diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 448845 -> 449006 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-201910-01.xml | 72 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 89 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index fb2dbba86227..78865332cded 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 448845 BLAKE2B 24feded351e2c02762000f35c6c58ac935b2383bf6acdd7450f974e16e15fe0935d3f657233d5cd4ab87639ad5f410b8ea36fd5c019b93bfbfc47983ef01dbdc SHA512 569d13495f7e4953afefd29435d7953d3afa1815ae86459c1f4f84726efaaedc5598835f415738d792d2d1060be50cf8ad9140b7fcf124dd7f9ea681a55957ab -TIMESTAMP 2019-10-13T20:38:57Z +MANIFEST Manifest.files.gz 449006 BLAKE2B ab32207f84ac7631fd8d236fe1aa63e88587b06e44eb1809cd72818ffb95ebb8390c250d5ab1ac5b1ac80968c4cef20897786383d93e0f140f7f1be52e7cb314 SHA512 d97241a68516a4c88a2d1afe7dac7dc36b0124cf3186aca88c595b3e66875bc4c66530c9b1c5221bf584a799c385182af538ea678c6f87418d9749030c73d619 +TIMESTAMP 2019-11-03T15:08:53Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl2ji2FfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl2+7YVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCxTw//cB1DOqxzrCdkBOpaT53PhrXYDKu36Nj/AjvQm4kHB4dQjvbqtLdXC2aa -pvlyZbEa2le54+b/95TMBPugHN0SzQ/NpbVBWo2tSE9ILnCggUU58hxrlERQ4vnO -FfZHrrNx8M4MDhEkF9Hpe8GqhqFLRhi5RM0czQ+x5xoMb+CKZo46oOt40skukZy0 -JftY5klDkwT+oG4plt1xSAE1ZHuOewDRjB3ak0wfFQtvEC9d/EsBHog0QJvt1huU -rL8MheUv6GJRyybWofq7I9V7QVoZqf/8PIBhablFAbquEoWOc9kfXQ89EB+tPdax -89h4x+fgMibxplwBqzCWv3+B6Yk9NnT/xY6YdcN+9b0dfKBZV8mR1Df37Q8hoAn7 -j8MJawd7jdhGmvuVB2jhyb9daxk7WodpLQcygNuuF5kTBq7XGXq3Xiyy+Gj6pa3O -SCriF+O/n88bAVFqmaW0ILLD3YP37WTffI0RdVwyz6t5Kt3I+NXooOIhaeb5EwWB -iBMR93QsBxNv8n2e9yKC7qUJrcHDrMFcq87D7KoYBbcs8YTe4X80H1RtQL7dtCcy -2YXu3yd74BJ2bdcvnjrBYarrASvOqxUxqTi/tvE5IieAK8N/gfJ+fXwDlnVoqDx3 -Yyt1IsHx5i/Z5Kg6L7y8IxRh+KBaQZFEXY95GP1YUxklA50jJto= -=PZ9t +klA/hQ//Q90V3h1hPpFXA3KueeVXekIVjVAOoiEaYpjsn0KP8JVZGAsMjyF2KOfV +Q2zX1Pfb2KSPI/RR1z92BMd+CBtLcQvx6I0vhk0ZCGk/6cyr95q4a4ekeA+V3xOU +HqYK4ary3q5RD2ns79nCpMtOYH6k4g6W9DGX0RRdMKW44c110o3XjDHgtQcc4SKx +83Y/oAk8nmQ3J1TiBIuF2Rz5dOQPgqxI3ojcIteIHYnC4vRZX7HKCN9dGd3JFzv8 +jDxHWeTv5gCEfz2qSsU6oMA3cEfhOQv/8wPut9BtkOIQxgVcDp/ofIVRH6ijul9n +UNgtF/+4ERwsADw+VABy+B1AlU+ivz4xclnjeaYEWivt2kc+17KFgTR5eM7rooj9 +6xmm6OzI/ZSiblWfo7lquiqUQErZpjLxJOFck8JJnXmHpYdQfkrAm2+d1/Us/Dl7 +XcQpC/dSz8rDnRgjhBVjn8q6tJs1o/4nI4EvX4au5KLOYZueRE5wTNuSGRHrS/sM +481wDpIecIRa/lIocojNSfxVL8wNSp17KcjMfiev2yDj9/cb6N5d9Ae/QzGLiXPc +fM6/FyEbkUq7Lk4kOIiD5+5COdCQ32uyUaqP1zu5NPI9XzDaQte8TyB6OeUu59UX +yjHGtaYKKqs4SiIlbbRKkHUDUis7+Xh8AyQgFYaTh4ZlpNWJ2a0= +=VLza -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex e80a943da59d..676b6a27efd7 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201910-01.xml b/metadata/glsa/glsa-201910-01.xml new file mode 100644 index 000000000000..9210bb5e03dd --- /dev/null +++ b/metadata/glsa/glsa-201910-01.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201910-01"> + <title>PHP: Arbitrary code execution</title> + <synopsis>A vulnerability in PHP might allow an attacker to execute arbitrary + code. + </synopsis> + <product type="ebuild">php</product> + <announced>2019-10-25</announced> + <revised count="1">2019-10-25</revised> + <bug>698452</bug> + <access>remote</access> + <affected> + <package name="dev-lang/php" auto="yes" arch="*"> + <unaffected range="ge">7.1.33</unaffected> + <unaffected range="ge">7.2.24</unaffected> + <unaffected range="ge">7.3.11</unaffected> + <vulnerable range="lt">7.1.33</vulnerable> + <vulnerable range="lt">7.2.24</vulnerable> + <vulnerable range="lt">7.3.11</vulnerable> + </package> + </affected> + <background> + <p>PHP is an open source general-purpose scripting language that is + especially suited for web development. + </p> + </background> + <description> + <p>A underflow in env_path_info in PHP-FPM under certain configurations can + be exploited to gain remote code execution. + </p> + </description> + <impact type="high"> + <p>A remote attacker, by sending special crafted HTTP requests, could + possibly execute arbitrary code with the privileges of the process, or + cause a Denial of Service condition. + </p> + </impact> + <workaround> + <p>If patching is not feasible, the suggested workaround is to include + checks to verify whether or not a file exists before passing to PHP. + </p> + </workaround> + <resolution> + <p>All PHP 7.1 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.1.33" + </code> + + <p>All PHP 7.2 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.24" + </code> + + <p>All PHP 7.3 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.11" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11043">CVE-2019-11043</uri> + </references> + <metadata tag="requester" timestamp="2019-10-24T23:39:18Z">whissi</metadata> + <metadata tag="submitter" timestamp="2019-10-25T11:01:56Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index df15733aa00e..0228db373743 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 13 Oct 2019 20:38:54 +0000 +Sun, 03 Nov 2019 15:08:50 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 933a7041a478..c9b577a39721 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -0d8b041795d355b2f8da9b84725a62150a91dc13 1567964538 2019-09-08T17:42:18+00:00 +4c2e30a50e776e9ec1833c4419ce239e6d9cc178 1572001702 2019-10-25T11:08:22+00:00 |