diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-02-24 19:58:07 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-02-24 19:58:07 +0000 |
commit | 99abbc5e5a6ecd3fc981b45646fd8cb5d320377b (patch) | |
tree | da76713365257a445f3ae3b95470917f59d46728 /metadata/glsa | |
parent | 4935506e9a5cbfabd37c64093eac5f36c2ff0017 (diff) |
gentoo resync : 24.02.2018
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 416439 -> 417232 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-201802-02.xml | 100 | ||||
-rw-r--r-- | metadata/glsa/glsa-201802-03.xml | 157 | ||||
-rw-r--r-- | metadata/glsa/glsa-201802-04.xml | 102 | ||||
-rw-r--r-- | metadata/glsa/glsa-201802-05.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/glsa-201802-06.xml | 65 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
9 files changed, 491 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 01b55274e167..3edbfadb3a3d 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 416439 BLAKE2B 9451ad1983863ef867238ceaf1d2a0af002edf5e1ee38ab229eea18dec7f38c31751e2367ad2398ad5cb5d9206fec16a27ff1b7fb6ff757ea2f3b3fbb7fa275b SHA512 aa029ea036d1044bc9b418b6deb17521309312a35b209441023548e1b4be034c00928f553cefbe006eecd6d99256dc219c640bc0b04b4c49e0a78c63944b4a4b -TIMESTAMP 2018-02-17T19:08:31Z +MANIFEST Manifest.files.gz 417232 BLAKE2B 7256b86def71c225a3d9dc487b8217c32b8e0d58d1b9f3a1083e97e2c6b17e54c18da8cf9a71ada0833db640196a3e7d3555def34aec158a2e0c71d1765833a9 SHA512 db3950573646f27d9773367cf555ac709438501ff12e19a7fc8e548310965fa7df325bfa82b64a05710a8bd90473ce9b15232aa53f547d2525ad7fd1cbc4f804 +TIMESTAMP 2018-02-24T19:08:19Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqIfa9fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqRuCNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCr+g//aASpUg0FtXKaK1k/+DRGcRvn6m2JLRwu2nLkkWNN3mXtmvfWK/F4uO2/ -ndmOs8mj4B51JFEDe89wL4xo5SOxCPhZfJkMgB6Fgs/X3SFcRTZEFKH6pOlBK52b -t+c4IwpcHnswytqzwqy+UuXIefUglrbnoxHD9X+3kw/f30p9xcazNp/7Fdq6aNhj -AcD6lJkFeRO+jvt3pPrsTdGZecCwpiu5j/mTSWonFAHx5wFgO3WA0M3DogkYzzEl -/sOBin0/GLJB5Ms+RTC15k31Gjb6ZoBmxfII6gyWjoGB5BMboRaAIH4qeiptw9mY -dYSL8+RvnLuF2v+w3KJe/QSwhARCq4uvlV2LmbNc4JBLNmKbwXcfayPWwoUMAbKJ -E/u5O+NnBLRFOI1reIQHtsyVMNHQ0vsZHKF76zbH43d5Lr565fPwOlJ5mtEdEzlD -GJ2quVBcRmMwnherZu+mqp7TR5BvFsz9CxqcalYAgsEr81tg9S4rZ31X16NL+v2i -GFyh3S0r+qncTFLmjs7/CA9XNZyhB/4X3y7GWIiY5lJ7YO6uNe11HnqovyMoUpV8 -Y+sqggczsIbzEA/4jSUiL8w6H1PIdAIehOhYukhIbq0oYLNZz0Mv4ey+dHNvlepO -xSVI0R3IaDAsvtoWAbWzk4cpjXKRBSToq61bfe3h+CV5MXB/guU= -=NPeb +klAyYg/8DhMm9VjC8Ufzb9JwhVHi42WCCQBGdVhjue9gsFRZpQrj1VogmXWv149I +BHauaB8FQk0YHIPBW4OvcCcj3ORRKztt1cK1nLJayuR1obRNxfSzADJhF/SbAgCG +U2ZkexO/32NMMWmNGhDweRZ1dplej8qMLUTUiNi/VrGVYoM4+KbeElswVk6mOPYy +ynfjDaC/3B6KwoPEp5hSnJl7r6EwRI0Z6zPnWWwonvuNeeFpapUpr/3zcmw78MEU +BBMnyj6Fze9f7TmtDJT+UBvgGPLtTN91jeStvQpMDdXzuqYMrS5L+3zs6omp7uGS +VbP4C3Nf5Fec8CSf+kv+2degBhifkXM369Q0cPjBiBbSTyBYdO6MZL07fjAuuKoa +CJpVEW8RJWs9OGtrZu9VAGUr6+nwdq1sJIiWgd9FJSl3q2wWzlpTl5xG74TG40cM +UqJFCZPsdJ2IXfdr1ydmmIae1YD4U1G7BFBHeGj8qTMCOR8DjeALZrB2d/AnZcGF +Zy426JTwQ4ApwrHLegL2pXAwSXgpuv8N86BI16OrY+w6nE4jn+PqPKnH7/JBseZe +kh/kfkYMNDd0Ko85BylC0p1R98iKu3IGrpUTJyXFJFezys55Q4M1mAUPU3mwhh5m +YTRkowJAX3sfpBDFutAZwMwuyI3QBwWDU2mmtteOQU+dzCWtoCw= +=MOVs -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 4bb9feddeaa4..0213826b77cc 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201802-02.xml b/metadata/glsa/glsa-201802-02.xml new file mode 100644 index 000000000000..98d421432384 --- /dev/null +++ b/metadata/glsa/glsa-201802-02.xml @@ -0,0 +1,100 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201802-02"> + <title>Chromium, Google Chrome: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the execution of arbitrary code. + </synopsis> + <product type="ebuild">chromium, google-chrome</product> + <announced>2018-02-19</announced> + <revised count="1">2018-02-19</revised> + <bug>647124</bug> + <bug>647636</bug> + <access>remote</access> + <affected> + <package name="www-client/chromium" auto="yes" arch="*"> + <unaffected range="ge">64.0.3282.167</unaffected> + <vulnerable range="lt">64.0.3282.167</vulnerable> + </package> + <package name="www-client/google-chrome" auto="yes" arch="*"> + <unaffected range="ge">64.0.3282.167</unaffected> + <vulnerable range="lt">64.0.3282.167</vulnerable> + </package> + </affected> + <background> + <p>Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. + </p> + + <p>Google Chrome is one fast, simple, and secure browser for all your + devices. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, bypass + content security controls, or conduct URL spoofing. