From 8fd9d385e5bc3c01115ec2ddcb2227607eb90861 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 5 Jan 2024 14:04:26 +0000 Subject: gentoo auto-resync : 05:01:2024 - 14:04:25 --- metadata/glsa/Manifest | 30 ++++++++--------- metadata/glsa/Manifest.files.gz | Bin 558359 -> 558999 bytes metadata/glsa/glsa-202401-02.xml | 50 ++++++++++++++++++++++++++++ metadata/glsa/glsa-202401-03.xml | 42 ++++++++++++++++++++++++ metadata/glsa/glsa-202401-04.xml | 68 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202401-05.xml | 42 ++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 8 files changed, 219 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-02.xml create mode 100644 metadata/glsa/glsa-202401-03.xml create mode 100644 metadata/glsa/glsa-202401-04.xml create mode 100644 metadata/glsa/glsa-202401-05.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 29908f95092a..2d1addbbb2a7 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 558359 BLAKE2B 6ff1dd9354455ed7f338ae06c477ce7dac2990bd3eb84868668c9a4fbd7666355ff69ec8cc4598c2a46dd5fe56b3f952413e3b68af3b33b6da19c6f37d97ca70 SHA512 a6deeae40717b5176fe6030ff10537898379202450dfebbf026b789aa8ed1701f446b152e2bf3cf3f8b391bac2576b9612ea9a4cf4d35ad7cc3d262e8dfa0010 -TIMESTAMP 2024-01-05T07:40:08Z +MANIFEST Manifest.files.gz 558999 BLAKE2B f0c255a4e931f6e5af7a60afe1dd2a2134f94e6fdb52bdcaf5c4c3919a59809263aa708951de0a4a6138329cd50ff30e21be7208e33dfdde8f09c4b83d1a1de1 SHA512 824cc6b813cbd1a1b2bde4676c1222a5e50c277df9746acfacc3a65ea993f00b1e7a47e6250173eeec46ef4fb8ee9e86fbf6ae53f464be92ed08d25cd9fcd208 +TIMESTAMP 2024-01-05T13:40:09Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWXslhfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWYBrlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAcEw/9H8apo2lwCD/w2zSten/Zsreh+P6VC3CYQMlHZWjpGmXGimTHKUAYNuk9 -MpfiDB07h7HgY+qshYrHc6AKevgdmjUfRV+3sAkk8cbnaICDhrhCYrHzLT/GES5M -WXXfRAX0tGffTTIqikUOZm2BHkoXMJd1HSZ2H4edCH8UllIUOzFERt8/YijhLKuF -B+t0EiMEk5YXlmAXBH5F9zs2fLfFFFI9ujIywsgWpO9nPovWeCljuQLh/JEW6+SH -GnKLw2ZM7nD9RY4jhz1HVB+aEnCbfUjM29Cm2ZzwwovDqdkTfVrTjo28OmapS/TR -w4nmoVr2b9VRQuSUEoM0sVlgc8cETtdv9oIMwj6erH567PrjTtpWZwG00lyU/eBh -OWEtDywMe3TVs2r/3k59RQUmuiukqRA6b+6opJUUWLR73EHubOdkucZyaAdHD4ZX -ydMJvCqAvgQlZJWIoxzBBMw41xZ+LKTlY2mDg5jdlVF76MfMzXcv+mjH6eT+5ddM -t3UMOiVpBWsnnUMji08/H/7mexx/i34gPZ8tKFsoRoJLfF6dknbL6UcvBgEydsa1 -eyzqYBXDNGrS6jzloGkL/xzeVHznjH3Z4s1Oq8esRZn/YOdYPvJKMHgCDkSASefQ -tAtpmhmjlkUpDIO5pYolgZFDtxE+7ksMDt2FnZb0qCRVAOV8cDQ= -=kw0k +klBn2Q//UGhYDlIZEfkSj2Ehx93sDXslta/ePc2p09IZZM5wQOX0ofom+l3sXi+U +oAuP0FvnYJ902vm2P/dj23Hkeh8Wuag3PI47f+pTyRTDPe6oJViIlwYLCeF9nArb +G87jcJCKJ33QWdlKKnULWp40NBEmtYOGTiQTT56GUYJgzpnLwgBeLRvPzKcZe3IP +qNyRGssB5hzeCmpMkQ7+tlWcDUjGxliWohW13nBRY0lQHQIf2Mpw2ASzrS1JJJpr +upOejssDxynCouiQu9jXU7EdWt9OHC7gyuMvEPHiUlAL/0upUKIAQh9AG2ju28X+ +toM7AhF2WlpsNni38J2yvgW0+67OAO+OqSXYlALweI5jcy9zlKxG1JOJ5yIZljTN +xwFUauGiKPlcUtoBDWrXafY5uC29GBPvhMxoEzeOIRP75L2l10ipuTbhw3OEpxBd +ik6TcVprq5SjEDSMmjpZOYYd6qZVai13iDlnR1G1UAHiX8CS3aU7VFPAIYtZMIPK +WOZ8paoawNt8bS613sfW1GGtQZa6AMD5SIsu+1yfQsvJOGi3Jk7Pv3jQakD9bLbL +HNrca2+rEb6TLQEkyA2QWu0r3W6XAUQaGd8TJ7mt+p/13nG9ewA3wMjgXTtIM3MV +00ZzElDHIcJN3oVM6oWQ+m83VkmGqMdl+acy+KZE582xNfXJvpg= +=oxCS -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index e9d3a995cb72..73ff6dfcb9b5 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-02.xml b/metadata/glsa/glsa-202401-02.xml new file mode 100644 index 000000000000..ff38eed4e5a6 --- /dev/null +++ b/metadata/glsa/glsa-202401-02.xml @@ -0,0 +1,50 @@ + + + + c-ares: Multiple Vulnerabilities + Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. + c-ares + 2024-01-05 + 2024-01-05 + 807604 + 807775 + 892489 + 905341 + remote + + + 1.19.0 + 1.19.0 + + + +

