diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-09-02 14:09:07 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-09-02 14:09:07 +0100 |
commit | b17a3ef12038de50228bade1f05502c74e135321 (patch) | |
tree | 9026dffec53f92cba48ca9a500a4f778e6304380 /metadata/glsa | |
parent | 3cf7c3ef441822c889356fd1812ebf2944a59851 (diff) |
gentoo resync : 02.09.2020
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 480829 -> 483364 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-202008-09.xml | 49 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-10.xml | 72 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-11.xml | 80 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-12.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-13.xml | 85 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-14.xml | 47 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-15.xml | 47 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-16.xml | 96 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-17.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-18.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-19.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-20.xml | 71 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-21.xml | 51 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-22.xml | 47 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-23.xml | 51 | ||||
-rw-r--r-- | metadata/glsa/glsa-202008-24.xml | 66 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
20 files changed, 979 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 560ea4376bd0..954a48c6a013 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 480829 BLAKE2B 7b875550bc3942bd6cddbe0c5c0ece578516314fe4a0a5cdd538e929c903b557ac2af9e301d5f7232331b35fdd266cec7820aab259fc68aadddb4451bc4fefc7 SHA512 3370d43afeebe4815706a4ff51c9176617549d872cfd990d379873d58909952b19ef588fb91c7597fe9a2d900bf73a12b47d7fb29760d1f6faf5537993cac3a5 -TIMESTAMP 2020-08-25T08:08:43Z +MANIFEST Manifest.files.gz 483364 BLAKE2B 60cb97b03631cf8e2ae2dc903bd9513cac6afc60670d0423e1cab2611545e32583d3cb6ec2628b442c618e39c0dfdf0a41a4e059ac3f323c3c8841b043b7d7cf SHA512 fb8ac7dcc2d9321108b64db583eaeee4a860f2b22afca3fbbd447088e69446c3286299604418071d8c2b233df8f2a4fc97ca2f2a7cc68829b3f5c007c7214a87 +TIMESTAMP 2020-09-02T12:38:34Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl9ExwtfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl9PkkpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCudBAAoNc9I702Ky7EuFyvbLNr5P2Kr1CAC3PbKVHa2oFwvQBVIEdT0dCVhCpO -mF85IrizBXh6z7OTAMPMW4QEcghCu3VSsaCbxt3r8Vi90dNDXClmU7/Dxy0YyyYV -xe0HuWhhRyqkzYgxp4rLfBw2Btcuc1regHrIVWnAF+2Trp/3sKR3+nCDYBQgnbMq -1aXjVzCmNkfCZek7ySpxDj3qzUaNMErMAzv6eCaJh1GI1nMT1yscdKJtAtP9FT0Y -QB7FtdCoek6RHqGqdy7aX4xdMbxdX27X+nluRDb3rRMgnAyu2HdW7egAz/fEgJAh -38nEstcXQVplrIA9zipwXs2M8zg6QbTg48CMqzEhhJhYPSUTI69KQFwH+3B4KGON -IUPGckNU1VmyedXr7mKINaGshM+xp3Sjtl599KsAzNmDlPCJ8EYm3VtzucrbCV2e -l7tBIr9TsI7KEy2d64wLfvD2AA3sJNGhwvO7B5cLD0Q0iSetcHyvUyJclNrQZYRN -Gj43L4m5JblwhMG8QASNT1wFQ8baxiMVsF/qMzC7seFfpvEzw/nz2rpMtjoI/JRh -CSQ0w8FXzpgNHjk9kAPYKe91TZ8SZSU1/PEYFXxxtrRHDZuf5pYK+9UFdZKNI8RS -62lBJKykUoI65vV3xFlaUGnNgMzx2zbfe7JfgRX263Xdb3aCo70= -=DunG +klDPzQ//T3T681/eHoAPg4b/QKVB+/3J5EERVYoJcK+9jO9o9FF13k8nJ052Wysa +d2RHZ7FnVCwLv45hhzqz1bnKcCJkvNB9m4L3mIWTKLoNZLoNN4MOU0Ynrio92CMT +3TAOViLTtglSOUWrEL2speNZoc1hwxMjGeLUZ6TIWKKKfY+oP5miM8Z/DMsMCY61 +9z4xaBP9DjCmOvhdvcuQCk+OOu1bBlQc/uEKhGXUC8DffwYL4JJooNskHEmzO771 +UImbjGurYXPgqBTdF8MRPjrJVM3u1cP1a3sVBwvjQ4mDSDFcNuEwu5hsk2yVqQVS ++hSTHoHdDybAb/EF68UPqRsVl2En4H5hMKiR4Civr7dMO1mR5ft0U0wN9k1y+Bmg +VZhAOhWPdPZ1X5/P3Jioz11HfFt9o3Y8Pw7pHMDL6hWqwndmVoYZjosPvya9NYEn +sRxBaxiiYnxG153ZP5tVM5vcNciKQ6/aMs9bDWOWSlibObzaZTR/WFRIO2oBub3z +8E0k/KDKeqwjJu7PLg4/ah1UzColwE4L+mDC4Xm/5/aZbXSeLPN4+kiIQ2mNWZmc +NITiZcDUaKmJO7eaofcEcvQw5cpJ0211vswgOZYxqJnuAzG2EurtPYDfgmrTg2Lb +Wb8D69VJDmh5Xe5/7+oVlyFGeWHr7NAyV3r+c6GaHPHm5c6iE5s= +=ysAp -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 769ddee349ad..900daea608e2 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202008-09.xml b/metadata/glsa/glsa-202008-09.xml new file mode 100644 index 000000000000..b70ae35ee79f --- /dev/null +++ b/metadata/glsa/glsa-202008-09.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-09"> + <title>Shadow: Privilege escalation</title> + <synopsis>Multiple Shadow utilities were installed with setuid permissions, + allowing possible root privilege escalation. + </synopsis> + <product type="ebuild">shadow</product> + <announced>2020-08-25</announced> + <revised count="1">2020-08-25</revised> + <bug>702252</bug> + <access>local</access> + <affected> + <package name="sys-apps/shadow" auto="yes" arch="*"> + <unaffected range="ge">4.8-r3</unaffected> + <vulnerable range="lt">4.8-r3</vulnerable> + </package> + </affected> + <background> + <p>Shadow is a set of tools to deal with user accounts.