From 4c4e8e9bf6d1ef49be600d77fcbbd7be716aece7 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 12 Jan 2024 13:08:05 +0000 Subject: gentoo auto-resync : 12:01:2024 - 13:08:05 --- metadata/glsa/Manifest | 30 +++++++++--------- metadata/glsa/Manifest.files.gz | Bin 560427 -> 560744 bytes metadata/glsa/glsa-202401-15.xml | 42 +++++++++++++++++++++++++ metadata/glsa/glsa-202401-16.xml | 66 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 6 files changed, 125 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-15.xml create mode 100644 metadata/glsa/glsa-202401-16.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index f198994d850d..1c9c844b7d8e 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 560427 BLAKE2B 1aa508adba915695d7358b5a44f8641eae1b4e973be239d9cd27633ced5164c77d5d6ce1e66bcb3bdb57f909ef7c0a6ca1fe7b7376c59ffc9519cdfd69605a15 SHA512 dc27357ec64da2120ad016fd79a721efe77476f05ae2c6595779a8dba77147b1da9fd491d1233f4f51ec84a1ad6c67349e0bb90a424e21ba8f8579562191edea -TIMESTAMP 2024-01-12T06:40:35Z +MANIFEST Manifest.files.gz 560744 BLAKE2B a2c14353dd5785d34a9849d5b67a163032b03a379f9a0801a77674b6b6541c7273d72057452f70737f90a7aef3568710066add50311a9819860af72169e41d69 SHA512 e736fc103c43ac3c49ed7838718f30e699740b25bc3e516459a55713b7774c654fa31aa11efd3c741b714d9f2e7f273bea8960aefbc6e06db9cd5fe0db0ce201 +TIMESTAMP 2024-01-12T12:40:28Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWg3uNfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWhMzxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCBjhAAk7NCwhTUGTY/8ksAB2+c94TC1bRYoI7xydC68DdQ2GzDRz2W1hbAoCZU -8YIN+MqtUe5gyKu0OTN9X6keKFYYAZnPYNGOGHhYMhXI3UL5fM4tNWmHZgqOBnl1 -ySwltD6YY6tG/ZLH2bM69h2OB09H/FH07TIaCK9ZSCS6pKqlLxFpF66S0IXLummk -lyu2ddrEWKn33D9YP9eME63jsiyQt+5edzZZCVb/GToQUVn4v21ZYHY+vcRTCuh8 -NrW3WFHniu3ruFgsu4kO8yxpeX/k6jpJ7KJClPlbbY3rdNCuJS0RClVGF9Dw9CIr -IGxf7k6Hrqlqbph1e7w/R/dIVBGwQMv73e8y1Xdu2CIcHcjZ7+y7FMoJO4QvvqBP -HWlXqSIqyBC3Ew6uYgIIGNM6VJaL9LKD7h7t0p/oi3FhaGjwpZA+7PIsrJ6EtM1V -yPxmylnY+d3kXvu8KMBJhnvk2ymnUWmul0hm7CK8KUbZIiSvgVihEBSr5Vrl3JPe -dgvyAmwLkor3SNPGqDj5o7jWNESirbFpPk4CSJ3h3v13zsN0h8W1hqaaD96K7kul -1YAZB/yZfS2zuaWt/qWHJT1pIoVvlCwql9K0yKdZjBpJoCxxSgvT+C04SR/U3qDT -Eue5IFX6/6raiLlDwWHKtkG9kyGEUm/EMBL1P7Jw9l3pUWPUAhc= -=+6kV +klBlexAAgQzIhYeKm5ojOljNsMwW9wugQ9qJpWJKP/lbaGXPnXMPHmoB/ZBTdAqC +05JaOo5+G91n3EglUxO/NO3VicAmYBZFDGSZnCjwfQKsivC+CkV3Eo47a1+yOfQc +tsvpOANUJ9u7AxtsjkoVuu86kJrLmkk2SgdHZZHJvSPjWVbBwBFAw0CpNBFIR8CE +7MlMwy9cSOORKtFgBwjpdRtNMg7wJGoKxWAn96CHJdZbs/U8u+r8FT1HtmAqGJOF +rEekW+viIOfMyEVNg+enMr1DnmmcT9JlSjrA8sKxuDK4/m7mbHLAdfbr3YHWIp1I +C41gz9x2fndFLOzQXqBWWMUbGepvtoZVaJI5H6p62XWjul2tY9k7ZMNZESb46U6+ +Qp0FNyhjYDHiDuR56QzsgOtjlyEIIriQjkZ+jznFO0ykYhVshYnAO53vzBeSlFlu +FBLnhbWQcmxhbpCKYckgPhbOF2cpEegaoiBfU1h+Khkvy61cB4SrGfJcrPPlAvMN +Mbm6ei83BmYyyVXkDoCif8dH3/+7kx3EJ60Jp/VNr4fccfT4CRkKZ+lEzHTWoYJa +QdyDb3grFJSpaFDU4uPD7zuyaGK4kacqQxSOfsTRac2r9V+TcaNfn3Q5sHQQfjIY +u+3o+IXJrK1K+SMiHjjlFuyTONfhXcPAfLLXorbptrEc3392tAg= +=f1pF -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index cde80d5e9d37..0fa2bc80a4c0 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-15.xml b/metadata/glsa/glsa-202401-15.xml new file mode 100644 index 000000000000..0521e2c30a82 --- /dev/null +++ b/metadata/glsa/glsa-202401-15.xml @@ -0,0 +1,42 @@ + + + + Prometheus SNMP Exporter: Basic Authentication Bypass + A vulnerability has been found in Prometheus SNMP Exporter which could allow for authentication bypass. + snmp_exporter + 2024-01-12 + 2024-01-12 + 883649 + remote + + + 0.24.1 + 0.24.1 + + + +

