From c417025a2ab386cddabb71ad598a9b75b47af313 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 30 Sep 2023 11:39:43 +0100 Subject: gentoo auto-resync : 30:09:2023 - 11:39:43 --- metadata/glsa/Manifest | 30 ++++---- metadata/glsa/Manifest.files.gz | Bin 548500 -> 548981 bytes metadata/glsa/glsa-202309-15.xml | 50 +++++++++++++ metadata/glsa/glsa-202309-16.xml | 58 +++++++++++++++ metadata/glsa/glsa-202309-17.xml | 152 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 7 files changed, 277 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202309-15.xml create mode 100644 metadata/glsa/glsa-202309-16.xml create mode 100644 metadata/glsa/glsa-202309-17.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index cfc52a9f62fe..55c5889b49eb 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 548500 BLAKE2B d69c37d2e4e1895a076d1d7359c4b2e9ee1bb29bb132e37c5ebbfec54a414dbebe9f37903f835edd21f36c623a99ace2c24c3147d42057a99fd505bd8a1bc7a6 SHA512 5962e8d7b50c6e11e00b4f0217a7e22066dddd2df564ff9e7effe3a4f06f99abd73934a610fab81ed6e3d4849a4e2fc942054d55562e1f299eb9fce8ded836cf -TIMESTAMP 2023-09-30T04:10:04Z +MANIFEST Manifest.files.gz 548981 BLAKE2B 81700173ea02c0d006e3065367bd4b6801ae8e0cad7f0b23c4d86a41c1b860a4cbdeb3051fb86eb2d3f114b8ba0353d6e09e279718eed8ed2607a21c4e7ec67d SHA512 a987e0e64b2dbf1006cecbff251dc3524b4d244d2e54417a697139ac9ee5a97d21aefdfb0fb940e1890076d7fa18c793f4f7a60db6960004ade2253826320f19 +TIMESTAMP 2023-09-30T10:10:09Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUXn5xfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUX9AFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBQNA/+K+sj3AnxzT1jj9TZkRPDDKteFN9dNg3T7OFc0ckChlFLokshI+dGkOyM -uNUF6v2QHGx4B3Eqb5Wk7fs+NEBkZMUjxz+iZzBgj4blyny4x1Xg3FDQ+gSQemk6 -+5HKJqjkFXjrcAqar65zHr4TX4Rkv9Az7B78ZWypFDZrRGtF8opB8j/RDCOB5CfE -zykwp9dFcHBmVu7rjDYNqi49jKd2QcVeSLTlt3H6OOFImc1rqa8hJgwYL5G8mtHh -g1o6EtOw7wORxpKsdIBnJzk0EK58rsFS2rI3IZu2Oh59DgUGKoB+KtmPbyc3yIe+ -AMhJaMhWwMTNaQ4hL7IHvZk+w3Fnk3zMDE1dHkHJG/CjQ0ZDlOZmJKWXu1whkuWh -WjXvo1eLllMJjCtyHOwfQJXJNcNcuSjAJBBpJgPXGJHK/qGgGf3s38b2uwinCAlF -rojcQ8cV0AQ0AsnO5cLJH3vVNoD25DyoL4LHZkrtIBqx0lhcvIrx1SbBvpeHbppU -KNd0joBT97fQscg9u8PC/RjT22tAbOfGbQh8zjvdNBXF++HOZ2VQykmcR/Ow3Pqb -bQ1P749Z5vY5+nTkUW6FjJpbU0EQQ1zEJpFMHGzlDW5EMmzNP7IAY30kIjmdU/2y -n1KHb6kc4jo/hAcWTVWW9j6JCJ+SnnLcjUG2wJi0mJ8U721Em2s= -=apNe +klBE1w//dckOc38V2PTDHbFsPUM1mVgt2E1AhfywjMepxwHfdS9BLtL689KEXHHv +lKiVf0z3D7k1UVlM1blmL5aYwGSmdNznRzEXMy/n89DXXPMUKSe+/7NJZK52Ce7h +m/eRft2xIVB66njGKOdl+fd62nU8SP1WBFfrqBVhyP+j1H5TOrJ634HzlHB1IgCs +G6TVuZiF24anCN2SbLtn2F+ZcaqMidPoPZAngz/l08cWoMcdDWdDVpVCfs5rSxcL +olzwvY2Xf+nmeMPkgKWIYFb2eV72IWI1ssRW5voRMG9oBDmQpj6UTDUAsIGmTfnu +0vS711uWj+YtahVw19TYLpGkCMWYRvdN/fT2/r+JBuFxS8P455g+eAPD+8Cn5vs0 +GvtnsPIcI/DfpDCOFHGkzTZ4U8ikOWQKA/sjL6E4PKPJGOdaePg4uiR1B1qO1sYZ +vfMrmZuVbmny1/dcTfS4TZMDRSJS3I/cADdB8mXOX2w0dYqGYfO1zDNsGmMaGr/Z +JmxEK4JqtzCPx1dunFOfPq2d9wKWvN9uoDfo/YEDO3Mfqe2DeGzlKhCtVj1o0YIi +33PFCjMjG4e4qKZbZZIILWGD9slrRGRn+qZMQMz1XYdX9TxYQpR5bMlogXjgPEN/ +G5l6rKUOT3CIQFqrq22Ph67Exa5L5tul9el9Zp+W10JNM2USToE= +=Ek+A -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 98277cf32d3a..0926db590859 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202309-15.xml b/metadata/glsa/glsa-202309-15.xml new file mode 100644 index 000000000000..e83f9ead61ea --- /dev/null +++ b/metadata/glsa/glsa-202309-15.xml @@ -0,0 +1,50 @@ + + + + GNU Binutils: Multiple Vulnerabilities + Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. + binutils + 2023-09-30 + 2023-09-30 + 866713 + 867937 + 903893 + remote + + + 2.40 + 2.40 + + + +

The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.

