From c1fba876b88db3fefeead96efa966559036e656b Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 16 Jan 2024 17:29:23 +0000 Subject: gentoo auto-resync : 16:01:2024 - 17:29:23 --- metadata/glsa/Manifest | 30 +++++++++++++------------- metadata/glsa/Manifest.files.gz | Bin 561691 -> 562011 bytes metadata/glsa/glsa-202401-23.xml | 42 +++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202401-24.xml | 44 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 6 files changed, 103 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-23.xml create mode 100644 metadata/glsa/glsa-202401-24.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 2738866ad95f..9f54219c1342 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 561691 BLAKE2B 6e43060375613f4e3dd8c40a3bb2f48594d6afe024617aa4079d36973378d2580bcd71be7d9251c255ea01668b9f06899743502cd8d1d2d14c66ce680967fd04 SHA512 cd6174222e897e48ed9420c05367694fcf6b82da900082de9879767a18c01c6716855f9545e9f81a0d76b089ac711084901ca3fbade24ecd36536553074eb538 -TIMESTAMP 2024-01-16T10:40:09Z +MANIFEST Manifest.files.gz 562011 BLAKE2B 4f303bfa2201afa25d92c6de3ee0b20c33a55df26101444f3a60a5c7551ad29bbf2b4a0ea12786f5c698395abed552f9c00010c60be13643dabbf13f4cc8bebe SHA512 5627c638c07440b1a865e6a00253907199dfeb4a109a0da198bbe5312fad4cc04c4fe2d7e89ba479739fbfe5cadee585c3f001e6dd0b8484b386e2646fb8d5ae +TIMESTAMP 2024-01-16T16:40:15Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWmXQlfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWmsW9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCVbQ/9GSqeRb0Kg+7aldYZuZjURP+lhQZ0XzfO2SWtp3gGS55I2kcEJgmDXnYM -e1pbi+6GNvityog1OOo5mMuUoVpUaXyaIMGkNQtG98mbyLBQ93wEau7cTJgg2hBg -/eFftr7d56+ZgfJy4FTYi3FhL8MOe9dHhPkDHqEZuRj6lLz7rfqMJO3pLx6p4ZMZ -vEUNDOQrMcrvqS1/XDBRFcFDWCxaP6hiSUtX+lO+zudf3em4j65sgaEIhadvaJQF -0GNBa4I/gC6E+sVFPVfAQEgdogmbuZvP0i5QN1FYXET1Y+ygZKEhMRFeq05k5xSh -ftKzl4fd9YMaM8WSxWHBLW+Nyc9OJM8m6T8MIIkDCdaHH9vGLAztYPk6iGGoxMp7 -ldTy/HCfhMgd92/yZ0AyzTwOo2emPRh2mDzxMU2YysPSsFjiEMOwi0Xx6FgiJaRJ -JCNXkBdh08QUL+1j6zOYnoJgCX1rAKiPVDtfW8Iy33iu+ecgETRNSQmT7knLVJSG -0dptjf3P2DNMNNOjMeZYbSxiVxc44mZ1Rzf787QQCEgp2Gi7anPxZPfM+3OtbD4G -f2oYT+HayBh8YRMwLlmEbBO0Rm2Ky5ePNtZi4YI4v/1yjvpnxzgsb4ReuT9psiqs -Lh0paTZkmutXth6NZBiFcUmGeIrXzPdXExCA5rUI0BnUADIUFsQ= -=S4aI +klAJaw/+KRZ+yKfJwpZSMgIY8D33k+pTy5T1M2SPnfTvtIKiEElPZ9CiNuYq+X35 ++b8kv9g+FbQlTAN/nXRlc526v/BoA6ZkoeVsE+gFjoYzcqfy0UNMWJTmXxV/h+OH +3uNx+hLTU9dIA2nM+DtA539CXoq/q8jkXKmeoAmZZKbtv86l67z5DMjXEDQQ6NsM +YyuGjeCj2xpIGMo39Puq8S7PYbQMdx2bTJpAWxvIW2ZwCaI0KLGnpnmwCJqzUhd9 +2w6BX46tnsJKefLy/RMtzdlUteTp7VNSewc/3NYcSwK09fgzcm1euyS63nE6XSTR +g9VTdBRIyimhcnCPQBGy1kLgDd4Bc8iWLiT6jWSt8im66z+wxRx3KVwxc0h1zIL2 +u/GGnw4b3iuID4pEHr0XenOvHz01veahkqMaNt8UF1div0Vqd4c+HhJi4M8bg+9L +2o71D+NHaax5t1z9j7slL+5qF4pxyC+8DFKQE6+YiiVtPunh34dMQ7orASFbDWyd +znTy2ylgHKAFWHIhW5dix7GAUDZsZtFLrp51YLy03KWrsAEHYbsNt+R3DHhrlQzn +DqZ+uqhstLooZnCoAiqd/n0nSTdgHd0a288mpHS2cZ4SRiXby+1j0PRu6fLmnprH +fQZCXW9Iuu8W54mnAkk/iGN2FIS68eehYC7qj8VF0XfgD8KwUL0= +=u47Z -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index bc0cc6ee29c9..09208ae46cb9 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-23.xml b/metadata/glsa/glsa-202401-23.xml new file mode 100644 index 000000000000..240a1ffe3225 --- /dev/null +++ b/metadata/glsa/glsa-202401-23.xml @@ -0,0 +1,42 @@ + + + + libuv: Buffer Overread + A buffer overread vulnerability has been found in libuv. + libuv + 2024-01-16 + 2024-01-16 + 800986 + remote + + + 1.41.1 + 1.41.1 + + + +

libuv is a multi-platform support library with a focus on asynchronous I/O.

+ + +

libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uv__idna_toascii() function before reading and manipulating the memory at that address.

+ + +

The overread can result in information disclosure or application crash.

+ + +

There is no known workaround at this time.

+ + +

All libuv users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libuv-1.41.1" + + + + CVE-2021-22918 + + ajak + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202401-24.xml b/metadata/glsa/glsa-202401-24.xml new file mode 100644 index 000000000000..24d0c28c7e3f --- /dev/null +++ b/metadata/glsa/glsa-202401-24.xml @@ -0,0 +1,44 @@ + + + + Nettle: Denial of Service + Multiple denial of service vulnerabilities have been discovered in Nettle. + nettle + 2024-01-16 + 2024-01-16 + 806839 + 907673 + remote + + + 3.9.1 + 3.9.1 + + + +

Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space.

+ + +

Multiple vulnerabilities have been discovered in Nettle. Please review the CVE identifiers referenced below for details.

+ + +

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

+ + +

There is no known workaround at this time.

+ + +

All Nettle users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nettle-3.9.1" + + + + CVE-2021-3580 + CVE-2023-36660 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index d45606c98f66..0196528303a2 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 16 Jan 2024 10:40:06 +0000 +Tue, 16 Jan 2024 16:40:12 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 4420bdea32e0..7899102bc495 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -9cdf086497a5ec3652db4ca75fc899675aa0af77 1705334181 2024-01-15T15:56:21+00:00 +9948613604a215d86e6a6c8ec06c466da8195f4c 1705412593 2024-01-16T13:43:13+00:00 -- cgit v1.2.3