diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-08-07 12:37:21 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-08-07 12:37:21 +0100 |
| commit | b8c7370a682e4e29cda623222d17a790c01c3642 (patch) | |
| tree | f6caa14689bd00a5760eadaa381ff41e50ef3c1b /metadata/glsa | |
| parent | 8a4997a7e2d1e36c089d4d76935b5a902d98d3d0 (diff) | |
gentoo auto-resync : 07:08:2024 - 12:37:20
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 579649 -> 581399 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202407-26.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-27.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202407-28.xml | 45 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-01.xml | 43 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-02.xml | 110 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-03.xml | 47 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-04.xml | 41 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-05.xml | 59 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-06.xml | 61 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-07.xml | 64 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-08.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
15 files changed, 617 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 54cdcef6cc5a..0bce9d8e5383 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 579649 BLAKE2B d1b796ba5c81fee046c2e8c50455a5b776ebdd09dbedb326c8b97fd5a0d51be46e3603ca79b91a71dddcacfb3c0dcbadcc62be2abe02515b84ef69f62cf23d68 SHA512 6c576e78234ac4cfe0606f825efe9766e6c0c6089da4549966b3883ac5df1b6a6d7f6f6061ae2839e5d62620ccb8ae330b1e639ff04bdc50050fb951bed139e2 -TIMESTAMP 2024-07-21T13:10:18Z +MANIFEST Manifest.files.gz 581399 BLAKE2B 7625df02b4f1b89397b376b84cd5cd12e72dc54d210a0b50792c11bea66aa2587c55e06a1c2f8c90e2d23e53d64dd9a95abcafc93985ea6b790b31a4bee23a76 SHA512 f826de1364ea562a943d402f32d70fea336c99b3f3c98bfe1a40de213334dbdc5b757ee30a530c7c880159a52dabf6ac43651411c9359eea6e317d844dc3417b +TIMESTAMP 2024-08-07T11:11:08Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmadCLpfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmazVkxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klC+ag/8DZakOnjoHjYEdlD8rMX46b0ya2cMKxxMJRQM5tB0Dhopq/sBBVFbTSLF -xZJApDYdstGIxV+S7Vs/TSoVUaVeNHQf1CSipENC/96f5/em41Lo5zajOQev4lIx -Z1RbvmknCSctSgaA79QZgi9ceuNcHfB0f+vL0Kt0OI/Y2HM0OLfQU7gLaj4lCFSa -zDPLPmev1ADO7o4v8n/Gjvjj5M8IGf9GVeUZrTjFRrT58J5ibvXHA6xnAs4ynWMJ -hyWSyT/RNX/MfAsMFE+i3iz5/t8K5udt7o7sfFh2RqbmmCSa0udBaQ3upW+fUuR+ -fVNrQ7YrvSfiXQwr0UDizB8q2ovwUPK6PkHtjB5SnGau7i91ehg5BMfgk60f/F+f -TETZodUP89Sc7at3tYKN8ueFSH7jA22RcWd6pkXbgVzHILrMRkRMwSPrJAcuW0kw -txlyboyciL4Ctjwrix4aOTuruLArjVPueIrhgzxSvWGtFmpl/bpbBRQatxPd7y0y -v7gFkK9bGMAh89YzZu07zo4GMNmIr10FGSz5DNgSEc5pq7W68LI8Iwo1YFsQtwRx -8DYeY6q9g1/2pv42br/ftX4FCsQZSEobMjwRK0u7BGV/7BisApQynotbeSgmWqeL -/lmhlbYES6f8K1fGxh1upnaAY4BaF/GiHYEOKsLxDjzbi/vxzc0= -=siU9 +klCBSBAAh8hTRHpj2s+CCBDbRsv+k+0EhgTm6ycX5wyVlVaS8ND6bw8O6/kcXk8n +l0iAgJEZjC2gwte7tGhWUXnNf1Mmi518dmqdU8saBQ/NjoguiHfGzT38hHDFKDPz +7GYLhRk3e3UWX6fCWbEIScyqIyW/t5qnocD/8H8BqVjtjuDrlIbxOWxyGDQMxDrI +IWBdBlXiwQuLiANByGSOCTo0DilF6zYUrLT2wP2QWNJz3JX7kRK7iezHlIoIXW4Z +zHuuW+T7cLyTERTpuek2kAqdYiJjESaYkfID8+hIZN2GKl3/chAuLvTVYbDnZ1by +TLslfrvbEUAEhwrimF4NuD71cORTaNclfjf2TTRULyG7YAEi9Oky0MO50w1PCBqd +LMSCffZHmg875Qb/nhmBSpYk3xTxtu8wYkk9Vp4AapErRi2Lr0OWVb099aXGrskf +tu8j4T5YBnVlr5XG9d8eA32OCIfHo9CPWCw+gye0fAZKC6tlyl4Zy/D+mgq/ryhL +vGdf5nf6ZR+Wo/OrV666C0OgXsH5zD71fdGcm0iZ6IV+SjMK4c28TANRVSFIAF9l +V7o9VqzfSam8tmQNvGXc/krX28ZYMYxK36PDNEfyd4rNIklPDaEsrsegyKRNlDpZ +/dzF7ZJUd4+EgZQ9Nd5p2fjmeJgeb6Lu6E72bpDQQ8UTgz4f4DE= +=/QTK -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 0f55c8b38244..be4c754dd6b1 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202407-26.xml b/metadata/glsa/glsa-202407-26.xml new file mode 100644 index 000000000000..8c4b0b7ae73a --- /dev/null +++ b/metadata/glsa/glsa-202407-26.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-26"> + <title>Dmidecode: Privilege Escalation</title> + <synopsis>A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation.</synopsis> + <product type="ebuild">dmidecode</product> + <announced>2024-07-24</announced> + <revised count="1">2024-07-24</revised> + <bug>905093</bug> + <access>local</access> + <affected> + <package name="sys-apps/dmidecode" auto="yes" arch="*"> + <unaffected range="ge">3.5</unaffected> + <vulnerable range="lt">3.5</vulnerable> + </package> + </affected> + <background> + <p>Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).</p> + </background> + <description> + <p>Dmidecode -dump-bin can overwrite a local file. This has security relevance because, for example, execution of Dmidecode via sudo is plausible.