diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2021-07-12 08:41:54 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2021-07-12 08:41:54 +0100 |
| commit | 4df3bf9762850b34cd1ead5c80374d1a0fc3362e (patch) | |
| tree | 3080c5cb7ad17abcb63776a9f21c4947845546a6 /metadata/glsa | |
| parent | 814f4cf860e299a046b649eaee5463427984c09c (diff) | |
gentoo resync : 12.07.2021
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 512077 -> 513815 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202107-20.xml | 57 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-21.xml | 53 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-22.xml | 51 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-23.xml | 55 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-24.xml | 65 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-25.xml | 69 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-26.xml | 51 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-27.xml | 69 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-28.xml | 50 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-29.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202107-30.xml | 73 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
15 files changed, 659 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 7f2cd84f9c73..29379dfcc71a 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 512077 BLAKE2B b3a851fed4ec119529da478b2c6ab640c467b59cd6ed71ff2f31dfb0a9c99957f51e497a53950da01067cd032428548811b642889d9279a9955dbf64efffd2ce SHA512 7112ff989d4e2884b7e474492ed51f97f63f207d184a4ebe02216b0e52b94bf603a95397cb7a6644dd2c462634f0537399957d0d097ff499b816c78955fc2f22 -TIMESTAMP 2021-07-08T13:39:14Z +MANIFEST Manifest.files.gz 513815 BLAKE2B c9341c70c451176624067442c934e00b2746cd12e3817b856dc0f8fd8c41edcf12efea2ca7042e862fd64a6f5fc4c391e4bdeab74017bbb63dda51c5ff0fcf2a SHA512 6745132a386e572818d7fd992a7f2ef031ba828e3e48360c5a4f3b3160c32f4e65e615769109aebc74bb29d44c91864e25ff06783231a9b67785a728877e9e1d +TIMESTAMP 2021-07-12T07:09:00Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmDnAAJfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmDr6oxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klANhQ/9HGufwoJIrfVn1rrOtTclE5+g2CX8iPECUNRY9XRMoLABFbvsUzdnQL8j -lFrUlsMEKtm5jamyeMoHwtWWtXgXzrifSgUAZ7Qv9u8c9mAKBBvsVhrTIhI7GAAo -Gny4YCPFnrUvobhVinSMWo5UnN5JG6aXvgIikzw8p6/k/Vb85sEVoU600LHcF919 -DfsszgGPQczxEW3RF67wgCD34/QlwLjCbNGf1p8VX/EAOrCKkMEF4CT6vImEO7ph -lVo2TcoPSjBiNWzbhhNFgGSyhxtscp6uxTKxCZSCochfC6eeYABq0ZwRKKxEWkkf -gPfvAlj8sSExN/cjc345DOde6b8yYqFZcMXrxuBVNxlyTBTwURqNsazq2p8xRvZU -HvKOoOfD8ZTnhHvEbs+FS8beHIltARIJ4aI1bM+SwYPu2tAVxNIlhkNobPwaCsod -LsRAywPUsvkMAjLDKCEUOWM8/LlevHwC8RrKDNdZLHD+WyI0/tbEH3ubx+DEsTU2 -ynFgqDIUFI8re77D+7WZTEL1wNTNm6DmiAHpfetvBywrq6dzV0w1IkJVHE9SHZ4O -U+CwUOMse8aK++i2N9btjPxYhA8ZzfHpXwxnoXEl+q2jC3PTkl09bE1DM9B+Nqp6 -hg8Rb9IX2grC6Tn1urxv+75hkAaEK1reh9tKLh5l2oXk8gI4ZTg= -=8BwF +klBPRQ/9EcSbkFNNsrrJbsDGdKEnzgbOn+Wr9RNajghqM1MAYNkZ1LnBYt4UDc6S +KJOM9kbrtVXvyBu88jpIabBJG3NuPhvB/mpQnzPxkux6bO6q1da+h2DMf5hgNL+N +Er5r3FI1WWHIJ7ECLej2jowXcuyTHSQOpWoSXm9X8uMhBMHDYygf2EB7yinxfxa4 +ZoJwm9FJn7SX+YhQpS4aZSQ3cVSHEe1hF59HWGcj5Dz5g93/pJwxl+EolQvtsHPE +zX/CybqINK4RPouccjZJPyGVcuwCVuaWc2vTlQullbKq0RwkAJgn9oFRYCxxZgTN +IT9YbBsB5i2Bwfj9/l/NVJYQ3BMzkicpoJoSTTYsKXBX+PZJeUxo+ozfqOrbEZmq +aE0Ag3k/fTVaabjFqUm4sJD+F3FR06nT0SsSUMJCC5zotqgiuyYOGJJ9ew7ywQEr +gSmVsUbWS0PC+PaldHuLAAuPe8S4lfsssLQsOe9q35rmjuxGO3Y1di/AEt028eJt +HL321clXyXE95Px+5pd7cDRfKv+Z6pre907zAuzMzbmzg81iZuAectOmCNgC4yqT +80/VqQZSYpsURIFyBIFBUeGIyp9pk5YP3KOk8OPMMOk6mmhHW3pDW424VWPjVtfO +GMg46I5+78fC5BhkBNu5geidmyh8xuTz91VD7MB26WBMEtaVzcI= +=UXqP -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex a1398261b9ab..2302cd653bc1 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202107-20.xml b/metadata/glsa/glsa-202107-20.xml new file mode 100644 index 000000000000..669cd332a6dc --- /dev/null +++ b/metadata/glsa/glsa-202107-20.xml @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-20"> + <title>Redis: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Redis, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">redis</product> + <announced>2021-07-09</announced> + <revised count="1">2021-07-09</revised> + <bug>788211</bug> + <access>remote</access> + <affected> + <package name="dev-db/redis" auto="yes" arch="*"> + <unaffected range="ge">6.0.13</unaffected> + <unaffected range="ge">6.2.3</unaffected> + <vulnerable range="lt">6.0.13</vulnerable> + </package> + </affected> + <background> + <p>Redis is an open source (BSD licensed), in-memory data structure store, + used as a database, cache and message broker. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Redis. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Redis 6.0.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/redis-6.0.13" + </code> + + <p>All Redis 6.2.