From 0fdd4074ff3dc0c507a9867380a4f91250a0b610 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 15 Oct 2017 02:11:33 +0100 Subject: gentoo resync : 15.10.2017 --- metadata/glsa/glsa-201710-10.xml | 82 ++++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-201710-11.xml | 63 ++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 4 files changed, 147 insertions(+), 2 deletions(-) create mode 100644 metadata/glsa/glsa-201710-10.xml create mode 100644 metadata/glsa/glsa-201710-11.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/glsa-201710-10.xml b/metadata/glsa/glsa-201710-10.xml new file mode 100644 index 000000000000..dd52a7ddc0f6 --- /dev/null +++ b/metadata/glsa/glsa-201710-10.xml @@ -0,0 +1,82 @@ + + + + elfutils: Multiple vulnerabilities + Multiple vulnerabilities have been found in elfutils, the worst of + which may allow remote attackers to cause a Denial of Service condition. + + elfutils + 2017-10-13 + 2017-10-13: 1 + 614002 + 614004 + 618004 + remote + + + 0.169-r1 + 0.169-r1 + + + +

Elfutils provides a library and utilities to access, modify and analyse + ELF objects. +

+ + +

Multiple vulnerabilities have been discovered in elfutils. Please review + the referenced CVE identifiers for details. +

+ + +

A remote attacker could possibly cause a Denial of Service condition via + specially crafted ELF files. +

+ + +

There is no known workaround at this time.

+ + +

All elfutils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/elfutils-0.169-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + + CVE-2016-10254 + + + CVE-2016-10255 + + + CVE-2017-7607 + + + CVE-2017-7608 + + + CVE-2017-7609 + + + CVE-2017-7610 + + + CVE-2017-7611 + + + CVE-2017-7612 + + + CVE-2017-7613 + + + b-man + chrisadr + diff --git a/metadata/glsa/glsa-201710-11.xml b/metadata/glsa/glsa-201710-11.xml new file mode 100644 index 000000000000..bfaf72daf2ec --- /dev/null +++ b/metadata/glsa/glsa-201710-11.xml @@ -0,0 +1,63 @@ + + + + GNU Libtasn1: Multiple vulnerabilities + Multiple vulnerabilities have been found in GNU Libtasn1, the worst + of which may allow remote attackers to execute arbitrary code. + + libtasn1 + 2017-10-13 + 2017-10-13: 1 + 619686 + 627014 + remote + + + 4.12-r1 + 4.12-r1 + + + +

A library that provides Abstract Syntax Notation One (ASN.1, as + specified by the X.680 ITU-T recommendation) parsing and structures + management, and Distinguished Encoding Rules (DER, as per X.690) encoding + and decoding functions. +

+ + +

Multiple vulnerabilities have been discovered in GNU Libtasn1. Please + review the referenced CVE identifiers for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or have + other unspecified impacts. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Libtasn1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-4.12-r1" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + + CVE-2017-10790 + + + CVE-2017-6891 + + + b-man + chrisadr + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index c5459b0a117f..5da5bf2af708 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 13 Oct 2017 19:39:12 +0000 +Sun, 15 Oct 2017 00:09:18 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index f549de6417ac..e36f8be6f680 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -28cc4b75c6ed98b149f306c8a61e2f27c973a628 1507594359 2017-10-10T00:12:39+00:00 +73e44e2cacf09551930e343dbe6a24425f52af50 1507934888 2017-10-13T22:48:08+00:00 -- cgit v1.2.3