</p> + </background> + <description> + <p>When Shadow was installed with the PAM use flag, setuid binaries + provided by Shadow were not properly restricted. + </p> + </description> + <impact type="high"> + <p>A local attacker could escalate privileges to root.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Shadow users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.8-r3" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19882">CVE-2019-19882</uri> + <uri link="https://github.com/shadow-maint/shadow/pull/199">Upstream + mitigation + </uri> + </references> + <metadata tag="requester" timestamp="2020-08-24T00:55:20Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-25T12:51:43Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-10.xml b/metadata/glsa/glsa-202008-10.xml new file mode 100644 index 000000000000..4dd751b4bc8b --- /dev/null +++ b/metadata/glsa/glsa-202008-10.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-10"> + <title>Chromium, Google Chrome: Heap buffer overflow</title> + <synopsis> + A vulnerablity has been found in Chromium and Google Chrome that could + allow a remote attacker to execute arbitrary code. + </synopsis> + <product type="ebuild">chromium,google-chrome</product> + <announced>2020-08-25</announced> + <revised count="1">2020-08-25</revised> + <bug>737942</bug> + <access>remote</access> + <affected> + <package name="www-client/chromium" auto="yes" arch="*"> + <unaffected range="ge">84.0.4147.135</unaffected> + <vulnerable range="lt">84.0.4147.135</vulnerable> + </package> + <package name="www-client/google-chrome" auto="yes" arch="*"> + <unaffected range="ge">84.0.4147.135</unaffected> + <vulnerable range="lt">84.0.4147.135</vulnerable> + </package> + </affected> + <background> + + <p>Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. + </p> + + <p>Google Chrome is one fast, simple, and secure browser for all your + devices. + </p> + </background> + <description> + <p>A buffer overflow has been discovered in Chromium and Google Chrome’s + SwiftShader component. + </p> + </description> + <impact type="normal"> + <p>A remote attacker, by enticing a user to visit a specially crafted + website, could execute arbitrary code with the privileges of the process. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Chromium users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-84.0.4147.135" + </code> + + <p>All Google Chrome users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-84.0.4147.135" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6556">CVE-2020-6556</uri> + <uri link="https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html"> + Upstream advisory + </uri> + </references> + <metadata tag="requester" timestamp="2020-08-24T00:46:35Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-25T12:53:21Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-11.xml b/metadata/glsa/glsa-202008-11.xml new file mode 100644 index 000000000000..41360a2feaa9 --- /dev/null +++ b/metadata/glsa/glsa-202008-11.xml @@ -0,0 +1,80 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-11"> + <title>Chromium, Google Chrome: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">chromium,google-chrome</product> + <announced>2020-08-26</announced> + <revised count="1">2020-08-26</revised> + <bug>738998</bug> + <access>local, remote</access> + <affected> + <package name="www-client/chromium" auto="yes" arch="*"> + <unaffected range="ge">85.0.4183.83</unaffected> + <vulnerable range="lt">85.0.4183.83</vulnerable> + </package> + <package name="www-client/google-chrome" auto="yes" arch="*"> + <unaffected range="ge">85.0.4183.83</unaffected> + <vulnerable range="lt">85.0.4183.83</vulnerable> + </package> + </affected> + <background> + <p>Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. + </p> + + <p>Google Chrome is one fast, simple, and secure browser for all your + devices. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Chromium users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-85.0.4183.83" + </code> + + <p>All Google Chrome users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-85.0.4183.83" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6559">CVE-2020-6559</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6560">CVE-2020-6560</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6561">CVE-2020-6561</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6562">CVE-2020-6562</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6563">CVE-2020-6563</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6564">CVE-2020-6564</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6565">CVE-2020-6565</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6566">CVE-2020-6566</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6567">CVE-2020-6567</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6568">CVE-2020-6568</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6569">CVE-2020-6569</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6570">CVE-2020-6570</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6571">CVE-2020-6571</uri> + <uri