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Chromium users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-64.0.3282.167" + </code> + + <p>All Google Chrome users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-64.0.3282.167" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6031">CVE-2018-6031</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6032">CVE-2018-6032</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6033">CVE-2018-6033</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6034">CVE-2018-6034</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6035">CVE-2018-6035</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6036">CVE-2018-6036</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6037">CVE-2018-6037</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6038">CVE-2018-6038</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6039">CVE-2018-6039</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6040">CVE-2018-6040</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6041">CVE-2018-6041</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6042">CVE-2018-6042</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6043">CVE-2018-6043</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6045">CVE-2018-6045</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6046">CVE-2018-6046</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6047">CVE-2018-6047</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6048">CVE-2018-6048</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6049">CVE-2018-6049</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6050">CVE-2018-6050</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6051">CVE-2018-6051</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6052">CVE-2018-6052</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6053">CVE-2018-6053</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6054">CVE-2018-6054</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6056">CVE-2018-6056</uri> + <uri link="https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"> + Google Chrome Release 20180124 + </uri> + <uri link="https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html"> + Google Chrome Release 20180213 + </uri> + </references> + <metadata tag="requester" timestamp="2018-02-14T18:06:05Z">chrisadr</metadata> + <metadata tag="submitter" timestamp="2018-02-19T22:51:59Z">chrisadr</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201802-03.xml b/metadata/glsa/glsa-201802-03.xml new file mode 100644 index 000000000000..210da4527cac --- /dev/null +++ b/metadata/glsa/glsa-201802-03.xml @@ -0,0 +1,157 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201802-03"> + <title>Mozilla Firefox: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which may allow execution of arbitrary code. + </synopsis> + <product type="ebuild">firefox</product> + <announced>2018-02-20</announced> + <revised count="1">2018-02-20</revised> + <bug>616030</bug> + <bug>621722</bug> + <bug>632400</bug> + <bug>639854</bug> + <bug>645510</bug> + <bug>648198</bug> + <access>remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge">52.6.0</unaffected> + <vulnerable range="lt">52.6.0</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge">52.6.0</unaffected> + <vulnerable range="lt">52.6.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. + </p> + + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the referenced CVE identifiers for details. + </p> + + </description> + <impact type="high"> + <p>A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process or a Denial of Service condition. Furthermore, + a remote attacker may be able to perform Man-in-the-Middle attacks, + obtain sensitive information, spoof the address bar, conduct clickjacking + attacks, bypass security restrictions and protection mechanisms, or have + other unspecified impact. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-52.6.0" + </code> + + <p>All Mozilla Firefox binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-52.6.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10195">CVE-2016-10195</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10196">CVE-2016-10196</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10197">CVE-2016-10197</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6354">CVE-2016-6354</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5429">CVE-2017-5429</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5432">CVE-2017-5432</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5433">CVE-2017-5433</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5434">CVE-2017-5434</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5435">CVE-2017-5435</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5436">CVE-2017-5436</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5437">CVE-2017-5437</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5438">CVE-2017-5438</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5439">CVE-2017-5439</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5440">CVE-2017-5440</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5441">CVE-2017-5441</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5442">CVE-2017-5442</