c-ares is a C library for asynchronous DNS requests (including name resolves).

+ + +

Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All c-ares users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.19.0" + + + + CVE-2021-3672 + CVE-2021-22930 + CVE-2021-22931 + CVE-2021-22939 + CVE-2021-22940 + CVE-2022-4904 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202401-03.xml b/metadata/glsa/glsa-202401-03.xml new file mode 100644 index 000000000000..e9e5d7550560 --- /dev/null +++ b/metadata/glsa/glsa-202401-03.xml @@ -0,0 +1,42 @@ + + + + BlueZ: Privilege Escalation + Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. + bluez + 2024-01-05 + 2024-01-05 + 919383 + remote + + + 5.70-r1 + 5.70-r1 + + + +

BlueZ is the canonical bluetooth tools and system daemons package for Linux.

+ + +

Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details.

+ + +

An attacker may inject unauthenticated keystrokes via Bluetooth, leading to privilege escalation or denial of service.

+ + +

There is no known workaround at this time.

+ + +

All BlueZ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.70-r1" + + + + CVE-2023-45866 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202401-04.xml b/metadata/glsa/glsa-202401-04.xml new file mode 100644 index 000000000000..e900d7658607 --- /dev/null +++ b/metadata/glsa/glsa-202401-04.xml @@ -0,0 +1,68 @@ + + + + WebKitGTK+: Multiple Vulnerabilities + Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. + webkit-gtk + 2024-01-05 + 2024-01-05 + 907818 + 909663 + 910656 + 918087 + 918099 + 919290 + remote + + + 2.42.3 + 2.42.3 + 2.42.3 + 2.42.3 + + + +

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

+ + +

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All WebKitGTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.3" + + + + CVE-2023-28198 + CVE-2023-28204 + CVE-2023-32370 + CVE-2023-32373 + CVE-2023-32393 + CVE-2023-32439 + CVE-2023-37450 + CVE-2023-38133 + CVE-2023-38572 + CVE-2023-38592 + CVE-2023-38594 + CVE-2023-38595 + CVE-2023-38597 + CVE-2023-38599 + CVE-2023-38600 + CVE-2023-38611 + CVE-2023-40397 + CVE-2023-42916 + CVE-2023-42917 + WSA-2023-0006 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202401-05.xml b/metadata/glsa/glsa-202401-05.xml new file mode 100644 index 000000000000..b1ce5562b5ba --- /dev/null +++ b/metadata/glsa/glsa-202401-05.xml @@ -0,0 +1,42 @@ + + + + RDoc: Command Injection + A vulnerability has been found in RDoc which allows for command injection. + rdoc + 2024-01-05 + 2024-01-05 + 801301 + remote + + + 6.3.2 + 6.3.2 + + + +

RDoc produces HTML and command-line documentation for Ruby projects.

+ + +

A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details.

+ + +

RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command.

+ + +

There is no known workaround at this time.

+ + +

All RDoc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/rdoc-6.3.2" + + + + CVE-2021-31799 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 7d11ff57b05f..4bf5a1d534b2 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 05 Jan 2024 07:40:03 +0000 +Fri, 05 Jan 2024 13:40:06 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 4f7a75657ddb..0200e3e095e8 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -086ee91647926ad5550f1443e004b5f5d1bda7fc 1704206331 2024-01-02T14:38:51+00:00 +18540d77b43283bbeb478e2efd181954f507ac07 1704461679 2024-01-05T13:34:39+00:00 -- cgit v1.2.3