link="https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html"> + Upstream advisory + </uri> + </references> + <metadata tag="requester" timestamp="2020-08-25T22:23:14Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-26T21:30:54Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-12.xml b/metadata/glsa/glsa-202008-12.xml new file mode 100644 index 000000000000..cdcf07b1438c --- /dev/null +++ b/metadata/glsa/glsa-202008-12.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-12"> + <title>Net-SNMP: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Net-SNMP, the worst of + which could result in privilege escalation. + </synopsis> + <product type="ebuild">Net-SNMP</product> + <announced>2020-08-26</announced> + <revised count="1">2020-08-26</revised> + <bug>729610</bug> + <bug>734994</bug> + <access>local, remote</access> + <affected> + <package name="net-analyzer/net-snmp" auto="yes" arch="*"> + <unaffected range="ge">5.8.1_pre1</unaffected> + <vulnerable range="lt">5.8.1_pre1</vulnerable> + </package> + </affected> + <background> + <p>Net-SNMP bundles software for generating and retrieving SNMP data.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Net-SNMP. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Net-SNMP users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-analyzer/net-snmp-5.8.1_pre1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20892">CVE-2019-20892</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15861">CVE-2020-15861</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15862">CVE-2020-15862</uri> + </references> + <metadata tag="requester" timestamp="2020-08-24T01:05:52Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-26T21:31:52Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-13.xml b/metadata/glsa/glsa-202008-13.xml new file mode 100644 index 000000000000..a55d62208320 --- /dev/null +++ b/metadata/glsa/glsa-202008-13.xml @@ -0,0 +1,85 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-13"> + <title>PostgreSQL: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst + of which could result in privilege escalation. + </synopsis> + <product type="ebuild">postgresql</product> + <announced>2020-08-26</announced> + <revised count="1">2020-08-26</revised> + <bug>737032</bug> + <access>remote</access> + <affected> + <package name="dev-db/postgresql" auto="yes" arch="*"> + <unaffected range="ge" slot="9.5">9.5.23</unaffected> + <unaffected range="ge" slot="9.6">9.6.19</unaffected> + <unaffected range="ge" slot="10">10.14</unaffected> + <unaffected range="ge" slot="11">11.9</unaffected> + <unaffected range="ge" slot="12">12.4</unaffected> + <vulnerable range="lt" slot="9.5">9.5.23</vulnerable> + <vulnerable range="lt" slot="9.6">9.6.19</vulnerable> + <vulnerable range="lt" slot="10">10.14</vulnerable> + <vulnerable range="lt" slot="11">11.9</vulnerable> + <vulnerable range="lt" slot="12">12.4</vulnerable> + </package> + </affected> + <background> + <p>PostgreSQL is an open source object-relational database management + system. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All PostgreSQL 9.5 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.23:9.5" + </code> + + <p>All PostgreSQL 9.6 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.19:9.6" + </code> + + <p>All PostgreSQL 10 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.14:10" + </code> + + <p>All PostgreSQL 11 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.9:11" + </code> + + <p>All PostgreSQL 12 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.4:12" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14349">CVE-2020-14349</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14350">CVE-2020-14350</uri> + </references> + <metadata tag="requester" timestamp="2020-08-24T15:56:48Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-26T21:32:33Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-14.xml b/metadata/glsa/glsa-202008-14.xml new file mode 100644 index 000000000000..e7a8b15cd1c8 --- /dev/null +++ b/metadata/glsa/glsa-202008-14.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-14"> + <title>Wireshark: Denial of service</title> + <synopsis>A vulnerability in Wireshark could lead to a Denial of Service + condition. + </synopsis> + <product type="ebuild">wireshark</product> + <announced>2020-08-26</announced> + <revised count="1">2020-08-26</revised> + <bug>736914</bug> + <access>local, remote</access> + <affected> + <package name="net-analyzer/wireshark" auto="yes" arch="*"> + <unaffected range="ge">3.2.6</unaffected> + <vulnerable range="lt">3.2.6</vulnerable> + </package> + </affected> + <background> + <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p> + </background> + <description> + <p>A double free error was discovered in Wireshark’s Kafka dissector.