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5443">CVE-2017-5443</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5444">CVE-2017-5444</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5445">CVE-2017-5445</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5446">CVE-2017-5446</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5447">CVE-2017-5447</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5448">CVE-2017-5448</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5459">CVE-2017-5459</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5460">CVE-2017-5460</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5461">CVE-2017-5461</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5462">CVE-2017-5462</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5464">CVE-2017-5464</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5465">CVE-2017-5465</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5469">CVE-2017-5469</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5470">CVE-2017-5470</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5472">CVE-2017-5472</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7749">CVE-2017-7749</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7750">CVE-2017-7750</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7751">CVE-2017-7751</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7752">CVE-2017-7752</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7753">CVE-2017-7753</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7754">CVE-2017-7754</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7756">CVE-2017-7756</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7757">CVE-2017-7757</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7758">CVE-2017-7758</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7764">CVE-2017-7764</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7771">CVE-2017-7771</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7772">CVE-2017-7772</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7773">CVE-2017-7773</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7774">CVE-2017-7774</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7775">CVE-2017-7775</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7776">CVE-2017-7776</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7777">CVE-2017-7777</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7778">CVE-2017-7778</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7779">CVE-2017-7779</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7784">CVE-2017-7784</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7785">CVE-2017-7785</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7786">CVE-2017-7786</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7787">CVE-2017-7787</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7791">CVE-2017-7791</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7792">CVE-2017-7792</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7793">CVE-2017-7793</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7798">CVE-2017-7798</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7800">CVE-2017-7800</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7801">CVE-2017-7801</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7802">CVE-2017-7802</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7803">CVE-2017-7803</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7805">CVE-2017-7805</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7807">CVE-2017-7807</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7809">CVE-2017-7809</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7810">CVE-2017-7810</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7814">CVE-2017-7814</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7818">CVE-2017-7818</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7819">CVE-2017-7819</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7823">CVE-2017-7823</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7824">CVE-2017-7824</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7843">CVE-2017-7843</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7844">CVE-2017-7844</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5089">CVE-2018-5089</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5091">CVE-2018-5091</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5095">CVE-2018-5095</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5096">CVE-2018-5096</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5097">CVE-2018-5097</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5098">CVE-2018-5098</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5099">CVE-2018-5099</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5102">CVE-2018-5102</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5103">CVE-2018-5103</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5104">CVE-2018-5104</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5117">CVE-2018-5117</uri> + </references> + <metadata