diff options
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 548500 -> 548981 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-202309-15.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/glsa-202309-16.xml | 58 | ||||
-rw-r--r-- | metadata/glsa/glsa-202309-17.xml | 152 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
7 files changed, 277 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index cfc52a9f62fe..55c5889b49eb 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 548500 BLAKE2B d69c37d2e4e1895a076d1d7359c4b2e9ee1bb29bb132e37c5ebbfec54a414dbebe9f37903f835edd21f36c623a99ace2c24c3147d42057a99fd505bd8a1bc7a6 SHA512 5962e8d7b50c6e11e00b4f0217a7e22066dddd2df564ff9e7effe3a4f06f99abd73934a610fab81ed6e3d4849a4e2fc942054d55562e1f299eb9fce8ded836cf -TIMESTAMP 2023-09-30T04:10:04Z +MANIFEST Manifest.files.gz 548981 BLAKE2B 81700173ea02c0d006e3065367bd4b6801ae8e0cad7f0b23c4d86a41c1b860a4cbdeb3051fb86eb2d3f114b8ba0353d6e09e279718eed8ed2607a21c4e7ec67d SHA512 a987e0e64b2dbf1006cecbff251dc3524b4d244d2e54417a697139ac9ee5a97d21aefdfb0fb940e1890076d7fa18c793f4f7a60db6960004ade2253826320f19 +TIMESTAMP 2023-09-30T10:10:09Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUXn5xfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUX9AFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBQNA/+K+sj3AnxzT1jj9TZkRPDDKteFN9dNg3T7OFc0ckChlFLokshI+dGkOyM -uNUF6v2QHGx4B3Eqb5Wk7fs+NEBkZMUjxz+iZzBgj4blyny4x1Xg3FDQ+gSQemk6 -+5HKJqjkFXjrcAqar65zHr4TX4Rkv9Az7B78ZWypFDZrRGtF8opB8j/RDCOB5CfE -zykwp9dFcHBmVu7rjDYNqi49jKd2QcVeSLTlt3H6OOFImc1rqa8hJgwYL5G8mtHh -g1o6EtOw7wORxpKsdIBnJzk0EK58rsFS2rI3IZu2Oh59DgUGKoB+KtmPbyc3yIe+ -AMhJaMhWwMTNaQ4hL7IHvZk+w3Fnk3zMDE1dHkHJG/CjQ0ZDlOZmJKWXu1whkuWh -WjXvo1eLllMJjCtyHOwfQJXJNcNcuSjAJBBpJgPXGJHK/qGgGf3s38b2uwinCAlF -rojcQ8cV0AQ0AsnO5cLJH3vVNoD25DyoL4LHZkrtIBqx0lhcvIrx1SbBvpeHbppU -KNd0joBT97fQscg9u8PC/RjT22tAbOfGbQh8zjvdNBXF++HOZ2VQykmcR/Ow3Pqb -bQ1P749Z5vY5+nTkUW6FjJpbU0EQQ1zEJpFMHGzlDW5EMmzNP7IAY30kIjmdU/2y -n1KHb6kc4jo/hAcWTVWW9j6JCJ+SnnLcjUG2wJi0mJ8U721Em2s= -=apNe +klBE1w//dckOc38V2PTDHbFsPUM1mVgt2E1AhfywjMepxwHfdS9BLtL689KEXHHv +lKiVf0z3D7k1UVlM1blmL5aYwGSmdNznRzEXMy/n89DXXPMUKSe+/7NJZK52Ce7h +m/eRft2xIVB66njGKOdl+fd62nU8SP1WBFfrqBVhyP+j1H5TOrJ634HzlHB1IgCs +G6TVuZiF24anCN2SbLtn2F+ZcaqMidPoPZAngz/l08cWoMcdDWdDVpVCfs5rSxcL +olzwvY2Xf+nmeMPkgKWIYFb2eV72IWI1ssRW5voRMG9oBDmQpj6UTDUAsIGmTfnu +0vS711uWj+YtahVw19TYLpGkCMWYRvdN/fT2/r+JBuFxS8P455g+eAPD+8Cn5vs0 +GvtnsPIcI/DfpDCOFHGkzTZ4U8ikOWQKA/sjL6E4PKPJGOdaePg4uiR1B1qO1sYZ +vfMrmZuVbmny1/dcTfS4TZMDRSJS3I/cADdB8mXOX2w0dYqGYfO1zDNsGmMaGr/Z +JmxEK4JqtzCPx1dunFOfPq2d9wKWvN9uoDfo/YEDO3Mfqe2DeGzlKhCtVj1o0YIi +33PFCjMjG4e4qKZbZZIILWGD9slrRGRn+qZMQMz1XYdX9TxYQpR5bMlogXjgPEN/ +G5l6rKUOT3CIQFqrq22Ph67Exa5L5tul9el9Zp+W10JNM2USToE= +=Ek+A -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 98277cf32d3a..0926db590859 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202309-15.xml b/metadata/glsa/glsa-202309-15.xml new file mode 100644 index 000000000000..e83f9ead61ea --- /dev/null +++ b/metadata/glsa/glsa-202309-15.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-15"> + <title>GNU Binutils: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service.</synopsis> + <product type="ebuild">binutils</product> + <announced>2023-09-30</announced> + <revised count="1">2023-09-30</revised> + <bug>866713</bug> + <bug>867937</bug> + <bug>903893</bug> + <access>remote</access> + <affected> + <package name="sys-devel/binutils" auto="yes" arch="*"> + <unaffected range="ge">2.40</unaffected> + <vulnerable range="lt">2.40</vulnerable> + </package> + </affected> + <background> + <p>The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GNU Binutils