From 67f76a858f1ac826bd8a550d756d9ec6e340ed4f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 27 Jan 2018 18:07:28 +0000 Subject: gentoo resync : 27.01.2018 --- metadata/glsa/Manifest | 30 ++++++++++----------- metadata/glsa/Manifest.files.gz | Bin 415966 -> 416281 bytes metadata/glsa/glsa-201801-19.xml | 56 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-201801-20.xml | 49 ++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 6 files changed, 122 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201801-19.xml create mode 100644 metadata/glsa/glsa-201801-20.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 3a453797f35a..78f736bcbf9f 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 415966 BLAKE2B 664ebf4d322399166469a6cd167dfeeba8ecc3b61712e950abcb3c63c18cca02140bfaa206e2eb06bb1476d73682fe2d76e35b8a94dc0228c60af02e86c19a87 SHA512 7d06c7f62e8712502202c5d9e88cc501b34d79560f0bdd5e1f5907dc55cbc791a6d1c654b9e913106a8a96545f88c154fb9731c255532e719a8a5c200a14acc3 -TIMESTAMP 2018-01-26T14:38:30Z +MANIFEST Manifest.files.gz 416281 BLAKE2B 9f5d0005cdae01ce5134efdc393aef2fa9e4486317293d473758f4b6f8a874ce6ac4b387a4d8c46338853ea09d96165ac399c906f15c28230dbfd8e95d4cdf26 SHA512 abd62c080ba1aa5d4609732620883228f3aa81aa544122207a98ca33c50401945a5d524cfb277af684f89fcc0fb6bc394206dcd88925ddccd9d1d6a9ee4a9949 +TIMESTAMP 2018-01-27T17:08:31Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlprPWZfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlpssg9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAxYxAAtH5Pn1i40vUGCtIsp4f1t1qbaZnVY3CbZMv0bfi/E7+TnjYiViX9+fUQ -DlCuP4Iw6znGILlmaHqWBfm3Vp3UbsM/25Hdh5EGLS+aTWqZYVpURLg0Xbbt3j4c -WN5XQj1Mr55r3Wf4AsltBrlJ97s0PGgaWETQKt6svF8pBWLVtzXLLsKTcHGey5r+ -enF89cUYCKfZ3RPYkPjPpy40v1rU1IE6S+B2wX4Obg74Y20iZQV+e+pV/yNcd1nQ -NJWCQ9fcoOUBqD5/J0lDACt+Rvv0QVoc2FZDwfJ9wEmcrT6mWtaMz2TuXybfnZkW -aUgJBXDz/kFqNkMyOs67r/3hUH0oUw7lgshURs+mQrlE4+ddCetu4b08Bo5pye5u -qVUq3EGUQ2m91DXH3KlN0CPBOWOF0GjG/l7O2L54pB7MUXMuNc8u1mMqF8uhD6JF -fXZHdb2y7Ww1fLmkPNq0iH5XrrITWM5RqpWFmzCBv8vLFvWR+dZ6GnPClWKjOQBo -vgRm2sGo26y+HZUthSXhB11iDlVxNmSye048wDDjsmzFyyqMBgUECOdBvtsK5z8n -eOvBG7sT1c4S6/jHpr6A+pP9S5rIl3ddVjx7VffVNARcTmRwE8f6t2DmNOf37W/N -/G39PeQvyKCYpTK2hCJZW+pEDvBio9o7wy/4L0CO0OKauXpIkwY= -=w/A2 +klB8lhAAshl8/IWz7rA9DB2LulqcTCA31/LKk/nK+H7hsIQDDkhX+H4w3vpeadnO +qnpSOQ0L3zb/zbXt9IMp8TYY2hiurjsBkg9RF4MEp0UqlLRFLEBX4KzzNYBCABkE +NOi8xHI/rSzFTWLgWMiN9pN3BvBgUyOdODnOZoeRHqY4RQBuIwjS4OLCcRug5eCq +pEEm6dqO3e17aITB1SmU0LrO8vsLEeC5X9MzGJQq6MzwjmdvNG0S0r4+gBD/ivMO +VFfZzvVkquHxgIp0yVjER0cZtN8VFEE6VdYZk8GAQaDyDcA+NoP0WxG9BhsNiO7x +z+TsF7FBshJvTCkVYYy3B98yeVGukzcWB9qlNPlx0FkFQuXOuqjHEMIRqE1nXsl/ +oHZV0DDTDe5piS/YIGRnRpY8HbNzPywL5NLupMocQ0UoSHrZLj+8kWFUIXxL1PzU +E+2Fdqve4fCGH+WZ5Ia3YSOHlEHsvl/eK1mXcC1q1t57x9JUj8Aw//mce5MjKseR +qpnD5FaqsT3jF0eOtEkPXe1Zz4CQXLWFTbkkp+G/3oiDvMKG3voYHmTNGTwked7o +opS6Ry90UDZkw/R2jLct/fgANBN2odyMgKNX7/Aoxe2rzSAyzHvtQbFdrGmdHvQp +0np7gMefh/gqoO77LO/wuNSi1icNrf0zteOgiQrzOvxN3YtEx7s= +=LbIQ -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index f87efb13feb5..f87abaa3fa80 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201801-19.xml b/metadata/glsa/glsa-201801-19.xml new file mode 100644 index 000000000000..42b4b79dfcef --- /dev/null +++ b/metadata/glsa/glsa-201801-19.xml @@ -0,0 +1,56 @@ + + + + ClamAV: Multiple vulnerabilities + Multiple vulnerabilities have been found in ClamAV, the worst of + which may allow execution of arbitrary code. + + clamav + 2018-01-26 + 2018-01-26 + 645794 + remote + + + 0.99.3 + 0.99.3 + + + +

ClamAV is a GPL virus scanner.

+ + +

Multiple vulnerabilities have been discovered in ClamAV. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause ClamAV to scan a specially crafted file, + possibly resulting in execution of arbitrary code with the privileges of + the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ClamAV users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.99.3" + + + + + CVE-2017-12374 + CVE-2017-12375 + CVE-2017-12376 + CVE-2017-12377 + CVE-2017-12378 + CVE-2017-12379 + CVE-2017-12380 + + whissi + whissi + diff --git a/metadata/glsa/glsa-201801-20.xml b/metadata/glsa/glsa-201801-20.xml new file mode 100644 index 000000000000..f5f2e01a30c4 --- /dev/null +++ b/metadata/glsa/glsa-201801-20.xml @@ -0,0 +1,49 @@ + + + + Fossil: User-assisted execution of arbitrary code + A vulnerability has been discovered in Fossil allowing for + user-assisted remote execution of arbitrary code. + + fossil + 2018-01-27 + 2018-01-27 + 640208 + remote + + + 2.4 + 2.4 + + + +

Fossil is a simple, high-reliability, distributed software configuration + management system. +

+ + +

Fossil does not properly validate SSH sync protocol URLs.

+ + +

A remote attacker, by enticing a user to open a specially crafted URL, + could possibly execute arbitrary commands with the privileges of the user + running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Fossil users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/fossil-2.4" + + + + CVE-2017-17459 + + b-man + b-man + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 3e5d4982e927..d12dcf7f326f 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 26 Jan 2018 14:38:27 +0000 +Sat, 27 Jan 2018 17:08:28 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 473792849815..70bcad55b1d5 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -1f7488673c3108de82dfc31b7c1132230e991834 1516196748 2018-01-17T13:45:48+00:00 +d8a17c05c216f757bca7ba612006419934a11158 1517072516 2018-01-27T17:01:56+00:00 -- cgit v1.2.3