From a0e773d57146b0a0ec25567af504a10e6f187811 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 7 Sep 2022 10:35:35 +0100 Subject: gentoo auto-resync : 07:09:2022 - 10:35:34 --- metadata/glsa/Manifest | 30 ++++---- metadata/glsa/Manifest.files.gz | Bin 524963 -> 525759 bytes metadata/glsa/glsa-202209-01.xml | 56 ++++++++++++++ metadata/glsa/glsa-202209-02.xml | 48 ++++++++++++ metadata/glsa/glsa-202209-03.xml | 46 ++++++++++++ metadata/glsa/glsa-202209-04.xml | 45 ++++++++++++ metadata/glsa/glsa-202209-05.xml | 153 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 9 files changed, 365 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202209-01.xml create mode 100644 metadata/glsa/glsa-202209-02.xml create mode 100644 metadata/glsa/glsa-202209-03.xml create mode 100644 metadata/glsa/glsa-202209-04.xml create mode 100644 metadata/glsa/glsa-202209-05.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index a84a3100862e..cc1a62987b43 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 524963 BLAKE2B 63a134310988775e80829f8df76e35bc7a36e500f38a02043ac51f423c095de0df8392b4c21b862e8aa1190811e33352db519f38ea643efbc71bfe95d975b6e6 SHA512 bc7c3b57f8c76fb5c8bdb7acf957ff1b9ee261e5de3501606b4991af3973817d95ec173a706003dbfebc5f22f084a39d16aa1dc3ca8f09463ac655d04f93d120 -TIMESTAMP 2022-09-07T02:40:03Z +MANIFEST Manifest.files.gz 525759 BLAKE2B 487aaba91a7a713d59ac9586bbe0ffaeb7bf01fde9781422d78f1d1e009e745a8cea346fbefedc07f275060c3798240f56799ae9f182d10305c04a36eac8db25 SHA512 9ad37d1ae3ef248f0c465e37bce58b95e6f9da024c5d52c9ede183ff971546b15abed0e4dd4ca83a4f69fd2c722ad188eb583dd8d8337d8d99ae3e7c776b7da4 +TIMESTAMP 2022-09-07T08:40:02Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmMYBINfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmMYWOJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAnPA//Ulvjlw2EaJJk8dqQnIQ2/EYXLwEr+st8897pODXOvQHaGufqLsXYJGpf -0PJeyR0XH11OiDeMQ1nj0/T/V9nBPtUmHiVUx61xfDn5clivTMLCyAWlq4Qjuo1F -k1SyccB/7g7YMnJLx+kl2OCWuPpTz9CtthADe+db1f+CZ+dA1mSgbwBCW/ZGPzCR -oO7FRjFq2WgJuWglXuknTYcH456dxARPe4tfpSZ66ULtbcQOGX1JHX8OHsyGsVIk -mRT0e6bqOFsDryUi3r25eByh346BGKvnR36uFuofI1b2D5JbFgvV0b4r2RpcHhIC -EVpDQp7uIDyiWl8rzl08FpMau6EpBHDQDJISkaFa/bHkjxhVFndyHg+3bAYqd0f8 -qwFY1H40mOoINH7JJU21JliHdI1wSWkQICfePspS8I7fo0iNukDNPyazFI4z2gKP -Cp5GSA1iuSZxDXCN7HbGrbSblMva1CVykcAf4+KKljJLg1t2fVynClV5Tn0xsIPn -z8yPw74qwhVWLMNiQN2+wAPIE41xVAFpnrjL9qM4kEnK2iv4vyaiE5oud1KcTATr -YBXTiipP1Yu5ffeBMbwLhJjtbTqeB7TqoWyxoJcNoBzAz9nF0tL4S0FhCaly4kYV -e0vTCz3oPfndHgP66OvJWs9B4cucqcoHcPKLiazfOi4x5SRdXIM= -=Lv2u +klAJ2Q/5AR3UaVRADMa1Mvz2pNx6b9Cn6Gfm3sZhcJpu984Ch0FObJKEkfKb2mdt +tlkuIpb1oAX2N2+4KEwnxZ1DAOzjKqN3WuUVIowToYVqggvDwCNukYHZTvpTHvD/ +rT9BUF7HDYPwocIMEVdbcDGUTQoaAmQjheuBSHWKqzz3z3dfQ/RHGDomjKTgIum1 +iIIcv3ROjN/WMPhrjrwbqlys5FEd60glBDmE2ctpx3XLXdaWUV8vh/lOni6WNkWG ++66k/Ke9ceEqLZGzy7jKV8tIzclOcGBgW5DMCoL3s95YRazOBHVpMLtHu76TXoX7 +oLOFdJdbm/RGcw2ia1BOe3g9ueVljSrqoWIsdVERmcNm5ykcUW4kHQ9vq4P8frr9 +wUiDC1Bj0tA0WblECKCMQaUW8WddtbBp1leQE5MaCYg9alT/mMDqsB+/bpX8zuSq +kxGScB/yFZXLtskXMXZIxNBjBu3XMHVJu0SZt4SwHGG4u8HwsMbds9WhuDbCfDkY +MD9SYodIodbpcuMOR2haGntgQ45FRWdODZ2+ZSNeRshHICkXPwt0BHQUp4Dg8QcE +v0VKZ0M/4oUeDz77ZgV26X4UAHVOvcOQbrfLCGok5fzgDPGvAb8X9IqddxWdwn3g +/7CiZL2gzp9b8FUhb2gyyi2O3w44wmMuMUW/TtwPsO0PRnBtqE4= +=r1cR -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index cf5c31bb2c19..7ecc60fdbad4 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202209-01.xml b/metadata/glsa/glsa-202209-01.xml new file mode 100644 index 000000000000..1fdcaf71f0c1 --- /dev/null +++ b/metadata/glsa/glsa-202209-01.xml @@ -0,0 +1,56 @@ + + + + GNU Gzip, XZ Utils: Arbitrary file write + A vulnerability has been discovered in GNU Gzip and XZ Utils' grep helpers which could result in writes to arbitrary files. + gzip,xz-utils + 2022-09-07 + 2022-09-07 + 837152 + 837155 + remote + + + 1.12 + 1.12 + + + 5.2.5 + 5.2.5 + + + +