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifier for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Dmidecode users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dmidecode-3.5" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30630">CVE-2023-30630</uri> + </references> + <metadata tag="requester" timestamp="2024-07-24T06:06:10.030561Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-24T06:06:10.033680Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-27.xml b/metadata/glsa/glsa-202407-27.xml new file mode 100644 index 000000000000..8848a48c5463 --- /dev/null +++ b/metadata/glsa/glsa-202407-27.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-27"> + <title>ExifTool: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution.</synopsis> + <product type="ebuild">exiftool</product> + <announced>2024-07-24</announced> + <revised count="1">2024-07-24</revised> + <bug>785667</bug> + <bug>791397</bug> + <bug>803317</bug> + <bug>832033</bug> + <access>local</access> + <affected> + <package name="media-libs/exiftool" auto="yes" arch="*"> + <unaffected range="ge">12.42</unaffected> + <vulnerable range="lt">12.42</vulnerable> + </package> + </affected> + <background> + <p>ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in ExifTool. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All ExifTool users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/exiftool-12.42" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22204">CVE-2021-22204</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23935">CVE-2022-23935</uri> + </references> + <metadata tag="requester" timestamp="2024-07-24T06:08:31.681636Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-24T06:08:31.685111Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-28.xml b/metadata/glsa/glsa-202407-28.xml new file mode 100644 index 000000000000..67adc3da0912 --- /dev/null +++ b/metadata/glsa/glsa-202407-28.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-28"> + <title>Freenet: Deanonymization Vulnerability</title> + <synopsis>A vulnerability has been discovered in Freenet, which can lead to deanonymization due to path folding.</synopsis> + <product type="ebuild">freenet</product> + <announced>2024-07-24</announced> + <revised count="1">2024-07-24</revised> + <bug>904441</bug> + <access>remote</access> + <affected> + <package name="net-p2p/freenet" auto="yes" arch="*"> + <unaffected range="ge">0.7.5_p1497</unaffected> + <vulnerable range="lt">0.7.5_p1497</vulnerable> + </package> + </affected> + <background> + <p>Freenet is an encrypted network without censorship.</p> + </background> + <description> + <p>This release fixes a severe vulnerability in path folding that allowed
+to distinguish between downloaders and forwarders with an adapted
+node that is directly connected via opennet.</p> + </description> + <impact type="normal"> + <p>This release fixes a severe vulnerability in path folding that allowed
+to distinguish between downloaders and forwarders with an adapted
+node that is directly connected via opennet.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Freenet users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/freenet-0.7.5_p1497" + </code> + </resolution> + <references> + </references> + <metadata tag="requester" timestamp="2024-07-24T06:10:44.345056Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-24T06:10:44.351516Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-01.xml b/metadata/glsa/glsa-202408-01.xml new file mode 100644 index 000000000000..29248eda12dd --- /dev/null +++ b/metadata/glsa/glsa-202408-01.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-01"> + <title>containerd: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in containerd, the worst of which could lead to privilege escalation.</synopsis> + <product type="ebuild">containerd</product> + <announced>2024-08-06</announced> + <revised count="1">2024-08-06</revised> + <bug>897960</bug> + <access>local</access> + <affected> + <package name="app-containers/containerd" auto="yes" arch="*"> + <unaffected range="ge">1.6.19</unaffected> + <vulnerable range="lt">1.6.19</vulnerable> + </package> + </affected> + <background> + <p>containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All containerd users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-containers/containerd-1.6.19" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25153">CVE-2023-25153</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25173">CVE-2023-25173</uri> + </references> + <metadata tag="requester" timestamp="2024-08-06T05:38:04.316179Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-06T05:38:04.318621Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-02.xml b/metadata/glsa/glsa-202408-02.xml new file mode 100644 index 000000000000..52ce5cddf816 --- /dev/null +++ b/metadata/glsa/glsa-202408-02.xml @@ -0,0 +1,110 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-02"> + <title>Mozilla Firefox: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution.</synopsis> + <product type="ebuild">firefox,firefox-bin</product> + <announced>2024-08-06</announced> + <revised count="1">2024-08-06</revised> + <bug>930380</bug> + <bug>932374</bug> + <bug>935550</bug> + <access>remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge" slot="rapid">127.0</unaffected> + <unaffected range="ge" slot="esr">115.12.0</unaffected> + <vulnerable range="lt" slot="rapid">127.0</vulnerable> + <vulnerable range="lt" slot="esr">115.12.0</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge" slot="rapid">127.0</unaffected> + <unaffected range="ge" slot="esr">115.12.0</unaffected> + <vulnerable range="lt" slot="rapid">127.0</vulnerable> + <vulnerable range="lt" slot="esr">115.12.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Firefox binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-127.0:rapid" + </code> + + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-127.0:rapid" + </code> + + <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-115.12.0:esr" + </code> + + <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.12.0:esr" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2609">CVE-2024-2609</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3302">CVE-2024-3302</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3853">CVE-2024-3853</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3854">CVE-2024-3854</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3855">CVE-2024-3855</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3856">CVE-2024-3856</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3857">CVE-2024-3857</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3858">CVE-2024-3858</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3859">CVE-2024-3859</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3860">CVE-2024-3860</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3861">CVE-2024-3861</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3862">CVE-2024-3862</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3864">CVE-2024-3864</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3865">CVE-2024-3865</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4764">CVE-2024-4764</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4765">CVE-2024-4765</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4766">CVE-2024-4766</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4771">CVE-2024-4771</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4772">CVE-2024-4772</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4773">CVE-2024-4773</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4774">CVE-2024-4774</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4775">CVE-2024-4775</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4776">CVE-2024-4776</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4778">CVE-2024-4778</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5689">CVE-2024-5689</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5693">CVE-2024-5693</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5694">CVE-2024-5694</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5695">CVE-2024-5695</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5696">CVE-2024-5696</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5697">CVE-2024-5697</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5698">CVE-2024-5698</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5699">CVE-2024-5699</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5700">CVE-2024-5700</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5701">CVE-2024-5701</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5702">CVE-2024-5702</uri> + <uri>MFSA-2024-25</uri> + <uri>MFSA-2024-26</uri> + <uri>MFSA-2024-28</uri> + </references> + <metadata tag="requester" timestamp="2024-08-06T05:40:35.041061Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-06T05:40:35.043479Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-03.xml b/metadata/glsa/glsa-202408-03.xml new file mode 100644 index 000000000000..f6ce21719e37 --- /dev/null +++ b/metadata/glsa/glsa-202408-03.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-03"> + <title>libXpm: Multiple Vulnerabilities</title> + <synopsis>Multiple vulberabilities have been discovered in libXpm, the worst of which could lead to a denial of service.</synopsis> + <product type="ebuild">libXpm</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>891209</bug> + <bug>915130</bug> + <access>local</access> + <affected> + <package name="x11-libs/libXpm" auto="yes" arch="*"> + <unaffected range="ge">3.5.17</unaffected> + <vulnerable range="lt">3.5.17</vulnerable> + </package> + </affected> + <background> + <p>The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in libXpm. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All libXpm users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libXpm-3.5.17" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4883">CVE-2022-4883</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44617">CVE-2022-44617</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46285">CVE-2022-46285</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43788">CVE-2023-43788</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43789">CVE-2023-43789</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T05:22:06.419014Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T05:22:06.422663Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-04.xml b/metadata/glsa/glsa-202408-04.xml new file mode 100644 index 000000000000..ad612f044619 --- /dev/null +++ b/metadata/glsa/glsa-202408-04.