tag="requester" timestamp="2017-09-17T20:53:31Z">chrisadr</metadata> + <metadata tag="submitter" timestamp="2018-02-20T00:45:47Z">chrisadr</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201802-04.xml b/metadata/glsa/glsa-201802-04.xml new file mode 100644 index 000000000000..b4ff1a8057ca --- /dev/null +++ b/metadata/glsa/glsa-201802-04.xml @@ -0,0 +1,102 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201802-04"> + <title>MySQL: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities were found in MySQL, the worst of which + may allow remote execution of arbitrary code. + </synopsis> + <product type="ebuild">mysql</product> + <announced>2018-02-20</announced> + <revised count="1">2018-02-20</revised> + <bug>616486</bug> + <bug>625626</bug> + <bug>634652</bug> + <bug>644986</bug> + <access>local, remote</access> + <affected> + <package name="dev-db/mysql" auto="yes" arch="*"> + <unaffected range="ge">5.6.39</unaffected> + <vulnerable range="lt">5.6.39</vulnerable> + </package> + </affected> + <background> + <p>A fast, multi-threaded, multi-user SQL database server.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in MySQL. Please review + the referenced CVE identifiers for details. + </p> + </description> + <impact type="high"> + <p>A remote attacker could execute arbitrary code without authentication or + cause a partial denial of service condition. + </p> + </impact> + <workaround> + <p>There are no known workarounds at this time.</p> + </workaround> + <resolution> + <p>All MySQL users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.39" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10155">CVE-2017-10155</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10227">CVE-2017-10227</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10268">CVE-2017-10268</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10276">CVE-2017-10276</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10283">CVE-2017-10283</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10286">CVE-2017-10286</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10294">CVE-2017-10294</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10314">CVE-2017-10314</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10378">CVE-2017-10378</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10379">CVE-2017-10379</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10384">CVE-2017-10384</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3308">CVE-2017-3308</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3309">CVE-2017-3309</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3329">CVE-2017-3329</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3450">CVE-2017-3450</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3452">CVE-2017-3452</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3453">CVE-2017-3453</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3456">CVE-2017-3456</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3461">CVE-2017-3461</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3462">CVE-2017-3462</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3463">CVE-2017-3463</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3464">CVE-2017-3464</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3599">CVE-2017-3599</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3600">CVE-2017-3600</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3633">CVE-2017-3633</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3634">CVE-2017-3634</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3635">CVE-2017-3635</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3636">CVE-2017-3636</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3637">CVE-2017-3637</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3641">CVE-2017-3641</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3647">CVE-2017-3647</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3648">CVE-2017-3648</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3649">CVE-2017-3649</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3651">CVE-2017-3651</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3652">CVE-2017-3652</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3653">CVE-2017-3653</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3732">CVE-2017-3732</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2562">CVE-2018-2562</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2573">CVE-2018-2573</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2583">CVE-2018-2583</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2590">CVE-2018-2590</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2591">CVE-2018-2591</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2612">CVE-2018-2612</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2622">CVE-2018-2622</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2640">CVE-2018-2640</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2645">CVE-2018-2645</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2647">CVE-2018-2647</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2665">CVE-2018-2665</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2668">CVE-2018-2668</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2696">CVE-2018-2696</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2703">CVE-2018-2703</uri> + </references> + <metadata