The Prometheus SNMP Exporter is the recommended way to expose SNMP data in a format which Prometheus can ingest.

+ + +

A vulnerability has been discovered in Prometheus SNMP Exporter. Please review the CVE identifier referenced below for details.

+ + +

A user who knows the password hash of a user capable of performing HTTP basic authentication with a vulnerable exporter can use the hash to successfully authenticate as that user via cache manipulation, without knowing the password from which the hash was derived.

+ + +

There is no known workaround at this time.

+ + +

All Prometheus SNMP Exporter users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-metrics/snmp_exporter-0.24.1" + + + + CVE-2022-46146 + + ajak + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202401-16.xml b/metadata/glsa/glsa-202401-16.xml new file mode 100644 index 000000000000..8deff5eccbb9 --- /dev/null +++ b/metadata/glsa/glsa-202401-16.xml @@ -0,0 +1,66 @@ + + + + FreeRDP: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in FreeRDP, the worst of which could result in code execution. + freerdp + 2024-01-12 + 2024-01-12 + 881525 + 918546 + remote + + + 2.11.0 + 2.11.0 + + + +

FreeRDP is a free implementation of the remote desktop protocol.

+ + +

Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All FreeRDP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/freerdp-2.11.0" + + + + CVE-2022-39316 + CVE-2022-39317 + CVE-2022-39318 + CVE-2022-39319 + CVE-2022-39320 + CVE-2022-39347 + CVE-2022-41877 + CVE-2023-39350 + CVE-2023-39351 + CVE-2023-39352 + CVE-2023-39353 + CVE-2023-39354 + CVE-2023-39355 + CVE-2023-39356 + CVE-2023-40181 + CVE-2023-40186 + CVE-2023-40187 + CVE-2023-40188 + CVE-2023-40567 + CVE-2023-40569 + CVE-2023-40574 + CVE-2023-40575 + CVE-2023-40576 + CVE-2023-40589 + + ajak + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 538df1699701..f5a7a99f4540 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 12 Jan 2024 06:40:32 +0000 +Fri, 12 Jan 2024 12:40:24 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 2e5440585ce8..68484c5d1ac2 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -7333f37d680f5c423bfeb1acb9a7bf506e04e09f 1704892253 2024-01-10T13:10:53+00:00 +0bd76dc2009147dbb24e9f25ef0c1928a1d99371 1705060019 2024-01-12T11:46:59+00:00 -- cgit v1.2.3