</p> + </description> + <impact type="normal"> + <p>A remote attacker could exploit these vulnerabilities by sending a + malformed packet or enticing a user to read a malformed packet trace + file, causing a Denial of Service. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Wireshark users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-3.2.6" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17498">CVE-2020-17498</uri> + </references> + <metadata tag="requester" timestamp="2020-08-26T14:35:43Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-26T21:33:02Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-15.xml b/metadata/glsa/glsa-202008-15.xml new file mode 100644 index 000000000000..20e4c75b7c10 --- /dev/null +++ b/metadata/glsa/glsa-202008-15.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-15"> + <title>Docker: Information disclosure</title> + <synopsis>A flaw in Docker allowed possible information leakage.</synopsis> + <product type="ebuild">docker</product> + <announced>2020-08-26</announced> + <revised count="1">2020-08-26</revised> + <bug>729208</bug> + <access>local</access> + <affected> + <package name="app-emulation/docker" auto="yes" arch="*"> + <unaffected range="ge">19.03.12</unaffected> + <vulnerable range="lt">19.03.12</vulnerable> + </package> + </affected> + <background> + <p>Docker is the world’s leading software containerization platform.</p> + </background> + <description> + <p>It was found that Docker created network bridges which by default accept + IPv6 router advertisements. + </p> + </description> + <impact type="normal"> + <p>An attacker who gained access to a container with CAP_NET_RAW capability + may be able to to spoof router advertisements, resulting in information + disclosure or denial of service. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Docker users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/docker-19.03.12" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13401">CVE-2020-13401</uri> + </references> + <metadata tag="requester" timestamp="2020-08-26T14:40:16Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-26T21:33:28Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-16.xml b/metadata/glsa/glsa-202008-16.xml new file mode 100644 index 000000000000..7ffbf3730c6c --- /dev/null +++ b/metadata/glsa/glsa-202008-16.xml @@ -0,0 +1,96 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-16"> + <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and + Mozilla Thunderbird, the worst of which could result in the arbitrary + execution of code. + </synopsis> + <product type="ebuild">firefox,thunderbird</product> + <announced>2020-08-27</announced> + <revised count="1">2020-08-27</revised> + <bug>739006</bug> + <bug>739164</bug> + <access>local, remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge">68.12.0</unaffected> + <vulnerable range="lt">68.12.0</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge">68.12.0</unaffected> + <vulnerable range="lt">68.12.0</vulnerable> + </package> + <package name="mail-client/thunderbird" auto="yes" arch="*"> + <unaffected range="ge">68.12.0</unaffected> + <vulnerable range="lt">68.12.0</vulnerable> + </package> + <package name="mail-client/thunderbird-bin" auto="yes" arch="*"> + <unaffected range="ge">68.12.0</unaffected> + <vulnerable range="lt">68.12.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. + </p> + + <p>Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and + Mozilla Thunderbird. Please review the CVE identifiers referenced below + for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-68.12.0" + </code> + + <p>All Firefox binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.12.0" + </code> + + <p>All Thunderbird users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-68.12.0" + </code> + + <p>All Thunderbird binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-68.12.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15664">CVE-2020-15664</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15669">CVE-2020-15669</uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/"> + Upstream advisory (MFSA-2020-37) + </uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/"> + Upstream advisory (MFSA-2020-38) + </uri> + </references> + <metadata tag="requester" timestamp="2020-08-25T22:21:54Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-27T00:54:51Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-17.xml b/metadata/glsa/glsa-202008-17.xml new file mode 100644 index 000000000000..dc913a9dec8d --- /dev/null +++ b/metadata/glsa/glsa-202008-17.