GNU Gzip is a popular data compression program. + +XZ Utils is free general-purpose data compression software with a high compression ratio.

+ + +

GNU Gzip and XZ Utils' grep helpers do not sufficiently validate certain multi-line file names.

+ + +

In some cases, writing to arbitrary files such as shell initialization files can be escalation to remote code execution.

+ + +

Ensuring only trusted input is passed to GNU Gzip and XZ Utils' grep helpers minimizes the potential impact.

+ + +

All GNU Gzip users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.12" + + +

All XZ Utils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/xz-utils-5.2.5" + + + + CVE-2022-1271 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202209-02.xml b/metadata/glsa/glsa-202209-02.xml new file mode 100644 index 000000000000..2c7d26523d17 --- /dev/null +++ b/metadata/glsa/glsa-202209-02.xml @@ -0,0 +1,48 @@ + + + + IBM Spectrum Protect: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in IBM Spectrum Protect, the worst of which could result in arbitrary code execution. + tsm + 2022-09-07 + 2022-09-07 + 788115 + 829189 + 831509 + remote + + + 8.1.13.3 + 8.1.13.3 + + + +

TSM provides the client and the API for IBM Spectrum Protect (formerly known as Tivoli Storage Manager), a backup and archival client/server solution targetting large tape libraries.

+ + +

Multiple vulnerabilities have been discovered in IBM Spectrum Protect. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All IBM Spectrum Protect users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-backup/tsm-8.1.13.3" + + + + CVE-2021-3711 + CVE-2021-3712 + CVE-2021-4104 + CVE-2021-29672 + CVE-2021-39048 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202209-03.xml b/metadata/glsa/glsa-202209-03.xml new file mode 100644 index 000000000000..c3b22e3de08c --- /dev/null +++ b/metadata/glsa/glsa-202209-03.xml @@ -0,0 +1,46 @@ + + + + OpenSC: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in OpenSC, the worst of which could result in the execution of arbitrary code. + opensc + 2022-09-07 + 2022-09-07 + 839357 + remote + + + 0.22.0 + 0.22.0 + + + +

OpenSC contains tools and libraries for smart cards.

