From 77a57b2d524e4149890d25e1ea50f776d6551b19 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 14 Aug 2022 02:24:58 +0100 Subject: gentoo auto-resync : 14:08:2022 - 02:24:58 --- metadata/glsa/Manifest | 30 +++++++-------- metadata/glsa/Manifest.files.gz | Bin 521769 -> 522243 bytes metadata/glsa/glsa-202208-20.xml | 78 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202208-21.xml | 42 +++++++++++++++++++++ metadata/glsa/glsa-202208-22.xml | 44 ++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 7 files changed, 181 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202208-20.xml create mode 100644 metadata/glsa/glsa-202208-21.xml create mode 100644 metadata/glsa/glsa-202208-22.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 8d802793a81b..bca6be35cb1b 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 521769 BLAKE2B 618daa6e096a9572df836818b2ac30268d7e21c0c6e15ec9fca6adc164cc56ecf8a0b4741c28cd5db0b47317206a50ecf907cbfc5b1be89e895d3ba8ad9df239 SHA512 7ec72296681ddb7127210ebc1591e4b9fd86180622dc64d93283209387c6216549314667c68513c3998bbaf1219b2c97dbd134baee2107a96baca5b5fa956456 -TIMESTAMP 2022-08-13T18:39:44Z +MANIFEST Manifest.files.gz 522243 BLAKE2B 1596c3af61b1a6da95c3143b9968db11001d017b9506ddce59f4bcd1b944e1b13f15bff778700b29e74a0b2dac4d906c7d152fac426efbd2dfdda0744685bc62 SHA512 712773ae7f28857d3018f0041efb6721a75332941366f343b7761b3473756a12951420fbef4c2cb89129bd36c7629d17ca51c9b4c6624c65d15ffa2d22aff11b +TIMESTAMP 2022-08-14T00:39:38Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmL37/BfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmL4REpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAauRAAnrWhUanRFnNvEhVaRxbdCTf+CEh+pvBNE5Iedewshl5jKN6LvZBYS93p -Bh9yb0g+/mAp8m8zlzpsT08Fgy80LIyZAYl4GeADN/yLi3jESoXy/Iu9V+ixuGtt -N8EjMPQlRXVcIaDsBftYXFXIRYz9Zigj1UgFtJ+eBHzB/sfL11ZumiQ3132xWFxZ -GudE52hWxfPug1taBeTie1ikZaBntxYueYRZOmfncsnJJJZ5DyijjVjdED0KiDvy -6g+SnYx19B6Oj8cKUe4+Ff9CgXuzTowe81Yj600RV83a9okJPheffEo68OJgcele -UVv0q3j+dAPRJmBpNokDhcHN9V+ZQgUxbwODxr8q2o8XX8Swmk1PEsG/xg/pt7Ow -o/10TO3qG1PfzkBO8B6WV4t8Hc2ae2sBbTu0ODrZsfSqx9m1/8CbRxSqm0QZzQVU -kw3M9LrQJa+Hls8yKTZ82vpPs+ZZS4RgtWV6Nb5E4tCpfqPeN99ftP9WDb7h5yuK -zcst1Vmra0VMipEPAEdl7ocMnfRwNCD5KYSzbSnFYpNoMg3tlHCsnMUCnlGwvm4a -CXufOzJ78yGLV99vOmwsE2LRo2UdI5F/g6VPBsftSgpMVEPrFksqj6XsaYWhiRby -06PrRb8NLYn+9cIR3++ZvuTPkrPKzvxVSESF/Vr9cj53r6Lechs= -=dx6+ +klB6QhAAlSH4DPceH/Jhj6LubZT6+rWprOBq4V06hJeC/+LudBjhwWSyB7Fful8y +SqY+RHVkpnK4utxf3TaZ5fEvpQ702VzlPPoeI3iHaQV1/tGKZ1izDupeL6P0Jiku +wq4/z+rcK0XfQD9xZNlyEDMxzoN/Cfjcs2uiAviDYaHbcrdG1yrXsDUhFpLdjtPh +KwrMSkvCK3wylmww8JjStIKy8r2ac7qrOtKWXchNr/HNTB8yviubMlEJoWs9L8P4 +qWt2CA9lW4eWYjb3WY9SbqOZu+9apvXbFn15V6O9cUK8uCHO0w3pVGlnZDkapnvp +cd585Jx9qnX5vRUkXN8WR0V5E0xT4emLI6Gq9JhZv46qaORFEUMhvKhKb8hSL1CC +BorSjyvi0Ylxz2xOXbYZyBlaSJJfa+/WqFpO5wyNabaQlvel7FPI/o+sfYiLUYyw +/zR3GIGTyD/3xssF3dR1t/wyrd+4a7gfL83v/KM0V6aFj5gKxidBTc1VyGjKS4Ux +EVHePmIdVJY/J5r0Q6AYp1I5LUYvaEW+4NVhq4w7+u2iuTNf/pm2OMb9nBaDhNZQ +JztsTM4r5wY1lZvhTtA4c/l6YQ6wtz3Y7iaWhWn6asL13xK29qML0v8L7/zSNPOS +m6SU8Rm6BPLRyR+1Nyn9Em1jluoXUQe6Mu0cXKPYxsmqTrFrESw= +=/B0T -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 0f12c71d137c..e7607780d7b3 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202208-20.xml b/metadata/glsa/glsa-202208-20.xml new file mode 100644 index 000000000000..58744f5a5bc0 --- /dev/null +++ b/metadata/glsa/glsa-202208-20.xml @@ -0,0 +1,78 @@ + + + + Apache HTTPD: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. + apache,apache-tools + 2022-08-14 + 2022-08-14 + 813429 + 816399 + 816864 + 829722 + 835131 + 850622 + remote + + + 2.4.54 + 2.4.54 + + + 2.4.54 + 2.4.54 + + + +

