gentoo resync : 03.11.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-11-03 08:36:22 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2018-11-03 08:36:22 +0000
commit: f65628136faa35d0c4d3b5e7332275c7b35fcd96 (patch)
tree: 021998302365c5652e37824b6c26d4d969a62055 /metadata/glsa
parent: 70b82ae359a5538711e103b0e8dfb92654296644 (diff)
10 files changed, 441 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 77eff0246fb7..272b5617c473 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 428694 BLAKE2B dabc73e7c83c08ff4414f8dfe425db9d08d60f1de16c53a7c98425dd351f75aef67c86f4f46fa49d9af0f986df502dbf33d34aadd4caf3fe51750483097dd276 SHA512 b2b7dd8ffb3bb5a6c89e9fdde743f3194735a002d556d9fb28adce939bf73e893fe8f97076dafbaf7704e3774b68ba08d842b8b20bfd7e9173e3cbc864b40bae
-TIMESTAMP 2018-10-27T11:08:41Z
+MANIFEST Manifest.files.gz 429647 BLAKE2B a411cce710ab8dd39a655bd0e0cc190fbcae6f53119ffd89cae0be474bd52b18b9f669c37dc08ddc9e6dc2a29bf677b9015df98cc57c2d30284d663c0b745fe0 SHA512 727e13fbfd98dfc90a62c0a63c29d8331a6b94e4b42d913790e4a78f814e95d07a616b3b426612b6bfed54ee01f6b9889ca7c2f42345120b9b84f4679ebf482d
+TIMESTAMP 2018-11-03T07:38:39Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvURzlfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvdUH9fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCHbQ/+LC0FkJAKahTXNb6BooRWLWHt/XunLq9LjLJTYRUEC2niBy3DE9u0oCr0
-h44PzynpU/W5u145TszqOehMEf6bxF8JQmZUumJZGWAdJBAUuvP1ChoLEHdJfKnz
-YMVh434plGc+6FFEc6IedjC6hgY3MBXer8gZqMcglQmBkMi2KiHt0gguRR/cMr9H
-mR1A5EUJlw+2HYZK6KnnUSew1PgiXYxQvtzL22ikpNtM2sqCx8X6h0aCEuH4rDHN
-j1cnuqTijbkzZ8sqsv511EgBPzBXP384HiYPhPa+IJpWbUPhobaHLCKsl5BrlVZc
-+qFF/UNUoB3r1ffcVc29KuLm3JQZUH6IJQvhh8IO/IT7U6olHM0t3NBA69i/LNqq
-ehOSASp80WsCGW/bRFg4Ev5xUMqNUJi6ETqNZOiI4sRpNxoGzed3Emj01IORGUTq
-q9PS2gZVjWBODLYzRvPg51t3RcxF7d569BK5uzxICbMh/4zE5bCo/RgcNngjl7aC
-lzkUt3ht/FStSfVg9d2JpE1Q433MFqIWYsUBMXLsTGmpzCrOhBEq9JeejwAlO8VU
-jDdTvobn0P+u67iia+170LONrNeNiCf39ZTnVvKbjCnqlQPZnuyD3Eodab3oVTDQ
-O5lLnSX19vmZqwYckdmWL0fi7fZeT+MvIDv2lvTmB0PqdZ6/w9E=
-=TRHh
+klB9HhAAloTGT9BfjtX6lE1xv7+YdKOjU8YbkFR4rbjKI2zGnYqQAc8ZM1zss3+q
+pRDBwW1Bgp3LavCqFdTDVAqVQ2CiGjzAvWAyjYqjQnWyi+2mlgbgB1WpJLufd32P
+647NlKJcpIzGBW2CrL/fkQiqYkeYKx1fr9nr+BJoLYK7hPZbewKNITU2OsiV+TtM
+wgJ7uFECAbluJbdDnJPrY+8mYNpAaHrxmvzPx61hHq3rbMP3V8IC0753QUPhgKbr
+NzIKDX+HbQXN5eydTyUHvPIe2n/F/Xj6r3gYa+NwbynnI5ggjBChkaLrKLHzjpVE
+oUUox9auS/AsN5gxHOaCGZUZ0sDnx/QKAhOKSF20b7MVU8pIPpBtM/C/JASprKSo
+QN2YywpdSioqLf6wcTxxsn0bRu4QlNter8fpe38ai76V2n7GSxxZ0bJrVjzaw18b
+uEkuA+ZWaRE6bkokhUSkTTfQImlOKcH18TXUtivPcjFqichlNacys+ErunG0Z97V
+A5wpJW343ERkqNOwYvrmfNK3DYUQ/KcAuEq/pu5SxpSCbZdfh9gwSkXZv5zVKjpL
+QbAAOyTOhx0vTmc+9fBtNRfUkiepJHYOlt1SiyljYOrhdp28WBzPgvrFoeOcGXeM
+WSuPl143uqYvamOWXXIY5fOy4gUGoJLxlCnScLQ8i3JbqAud8z0=
+=YiFX
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index a7c025fba987..d0b2412ba016 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201810-05.xml b/metadata/glsa/glsa-201810-05.xml
new file mode 100644
index 000000000000..d88bef878a13
--- /dev/null
+++ b/metadata/glsa/glsa-201810-05.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-05">
+  <title>xkbcommon: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in xkbcommon, the worst of
+    which may lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libxkbcommon</product>
+  <announced>2018-10-30</announced>
+  <revised count="1">2018-10-30</revised>
+  <bug>665702</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/libxkbcommon" auto="yes" arch="*">
+      <unaffected range="ge">0.8.2</unaffected>
+      <vulnerable range="lt">0.8.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>xkbcommon is a library to handle keyboard descriptions, including
+      loading them from disk, parsing them and handling their state.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxkbcommon. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could supply a specially crafted keymap file possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxkbcommon users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libxkbcommon-0.8.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15853">CVE-2018-15853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15854">CVE-2018-15854</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15855">CVE-2018-15855</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15856">CVE-2018-15856</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15857">CVE-2018-15857</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15858">CVE-2018-15858</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15859">CVE-2018-15859</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15861">CVE-2018-15861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15862">CVE-2018-15862</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15863">CVE-2018-15863</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15864">CVE-2018-15864</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-14T16:59:09Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:41:12Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-06.xml b/metadata/glsa/glsa-201810-06.xml
new file mode 100644
index 000000000000..9481d47a7e3d
--- /dev/null
+++ b/metadata/glsa/glsa-201810-06.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-06">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2018-10-30</announced>
+  <revised count="2">2018-10-30</revised>
+  <bug>643350</bug>
+  <bug>655188</bug>