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-04"> + <title>Levenshtein: Remote Code Execution</title> + <synopsis>A vulnerability has been discovered in Levenshtein, which could lead to a remote code execution.</synopsis> + <product type="ebuild">Levenshtein</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>766009</bug> + <access>remote</access> + <affected> + <package name="dev-python/Levenshtein" auto="yes" arch="*"> + <unaffected range="ge">0.12.1</unaffected> + <vulnerable range="lt">0.12.1</vulnerable> + </package> + </affected> + <background> + <p>Levenshtein is a Python extension for computing string edit distances and similarities.</p> + </background> + <description> + <p>Fixed handling of numerous possible wraparounds in calculating the size of memory allocations; incorrect handling of which could cause denial of service or even possible remote code execution.</p> + </description> + <impact type="normal"> + <p>Fixed handling of numerous possible wraparounds in calculating the size of memory allocations; incorrect handling of which could cause denial of service or even possible remote code execution.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Levenshtein users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/Levenshtein-0.12.1" + </code> + </resolution> + <references> + </references> + <metadata tag="requester" timestamp="2024-08-07T06:14:52.905613Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T06:14:52.912037Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-05.xml b/metadata/glsa/glsa-202408-05.xml new file mode 100644 index 000000000000..8919fc8f3b73 --- /dev/null +++ b/metadata/glsa/glsa-202408-05.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-05"> + <title>Redis: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Redis, the worst of which may lead to a denial of service or possible remote code execution.</synopsis> + <product type="ebuild">redis</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>891169</bug> + <bug>898464</bug> + <bug>902501</bug> + <bug>904486</bug> + <bug>910191</bug> + <bug>913741</bug> + <bug>915989</bug> + <bug>921662</bug> + <access>local and remote</access> + <affected> + <package name="dev-db/redis" auto="yes" arch="*"> + <unaffected range="ge">7.2.4</unaffected> + <vulnerable range="lt">7.2.4</vulnerable> + </package> + </affected> + <background> + <p>Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Redis users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/redis-7.2.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24834">CVE-2022-24834</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35977">CVE-2022-35977</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36021">CVE-2022-36021</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22458">CVE-2023-22458</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25155">CVE-2023-25155</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28425">CVE-2023-28425</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28856">CVE-2023-28856</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-36824">CVE-2023-36824</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-41053">CVE-2023-41053</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-41056">CVE-2023-41056</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45145">CVE-2023-45145</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T06:33:13.322960Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T06:33:13.327235Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-06.xml b/metadata/glsa/glsa-202408-06.xml new file mode 100644 index 000000000000..94803695ca59 --- /dev/null +++ b/metadata/glsa/glsa-202408-06.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-06"> + <title>PostgreSQL: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in PostgreSQL, the worst of which could lead to privilege escalation or denial of service.</synopsis> + <product type="ebuild">postgresql</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>903193</bug> + <bug>912251</bug> + <bug>917153</bug> + <bug>924110</bug> + <bug>931849</bug> + <access>local</access> + <affected> + <package name="dev-db/postgresql" auto="yes" arch="*"> + <unaffected range="ge" slot="12">12.19</unaffected> + <unaffected range="ge" slot="13">13.14</unaffected> + <unaffected range="ge" slot="14">14.12-r1</unaffected> + <unaffected range="ge" slot="15">15.7-r1</unaffected> + <unaffected range="ge" slot="16">16.3-r1</unaffected> + <vulnerable range="lt">12</vulnerable> + <vulnerable range="lt" slot="12">12.19</vulnerable> + <vulnerable range="lt" slot="13">13.14</vulnerable> + <vulnerable range="lt" slot="14">14.12-r1</vulnerable> + <vulnerable range="lt" slot="15">15.7-r1</vulnerable> + <vulnerable range="lt" slot="16">16.3-r1</vulnerable> + </package> + </affected> + <background> + <p>PostgreSQL is an open source object-relational database management system.