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/redis-6.2.3" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29477">CVE-2021-29477</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29478">CVE-2021-29478</uri> + </references> + <metadata tag="requester" timestamp="2021-07-08T22:57:01Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2021-07-09T02:52:43Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-21.xml b/metadata/glsa/glsa-202107-21.xml new file mode 100644 index 000000000000..b8f906df8acf --- /dev/null +++ b/metadata/glsa/glsa-202107-21.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-21"> + <title>Wireshark: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">wireshark</product> + <announced>2021-07-09</announced> + <revised count="1">2021-07-09</revised> + <bug>767907</bug> + <bug>775323</bug> + <bug>784899</bug> + <bug>793968</bug> + <access>remote</access> + <affected> + <package name="net-analyzer/wireshark" auto="yes" arch="*"> + <unaffected range="ge">3.4.6</unaffected> + <vulnerable range="lt">3.4.6</vulnerable> + </package> + </affected> + <background> + <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Wireshark users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-3.4.6" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22173">CVE-2021-22173</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22174">CVE-2021-22174</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22191">CVE-2021-22191</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22207">CVE-2021-22207</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22222">CVE-2021-22222</uri> + </references> + <metadata tag="requester" timestamp="2021-07-08T23:11:17Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2021-07-09T02:54:48Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-22.xml b/metadata/glsa/glsa-202107-22.xml new file mode 100644 index 000000000000..47009889f605 --- /dev/null +++ b/metadata/glsa/glsa-202107-22.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-22"> + <title>InspIRCd: Information disclosure</title> + <synopsis>An information disclosure vulnerability in InspIRCd may allow + remote attackers to obtain sensitive information. + </synopsis> + <product type="ebuild">inspircd</product> + <announced>2021-07-09</announced> + <revised count="1">2021-07-09</revised> + <bug>791589</bug> + <access>remote</access> + <affected> + <package name="net-irc/inspircd" auto="yes" arch="*"> + <unaffected range="ge">3.10.0</unaffected> + <vulnerable range="lt">3.10.0</vulnerable> + </package> + </affected> + <background> + <p>InspIRCd is a modular Internet Relay Chat (IRC) server written in C++ + which was created from scratch to be stable, modern and lightweight. + </p> + </background> + <description> + <p>InspIRCd incorrectly handled malformed PONG messages, resulting in + access of freed memory. + </p> + </description> + <impact type="low"> + <p>A remote attacker could send crafted packets to the server, possibly + allowing them to obtain sensitive information. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All InspIRCd users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/inspircd-3.10.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33586">CVE-2021-33586</uri> + </references> + <metadata tag="requester" timestamp="2021-07-08T23:19:01Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2021-07-09T02:55:39Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-23.xml b/metadata/glsa/glsa-202107-23.xml new file mode 100644 index 000000000000..9c39ca6f7a45 --- /dev/null +++ b/metadata/glsa/glsa-202107-23.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-23"> + <title>Docker: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Docker, the worst of + which could result in privilege escalation to root on the host. + </synopsis> + <product type="ebuild">docker</product> + <announced>2021-07-10</announced> + <revised count="1">2021-07-10</revised> + <bug>768612</bug> + <access>local</access> + <affected> + <package name="app-emulation/docker" auto="yes" arch="*"> + <unaffected range="ge">19.03.15</unaffected> + <unaffected range="ge">20.10.3</unaffected> + <vulnerable range="lt">20.10.3</vulnerable> + </package> + </affected> + <background> + <p>Docker is the world’s leading software containerization platform.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Docker. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Docker 19.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/docker-19.03.15" + </code> + + <p>All Docker 20.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/docker-20.10.3" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21284">CVE-2021-21284</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21285">CVE-2021-21285</uri> + </references> + <metadata tag="requester" timestamp="2021-07-10T00:25:27Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-10T02:49:46Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-24.xml b/metadata/glsa/glsa-202107-24.xml new file mode 100644 index 000000000000..c5aea138e344 --- /dev/null +++ b/metadata/glsa/glsa-202107-24.