From bd4aeefe33e63f613512604e47bfca7b2187697d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 3 Nov 2019 16:06:58 +0000 Subject: gentoo resync : 03.11.2019 --- metadata/glsa/Manifest | 30 ++++++++-------- metadata/glsa/Manifest.files.gz | Bin 448845 -> 449006 bytes metadata/glsa/glsa-201910-01.xml | 72 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 89 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201910-01.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index fb2dbba86227..78865332cded 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 448845 BLAKE2B 24feded351e2c02762000f35c6c58ac935b2383bf6acdd7450f974e16e15fe0935d3f657233d5cd4ab87639ad5f410b8ea36fd5c019b93bfbfc47983ef01dbdc SHA512 569d13495f7e4953afefd29435d7953d3afa1815ae86459c1f4f84726efaaedc5598835f415738d792d2d1060be50cf8ad9140b7fcf124dd7f9ea681a55957ab -TIMESTAMP 2019-10-13T20:38:57Z +MANIFEST Manifest.files.gz 449006 BLAKE2B ab32207f84ac7631fd8d236fe1aa63e88587b06e44eb1809cd72818ffb95ebb8390c250d5ab1ac5b1ac80968c4cef20897786383d93e0f140f7f1be52e7cb314 SHA512 d97241a68516a4c88a2d1afe7dac7dc36b0124cf3186aca88c595b3e66875bc4c66530c9b1c5221bf584a799c385182af538ea678c6f87418d9749030c73d619 +TIMESTAMP 2019-11-03T15:08:53Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl2ji2FfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl2+7YVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCxTw//cB1DOqxzrCdkBOpaT53PhrXYDKu36Nj/AjvQm4kHB4dQjvbqtLdXC2aa -pvlyZbEa2le54+b/95TMBPugHN0SzQ/NpbVBWo2tSE9ILnCggUU58hxrlERQ4vnO -FfZHrrNx8M4MDhEkF9Hpe8GqhqFLRhi5RM0czQ+x5xoMb+CKZo46oOt40skukZy0 -JftY5klDkwT+oG4plt1xSAE1ZHuOewDRjB3ak0wfFQtvEC9d/EsBHog0QJvt1huU -rL8MheUv6GJRyybWofq7I9V7QVoZqf/8PIBhablFAbquEoWOc9kfXQ89EB+tPdax -89h4x+fgMibxplwBqzCWv3+B6Yk9NnT/xY6YdcN+9b0dfKBZV8mR1Df37Q8hoAn7 -j8MJawd7jdhGmvuVB2jhyb9daxk7WodpLQcygNuuF5kTBq7XGXq3Xiyy+Gj6pa3O -SCriF+O/n88bAVFqmaW0ILLD3YP37WTffI0RdVwyz6t5Kt3I+NXooOIhaeb5EwWB -iBMR93QsBxNv8n2e9yKC7qUJrcHDrMFcq87D7KoYBbcs8YTe4X80H1RtQL7dtCcy -2YXu3yd74BJ2bdcvnjrBYarrASvOqxUxqTi/tvE5IieAK8N/gfJ+fXwDlnVoqDx3 -Yyt1IsHx5i/Z5Kg6L7y8IxRh+KBaQZFEXY95GP1YUxklA50jJto= -=PZ9t +klA/hQ//Q90V3h1hPpFXA3KueeVXekIVjVAOoiEaYpjsn0KP8JVZGAsMjyF2KOfV +Q2zX1Pfb2KSPI/RR1z92BMd+CBtLcQvx6I0vhk0ZCGk/6cyr95q4a4ekeA+V3xOU +HqYK4ary3q5RD2ns79nCpMtOYH6k4g6W9DGX0RRdMKW44c110o3XjDHgtQcc4SKx +83Y/oAk8nmQ3J1TiBIuF2Rz5dOQPgqxI3ojcIteIHYnC4vRZX7HKCN9dGd3JFzv8 +jDxHWeTv5gCEfz2qSsU6oMA3cEfhOQv/8wPut9BtkOIQxgVcDp/ofIVRH6ijul9n +UNgtF/+4ERwsADw+VABy+B1AlU+ivz4xclnjeaYEWivt2kc+17KFgTR5eM7rooj9 +6xmm6OzI/ZSiblWfo7lquiqUQErZpjLxJOFck8JJnXmHpYdQfkrAm2+d1/Us/Dl7 +XcQpC/dSz8rDnRgjhBVjn8q6tJs1o/4nI4EvX4au5KLOYZueRE5wTNuSGRHrS/sM +481wDpIecIRa/lIocojNSfxVL8wNSp17KcjMfiev2yDj9/cb6N5d9Ae/QzGLiXPc +fM6/FyEbkUq7Lk4kOIiD5+5COdCQ32uyUaqP1zu5NPI9XzDaQte8TyB6OeUu59UX +yjHGtaYKKqs4SiIlbbRKkHUDUis7+Xh8AyQgFYaTh4ZlpNWJ2a0= +=VLza -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index e80a943da59d..676b6a27efd7 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201910-01.xml b/metadata/glsa/glsa-201910-01.xml new file mode 100644 index 000000000000..9210bb5e03dd --- /dev/null +++ b/metadata/glsa/glsa-201910-01.xml @@ -0,0 +1,72 @@ + + + + PHP: Arbitrary code execution + A vulnerability in PHP might allow an attacker to execute arbitrary + code. + + php + 2019-10-25 + 2019-10-25 + 698452 + remote + + + 7.1.33 + 7.2.24 + 7.3.11 + 7.1.33 + 7.2.24 + 7.3.11 + + + +

PHP is an open source general-purpose scripting language that is + especially suited for web development. +

+ + +

A underflow in env_path_info in PHP-FPM under certain configurations can + be exploited to gain remote code execution. +

+ + +

A remote attacker, by sending special crafted HTTP requests, could + possibly execute arbitrary code with the privileges of the process, or + cause a Denial of Service condition. +

+ + +

If patching is not feasible, the suggested workaround is to include + checks to verify whether or not a file exists before passing to PHP. +

+ + +

All PHP 7.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.1.33" + + +

All PHP 7.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.24" + + +

All PHP 7.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.11" + + + + + CVE-2019-11043 + + whissi + whissi + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index df15733aa00e..0228db373743 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 13 Oct 2019 20:38:54 +0000 +Sun, 03 Nov 2019 15:08:50 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 933a7041a478..c9b577a39721 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -0d8b041795d355b2f8da9b84725a62150a91dc13 1567964538 2019-09-08T17:42:18+00:00 +4c2e30a50e776e9ec1833c4419ce239e6d9cc178 1572001702 2019-10-25T11:08:22+00:00 -- cgit v1.2.3