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-17"> + <title>Redis: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Redis, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">redis</product> + <announced>2020-08-27</announced> + <revised count="1">2020-08-27</revised> + <bug>633824</bug> + <bug>724776</bug> + <access>remote</access> + <affected> + <package name="dev-db/redis" auto="yes" arch="*"> + <unaffected range="ge">5.0.9</unaffected> + <vulnerable range="lt">5.0.9</vulnerable> + </package> + </affected> + <background> + <p>Redis is an open source (BSD licensed), in-memory data structure store, + used as a database, cache and message broker. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Redis. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Redis users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/redis-5.0.9" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15047">CVE-2017-15047</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14147">CVE-2020-14147</uri> + </references> + <metadata tag="requester" timestamp="2020-07-26T15:46:59Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-27T23:54:53Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-18.xml b/metadata/glsa/glsa-202008-18.xml new file mode 100644 index 000000000000..5989b06e8b6e --- /dev/null +++ b/metadata/glsa/glsa-202008-18.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-18"> + <title>X.Org X11 library: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in X.org X11 library, the + worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">xorg x11 library</product> + <announced>2020-08-27</announced> + <revised count="1">2020-08-27</revised> + <bug>734974</bug> + <bug>738984</bug> + <access>local, remote</access> + <affected> + <package name="x11-libs/libX11" auto="yes" arch="*"> + <unaffected range="ge">1.6.12</unaffected> + <vulnerable range="lt">1.6.12</vulnerable> + </package> + </affected> + <background> + <p>X.Org is an implementation of the X Window System. The X.Org X11 library + provides the X11 protocol library files. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in X.org X11 library. + Please review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All X.org X11 library users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.6.12" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14344">CVE-2020-14344</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14363">CVE-2020-14363</uri> + </references> + <metadata tag="requester" timestamp="2020-08-25T22:22:34Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-27T23:55:44Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-19.xml b/metadata/glsa/glsa-202008-19.xml new file mode 100644 index 000000000000..c19d5d126c5e --- /dev/null +++ b/metadata/glsa/glsa-202008-19.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-19"> + <title>BIND: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in BIND, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">bind</product> + <announced>2020-08-29</announced> + <revised count="1">2020-08-29</revised> + <bug>738250</bug> + <access>remote</access> + <affected> + <package name="net-dns/bind" auto="yes" arch="*"> + <unaffected range="ge">9.16.6</unaffected> + <vulnerable range="lt">9.16.6</vulnerable> + </package> + </affected> + <background> + <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All BIND users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.16.6" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8620">CVE-2020-8620</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8621">CVE-2020-8621</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8622">CVE-2020-8622</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8623">CVE-2020-8623</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8624">CVE-2020-8624</uri> + </references> + <metadata tag="requester" timestamp="2020-08-29T20:46:51Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-29T22:10:45Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-20.xml b/metadata/glsa/glsa-202008-20.xml new file mode 100644 index 000000000000..58f28b0be441 --- /dev/null +++ b/metadata/glsa/glsa-202008-20.