+  <bug>655544</bug>
+  <bug>659442</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.10.1-r2</unaffected>
+      <vulnerable range="lt">4.10.1-r2</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.10.1-r2</unaffected>
+      <vulnerable range="lt">4.10.1-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause a Denial of Service condition or disclose
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.10.1-r2"
+    </code>
+    
+    <p>All Xen tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.10.1-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5715">CVE-2017-5715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5753">CVE-2017-5753</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5754">CVE-2017-5754</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10471">CVE-2018-10471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10472">CVE-2018-10472</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10981">CVE-2018-10981</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10982">CVE-2018-10982</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12891">CVE-2018-12891</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12892">CVE-2018-12892</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12893">CVE-2018-12893</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15468">CVE-2018-15468</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15469">CVE-2018-15469</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15470">CVE-2018-15470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3620">CVE-2018-3620</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3646">CVE-2018-3646</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5244">CVE-2018-5244</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7540">CVE-2018-7540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7541">CVE-2018-7541</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7542">CVE-2018-7542</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-10T09:38:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:59:58Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-07.xml b/metadata/glsa/glsa-201810-07.xml
new file mode 100644
index 000000000000..a261c2f224d1
--- /dev/null
+++ b/metadata/glsa/glsa-201810-07.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-07">
+  <title>Mutt, NeoMutt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mutt and NeoMutt, the
+    worst of which allows for arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">mutt, neomutt</product>
+  <announced>2018-10-30</announced>
+  <revised count="2">2018-10-30</revised>
+  <bug>661436</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">1.10.1</unaffected>
+      <vulnerable range="lt">1.10.1</vulnerable>
+    </package>
+    <package name="mail-client/neomutt" auto="yes" arch="*">
+      <unaffected range="ge">20180716</unaffected>
+      <vulnerable range="lt">20180716</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+    
+    <p>NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt
+      with added features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mutt, and NeoMutt.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted mail
+      message or connect to malicious mail server using Mutt or NeoMutt,
+      possibly resulting in execution of arbitrary code or directory traversal
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-client/mutt-1.10.1"
+    </code>
+    
+    <p>All NeoMuutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/neomutt-20180716"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14349">CVE-2018-14349</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14350">CVE-2018-14350</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14351">CVE-2018-14351</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14352">CVE-2018-14352</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14353">CVE-2018-14353</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14354">CVE-2018-14354</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14355">CVE-2018-14355</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14356">CVE-2018-14356</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14357">CVE-2018-14357</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14358">CVE-2018-14358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14359">CVE-2018-14359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14362">CVE-2018-14362</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-22T23:01:20Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T22:34:46Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-08.xml b/metadata/glsa/glsa-201810-08.xml
new file mode 100644
index 000000000000..bcb0c46bb2bd
--- /dev/null
+++ b/metadata/glsa/glsa-201810-08.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-08">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2018-10-30</announced>
+  <revised count="1">2018-10-30</revised>
+  <bug>603716</bug>
+  <bug>603720</bug>
+  <bug>664332</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.3">9.3.24</unaffected>
+      <unaffected range="ge" slot="9.4">9.4.19</unaffected>
+      <unaffected range="ge" slot="9.5">9.5.14</unaffected>
+      <unaffected range="ge" slot="9.6">9.6.10</unaffected>
+      <unaffected range="ge" slot="10">10.5</unaffected>
+      <vulnerable range="lt">10.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the referenced CVE identifiers for details.
