkZ7jW1R07EvunY+w/v9SnsS0z9Z+ISrsZDZ1 -eZgFl3mphsy3GiCjTe6RnYOuPUPWqaBPq1+W8IaCrdQ8Mm13P8Q/sO+HT1i1qVm0 -FJgBodkn4ck0snbz0ruL5iweUulVXq0YNNUL+n9u0wV0x/73u/niZ/YXV+vAwIaK -CuB9yPhqeGI9ZfTCia9wo3/vBgRH1X4EVRqg4WPaeHYhOV0g08s= -=MRAW +klD3RhAAp3CNXg4364FSyD1tR0sC2kBodwKOzSLobUMQQxe1L8aHmx0WDCQoJ0t6 +mL7WXtDH+o4JdFXt2NVLDYriML8NgKyi32GD4hohJGdftiUvu8YAogRuuIMPqfz9 +5jZ3K5BntuS4nHAGR7dlfGWl2endPZ/efKoWvm+44k/rJxJddnFZHZSZzAYZR6vp +/RKhvxDXIiZHyt4AdxITAt2TNJXksVF+/RnJwl+3UyKJWzzrfnbXlP0xTIAQ5iax +kBBk2PyQkRlRq6jckHx4Hp90uuc7QVqZSswSQjMGUaGM75ej2mdjFrIPIqBqHQPe +3qmZYCe3jm55sUuh4IPr6A2h7FbjdD/NEP6Ql8bHY/wNMTkBFbfDGkTScsJ37c2b +rcsWIQX3qAL8uaKRuz4SjFeBbPqFShhnxgLSIlVKO2wQWE149IeAkkxnPpDfABcz +ZRvRodlfeHnH/EvIkhr8XshtueOiQIdvi0YiLErhkFS5hKw7gKUuTsHOBb1O6oI1 +gHCWwopdGJT11V/pKkzTSXsWhf+RauYkXxElccQ0R8AseAlXwGoP2jgye5w6Y2pp +dZNCuA4ScCM1+f+CvlhVuuRxcMhSBhklWG3MdrXS1asOkcjNTW8i/2i404qrALPp +0M9vO0V8WpF7jFt+hje97sLywtWrIdQD4VxoQVsN4/0j7PXn5zU= +=XqTJ -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 155603e718a5..26ad6b20cf0b 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202407-10.xml b/metadata/glsa/glsa-202407-10.xml new file mode 100644 index 000000000000..980308027fef --- /dev/null +++ b/metadata/glsa/glsa-202407-10.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-10"> + <title>Sofia-SIP: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which can lead to remote code execution.</synopsis> + <product type="ebuild">sofia-sip</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>891791</bug> + <access>remote</access> + <affected> + <package name="net-libs/sofia-sip" auto="yes" arch="*"> + <vulnerable range="lt">1.13.16</vulnerable> + </package> + </affected> + <background> + <p>Sofia-SIP is an RFC3261 compliant SIP User-Agent library.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>Gentoo has discontinued support for the Sofia-SIP package. We recommend that users unmerge it:</p> + + <code> + # emerge --ask --depclean "net-libs/sofia-sip" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22741">CVE-2023-22741</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32307">CVE-2023-32307</uri> + </references> + <metadata tag="requester" timestamp="2024-07-05T06:01:03.002442Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T06:01:03.007447Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-11.xml b/metadata/glsa/glsa-202407-11.xml new file mode 100644 index 000000000000..247f229724a1 --- /dev/null +++ b/metadata/glsa/glsa-202407-11.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-11"> + <title>PuTTY: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in PuTTY, the worst of which could lead to compromised keys.</synopsis> + <product type="ebuild">putty</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>920304</bug> + <bug>930082</bug> + <access>remote</access> + <affected> + <package name="net-misc/putty" auto="yes" arch="*"> + <unaffected range="ge">0.81</unaffected> + <vulnerable range="lt">0.81</vulnerable> + </package> + </affected> + <background> + <p>PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All PuTTY users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/putty-0.81" + </code> + + <p>In addition, any keys generated with PuTTY versions 0.68 to 0.80 should be considered breached and should be regenerated.</p> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-48795">CVE-2023-48795</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31497">CVE-2024-31497</uri> + </references> + <metadata tag="requester" timestamp="2024-07-05T06:43:24.794955Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T06:43:24.797373Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-12.xml b/metadata/glsa/glsa-202407-12.xml new file mode 100644 index 000000000000..4834b8028c6e --- /dev/null +++ b/metadata/glsa/glsa-202407-12.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-12"> + <title>podman: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation.</synopsis> + <product type="ebuild">podman</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>829896</bug> + <bug>870931</bug> + <bug>896372</bug> + <bug>921290</bug> + <bug>923751</bug> + <bug>927500</bug> + <bug>927501</bug> + <access>local</access> + <affected> + <package name="app-containers/podman" auto="yes" arch="*"> + <unaffected range="ge">4.9.4</unaffected> + <vulnerable range="lt">4.9.4</vulnerable> + </package> + </affected> + <background> + <p>Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI.</p> + </background> + <description> + <p>Please review the referenced CVE identifiers for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Podman users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-containers/podman-4.9.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4024">CVE-2021-4024</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2989">CVE-2022-2989</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0778">CVE-2023-0778</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-48795">CVE-2023-48795</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1753">CVE-2024-1753</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23651">CVE-2024-23651</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23652">CVE-2024-23652</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23653">CVE-2024-23653</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24786">CVE-2024-24786</uri> + </references> + <metadata tag="requester" timestamp="2024-07-05T07:05:25.139225Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T07:05:25.142869Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-13.xml b/metadata/glsa/glsa-202407-13.xml new file mode 100644 index 000000000000..d988629f655d --- /dev/null +++ b/metadata/glsa/glsa-202407-13.xml @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-13"> + <title>WebKitGTK+: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution</synopsis> + <product