diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-07-07 12:24:47 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-07-07 12:24:47 +0100 |
| commit | 5d8ffbc273ca664e15618d557ced3e02de1a884b (patch) | |
| tree | bc22fbc6a07790fd70dc8b5148de3089a1c4db3e /metadata/glsa | |
| parent | 4187bba080530c5ca1c7dae9c233e88f3fc8f535 (diff) | |
gentoo auto-resync : 07:07:2024 - 12:24:46
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 578695 -> 579171 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202407-20.xml | 48 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-21.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-22.xml | 72 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
7 files changed, 186 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 32b9633dac07..5d85a4afca48 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 578695 BLAKE2B 83336190b9db8ef17789198cdcd94b93ded8e3517f2a97f1c20b8822eed5e6b0b5eb3ced060bb3507ec84b889e927fc798f66d29cbf9eb6e887b9965946a290d SHA512 0f0e20bf349c4697ccf022b03425f130dde9817f7156836e59ab595a116902b21ef17cfdaa931f7d352c2e0cef6812f8551245ae1736d423ae95d1dbfc08592f -TIMESTAMP 2024-07-06T06:40:23Z +MANIFEST Manifest.files.gz 579171 BLAKE2B c503f3149ac98a81a2a72d2364a46176b3c285a1621a8af77978b4ede84a80db1977b0d8f154263b7c2bcc353216537aa1b1e8484ae4df3253f17c00c81c0761 SHA512 74d7e8c7054b78d2f3183d3c0366fa4a3d83835c364cd7b13c4eaf7bde990556a6cb8101a1ea11386306381222e788d3c418bebff9f98a1b2d701dcad1904056 +TIMESTAMP 2024-07-07T10:40:42Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaI5tdfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaKcKpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klD3RhAAp3CNXg4364FSyD1tR0sC2kBodwKOzSLobUMQQxe1L8aHmx0WDCQoJ0t6 -mL7WXtDH+o4JdFXt2NVLDYriML8NgKyi32GD4hohJGdftiUvu8YAogRuuIMPqfz9 -5jZ3K5BntuS4nHAGR7dlfGWl2endPZ/efKoWvm+44k/rJxJddnFZHZSZzAYZR6vp -/RKhvxDXIiZHyt4AdxITAt2TNJXksVF+/RnJwl+3UyKJWzzrfnbXlP0xTIAQ5iax -kBBk2PyQkRlRq6jckHx4Hp90uuc7QVqZSswSQjMGUaGM75ej2mdjFrIPIqBqHQPe -3qmZYCe3jm55sUuh4IPr6A2h7FbjdD/NEP6Ql8bHY/wNMTkBFbfDGkTScsJ37c2b -rcsWIQX3qAL8uaKRuz4SjFeBbPqFShhnxgLSIlVKO2wQWE149IeAkkxnPpDfABcz -ZRvRodlfeHnH/EvIkhr8XshtueOiQIdvi0YiLErhkFS5hKw7gKUuTsHOBb1O6oI1 -gHCWwopdGJT11V/pKkzTSXsWhf+RauYkXxElccQ0R8AseAlXwGoP2jgye5w6Y2pp -dZNCuA4ScCM1+f+CvlhVuuRxcMhSBhklWG3MdrXS1asOkcjNTW8i/2i404qrALPp -0M9vO0V8WpF7jFt+hje97sLywtWrIdQD4VxoQVsN4/0j7PXn5zU= -=XqTJ +klB7JA//Vz/aDpU3vcwNrnp1YDhKaXbbkUfsa8qX3m2GPDeUhEmocgBtdpbNl/Qq +2JfYEyo46Lp0b9oW0A5Fx7Y1mzM05Wq66NuLdl9G5n9Os8iPam1gfe45lQt+tb7s +KDJuxspijGKP8lkXq/diMk5FPtbDeMPqBglvKkHply6ecSuv1hO1hCnfde2W8F4r +R6ou6KLg1Lvv8by6TJNxo5STUedSHBjqNoThErnSytd2voPdk29oprasZNoJeZx2 +pV8w948xR77FhYV7FfCZByCDUk+YeA5B5QyzXs5fQGLZhFPqU+vcDRS5pEvy5wJI +XA8DkNCEVAUxWIEUTfuQGUzbBhOPltWlswbQ90ycThmqJ03hS20Nia1FZAWkWw2K +6HtSw75sFSBLBpbhFrKKZo1fibRqowzAVmf+YbASyd0OgyighrUbC04i4E57VDRR ++AZjTjspcwbUzQT6bOug3k1rxmawWtqLUxvwkWL1V0DvofY2AY41APJuKcJnfl3r +g1QdHHAqY5JPnPGIQQ60Y/XUQNMOd8tP0+lwOjryD9O4lFXd1L8GVMTj/6/PZA73 +E302Mq2CNtC1jIf595FHzkVztsCFFE6kgX8YupB9lC4SS/PdCG1t4eOTT2bRovu7 +hGEBybuoX2QW1lQxCelNB83LSu0fj+levNQ3B8cxLpLnIHYf8fQ= +=dml0 -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 26ad6b20cf0b..d4c1d9b1a29b 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202407-20.xml b/metadata/glsa/glsa-202407-20.xml new file mode 100644 index 000000000000..84856ba8345c --- /dev/null +++ b/metadata/glsa/glsa-202407-20.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-20"> + <title>KDE Plasma Workspaces: Privilege Escalation</title> + <synopsis>A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation.</synopsis> + <product type="ebuild">plasma-workspace</product> + <announced>2024-07-06</announced> + <revised count="1">2024-07-06</revised> + <bug>933342</bug> + <access>remote</access> + <affected> + <package name="kde-plasma/plasma-workspace" auto="yes" arch="*"> + <unaffected range="ge">5.27.11.1</unaffected> + <vulnerable range="lt">5.27.11.1</vulnerable> + </package> + </affected> + <background> + <p>KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE
+based purely on the host, allowing all local connections. This allows
+another user on the same machine to gain access to the session
+manager.