+    </p>
+    
+    <p>In addition it was discovered that Gentoo’s PostgreSQL installation
+      suffered from a privilege escalation vulnerability due to a runscript
+      which called OpenRC’s checkpath() on a user controlled path and allowed
+      user running PostgreSQL to kill arbitrary processes via PID file
+      manipulation.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could bypass certain client-side connection security
+      features, read arbitrary server memory or alter certain data.
+    </p>
+    
+    <p>In addition, a local attacker could gain privileges or cause a Denial of
+      Service condition by  killing arbitrary processes.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL users up to 9.3 should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.3.24:9.3"
+    </code>
+    
+    <p>All PostgreSQL 9.4 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.4.19:9.4"
+    </code>
+    
+    <p>All PostgreSQL 9.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.14:9.5"
+    </code>
+    
+    <p>All PostgreSQL 9.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.10:9.6"
+    </code>
+    
+    <p>All PostgreSQL 10 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.5:10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10915">CVE-2018-10915</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10925">CVE-2018-10925</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1115">CVE-2018-1115</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-20T23:00:55Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:41:59Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-09.xml b/metadata/glsa/glsa-201810-09.xml
new file mode 100644
index 000000000000..8931f25127fc
--- /dev/null
+++ b/metadata/glsa/glsa-201810-09.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-09">
+  <title>X.Org X Server: Privilege escalation</title>
+  <synopsis>A vulnerability in X.Org X Server allows local users to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">xorg x server</product>
+  <announced>2018-10-30</announced>
+  <revised count="1">2018-10-30</revised>
+  <bug>669588</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.20.3</unaffected>
+      <vulnerable range="lt">1.20.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>An incorrect permission check for -modulepath and -logfile options when
+      starting Xorg. X server allows unprivileged users with the ability to log
+      in to the system via physical console to escalate their privileges and
+      run arbitrary code under root privileges.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker can escalate privileges to root by passing crafted
+      parameters to the X.org X server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.20.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14665">CVE-2018-14665</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-30T15:53:55Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:42:13Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201810-10.xml b/metadata/glsa/glsa-201810-10.xml
new file mode 100644
index 000000000000..017ec0c1e539
--- /dev/null
+++ b/metadata/glsa/glsa-201810-10.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201810-10">
+  <title>systemd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in systemd, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">systemd</product>
+  <announced>2018-10-30</announced>
+  <revised count="1">2018-10-30</revised>
+  <bug>669664</bug>
+  <bug>669716</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-apps/systemd" auto="yes" arch="*">
+      <unaffected range="ge">239-r2</unaffected>
+      <vulnerable range="lt">239-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A system and service manager.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in systemd. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly execute arbitrary code, cause a Denial of
+      Service condition, or gain escalated privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All systemd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/systemd-239-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15686">CVE-2018-15686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15687">CVE-2018-15687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15688">CVE-2018-15688</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-30T15:33:52Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-10-30T20:42:27Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 77cae2d1b813..00851f29a882 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 27 Oct 2018 11:08:37 +0000
+Sat, 03 Nov 2018 07:38:35 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 99c3f6f2fa78..41fb03066c8c 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-5788e60d7bd138f44ae3b948a0da0c8ddfc7359a 1539817877 2018-10-17T23:11:17+00:00
+3fe134c9c609fe0fa952396df0dd91b901ef64de 1540938926 2018-10-30T22:35:26+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2018-11-03 08:36:22 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2018-11-03 08:36:22 +0000
commit	f65628136faa35d0c4d3b5e7332275c7b35fcd96 (patch)
tree	021998302365c5652e37824b6c26d4d969a62055 /metadata/glsa
parent	70b82ae359a5538711e103b0e8dfb92654296644 (diff)