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-24"> + <title>Binutils: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">binutils</product> + <announced>2021-07-10</announced> + <revised count="1">2021-07-10</revised> + <bug>678806</bug> + <bug>761957</bug> + <bug>764170</bug> + <access>local, remote</access> + <affected> + <package name="sys-devel/binutils" auto="yes" arch="*"> + <unaffected range="ge">2.35.2</unaffected> + <vulnerable range="lt">2.35.2</vulnerable> + </package> + </affected> + <background> + <p>The GNU Binutils are a collection of tools to create, modify and analyse + binary files. Many of the files use BFD, the Binary File Descriptor + library, to do low-level manipulation. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Binutils. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Binutils users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.35.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9070">CVE-2019-9070</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9071">CVE-2019-9071</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9072">CVE-2019-9072</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9073">CVE-2019-9073</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9074">CVE-2019-9074</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9075">CVE-2019-9075</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9076">CVE-2019-9076</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9077">CVE-2019-9077</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-19599">CVE-2020-19599</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35448">CVE-2020-35448</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35493">CVE-2020-35493</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35494">CVE-2020-35494</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35495">CVE-2020-35495</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35496">CVE-2020-35496</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35507">CVE-2020-35507</uri> + </references> + <metadata tag="requester" timestamp="2021-07-06T00:21:42Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-10T02:51:25Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-25.xml b/metadata/glsa/glsa-202107-25.xml new file mode 100644 index 000000000000..5e9b2a4ff2e3 --- /dev/null +++ b/metadata/glsa/glsa-202107-25.xml @@ -0,0 +1,69 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-25"> + <title>Tor: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Tor, the worst of which + could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">tor</product> + <announced>2021-07-10</announced> + <revised count="1">2021-07-10</revised> + <bug>776586</bug> + <bug>795969</bug> + <access>remote</access> + <affected> + <package name="net-vpn/tor" auto="yes" arch="*"> + <unaffected range="ge">0.4.6.5</unaffected> + <unaffected range="ge">0.4.5.9</unaffected> + <unaffected range="ge">0.4.4.9</unaffected> + <vulnerable range="lt">0.4.6.5</vulnerable> + </package> + </affected> + <background> + <p>Tor is an implementation of second generation Onion Routing, a + connection-oriented anonymizing communication service. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Tor. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Tor 0.4.6.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.6.5" + </code> + + <p>All Tor 0.4.5.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.5.9" + </code> + + <p>All Tor 0.4.4.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.4.9" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28089">CVE-2021-28089</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28090">CVE-2021-28090</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34548">CVE-2021-34548</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34549">CVE-2021-34549</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34550">CVE-2021-34550</uri> + </references> + <metadata tag="requester" timestamp="2021-07-10T00:37:16Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2021-07-10T02:53:55Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-26.xml b/metadata/glsa/glsa-202107-26.xml new file mode 100644 index 000000000000..311683d9ec00 --- /dev/null +++ b/metadata/glsa/glsa-202107-26.