+ + +

Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All GNU Binutils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.40" + + + + CVE-2022-4285 + CVE-2022-38126 + CVE-2022-38127 + CVE-2022-38128 + CVE-2022-38533 + CVE-2023-1579 + CVE-2023-1972 + + ajak + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202309-16.xml b/metadata/glsa/glsa-202309-16.xml new file mode 100644 index 000000000000..7761b83f6f83 --- /dev/null +++ b/metadata/glsa/glsa-202309-16.xml @@ -0,0 +1,58 @@ + + + + wpa_supplicant, hostapd: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution. + hostapd,wpa_supplicant + 2023-09-30 + 2023-09-30 + 768759 + 780135 + 780138 + 831332 + remote + + + 2.10 + 2.10 + + + 2.10 + 2.10 + + + +

wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). hostapd is a user space daemon for access point and authentication servers.

+ + +

Multiple vulnerabilities have been discovered in hostapd and wpa_supplicant. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All wpa_supplicant users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-2.10" + + +

All hostapd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.10" + + + + CVE-2021-30004 + CVE-2022-23303 + CVE-2022-23304 + + ajak + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202309-17.xml b/metadata/glsa/glsa-202309-17.xml new file mode 100644 index 000000000000..d19efa9eb3d2 --- /dev/null +++ b/metadata/glsa/glsa-202309-17.xml @@ -0,0 +1,152 @@ + + + + Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. + chromium,chromium-bin,google-chrome,microsoft-edge + 2023-09-30 + 2023-09-30 + 893660 + 904252 + 904394 + 904560 + 905297 + 905620 + 905883 + 906586 + remote + + + 113.0.5672.126 + 113.0.5672.126 + + + 113.0.5672.126 + + + 113.0.5672.126 + 113.0.5672.126 + + + 113.0.1774.50 + 113.0.1774.50 + + + +

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. + +Google Chrome is one fast, simple, and secure browser for all your devices. + +Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.

+ + +

Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126" + + +

All Microsoft Edge users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50" + + +

Gentoo has discontinued support for www-client/chromium-bin. Users should unmerge it in favor of the above alternatives:

+ + + # emerge --ask --depclean --verbose "www-client/chromium-bin" + + + + CVE-2023-0696 + CVE-2023-0697 + CVE-2023-0698 + CVE-2023-0699 + CVE-2023-0700 + CVE-2023-0701 + CVE-2023-0702 + CVE-2023-0703 + CVE-2023-0704 + CVE-2023-0705 + CVE-2023-0927 + CVE-2023-0928 + CVE-2023-0929 + CVE-2023-0930 + CVE-2023-0931 + CVE-2023-0932 + CVE-2023-0933 + CVE-2023-0941 + CVE-2023-1528 + CVE-2023-1529 + CVE-2023-1530 + CVE-2023-1531 + CVE-2023-1532 + CVE-2023-1533 + CVE-2023-1534 + CVE-2023-1810 + CVE-2023-1811 + CVE-2023-1812 + CVE-2023-1813 + CVE-2023-1814 + CVE-2023-1815 + CVE-2023-1816 + CVE-2023-1817 + CVE-2023-1818 + CVE-2023-1819 + CVE-2023-1820 + CVE-2023-1821 + CVE-2023-1822 + CVE-2023-1823 + CVE-2023-2033 + CVE-2023-2133 + CVE-2023-2134 + CVE-2023-2135 + CVE-2023-2136 + CVE-2023-2137 + CVE-2023-2459 + CVE-2023-2460 + CVE-2023-2461 + CVE-2023-2462 + CVE-2023-2463 + CVE-2023-2464 + CVE-2023-2465 + CVE-2023-2466 + CVE-2023-2467 + CVE-2023-2468 + CVE-2023-2721 + CVE-2023-2722 + CVE-2023-2723 + CVE-2023-2724 + CVE-2023-2725 + CVE-2023-2726 + CVE-2023-21720 + CVE-2023-21794 + CVE-2023-23374 + CVE-2023-28261 + CVE-2023-28286 + CVE-2023-29334 + CVE-2023-29350 + CVE-2023-29354 + + ajak + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index aeb293d09279..2e98be3f101e 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 30 Sep 2023 04:09:59 +0000 +Sat, 30 Sep 2023 10:10:07 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index dd18748ab966..cfb882390115 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -e05346e205e470b799ae6c0dafb506d6aa1cdae8 1695994770 2023-09-29T13:39:30+00:00 +de793de405f9e13d0d29d94de3f236ce0b5b3338 1696064247 2023-09-30T08:57:27+00:00 -- cgit v1.2.3