type="ebuild">webkit-gtk</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>923851</bug> + <bug>930116</bug> + <access>local and remote</access> + <affected> + <package name="net-libs/webkit-gtk" auto="yes" arch="*"> + <unaffected range="ge" slot="4">2.44.0</unaffected> + <unaffected range="ge" slot="4.1">2.44.0</unaffected> + <unaffected range="ge" slot="6">2.44.0</unaffected> + <vulnerable range="lt" slot="4">2.44.0</vulnerable> + <vulnerable range="lt" slot="4.1">2.44.0</vulnerable> + <vulnerable range="lt" slot="6">2.44.0</vulnerable> + </package> + </affected> + <background> + <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All WebKitGTK+ users should upgrade to the latest version (depending on the installed slots):</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:4" + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:4.1" + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:6" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745">CVE-2014-1745</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40414">CVE-2023-40414</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42833">CVE-2023-42833</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42843">CVE-2023-42843</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42950">CVE-2023-42950</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42956">CVE-2023-42956</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23206">CVE-2024-23206</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23213">CVE-2024-23213</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23222">CVE-2024-23222</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23252">CVE-2024-23252</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23254">CVE-2024-23254</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23263">CVE-2024-23263</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23280">CVE-2024-23280</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23284">CVE-2024-23284</uri> + <uri link="https://webkitgtk.org/security/WSA-2024-0001.html">WSA-2024-0001</uri> + <uri link="https://webkitgtk.org/security/WSA-2024-0002.html">WSA-2024-0002</uri> + </references> + <metadata tag="requester" timestamp="2024-07-05T07:33:55.537227Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T07:33:55.540478Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-14.xml b/metadata/glsa/glsa-202407-14.xml new file mode 100644 index 000000000000..4037c006b564 --- /dev/null +++ b/metadata/glsa/glsa-202407-14.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-14"> + <title>TigerVNC: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in TigerVNC, the worst of which could lead to remote code execution.</synopsis> + <product type="ebuild">tigervnc</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>700464</bug> + <access>remote</access> + <affected> + <package name="net-misc/tigervnc" auto="yes" arch="*"> + <unaffected range="ge">1.12.0-r2</unaffected> + <vulnerable range="lt">1.12.0-r2</vulnerable> + </package> + </affected> + <background> + <p>TigerVNC is a high-performance VNC server/client.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in TigerVNC. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All TigerVNC users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.12.0-r2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15691">CVE-2019-15691</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15692">CVE-2019-15692</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15694">CVE-2019-15694</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15695">CVE-2019-15695</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26117">CVE-2020-26117</uri> + </references> + <metadata tag="requester" timestamp="2024-07-05T08:04:14.901340Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T08:04:14.904899Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-15.xml b/metadata/glsa/glsa-202407-15.xml new file mode 100644 index 000000000000..fc4f96ecc7e3 --- /dev/null +++ b/metadata/glsa/glsa-202407-15.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-15"> + <title>GraphicsMagick: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which could lead to arbitrary code execution.</synopsis> + <product type="ebuild">graphicsmagick</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>888545</bug> + <bug>890851</bug> + <access>local</access> + <affected> + <package name="media-gfx/graphicsmagick" auto="yes" arch="*"> + <unaffected range="ge">1.3.40</unaffected> + <vulnerable range="lt">1.3.40</vulnerable> + </package> + </affected> + <background> + <p>GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GraphicsMagick users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.40" + </code> + </resolution> + <references> + </references> + <metadata tag="requester" timestamp="2024-07-05T08:23:55.078128Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T08:23:55.084776Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-16.xml b/metadata/glsa/glsa-202407-16.xml new file mode 100644 index 000000000000..e586167715d3 --- /dev/null +++ b/metadata/glsa/glsa-202407-16.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-16"> + <title>GNU Coreutils: Buffer Overflow Vulnerability</title> + <synopsis>A vulnerability has been discovered in Coreutils, which can lead to a heap buffer overflow and possibly aribitrary code execution.</synopsis> + <product type="ebuild">coreutils</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>922474</bug> + <access>local</access> + <affected> + <package name="sys-apps/coreutils" auto="yes" arch="*"> + <unaffected range="ge">9.4-r1</unaffected> + <vulnerable range="lt">9.4-r1</vulnerable> + </package> + </affected> + <background> + <p>The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system.