From 8cd3c41aa0ccead302235680b9e2fa9903d7548e Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 25 Nov 2023 16:31:33 +0000 Subject: gentoo auto-resync : 25:11:2023 - 16:31:33 --- metadata/glsa/Manifest | 30 +++---- metadata/glsa/Manifest.files.gz | Bin 554222 -> 554858 bytes metadata/glsa/glsa-202311-11.xml | 163 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202311-12.xml | 44 +++++++++++ metadata/glsa/glsa-202311-13.xml | 42 ++++++++++ metadata/glsa/glsa-202311-14.xml | 46 +++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 8 files changed, 312 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202311-11.xml create mode 100644 metadata/glsa/glsa-202311-12.xml create mode 100644 metadata/glsa/glsa-202311-13.xml create mode 100644 metadata/glsa/glsa-202311-14.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 08d54edfe502..6e21a9052693 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 554222 BLAKE2B b8192c6cad8673128665e2bcbb263867375167b8afc7ec64afb228ca9734dad609b4a10892b93d53ecd9a822183ad7710567ea683d170512fc5f59563b03fdd8 SHA512 63c6723626955aea81134aa0309f9b28ef8b6ca57a101b31bec5f87c28cea30cdba4707ba9e12ac8b8de39ad140c58c903503402942317608f0f149c5429a7f4 -TIMESTAMP 2023-11-25T09:40:27Z +MANIFEST Manifest.files.gz 554858 BLAKE2B 4f19a75565a5054be3c31a4dc88800b57c5bf8c0cce0f797ec11a4fdc90418321f82e646b672ccf214f6e5daf616ea1a3d8115453bb3365e85aee430998c6ff0 SHA512 4f9f54210f84e01496fd22447309d2a8874935b91ae5935863e7352b16bc198b5d50c3422852939c69e9eeb69efd2408cbb531b82c307ec560ecc068a89ef820 +TIMESTAMP 2023-11-25T15:40:23Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVhwQtfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmViFWdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAQwA//YMJDdyE6powEFs/y6EHECnXgvNpCNAFmYBwzIoe5gtpNbkGoJFGUuq8N -FxRwAFFk0oVcpDjh6mpqdyaUeYa2qIKcY3RyIU6eBc33Zd3fcaF1ZSqz8W2A/HE1 -/YtIUIeUMM3tM76UII2jj8oVJoZjfO+dEoJSIBZLdpQgwQIwcGsnnBNn3v8oQMzF -g07GAMkrrXyGUasL9vPMJ0nldx6CbkXIMXp3c4gEgMrAlBr10eeatlAX3aEv21Oh -apEGi62WRixw2XSSGYakTb6N8/gOkg44K4UrqYsgMFAIsECdKfbCUQhgoDqAOs5Q -APgP8RGcmtMp2ulitGpjW3i3w3SeqpxyMeuLQs5BOCZuISC9VNV6ZcbQmP5qFsXu -RwIT9LSUFHVsApO1Xd8c/kzy97eWcxPQrn87QVCaxmibZK5kJD5OHsesG547aCBa -HDPp7b4S4+ij0eOYXEriin3rtIsV/6YKiUEnEk0TiV01cVTQZlfmD6Z0PACFfio5 -8MEVx9vJUtbQFWHqW2C40PpE19B9cOrTAGOe5u0GWRVl8QKyfL/x+oPg5k1kFehD -dP5xotAQ2nV9umk9AdR3czFv0CnZcH4QxsJuVx+1Z3gb7zj65B2pb91/cUhAIs9b -add6x5KuWHY2/Ugb00Ng2gEC0GEdpFVXi9ibGlSt3xtBz2OLeGw= -=voLI +klCMew//R3cxMZIkxJrbnb9BZgdUn46o9ERpGCQXjGbS0ALKR2bvHijitpGWpZs5 ++ku44kC77Dhq7iEzByxSH85Fip4y7IwaZt0aD8T5ZAaN4yZKmxtuT8AmFOrNgq1l +NWcWpRdveTLcdXUusFB7V3dD/wPECkz6w/Y5yZlhVnn/P2OLnAxVVTbLL0/pRs+8 +uKFmPZMoeqn3lqANHcSPwgGeMDgMg/GZ2INO+79Np6zZ0I0Y9ILDw7mDVBStZvUx +bdU5Lv7o+//zAwxE3UQYPv+VxixW4byLekD3pwsjdU7DB96HG7AQeXWZhYJ6y4aV +E2Fehr8wmvA9DJMHgKKMH/bSUFZiJNFc6AnllqRPadY04jzubOj9f8uWpqIhk4dM +2FKRY7G6eVoOkBwx17f68+XSBdKqyBEYlRPnkNmOUHSFXumqzRCycWNueqPiQKT6 +ncWCcyRHqazQJxa2Tss7JvycBa2DaPua/LYFzWwK9dKd7uy8tDlizrr4CuqllNvW +RgY48TvOBwqQxlOzgtRD7Mm6gDoHXfjMB1SgkRXUbD8Lh4s16t/zU3BsaswNvJk/ +8sVMWmYX4puqEsxKebnbIO14ERmCzqHUan2p/Dv9duM+FnTGYzBhOYGzzfa64JNk +P7DVuUt/mN9LUaYhKlRMA43T0W52ayLWurBvJKLVc9/XYCp7eZE= +=dHze -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 795869fbb09f..619c99eccf25 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202311-11.xml b/metadata/glsa/glsa-202311-11.xml new file mode 100644 index 000000000000..1946a71030f3 --- /dev/null +++ b/metadata/glsa/glsa-202311-11.xml @@ -0,0 +1,163 @@ + + + + QtWebEngine: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. + qtwebengine + 2023-11-25 + 2023-11-25 + 866332 + 888181 + 903544 + 904290 + 906857 + 909778 + remote + + + 5.15.10_p20230623 + 5.15.10_p20230623 + + + +

QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.

+ + +

Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All QtWebEngine users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.10_p20230623" + + + + CVE-2022-2294 + CVE-2022-3201 + CVE-2022-4174 + CVE-2022-4175 + CVE-2022-4176 + CVE-2022-4177 + CVE-2022-4178 + CVE-2022-4179 + CVE-2022-4180 + CVE-2022-4181 + CVE-2022-4182 + CVE-2022-4183 + CVE-2022-4184 + CVE-2022-4185 + CVE-2022-4186 + CVE-2022-4187 + CVE-2022-4188 + CVE-2022-4189 + CVE-2022-4190 + CVE-2022-4191 + CVE-2022-4192 + CVE-2022-4193 + CVE-2022-4194 + CVE-2022-4195 + CVE-2022-4436 + CVE-2022-4437 + CVE-2022-4438 + CVE-2022-4439 + CVE-2022-4440 + CVE-2022-41115 + CVE-2022-44688 + CVE-2022-44708 + CVE-2023-0128 + CVE-2023-0129 + CVE-2023-0130 + CVE-2023-0131 + CVE-2023-0132 + CVE-2023-0133 + CVE-2023-0134 + CVE-2023-0135 + CVE-2023-0136 + CVE-2023-0137 + CVE-2023-0138 + CVE-2023-0139 + CVE-2023-0140 + CVE-2023-0141 + CVE-2023-2721 + CVE-2023-2722 + CVE-2023-2723 + CVE-2023-2724 + CVE-2023-2725 + CVE-2023-2726 + CVE-2023-2929 + CVE-2023-2930 + CVE-2023-2931 + CVE-2023-2932 + CVE-2023-2933 + CVE-2023-2934 + CVE-2023-2935 + CVE-2023-2936 + CVE-2023-2937 + CVE-2023-2938 + CVE-2023-2939 + CVE-2023-2940 + CVE-2023-2941 + CVE-2023-3079 + CVE-2023-3214 + CVE-2023-3215 + CVE-2023-3216 + CVE-2023-3217 + CVE-2023-4068 + CVE-2023-4069 + CVE-2023-4070 + CVE-2023-4071 + CVE-2023-4072 + CVE-2023-4073 + CVE-2023-4074 + CVE-2023-4075 + CVE-2023-4076 + CVE-2023-4077 + CVE-2023-4078 + CVE-2023-4761 + CVE-2023-4762 + CVE-2023-4763 + CVE-2023-4764 + CVE-2023-5218 + CVE-2023-5473 + CVE-2023-5474 + CVE-2023-5475 + CVE-2023-5476 + CVE-2023-5477 + CVE-2023-5478 + CVE-2023-5479 + CVE-2023-5480 + CVE-2023-5481 + CVE-2023-5482 + CVE-2023-5483 + CVE-2023-5484 + CVE-2023-5485 + CVE-2023-5486 + CVE-2023-5487 + CVE-2023-5849 + CVE-2023-5850 + CVE-2023-5851 + CVE-2023-5852 + CVE-2023-5853 + CVE-2023-5854 + CVE-2023-5855 + CVE-2023-5856 + CVE-2023-5857 + CVE-2023-5858 + CVE-2023-5859 + CVE-2023-5996 + CVE-2023-5997 + CVE-2023-6112 + CVE-2023-21775 + CVE-2023-21796 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202311-12.xml b/metadata/glsa/glsa-202311-12.xml new file mode 100644 index 000000000000..10b6be50a66a --- /dev/null +++ b/metadata/glsa/glsa-202311-12.xml @@ -0,0 +1,44 @@ + + + + MiniDLNA: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in MiniDLNA, the worst of which could lead to remove code execution. + minidlna + 2023-11-25 + 2023-11-25 + 834642 + 907926 + remote + + + 1.3.3 + 1.3.3 + + + +

MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients.

+ + +

Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All MiniDLNA users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/minidlna-1.3.3" + + + + CVE-2022-26505 + CVE-2023-33476 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202311-13.xml b/metadata/glsa/glsa-202311-13.xml new file mode 100644 index 000000000000..710e5d8071fb --- /dev/null +++ b/metadata/glsa/glsa-202311-13.xml @@ -0,0 +1,42 @@ + + + + Apptainer: Privilege Escalation + A privilege escalation vulnerability has been discoverd in Apptainer. + apptainer + 2023-11-25 + 2023-11-25 + 905091 + local + + + 1.1.8 + 1.1.8 + + + +

Apptainer is the container system for secure high-performance computing.

+ + +

A vulnerability has been discovered in Apptainer. Please review the CVE identifier referenced below for details.

+ + +

There is an ext4 use-after-free flaw that is exploitable in vulnerable versions.

+ + +

There is no known workaround at this time.

+ + +

All Apptainer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.8" + + + + CVE-2023-30549 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202311-14.xml b/metadata/glsa/glsa-202311-14.xml new file mode 100644 index 000000000000..8ae2ab551c6b --- /dev/null +++ b/metadata/glsa/glsa-202311-14.xml @@ -0,0 +1,46 @@ + + + + GRUB: Multiple Vulnerabilities + Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution. + grub + 2023-11-25 + 2023-11-25 + 881413 + 915187 + remote + + + 2.06-r9 + 2.06-r9 + + + +

GNU GRUB is a multiboot boot loader used by most Linux systems.

+ + +

Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All GRUB users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06-r9" + + + + CVE-2022-2601 + CVE-2022-3775 + CVE-2023-4692 + CVE-2023-4693 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 4ca135130255..2f743d70c873 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 25 Nov 2023 09:40:24 +0000 +Sat, 25 Nov 2023 15:40:20 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 65ba52468ad7..2d801c2ae516 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -335f69a9cbc971132afe551e722b25032997f1b5 1700905015 2023-11-25T09:36:55+00:00 +4c466f4d082dba9c6c82b370699194bb99c93843 1700911157 2023-11-25T11:19:17+00:00 -- cgit v1.2.3