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All PostgreSQL users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-16.3-r1:16" + </code> + + <p>Or update an older slot if that is still in use.</p> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5868">CVE-2023-5868</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5869">CVE-2023-5869</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5870">CVE-2023-5870</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0985">CVE-2024-0985</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4317">CVE-2024-4317</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T08:28:46.588202Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T08:28:46.591128Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-07.xml b/metadata/glsa/glsa-202408-07.xml new file mode 100644 index 000000000000..ca4e07832cac --- /dev/null +++ b/metadata/glsa/glsa-202408-07.xml @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-07"> + <title>Go: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service.</synopsis> + <product type="ebuild">go</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>906043</bug> + <bug>919310</bug> + <bug>926530</bug> + <bug>928539</bug> + <bug>931602</bug> + <access>remote</access> + <affected> + <package name="dev-lang/go" auto="yes" arch="*"> + <unaffected range="ge">1.22.3</unaffected> + <vulnerable range="lt">1.22.3</vulnerable> + </package> + </affected> + <background> + <p>Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Go users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/go-1.22.3" + </code> + + <p>Due to Go programs typically being statically compiled, Go users should also recompile the reverse dependencies of the Go language to ensure statically linked programs are remediated:</p> + + <code> + # emerge --ask --oneshot --verbose @golang-rebuild + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24539">CVE-2023-24539</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24540">CVE-2023-24540</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29400">CVE-2023-29400</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39326">CVE-2023-39326</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45283">CVE-2023-45283</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45285">CVE-2023-45285</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45288">CVE-2023-45288</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45289">CVE-2023-45289</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45290">CVE-2023-45290</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24783">CVE-2024-24783</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24784">CVE-2024-24784</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24785">CVE-2024-24785</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24788">CVE-2024-24788</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T09:30:13.961626Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T09:30:13.964984Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-08.xml b/metadata/glsa/glsa-202408-08.xml new file mode 100644 index 000000000000..cf494b232eb2 --- /dev/null +++ b/metadata/glsa/glsa-202408-08.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-08"> + <title>json-c: Buffer Overflow</title> + <synopsis>A vulnerability has been discovered in json-c, which can lead to a stack buffer overflow.</synopsis> + <product type="ebuild">json-c</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>918555</bug> + <access>remote</access> + <affected> + <package name="dev-libs/json-c" auto="yes" arch="*"> + <unaffected range="ge">0.16</unaffected> + <vulnerable range="lt">0.16</vulnerable> + </package> + </affected> + <background> + <p>json-c is a JSON implementation in C.</p> + </background> + <description> + <p>Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All json-c users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/json-c-0.16" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32292">CVE-2021-32292</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T11:00:32.063764Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T11:00:32.067004Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 9fa85221fb2c..677c7dee70c1 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 21 Jul 2024 13:10:14 +0000 +Wed, 07 Aug 2024 11:11:03 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index d58735345345..26aa9e48deab 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -f5c4590ccc7fba60f1b11c716c6abb083c0f5ddd 1720593316 2024-07-10T06:35:16Z +e64fb777fe21714192a4f70814906be33d867172 1723028443 2024-08-07T11:00:43Z |