diff options
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 546124 -> 546284 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-202307-01.xml | 46 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 63 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index a385a79cc866..a42c155d4813 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 546124 BLAKE2B b8c960a7f19f0cac8ea254b9330e3a1add1f4be28ff0a9b4020f5e68f250a6b511280b7dd1dec4e472c73320abae493b0ab8441075c681803abfb19ea280332e SHA512 0dccc4f920463740ab2803f55b50f1cf0df2af9d58750c12c98fe5963dc8738d5a3e8d6a895c2e0d3ba8230bb61557b6e88b4fa56b2f05f5697577b68a9413df -TIMESTAMP 2023-07-19T23:40:12Z +MANIFEST Manifest.files.gz 546284 BLAKE2B ffce95d14dec8e0ecb1658575f411350a797650e5376e656bbe5d1c11b4e05372611ac4ca5de41270e2e69dfa9461b99f212aa044d6509bb082c7f94d92006b8 SHA512 c90fc6416d62b1b09cbafd89df9a8523e7e9eec12dd28fd39f81776bc9076c1e64fdb0203c709c330d323ea0c05daf6d59e5c469948b4d49cc6d59443f29557a +TIMESTAMP 2023-07-20T05:40:02Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmS4dF1fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmS4yLJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBCrBAAimmdrZ+uChMzhaz5BrEHAk+r3pjZIsJAnDvpygpGRhINlFzPPgrlWd08 -g9EAhZG8TiVCTkIy/Mc5jgsQTAmJhFTF52mHk5grJ+c5vlTedtHq+ALuoemMHBl+ -mlf1d+oBv82liHIqI0tgdi5Ev+vewFeIVM/V9NJDVyxcRF4BP8+Sh6tODvnBego8 -XQptzJgCrLYE8BubUkh76Q5sL4MC6OxC7W5u4Y8IqOG6YocBY1D/nWnN9anFSbNQ -Tx4gVvo4uN737lnbF/6tBi4gHUYdnwK4q+jyZujYK9PAUJOg6zcQ/NdjkIoFpGHy -VmBgN8z+h47H4GwJBzgiuI8KOui8/Ueagg0Px9CZaTUbLL9H/N2x6XYV01w5HBvE -F2zKp3e5CYSHorG5xUGnGX1wLKoH+oU2+nKY0FCphNRHy/OGbwTsuHsXHk+1fm8s -DEEd0tqPFfQYo+11hrdMqUeKhzJ/DXdUZpUQrkuNLYDJF9UCQzXFT+/XBtJMl+dx -m96VqRrJ7o6pRBXF20hwXDOB+2aCYqtMkziVOSwRQ8GfF1SLwbw/zZDhy28TVcF6 -6H5a+9T8NilNX56lB7xb/U7VfVEAy1gPj4ZqN48dPf/5sl8Bv4fRGsFPgZmrExQJ -zijVIUDdtlxFDFuwVhXb2F68SG8LOevJxO1MjphQWqty07xpaCA= -=Kl67 +klA4Tg//bME+6yqCOymo0svGmmLdOZSRp6VJY75eLXxVyOVC5aCcDvEHujs2aeM0 +I90aHkjGxbzelC3CrRIrQdY667zQLoX8hMcrtaiCIeLcksnj/Yw115R+l+nADkSU +fKng185RS3jiKF/aP+/fkV5vdpy1AaC8tzyzTfSq0xTOZqxpxxqwFmsydDjJAbqk ++WMi+HeCfgWPXVVnsqiY20139eHHlBME26J0Ak0UGLiWp+aMeBgfbqMnks3ml9I2 +xwUaacalfU77c6KdGvMdyyVCQl/DbUvJLGbI9TRo6wY2e5j8ifrPLGIUMd3Ka7+U +HhKvOE925POSrAFXXiZzXA+13XRKdU2eMqklOmjYiktPybGReJvUBHOhMt8mgt6U +/LYd6uOuBJBedsnGxQ4121jv1mtRZnIyKlE9aHJDwzWBx8200X3XMfnPQfk3ybOi +0fBKtKMD+2IDYSgClhEl8NziVMpGkLNpx2X88lA/Ht6f+33GJX5NrQ59inWeqLR4 +r5o+KgyffJOWZ9bxFB3uQPPJXQcOXxdVLk435lyzMYBJZaMhc9b654ZZINdUCU/Z +bzvWClbcsdvkqUC74PLbbnRy9FsNoQlLV/idbf0anqcOeAyajE6MXsl3HB20MdHi +wjF8jl9a88hogJJe0M7TpPZHNdSWbTQ6wM+Jh+9ECmPXJiVj3U4= +=IjQg -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex b00ee056dd18..933f01207b15 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202307-01.xml b/metadata/glsa/glsa-202307-01.xml new file mode 100644 index 000000000000..4fa7ed99c6cb --- /dev/null +++ b/metadata/glsa/glsa-202307-01.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202307-01"> + <title>OpenSSH: Remote Code Execution</title> + <synopsis>Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution.</synopsis> + <product type="ebuild">openssh</product> + <announced>2023-07-20</announced> + <revised count="1">2023-07-20</revised> + <bug>892936</bug> + <bug>905299</bug> + <bug>910553</bug> + <access>remote</access> + <affected> + <package name="net-misc/openssh" auto="yes" arch="*"> + <unaffected range="ge">9.3_p2</unaffected> + <vulnerable range="lt">9.3_p2</vulnerable> + </package> + </affected> + <background> + <p>OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the CVE identifiers referenced below for details.</p> + </impact> + <workaround> + <p>CVE-2023-38408 can be worked around by avoiding connecting to untrusted servers with an SSH agent.</p> + </workaround> + <resolution> + <p>All OpenSSH users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.3_p2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25136">CVE-2023-25136</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28531">CVE-2023-28531</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38408">CVE-2023-38408</uri> + </references> + <metadata tag="requester" timestamp="2023-07-20T02:17:18.328897Z">sam</metadata> + <metadata tag="submitter" timestamp="2023-07-20T02:17:18.348364Z">sam</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index d5cdee6461b0..e7453a02174b 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 19 Jul 2023 23:40:09 +0000 +Thu, 20 Jul 2023 05:39:59 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index cfc786be5080..e8299091e63e 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -023c3018165ffad6f1f6a874561e1c3c555cb505 1685499625 2023-05-31T02:20:25+00:00 +6394ef8ae23b1cf183b45b603eceea6389a3c371 1689819508 2023-07-20T02:18:28+00:00 |