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-26"> + <title>runC: Container breakout</title> + <synopsis>A vulnerability has been found in runC which could result in + privilege escalation. + </synopsis> + <product type="ebuild">runc</product> + <announced>2021-07-10</announced> + <revised count="1">2021-07-10</revised> + <bug>790257</bug> + <access>remote</access> + <affected> + <package name="app-emulation/runc" auto="yes" arch="*"> + <unaffected range="ge">1.0.0_rc95</unaffected> + <vulnerable range="lt">1.0.0_rc95</vulnerable> + </package> + </affected> + <background> + <p>runC is a CLI tool for spawning and running containers according to the + OCI specification. + </p> + </background> + <description> + <p>A vulnerability in runC could allow an attacker to achieve privilege + escalation if specific mount configuration prerequisites are satisfied. + </p> + </description> + <impact type="low"> + <p>An attacker may be able to escalation privileges to gain access to the + host system. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All runC users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/runc-1.0.0_rc95" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30465">CVE-2021-30465</uri> + </references> + <metadata tag="requester" timestamp="2021-07-10T00:27:46Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-10T02:54:58Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-27.xml b/metadata/glsa/glsa-202107-27.xml new file mode 100644 index 000000000000..7e0b126848b6 --- /dev/null +++ b/metadata/glsa/glsa-202107-27.xml @@ -0,0 +1,69 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-27"> + <title>OpenEXR: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in OpenEXR, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">openexr</product> + <announced>2021-07-11</announced> + <revised count="1">2021-07-11</revised> + <bug>717474</bug> + <bug>746794</bug> + <bug>762862</bug> + <bug>770229</bug> + <bug>776808</bug> + <access>remote</access> + <affected> + <package name="media-libs/openexr" auto="yes" arch="*"> + <unaffected range="ge">2.5.6</unaffected> + <vulnerable range="lt">2.5.6</vulnerable> + </package> + </affected> + <background> + <p>OpenEXR is a high dynamic-range (HDR) image file format developed by + Industrial Light & Magic for use in computer imaging applications. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in OpenEXR. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All OpenEXR users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openexr-2.5.6" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11758">CVE-2020-11758</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11759">CVE-2020-11759</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11760">CVE-2020-11760</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11761">CVE-2020-11761</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11762">CVE-2020-11762</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11763">CVE-2020-11763</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11764">CVE-2020-11764</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11765">CVE-2020-11765</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15304">CVE-2020-15304</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15305">CVE-2020-15305</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15306">CVE-2020-15306</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20296">CVE-2021-20296</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3474">CVE-2021-3474</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3475">CVE-2021-3475</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3476">CVE-2021-3476</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3477">CVE-2021-3477</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3478">CVE-2021-3478</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3479">CVE-2021-3479</uri> + </references> + <metadata tag="requester" timestamp="2021-07-11T02:00:34Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-11T02:27:52Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-28.xml b/metadata/glsa/glsa-202107-28.xml new file mode 100644 index 000000000000..b7822d9afc6b --- /dev/null +++ b/metadata/glsa/glsa-202107-28.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-28"> + <title>GNU Chess: Buffer overflow</title> + <synopsis>A buffer overflow in GNU Chess might allow arbitrary code + execution. + </synopsis> + <product type="ebuild">gnuchess</product> + <announced>2021-07-12</announced> + <revised count="1">2021-07-12</revised> + <bug>780855</bug> + <access>remote</access> + <affected> + <package name="games-board/gnuchess" auto="yes" arch="*"> + <unaffected range="ge">6.2.8-r1</unaffected> + <vulnerable range="lt">6.2.8-r1</vulnerable> + </package> + </affected> + <background> + <p>GNU Chess is a console based chess interfae.</p> + </background> + <description> + <p>The cmd_pgnload() and cmd_pgnreplay() functions in cmd.cc in GNU Chess + to not sufficiently validate PGN file input, potentially resulting in a + buffer overflow. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to open a specially crafted PGN + file using GNU Chess, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GNU Chess users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-board/gnuchess-6.2.8-r1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30184">CVE-2021-30184</uri> + </references> + <metadata tag="requester" timestamp="2021-07-06T01:16:05Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-12T02:45:49Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-29.xml b/metadata/glsa/glsa-202107-29.xml new file mode 100644 index 000000000000..e67c3b566e04 --- /dev/null +++ b/metadata/glsa/glsa-202107-29.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-29"> + <title>ConnMan: Multiple vulnerabilities</title> + <synopsis>A buffer overflow in ConnMan might allow remote attacker(s) to + execute arbitrary code. + </synopsis> + <product type="ebuild">connman</product> + <announced>2021-07-12</announced> + <revised count="1">2021-07-12</revised> + <bug>769491</bug> + <bug>795084</bug> + <access>remote</access> + <affected> + <package name="net-misc/connman" auto="yes" arch="*"> + <unaffected range="ge">1.40</unaffected> + <vulnerable range="lt">1.40</vulnerable> + </package> + </affected> + <background> + <p>ConnMan provides a daemon for managing Internet connections.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in connman. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All ConnMan users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/connman-1.40" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26675">CVE-2021-26675</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26676">CVE-2021-26676</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33833">CVE-2021-33833</uri> + </references> + <metadata tag="requester" timestamp="2021-07-11T03:04:08Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-12T02:47:52Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-30.xml b/metadata/glsa/glsa-202107-30.xml new file mode 100644 index 000000000000..bd790484fb22 --- /dev/null +++ b/metadata/glsa/glsa-202107-30.xml @@ -0,0 +1,73 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-30"> + <title>Xen: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which + could result in privilege escalation. + </synopsis> + <product type="ebuild">xen</product> + <announced>2021-07-12</announced> + <revised count="1">2021-07-12</revised> + <bug>760144</bug> + <bug>766474</bug> + <bug>783456</bug> + <bug>795054</bug> + <access>local, remote</access> + <affected> + <package name="app-emulation/xen" auto="yes" arch="*"> + <unaffected range="ge">4.14.2-r1</unaffected> + <unaffected range="ge">4.15.0-r1</unaffected> + <vulnerable range="lt">4.15.0-r1</vulnerable> + </package> + </affected> + <background> + <p>Xen is a bare-metal hypervisor.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Xen 4.14.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.14.2-r1" + </code> + + <p>All Xen 4.15.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.15.0-r1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29479">CVE-2020-29479</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29486">CVE-2020-29486</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29487">CVE-2020-29487</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29566">CVE-2020-29566</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29567">CVE-2020-29567</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29568">CVE-2020-29568</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29569">CVE-2020-29569</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29570">CVE-2020-29570</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29571">CVE-2020-29571</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-0089">CVE-2021-0089</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26313">CVE-2021-26313</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28687">CVE-2021-28687</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28690">CVE-2021-28690</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28691">CVE-2021-28691</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28692">CVE-2021-28692</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28693">CVE-2021-28693</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3308">CVE-2021-3308</uri> + </references> + <metadata tag="requester" timestamp="2021-07-06T02:51:30Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-12T02:48:56Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 89029127bb67..80697622a60d 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Thu, 08 Jul 2021 13:39:09 +0000 +Mon, 12 Jul 2021 07:08:55 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 62b17ac292ce..33b059e9fdb6 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -87db1c532ba9e64836890a3c105fac77e62cbc0e 1625717020 2021-07-08T04:03:40+00:00 +cabcc55894eaeb6351c50c95fa8ce6eb111a368b 1626058189 2021-07-12T02:49:49+00:00 |