+ + +

Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All OpenSC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.22.0" + + + + CVE-2021-42778 + CVE-2021-42779 + CVE-2021-42780 + CVE-2021-42781 + CVE-2021-42782 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202209-04.xml b/metadata/glsa/glsa-202209-04.xml new file mode 100644 index 000000000000..9933cc2cc610 --- /dev/null +++ b/metadata/glsa/glsa-202209-04.xml @@ -0,0 +1,45 @@ + + + + OpenJPEG: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in OpenJPEG, the worst of which could result in arbitrary code execution. + openjpeg + 2022-09-07 + 2022-09-07 + 783513 + 836969 + 844064 + remote + + + 2.5.0 + 2.5.0 + + + +

OpenJPEG is an open-source JPEG 2000 library.

+ + +

Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All OpenJPEG 2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-2.5.0" + + + + CVE-2021-29338 + CVE-2022-1122 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202209-05.xml b/metadata/glsa/glsa-202209-05.xml new file mode 100644 index 000000000000..f418dacf8484 --- /dev/null +++ b/metadata/glsa/glsa-202209-05.xml @@ -0,0 +1,153 @@ + + + + OpenJDK: Multiple Vulnerabilities + Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in denial of service. + openjdk,openjdk-bin,openjdk-jre-bin + 2022-09-07 + 2022-09-07 + 803605 + 831446 + 784611 + remote + + + 17.0.2_p8 + 11.0.14_p9 + 8.322_p06 + 17.0.2_p8 + 11.0.14_p9 + 8.322_p06 + + + 17.0.2_p8 + 11.0.14_p9 + 8.322_p06 + 17.0.2_p8 + 11.0.14_p9 + 8.322_p06 + + + 17.0.2_p8 + 11.0.14_p9 + 8.322_p06 + 17.0.2_p8 + 11.0.14_p9 + 8.322_p06 + + + +

OpenJDK is an open source implementation of the Java programming language.

+ + +

Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All OpenJDK 8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.322_p06:8" + + +

All OpenJDK 8 JRE binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.322_p06:8" + + +

All OpenJDK 8 binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.322_p06:8" + + +

All OpenJDK 11 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.14_p9:11" + + +

All OpenJDK 11 JRE binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.14_p9:11" + + +

All OpenJDK 11 binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.14_p9:11" + + +

All OpenJDK 17 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.2_p8:17" + + +

All OpenJDK 17 JRE binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.2_p8:17" + + +

All OpenJDK 17 binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.2_p8:17" + + + + CVE-2021-2161 + CVE-2021-2163 + CVE-2021-2341 + CVE-2021-2369 + CVE-2021-2388 + CVE-2021-2432 + CVE-2021-35550 + CVE-2021-35556 + CVE-2021-35559 + CVE-2021-35561 + CVE-2021-35564 + CVE-2021-35565 + CVE-2021-35567 + CVE-2021-35578 + CVE-2021-35586 + CVE-2021-35588 + CVE-2021-35603 + CVE-2022-21248 + CVE-2022-21271 + CVE-2022-21277 + CVE-2022-21282 + CVE-2022-21283 + CVE-2022-21291 + CVE-2022-21293 + CVE-2022-21294 + CVE-2022-21296 + CVE-2022-21299 + CVE-2022-21305 + CVE-2022-21340 + CVE-2022-21341 + CVE-2022-21349 + CVE-2022-21360 + CVE-2022-21365 + CVE-2022-21366 + + ajak + ajak + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 2b8ffd8b21bc..8d891b477530 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 07 Sep 2022 02:40:00 +0000 +Wed, 07 Sep 2022 08:39:59 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 281d3e4f60e2..86aa630a77f5 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7 1661990219 2022-08-31T23:56:59+00:00 +7771cafe7bc8660946ac9740c02f8106d63660c7 1662520070 2022-09-07T03:07:50+00:00 -- cgit v1.2.3