From bd7908c6630f38067350d396ac5d18c3cc2434a0 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 29 Oct 2017 11:22:34 +0000 Subject: gentoo resync : 29.10.2017 --- metadata/glsa/glsa-201710-21.xml | 50 +++++++++++++++ metadata/glsa/glsa-201710-22.xml | 51 +++++++++++++++ metadata/glsa/glsa-201710-23.xml | 55 ++++++++++++++++ metadata/glsa/glsa-201710-24.xml | 131 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-201710-25.xml | 69 +++++++++++++++++++++ metadata/glsa/glsa-201710-26.xml | 114 ++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-201710-27.xml | 68 ++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 9 files changed, 540 insertions(+), 2 deletions(-) create mode 100644 metadata/glsa/glsa-201710-21.xml create mode 100644 metadata/glsa/glsa-201710-22.xml create mode 100644 metadata/glsa/glsa-201710-23.xml create mode 100644 metadata/glsa/glsa-201710-24.xml create mode 100644 metadata/glsa/glsa-201710-25.xml create mode 100644 metadata/glsa/glsa-201710-26.xml create mode 100644 metadata/glsa/glsa-201710-27.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/glsa-201710-21.xml b/metadata/glsa/glsa-201710-21.xml new file mode 100644 index 000000000000..adb110274d67 --- /dev/null +++ b/metadata/glsa/glsa-201710-21.xml @@ -0,0 +1,50 @@ + + + + Kodi: Arbitrary code execution + An integer overflow vulnerability in Kodi could result in remote + execution of arbitrary code. + + kodi + 2017-10-22 + 2017-10-22: 1 + 622384 + remote + + + 17.3-r1 + 17.3-r1 + + + +

Kodi is a free and open source media-center and entertainment hub + previously known as XBMC. +

+ + +

Kodi is vulnerable due to shipping with an embedded version of UnRAR. + Please review the referenced CVE identifier for details. +

+ + +

A remote attacker, by enticing a user to process a specifically crafted + RAR file, could execute arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All Kodi users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-tv/kodi-17.3-r1" + + + + CVE-2012-6706 + + jmbailey + jmbailey + diff --git a/metadata/glsa/glsa-201710-22.xml b/metadata/glsa/glsa-201710-22.xml new file mode 100644 index 000000000000..c676b3f4addb --- /dev/null +++ b/metadata/glsa/glsa-201710-22.xml @@ -0,0 +1,51 @@ + + + + Adobe Flash Player: Remote execution of arbitrary code + A vulnerability in Adobe Flash Player might allow remote attackers + to execute arbitrary code. + + adobeflash + 2017-10-22 + 2017-10-22: 1 + 634456 + remote + + + 27.0.0.170 + 27.0.0.170 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

A critical type confusion vulnerability was discovered in Adobe Flash + Player. +

+ + +

A remote attacker could execute arbitrary code.

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-27.0.0.170" + + + + + CVE-2017-11292 + + + whissi + b-man + diff --git a/metadata/glsa/glsa-201710-23.xml b/metadata/glsa/glsa-201710-23.xml new file mode 100644 index 000000000000..cc6aa8ba3a3b --- /dev/null +++ b/metadata/glsa/glsa-201710-23.xml @@ -0,0 +1,55 @@ + + + + Go: Multiple vulnerabilities + Multiple vulnerabilities have been found in Go, the worst of which + may result in the execution of arbitrary commands. + + go + 2017-10-23 + 2017-10-23: 1 + 632408 + remote + + + 1.9.1 + 1.9.1 + + + +

Go is an open source programming language that makes it easy to build + simple, reliable, and efficient software. +

+ + +

Multiple vulnerabilities have been discovered in Go. Please review the + references below for details. +

+ + +

Remote attackers could execute arbitrary Go commands or conduct a man in + the middle attack. +

+ + +

There is no known workaround at this time.

+ + +

All Go users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/go-1.9.1" + + + + + CVE-2017-15041 + + + CVE-2017-15042 + + + chrisadr + b-man + diff --git a/metadata/glsa/glsa-201710-24.xml b/metadata/glsa/glsa-201710-24.xml new file mode 100644 index 000000000000..4be2b2d87b5b --- /dev/null +++ b/metadata/glsa/glsa-201710-24.xml @@ -0,0 +1,131 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the execution of arbitrary code. + + chromium,chrome + 2017-10-23 + 2017-10-23: 1 + 634664 + remote + + + 62.0.3202.62 + 62.0.3202.62 + + + 62.0.3202.62 + 62.0.3202.62 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, bypass + content security controls, or conduct URL spoofing. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-62.0.3202.62" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-62.0.3202.62" + + + + + CVE-2017-15386 + + + CVE-2017-15387 + + + CVE-2017-15388 + + + CVE-2017-15389 + + + CVE-2017-15390 + + + CVE-2017-15391 + + + CVE-2017-15392 + + + CVE-2017-15393 + + + CVE-2017-15394 + + + CVE-2017-15395 + + + CVE-2017-5124 + + + CVE-2017-5125 + + + CVE-2017-5126 + + + CVE-2017-5127 + + + CVE-2017-5128 + + + CVE-2017-5129 + + + CVE-2017-5130 + + + CVE-2017-5131 + + + CVE-2017-5132 + + + CVE-2017-5133 + + + Google Chrome Releases + + + b-man + chrisadr + diff --git a/metadata/glsa/glsa-201710-25.xml b/metadata/glsa/glsa-201710-25.xml new file mode 100644 index 000000000000..b21d81a00256 --- /dev/null +++ b/metadata/glsa/glsa-201710-25.xml @@ -0,0 +1,69 @@ + + + + PCRE: Multiple vulnerabilities + Multiple vulnerabilities have been found in the PCRE Library, the + worst of which may allow remote attackers to cause a Denial of Service + condition. + + libpcre + 2017-10-23 + 2017-10-23: 1 + 614048 + 614052 + 614054 + remote + + + 8.41 + 8.41 + + + +

