From 29badda007a3bcd85bb351f602790eb3b8922448 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 2 Nov 2022 03:08:46 +0000 Subject: gentoo auto-resync : 02:11:2022 - 03:08:46 --- metadata/glsa/Manifest | 30 +++++++++++++-------------- metadata/glsa/Manifest.files.gz | Bin 535926 -> 536084 bytes metadata/glsa/glsa-202211-01.xml | 43 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 60 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202211-01.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 03ceb1dc9579..e1124918a50e 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 535926 BLAKE2B 7e9b114515adc37e042d0429c05c612bcd37904f6b0e36bb719022725a4c1368a02f1c681914401ccbd4e7d79b897cc0a5bc5cba7a40b3414033dc0ad825e3ad SHA512 9eb1f214127edcde3efe4a83f3f692a941753cc1403b9d080cffc6f566f30dbc3f8933ceb8f23653cbe17e6341f056577f75cf8eb955ad5c636486da9f629092 -TIMESTAMP 2022-11-01T20:09:44Z +MANIFEST Manifest.files.gz 536084 BLAKE2B c89e49fb5e75661a7da4bc1a8267e8936701fe518e99a96ea46c267fe11ac6fcc34a3029874ea964f0a67189423224c5aba6dc5cc7a56cf0d5889ea2d47d781f SHA512 75913d485440890ef20577369af3828f92411599dd916f9c5792517c2a36a196afc4bb5153abea2e3a2bc4b763ff2159dd5b7d79a6de88fdec6368ba79776c6f +TIMESTAMP 2022-11-02T02:10:39Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNhfQhfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNh0Z9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBTTA/+LgfGJsfb+QBt/HDBalLB2KMq13b8E28HEflZN4cG7N9dFsl4jJFDcDmP -YXgKTBJ58Ab9gVV5EKen6K2+vNJJ5ZL87Yd6XBbrKBV5CZnwTv/5KunAitYs4hJI -/TTk45//faGrtWo7qrZu/zbyKx3wuox7cBo9MkTPCEjJu/jJOdKbQ/Jgb3dUzURM -j2gMJCDWdwghSc79+bPCpRP/Nml+Hi1vZbbjkVX16XdSC2xyTWzN3wF3WRi7MlPj -tL+92FNgPB4wThPoG9l0K/XtwUtEddNQve2GY7K0ltYsbsEWWtw20RViQ9gcii39 -vXTWwg/fJxttkTc1fxrsTzjUdH6kOe81ZE56rW+oiDwsApSlFjIy/0Cv0IWuTqcZ -0/9ezjQpgrr6Cp6Ug4b0ULrbvMvRkw6YKOgjOlwH7DANGMVfE0yoP+yRx5BmbTCy -IZlki0mOgXtwCrdFlW7ZNS5JFf8XSAgfZtJIiEbMwE0Gy3q1ouRq0fZjU7TgPzu2 -B6H/Ss1WZ9JIawiD2fPudrS8ysvEj7jjUIBBUCjOsev52jyI7pv7bHUVSNFg2ZGS -jdlcEY87xNRUvc/VE6v5kTAkMfm5Y361dyNQZ8T5fSjG7SgUVn55aBGxSEsK61/u -Bh8sANJlgL6h21jdbVBGWULZgXpuw/Nv317GmQ4srxRDf9wjkl4= -=JTok +klDkYw//SnRKdjRn3NPSgsDAxT6Sv8lRPrJtv2Sl3C6MAU2KEqzCqYRwMZ18gH4X +5/tYBqXC9iRwFFJZ1zWOuM3wCFKEyC8Tx11AHPly0HbhTVqGyalrVrywKNLyEgOv +XB1v4XyFjMVL1g6xHg80MhzZANjfw9IjorfZLosVEuXu8I0rCKF1AZ1ZnHRtMW8m +CiojkUdnnCRMvhnDzs8C1ONgh1Mn/gAu7vPY8Xmp7IFwk9urwThf8e9FlqA5xvLN +nFNKVj5ynJNGzHZb5JdBZa7V2b9Td4cyf5elkKxpXVoGWHKcRsadOa42S/+yZ93F +518kHchGztFjdcJ6S+rbgUQA7lIb/XQZgkPVk64NYqvfPxq5xlXcH4WhXKMP2ak6 +rOIRxBsxGDYdnfRxITgY6dDFAX7lMc8fDxNO9QjJO4uUHN70tThXuhpH9533WtZE +glOtpma9jA3P28rcroqeczb4r3AksdJvXounFQvREuW78giv7MkWegkzAhUIuswP +g2Q73bYdy4K1lNQti/WCDAiZ4j8zZ4v+K7QN4lXyhOdCTqSuMFNW/flBgwhDyC0T +SuLe936HnsgNU9DVT5T/X6k/sTlP0dUmEM9aTIJ35PwLbkTtGuUHZoZDlP8JUi6q +GhlAa927BBRUOHaUTYAYl43tYJakB2VfZ0fLBj/Gom3L7AQ4i3E= +=8jjh -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 5dae7a8bf4e8..a99bb4c6d887 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202211-01.xml b/metadata/glsa/glsa-202211-01.xml new file mode 100644 index 000000000000..b95d1a1de5ac --- /dev/null +++ b/metadata/glsa/glsa-202211-01.xml @@ -0,0 +1,43 @@ + + + + OpenSSL: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution. + openssl + 2022-11-01 + 2022-11-01 + 878269 + remote + + + 3.0.7 + 3.0.7 + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

+ + +

Multiple buffer overflows exist in OpenSSL's handling of TLS certificates for client authentication.

+ + +

It is believed that, while unlikely, code execution is possible in certain system configurations.

+ + +

Users operating TLS servers may consider disabling TLS client authentication, if it is being used, until fixes are applied.

+ + +

All OpenSSL 3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.7" + + + + CVE-2022-3602 + CVE-2022-3786 + + ajak + ajak + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 497ed50409c8..a38a0aa5d930 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 01 Nov 2022 20:09:41 +0000 +Wed, 02 Nov 2022 02:10:36 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 1ed7e2bb76fb..75b2cb040a5f 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -19befd853907b89ff1a5ea81ae63b19dbb1d7655 1667248658 2022-10-31T20:37:38+00:00 +273d516e3c9a0078775979649ecc570e7186f050 1667339933 2022-11-01T21:58:53+00:00 -- cgit v1.2.3