tag="requester" timestamp="2017-10-18T02:30:08Z">jmbailey</metadata> + <metadata tag="submitter" timestamp="2018-02-20T00:45:52Z">jmbailey</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201802-05.xml b/metadata/glsa/glsa-201802-05.xml new file mode 100644 index 000000000000..c4bb063a7a66 --- /dev/null +++ b/metadata/glsa/glsa-201802-05.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201802-05"> + <title>Ruby: Command injection</title> + <synopsis>A vulnerability has been found in Ruby which may allow for + arbitrary command execution. + </synopsis> + <product type="ebuild">ruby</product> + <announced>2018-02-20</announced> + <revised count="1">2018-02-20</revised> + <bug>641090</bug> + <access>remote</access> + <affected> + <package name="dev-lang/ruby" auto="yes" arch="*"> + <unaffected range="ge" slot="2.2">2.2.9</unaffected> + <vulnerable range="lt" slot="2.2">2.2.9</vulnerable> + </package> + </affected> + <background> + <p>Ruby is an interpreted object-oriented programming language. The + elaborate standard library includes an HTTP server (“WEBRick”) and a + class for XML parsing (“REXML”). + </p> + </background> + <description> + <p>A command injection flaw was discovered in Net::FTP which impacts Ruby.</p> + </description> + <impact type="normal"> + <p>A remote attacker, by enticing a user to download and open a crafted + file from a malicious FTP server, could execute arbitrary commands with + the privileges of the process. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Ruby users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.2.9:2.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17405">CVE-2017-17405</uri> + </references> + <metadata tag="requester" timestamp="2018-01-29T21:08:51Z">b-man</metadata> + <metadata tag="submitter" timestamp="2018-02-20T00:47:06Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201802-06.xml b/metadata/glsa/glsa-201802-06.xml new file mode 100644 index 000000000000..6fac07cb5001 --- /dev/null +++ b/metadata/glsa/glsa-201802-06.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201802-06"> + <title>LibreOffice: Information disclosure</title> + <synopsis>A vulnerability in LibreOffice might allow remote attackers to read + arbitrary files. + </synopsis> + <product type="ebuild">libreoffice</product> + <announced>2018-02-20</announced> + <revised count="1">2018-02-20</revised> + <bug>647186</bug> + <access>remote</access> + <affected> + <package name="app-office/libreoffice" auto="yes" arch="*"> + <unaffected range="ge">5.4.5.1</unaffected> + <vulnerable range="lt">5.4.5.1</vulnerable> + </package> + <package name="app-office/libreoffice-bin" auto="yes" arch="*"> + <unaffected range="ge">5.4.5.1</unaffected> + <vulnerable range="lt">5.4.5.1</vulnerable> + </package> + </affected> + <background> + <p>LibreOffice is a powerful office suite; its clean interface and powerful + tools let you unleash your creativity and grow your productivity. + </p> + </background> + <description> + <p>It was discovered that missing restrictions in the implementation of the + WEBSERVICE function in LibreOffice could result in the disclosure of + arbitrary files. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to open a specially crafted + document using LibreOffice, possibly resulting in the disclosure of + arbitrary files readable by the victim. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All LibreOffice users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.4.5.1" + </code> + + <p>All LibreOffice binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-office/libreoffice-bin-5.4.5.1" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6871">CVE-2018-6871</uri> + </references> + <metadata tag="requester" timestamp="2018-02-20T00:31:59Z">whissi</metadata> + <metadata tag="submitter" timestamp="2018-02-20T00:47:14Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index b9761b376e5e..8e922ecb8237 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 17 Feb 2018 19:08:28 +0000 +Sat, 24 Feb 2018 19:08:15 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 7a2b7b5b3ad6..d1f392f9d339 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -64ce437d0a7b7134c3694879d7b9648fad09b8b3 1518388633 2018-02-11T22:37:13+00:00 +833e0ea6039b5542c98c5bf95bfb7c09615ed1b8 1519087823 2018-02-20T00:50:23+00:00 |