</p> + </background> + <description> + <p>A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Coreutils users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/coreutils-9.4-r1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0684">CVE-2024-0684</uri> + </references> + <metadata tag="requester" timestamp="2024-07-05T09:26:36.559921Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T09:26:36.562608Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-17.xml b/metadata/glsa/glsa-202407-17.xml new file mode 100644 index 000000000000..ce7d5704e671 --- /dev/null +++ b/metadata/glsa/glsa-202407-17.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-17"> + <title>BusyBox: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.</synopsis> + <product type="ebuild">busybox</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>824222</bug> + <access>local</access> + <affected> + <package name="sys-apps/busybox" auto="yes" arch="*"> + <unaffected range="ge">1.34.0</unaffected> + <vulnerable range="lt">1.34.0</vulnerable> + </package> + </affected> + <background> + <p>BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All BusyBox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.34.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42373">CVE-2021-42373</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42374">CVE-2021-42374</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42375">CVE-2021-42375</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42376">CVE-2021-42376</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42377">CVE-2021-42377</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42378">CVE-2021-42378</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42379">CVE-2021-42379</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42380">CVE-2021-42380</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42381">CVE-2021-42381</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42382">CVE-2021-42382</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42383">CVE-2021-42383</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42384">CVE-2021-42384</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42385">CVE-2021-42385</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42386">CVE-2021-42386</uri> + </references> + <metadata tag="requester" timestamp="2024-07-05T09:49:36.081859Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T09:49:36.086656Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-18.xml b/metadata/glsa/glsa-202407-18.xml new file mode 100644 index 000000000000..ea2c242f8af4 --- /dev/null +++ b/metadata/glsa/glsa-202407-18.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-18"> + <title>Stellarium: Arbitrary File Write</title> + <synopsis>A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes.</synopsis> + <product type="ebuild">stellarium</product> + <announced>2024-07-05</announced> + <revised count="1">2024-07-05</revised> + <bug>905300</bug> + <access>local and remote</access> + <affected> + <package name="sci-astronomy/stellarium" auto="yes" arch="*"> + <unaffected range="ge">23.1</unaffected> + <vulnerable range="lt">23.1</vulnerable> + </package> + </affected> + <background> + <p>Stellarium is a free open source planetarium for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope.</p> + </background> + <description> + <p>A vulnerability has been discovered in Stellarium. Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Stellarium users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sci-astronomy/stellarium-23.1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28371">CVE-2023-28371</uri> + </references> + <metadata tag="requester" timestamp="2024-07-05T17:31:39.463505Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-05T17:31:39.467808Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-19.xml b/metadata/glsa/glsa-202407-19.xml new file mode 100644 index 000000000000..2c2a7294893a --- /dev/null +++ b/metadata/glsa/glsa-202407-19.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-19"> + <title>Mozilla Thunderbird: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis> + <product type="ebuild">thunderbird,thunderbird-bin</product> + <announced>2024-07-06</announced> + <revised count="1">2024-07-06</revised> + <bug>932375</bug> + <access>remote</access> + <affected> + <package name="mail-client/thunderbird" auto="yes" arch="*"> + <unaffected range="ge">115.11.0</unaffected> + <vulnerable range="lt">115.11.0</vulnerable> + </package> + <package name="mail-client/thunderbird-bin" auto="yes" arch="*"> + <unaffected range="ge">115.11.0</unaffected> + <vulnerable range="lt">115.11.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.11.0" + </code> + + <p>All Mozilla Thunderbird users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.11.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2609">CVE-2024-2609</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3302">CVE-2024-3302</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3854">CVE-2024-3854</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3857">CVE-2024-3857</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3859">CVE-2024-3859</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3861">CVE-2024-3861</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3864">CVE-2024-3864</uri> + </references> + <metadata tag="requester" timestamp="2024-07-06T06:14:39.955147Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-06T06:14:39.959045Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index ea1e49452112..01f0f7485ab4 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Thu, 04 Jul 2024 06:40:39 +0000 +Sat, 06 Jul 2024 06:40:19 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 3406d37a3716..e9b24c1dea7c 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -a5ba53361826e62d69077fdabaf2da4664fc05ba 1719873210 2024-07-01T22:33:30Z +b5d405cb92c7978530ba2683a461c9cb819d4d38 1720246492 2024-07-06T06:14:52Z |