users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.40" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4285">CVE-2022-4285</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38126">CVE-2022-38126</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38127">CVE-2022-38127</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38128">CVE-2022-38128</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38533">CVE-2022-38533</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1579">CVE-2023-1579</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1972">CVE-2023-1972</uri> + </references> + <metadata tag="requester" timestamp="2023-09-30T07:43:08.232461Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-30T07:43:08.235151Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202309-16.xml b/metadata/glsa/glsa-202309-16.xml new file mode 100644 index 000000000000..7761b83f6f83 --- /dev/null +++ b/metadata/glsa/glsa-202309-16.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-16"> + <title>wpa_supplicant, hostapd: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution.</synopsis> + <product type="ebuild">hostapd,wpa_supplicant</product> + <announced>2023-09-30</announced> + <revised count="1">2023-09-30</revised> + <bug>768759</bug> + <bug>780135</bug> + <bug>780138</bug> + <bug>831332</bug> + <access>remote</access> + <affected> + <package name="net-wireless/hostapd" auto="yes" arch="*"> + <unaffected range="ge">2.10</unaffected> + <vulnerable range="lt">2.10</vulnerable> + </package> + <package name="net-wireless/wpa_supplicant" auto="yes" arch="*"> + <unaffected range="ge">2.10</unaffected> + <vulnerable range="lt">2.10</vulnerable> + </package> + </affected> + <background> + <p>wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). hostapd is a user space daemon for access point and authentication servers.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in hostapd and wpa_supplicant. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All wpa_supplicant users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-2.10" + </code> + + <p>All hostapd users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.10" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30004">CVE-2021-30004</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23303">CVE-2022-23303</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23304">CVE-2022-23304</uri> + </references> + <metadata tag="requester" timestamp="2023-09-30T08:38:51.888205Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-30T08:38:51.891195Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202309-17.xml b/metadata/glsa/glsa-202309-17.xml new file mode 100644 index 000000000000..d19efa9eb3d2 --- /dev/null +++ b/metadata/glsa/glsa-202309-17.xml @@ -0,0 +1,152 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-17"> + <title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis> + <product type="ebuild">chromium,chromium-bin,google-chrome,microsoft-edge</product> + <announced>2023-09-30</announced> + <revised count="1">2023-09-30</revised> + <bug>893660</bug> + <bug>904252</bug> + <bug>904394</bug> + <bug>904560</bug> + <bug>905297</bug> + <bug>905620</bug> + <bug>905883</bug> + <bug>906586</bug> + <access>remote</access> + <affected> + <package name="www-client/chromium" auto="yes" arch="*"> + <unaffected range="ge">113.0.5672.126</unaffected> + <vulnerable range="lt">113.0.5672.126</vulnerable> + </package> + <package name="www-client/chromium-bin" auto="yes" arch="*"> + <vulnerable range="lt">113.0.5672.126</vulnerable> + </package> + <package name="www-client/google-chrome" auto="yes" arch="*"> + <unaffected range="ge">113.0.5672.126</unaffected> + <vulnerable range="lt">113.0.5672.126</vulnerable> + </package> + <package name="www-client/microsoft-edge" auto="yes" arch="*"> + <unaffected range="ge">113.0.1774.50</unaffected> + <vulnerable range="lt">113.0.1774.50</vulnerable> + </package> + </affected> + <background> + <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
+
+Google Chrome is one fast, simple, and secure browser for all your devices.