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-20"> + <title>GPL Ghostscript: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the + worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">ghostscript</product> + <announced>2020-08-29</announced> + <revised count="1">2020-08-29</revised> + <bug>734322</bug> + <access>remote</access> + <affected> + <package name="app-text/ghostscript-gpl" auto="yes" arch="*"> + <unaffected range="ge">9.52</unaffected> + <vulnerable range="lt">9.52</vulnerable> + </package> + </affected> + <background> + <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GPL Ghostscript users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.52" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15900">CVE-2020-15900</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16287">CVE-2020-16287</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16288">CVE-2020-16288</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16289">CVE-2020-16289</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16290">CVE-2020-16290</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16291">CVE-2020-16291</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16292">CVE-2020-16292</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16293">CVE-2020-16293</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16294">CVE-2020-16294</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16295">CVE-2020-16295</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16296">CVE-2020-16296</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16297">CVE-2020-16297</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16298">CVE-2020-16298</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16299">CVE-2020-16299</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16300">CVE-2020-16300</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16301">CVE-2020-16301</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16302">CVE-2020-16302</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16303">CVE-2020-16303</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16304">CVE-2020-16304</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16305">CVE-2020-16305</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16306">CVE-2020-16306</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16307">CVE-2020-16307</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16308">CVE-2020-16308</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16309">CVE-2020-16309</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16310">CVE-2020-16310</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17538">CVE-2020-17538</uri> + </references> + <metadata tag="requester" timestamp="2020-08-29T18:24:31Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-29T22:11:16Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-21.xml b/metadata/glsa/glsa-202008-21.xml new file mode 100644 index 000000000000..95b86052c097 --- /dev/null +++ b/metadata/glsa/glsa-202008-21.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-21"> + <title>Kleopatra: Remote code execution</title> + <synopsis>A vulnerability in Kleopatra allows arbitrary execution of code.</synopsis> + <product type="ebuild">kleopatra</product> + <announced>2020-08-30</announced> + <revised count="1">2020-08-30</revised> + <bug>739556</bug> + <access>local, remote</access> + <affected> + <package name="kde-apps/kleopatra" auto="yes" arch="*"> + <unaffected range="ge">20.04.3-r1</unaffected> + <vulnerable range="lt">20.04.3-r1</vulnerable> + </package> + </affected> + <background> + <p>Kleopatra is a certificate manager and a universal crypto GUI. It + supports managing X.509 and OpenPGP certificates in the GpgSM keybox and + retrieving certificates from LDAP servers. + </p> + </background> + <description> + <p>Kleopatra did not safely escape command line parameters provided by + URLs, which it configures itself to handle. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to process a specially crafted URL + via openpgp4fpr handler, possibly resulting in execution of arbitrary + code with the privileges of the process, or cause a Denial of Service + condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Kleopatra users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-apps/kleopatra-20.04.3-r1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24972">CVE-2020-24972</uri> + </references> + <metadata tag="requester" timestamp="2020-08-30T18:54:35Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-30T21:04:03Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-22.xml b/metadata/glsa/glsa-202008-22.xml new file mode 100644 index 000000000000..acef962fdfde --- /dev/null +++ b/metadata/glsa/glsa-202008-22.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-22"> + <title>targetcli-fb: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in targetcli-fb, the worst + of which could result in privilege escalation. + </synopsis> + <product type="ebuild">targetcli-fb</product> + <announced>2020-08-30</announced> + <revised count="1">2020-08-30</revised> + <bug>736086</bug> + <access>local</access> + <affected> + <package name="sys-block/targetcli-fb" auto="yes" arch="*"> + <unaffected range="ge">2.1.53</unaffected> + <vulnerable range="lt">2.1.53</vulnerable> + </package> + </affected> + <background> + <p>Tool for managing the Linux LIO kernel target.