The PCRE Library provides functions for Perl-compatible regular + expressions. +

+ + +

Multiple vulnerabilities have been discovered in The PCRE Library. + Please review the references below for details. +

+ + + +

A remote attacker could possibly cause a Denial of Service condition or + other unspecified impacts via a specially crafted file. +

+ + +

There is no known workaround at this time.

+ + +

All PCRE users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-8.41" + + +

Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +

+ + + + CVE-2017-7186 + + + CVE-2017-7244 + + + CVE-2017-7245 + + + CVE-2017-7246 + + + b-man + chrisadr + diff --git a/metadata/glsa/glsa-201710-26.xml b/metadata/glsa/glsa-201710-26.xml new file mode 100644 index 000000000000..ecbdd99167f3 --- /dev/null +++ b/metadata/glsa/glsa-201710-26.xml @@ -0,0 +1,114 @@ + + + + OpenJPEG: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenJPEG, the worst of + which may allow remote attackers to execute arbitrary code. + + openjpeg + 2017-10-23 + 2017-10-23: 1 + 602180 + 606618 + 628504 + 629372 + 629668 + 630120 + remote + + + 2.3.0 + 2.3.0 + + + +

OpenJPEG is an open-source JPEG 2000 library.

+ + +

Multiple vulnerabilities have been discovered in OpenJPEG. Please review + the references below for details. +

+ + + +

A remote attacker, via a crafted BMP, PDF, or j2k document, could + execute arbitrary code, cause a Denial of Service condition, or have + other unspecified impacts. +

+ + +

There is no known workaround at this time.

+ + +

All OpenJPEG users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-2.3.0:2" + + + + + CVE-2016-10504 + + + CVE-2016-10505 + + + CVE-2016-10506 + + + CVE-2016-10507 + + + CVE-2016-1626 + + + CVE-2016-1628 + + + CVE-2016-9112 + + + CVE-2016-9113 + + + CVE-2016-9114 + + + CVE-2016-9115 + + + CVE-2016-9116 + + + CVE-2016-9117 + + + CVE-2016-9118 + + + CVE-2016-9572 + + + CVE-2016-9573 + + + CVE-2016-9580 + + + CVE-2016-9581 + + + CVE-2017-12982 + + + CVE-2017-14039 + + + CVE-2017-14164 + + + b-man + chrisadr + diff --git a/metadata/glsa/glsa-201710-27.xml b/metadata/glsa/glsa-201710-27.xml new file mode 100644 index 000000000000..489a0d9e00e0 --- /dev/null +++ b/metadata/glsa/glsa-201710-27.xml @@ -0,0 +1,68 @@ + + + + Dnsmasq: Multiple vulnerabilities + Multiple vulnerabilities have been found in Dnsmasq, the worst of + which may allow remote attackers to execute arbitrary code. + + + dnsmasq + 2017-10-23 + 2017-10-23: 1 + 632692 + remote + + + 2.78 + 2.78 + + + +

Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP + server. +

+ + +

Multiple vulnerabilities have been discovered in Dnsmasq. Please review + the references below for details. +

+ + +

A remote attacker could execute arbitrary code or cause a Denial of + Service condition via crafted DNS, IPv6, or DHCPv6 packets. +

+ + +

There is no known workaround at this time.

+ + +

All Dnsmasq users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.78" + + + + + CVE-2017-14491 + + + CVE-2017-14492 + + + CVE-2017-14493 + + + CVE-2017-14494 + + + CVE-2017-14495 + + + CVE-2017-14496 + + + b-man + chrisadr + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 4751ffbdb218..efc7a33c3304 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 21 Oct 2017 19:09:17 +0000 +Sun, 29 Oct 2017 10:39:29 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 5e2249358c83..350c70c794f0 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -8c9b32528b910251b1fe3992838c97ba223db5d7 1508289507 2017-10-18T01:18:27+00:00 +3c64211d24fa5a633310d841c0bd5cddc991cc02 1508723227 2017-10-23T01:47:07+00:00 -- cgit v1.2.3