+
+A well crafted client could use the session restore feature to execute
+arbitrary code as the user on the next boot.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All KDE Plasma Workspaces users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-36041">CVE-2024-36041</uri> + </references> + <metadata tag="requester" timestamp="2024-07-06T06:45:04.101679Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-06T06:45:04.105556Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-21.xml b/metadata/glsa/glsa-202407-21.xml new file mode 100644 index 000000000000..12c0a2e5a2ed --- /dev/null +++ b/metadata/glsa/glsa-202407-21.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-21"> + <title>X.Org X11 library: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service.</synopsis> + <product type="ebuild">libX11</product> + <announced>2024-07-06</announced> + <revised count="1">2024-07-06</revised> + <bug>877461</bug> + <bug>908549</bug> + <bug>915129</bug> + <access>remote</access> + <affected> + <package name="x11-libs/libX11" auto="yes" arch="*"> + <unaffected range="ge">1.8.7</unaffected> + <vulnerable range="lt">1.8.7</vulnerable> + </package> + </affected> + <background> + <p>X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All X.Org X11 library users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.8.7" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3554">CVE-2022-3554</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3555">CVE-2022-3555</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3138">CVE-2023-3138</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43785">CVE-2023-43785</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43786">CVE-2023-43786</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43787">CVE-2023-43787</uri> + </references> + <metadata tag="requester" timestamp="2024-07-06T06:46:25.255732Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-06T06:46:25.259127Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-22.xml b/metadata/glsa/glsa-202407-22.xml new file mode 100644 index 000000000000..10eb68b46743 --- /dev/null +++ b/metadata/glsa/glsa-202407-22.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-22"> + <title>Mozilla Firefox: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could arbitrary code execution.</synopsis> + <product type="ebuild">firefox,firefox-bin</product> + <announced>2024-07-06</announced> + <revised count="1">2024-07-06</revised> + <bug>927559</bug> + <access>remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge" slot="rapid">124.0.1</unaffected> + <unaffected range="ge" slot="esr">115.9.1</unaffected> + <vulnerable range="lt" slot="rapid">124.0.1</vulnerable> + <vulnerable range="lt" slot="esr">115.9.1</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge" slot="rapid">124.0.1</unaffected> + <unaffected range="ge" slot="esr">115.9.1</unaffected> + <vulnerable range="lt" slot="rapid">124.0.1</vulnerable> + <vulnerable range="lt" slot="esr">115.9.1</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Firefox binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-124.0.1" + </code> + + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-124.0.1:rapid" + </code> + + <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-115.9.1:esr" + </code> + + <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.9.1:esr" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-29943">CVE-2024-29943</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-29944">CVE-2024-29944</uri> + </references> + <metadata tag="requester" timestamp="2024-07-06T07:11:46.269314Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-06T07:11:46.272380Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 01f0f7485ab4..d0fb803a0dc7 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 06 Jul 2024 06:40:19 +0000 +Sun, 07 Jul 2024 10:40:38 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index e9b24c1dea7c..1bc9b09c57fb 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -b5d405cb92c7978530ba2683a461c9cb819d4d38 1720246492 2024-07-06T06:14:52Z +212a4b375c557073cdfba6c10bc0bf6cb57b54c6 1720249915 2024-07-06T07:11:55Z |