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in targetcli-fb. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All targetcli-fb users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-block/targetcli-fb-2.1.53" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10699">CVE-2020-10699</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13867">CVE-2020-13867</uri> + </references> + <metadata tag="requester" timestamp="2020-08-29T02:17:40Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-30T21:08:50Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-23.xml b/metadata/glsa/glsa-202008-23.xml new file mode 100644 index 000000000000..c4ea9bb57133 --- /dev/null +++ b/metadata/glsa/glsa-202008-23.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-23"> + <title>chrony: Symlink vulnerability</title> + <synopsis>A vulnerability in chrony may allow a privileged attacker to cause + data loss via a symlink. + </synopsis> + <product type="ebuild">chrony</product> + <announced>2020-08-30</announced> + <revised count="1">2020-08-30</revised> + <bug>738154</bug> + <access>local</access> + <affected> + <package name="net-misc/chrony" auto="yes" arch="*"> + <unaffected range="ge">3.5.1</unaffected> + <vulnerable range="lt">3.5.1</vulnerable> + </package> + </affected> + <background> + <p>chrony is a versatile implementation of the Network Time Protocol (NTP).</p> + </background> + <description> + <p>It was found that chrony did not check whether its PID file was a + symlink. + </p> + </description> + <impact type="normal"> + <p>A local attacker could perform symlink attack(s) to overwrite arbitrary + files with root privileges. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All chrony users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/chrony-3.5.1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14367">CVE-2020-14367</uri> + <uri link="https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html"> + chrony-3.5.1 release announcement + </uri> + </references> + <metadata tag="requester" timestamp="2020-08-25T23:32:37Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-30T21:09:20Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202008-24.xml b/metadata/glsa/glsa-202008-24.xml new file mode 100644 index 000000000000..a8c11cd49f78 --- /dev/null +++ b/metadata/glsa/glsa-202008-24.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202008-24"> + <title>OpenJDK: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in OpenJDK, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">openjdk</product> + <announced>2020-08-30</announced> + <revised count="1">2020-08-30</revised> + <bug>732624</bug> + <access>remote</access> + <affected> + <package name="dev-java/openjdk" auto="yes" arch="*"> + <unaffected range="ge" slot="8">8.262_p01</unaffected> + <vulnerable range="lt" slot="8">8.262_p01</vulnerable> + </package> + <package name="dev-java/openjdk-bin" auto="yes" arch="*"> + <unaffected range="ge" slot="8">8.262_p01</unaffected> + <vulnerable range="lt" slot="8">8.262_p01</vulnerable> + </package> + </affected> + <background> + <p>OpenJDK is a free and open-source implementation of the Java Platform, + Standard Edition. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in OpenJDK. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All OpenJDK users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.262_p01" + </code> + + <p>All OpenJDK binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.262_p01" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14556">CVE-2020-14556</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14562">CVE-2020-14562</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14573">CVE-2020-14573</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14578">CVE-2020-14578</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14579">CVE-2020-14579</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14583">CVE-2020-14583</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14593">CVE-2020-14593</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14621">CVE-2020-14621</uri> + </references> + <metadata tag="requester" timestamp="2020-08-26T14:46:09Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-08-30T21:12:11Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 2a502486c9de..0d602e3dd4cf 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 25 Aug 2020 08:08:40 +0000 +Wed, 02 Sep 2020 12:38:30 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index f48ce2bd341f..1a7e9cc72562 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -46214b1b461f1f9ad005b644d885569d46e4e959 1597835404 2020-08-19T11:10:04+00:00 +ea9671c73a3b7457c7e4487c1c538557855dfa44 1598822050 2020-08-30T21:14:10+00:00 |