The Apache HTTP server is one of the most popular web servers on the Internet.

+ + +

Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Apache HTTPD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" + + +

All Apache HTTPD tools users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" + + + + CVE-2021-33193 + CVE-2021-34798 + CVE-2021-36160 + CVE-2021-39275 + CVE-2021-40438 + CVE-2021-41524 + CVE-2021-41773 + CVE-2021-42013 + CVE-2021-44224 + CVE-2021-44790 + CVE-2022-22719 + CVE-2022-22720 + CVE-2022-22721 + CVE-2022-23943 + CVE-2022-26377 + CVE-2022-28614 + CVE-2022-28615 + CVE-2022-29404 + CVE-2022-30522 + CVE-2022-30556 + CVE-2022-31813 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202208-21.xml b/metadata/glsa/glsa-202208-21.xml new file mode 100644 index 000000000000..3f883725ca03 --- /dev/null +++ b/metadata/glsa/glsa-202208-21.xml @@ -0,0 +1,42 @@ + + + + libebml: Heap buffer overflow vulnerability + A heap-based buffer overflow in libeml might allow attackers to execute arbitrary code. + libebml + 2022-08-14 + 2022-08-14 + 772272 + remote + + + 1.4.2 + 1.4.2 + + + +

libebml is a C++ library to parse EBML files.

+ + +

On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow.

+ + +

An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution.

+ + +

There is no known workaround at this time.

+ + +

Users of libebml on 32 bit architectures should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libebml-1.4.2" + + + + CVE-2021-3405 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202208-22.xml b/metadata/glsa/glsa-202208-22.xml new file mode 100644 index 000000000000..5e5f67c9185e --- /dev/null +++ b/metadata/glsa/glsa-202208-22.xml @@ -0,0 +1,44 @@ + + + + xterm: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in xterm, the worst of which could result in denial of service. + xterm + 2022-08-14 + 2022-08-14 + 769839 + 832409 + remote + + + 371 + 371 + + + +

xterm is a terminal emulator for the X Window system.

+ + +

Multiple vulnerabilities have been discovered in xterm. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All xterm users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/xterm-371" + + + + CVE-2021-27135 + CVE-2022-24130 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index bc5ec47e1cff..da92d450cd0e 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 13 Aug 2022 18:39:40 +0000 +Sun, 14 Aug 2022 00:39:35 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 25017bbcaa81..fa30ed48ee4f 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -58da0854b008b45c9a0063959668eb2fa9fc0b96 1660357610 2022-08-13T02:26:50+00:00 +60298a368732a5fdf5e926ec4c59811f482e73b5 1660435906 2022-08-14T00:11:46+00:00 -- cgit v1.2.3