+
+Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Chromium users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126" + </code> + + <p>All Google Chrome users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126" + </code> + + <p>All Microsoft Edge users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50" + </code> + + <p>Gentoo has discontinued support for www-client/chromium-bin. Users should unmerge it in favor of the above alternatives:</p> + + <code> + # emerge --ask --depclean --verbose "www-client/chromium-bin" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0696">CVE-2023-0696</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0697">CVE-2023-0697</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0698">CVE-2023-0698</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0699">CVE-2023-0699</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0700">CVE-2023-0700</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0701">CVE-2023-0701</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0702">CVE-2023-0702</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0703">CVE-2023-0703</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0704">CVE-2023-0704</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0705">CVE-2023-0705</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0927">CVE-2023-0927</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0928">CVE-2023-0928</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0929">CVE-2023-0929</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0930">CVE-2023-0930</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0931">CVE-2023-0931</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0932">CVE-2023-0932</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0933">CVE-2023-0933</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0941">CVE-2023-0941</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1528">CVE-2023-1528</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1529">CVE-2023-1529</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1530">CVE-2023-1530</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1531">CVE-2023-1531</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1532">CVE-2023-1532</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1533">CVE-2023-1533</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1534">CVE-2023-1534</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1810">CVE-2023-1810</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1811">CVE-2023-1811</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1812">CVE-2023-1812</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1813">CVE-2023-1813</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1814">CVE-2023-1814</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1815">CVE-2023-1815</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1816">CVE-2023-1816</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1817">CVE-2023-1817</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1818">CVE-2023-1818</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1819">CVE-2023-1819</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1820">CVE-2023-1820</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1821">CVE-2023-1821</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1822">CVE-2023-1822</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1823">CVE-2023-1823</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2033">CVE-2023-2033</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2133">CVE-2023-2133</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2134">CVE-2023-2134</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2135">CVE-2023-2135</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2136">CVE-2023-2136</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2137">CVE-2023-2137</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2459">CVE-2023-2459</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2460">CVE-2023-2460</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2461">CVE-2023-2461</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2462">CVE-2023-2462</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2463">CVE-2023-2463</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2464">CVE-2023-2464</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2465">CVE-2023-2465</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2466">CVE-2023-2466</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2467">CVE-2023-2467</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2468">CVE-2023-2468</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2721">CVE-2023-2721</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2722">CVE-2023-2722</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2723">CVE-2023-2723</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2724">CVE-2023-2724</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2725">CVE-2023-2725</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2726">CVE-2023-2726</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21720">CVE-2023-21720</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21794">CVE-2023-21794</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23374">CVE-2023-23374</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28261">CVE-2023-28261</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28286">CVE-2023-28286</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29334">CVE-2023-29334</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29350">CVE-2023-29350</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29354">CVE-2023-29354</uri> + </references> + <metadata tag="requester" timestamp="2023-09-30T08:56:23.910135Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-30T08:56:23.912398Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index aeb293d09279..2e98be3f101e 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 30 Sep 2023 04:09:59 +0000 +Sat, 30 Sep 2023 10:10:07 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index dd18748ab966..cfb882390115 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -e05346e205e470b799ae6c0dafb506d6aa1cdae8 1695994770 2023-09-29T13:39:30+00:00 +de793de405f9e13d0d29d94de3f236ce0b5b3338 1696064247 2023-09-30T08:57:27+00:00 |