From e3872864be25f7421015bef2732fa57c0c9fb726 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 4 Aug 2018 08:53:53 +0100 Subject: gentoo resync : 04.08.2018 --- metadata/glsa/Manifest | 30 +++++++++++------------ metadata/glsa/Manifest.files.gz | Bin 426937 -> 427414 bytes metadata/glsa/glsa-201807-02.xml | 51 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-201807-03.xml | 48 ++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-201807-04.xml | 50 ++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 7 files changed, 166 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201807-02.xml create mode 100644 metadata/glsa/glsa-201807-03.xml create mode 100644 metadata/glsa/glsa-201807-04.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index ea61b639badf..12934beaeb3a 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 426937 BLAKE2B fd40fb2cce7e8bb9b86f11cc0b67099c90238f284b3a458c8153c050be8f5f23899e2d0a85dee8371053bc572661a4ef4f721c0fbfb7976cc36ee7c7480ac631 SHA512 829750d5237ed3b11ae3dc9afdaacd5fe79e390dedf6730a47ac29c7f64e7bcce35e880cc0e44d263a4b9a9ed0186d2e6503cec484fcd93b4c19afde5af0ab31 -TIMESTAMP 2018-07-21T18:38:27Z +MANIFEST Manifest.files.gz 427414 BLAKE2B 03f31e82901c67c54c9e2a393ac3d0d1d25bb342aa53f12ef4cda3b8ecae5db556d030b733bc4f3fdba54171e0a9a96a6e0e3c4ab9239061ea537618ba745ce1 SHA512 01f241123b41771420b69c122806bf7c9c1b4f6f77886ed4e9a9737364198dc0d9cc296f967c056f28a2af511a8d2680a7991527b5ca7723fbd12dcffe525a32 +TIMESTAMP 2018-08-04T07:08:39Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltTfaNfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltlUPdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBefQ/+L9/xSV4wTVT+dMbfnOAw1fq/8IJzy8qP2qRqjV3wv/4qpgWA/1YOzQ5p -lq5i1XkzUn8e+mJySP3deKzfjiT79vPejoy6nYDmFNCVaVND6fcxlQuJ5bNfAv+J -w7BUtKWWtHjpXNfCQtOhuf01bKw2bauuinB8X3Oycms4rKJFISdP2YmNlnCCK7se -OvQXj1bsvF2EU77IquxK2l3OilB/EI5GypOUlc8iBynbqozM4+el97wz8wgXRwWs -BbwKCxB+O/t8yMgWykxuqqfcRSSAjg3XE+PY420tSlPk21tWQ7tbC0eytVQCvnsu -kDZeuWzIrm7Bb/G6dQIck1XC+otfOufAQwoIkvjiXALvpbzONpbszzP/t75ISUf3 -vIdPPdpvFEdLKUexGHElE9Z2XZ61HYh+PhDMDAkL+PQMM2SJogaSrpHi3uSlbvET -6TblWMprl8B0AD17hEGczi8COiGHMbAtxNUP/R1mFLhO5vj0hizJ4ssuxTze2SK9 -oZ/LEia+PZamG3nWa0A7Hq9kbR4sihpKXSggS4FTndSmxNvMOfOTjAPGBfXTHHgn -Hg+5kIV8nlvfsrbZ2bUpr1QGOIiEUXsKIIaP2qxoQxGIxf6MyRjY9412EGhNBiAe -jiUXtIrqC3aMHzW7MIs29Ok/cfN1KY+YSXiUFfTvTyLw5/Lh0Ro= -=gdTN +klDqmA/9EldPuI7gKEfkvqQ/3Ev33JZPxI9bzlXNJDvuQkpfXxlN3smXxkklQHLD +ELay1kHbZVWjEGeOxGn4XidRBIk63s9eQxgGBfCkydMSyJF//zceHlMxUDAsSR74 +BeNPmsScuj88RFpXwiKvRH+jsUxIfpSVZiL4BgCx3loZEQC3RLsRj0fBgAX/Mjid +q9y7x5rGNfK06vaaKEXvax0uHRA19OWaaA476R/AK6VEnB3wxXe5HE3pn4usxS1I +RBUR5LLgSkbsimJB8XA/xhabeUnWu39CBIdWFTSjilbm1aVrnZfX+gnAe1AS7uQR +oOVUEO8Tlmoe89KfSRQGonC1qQSl6ROv4biSN/4NSFNoH9tMIFiV/WZsraO3qc5F +sVIP1Um+bB+l/OhVwFf1eWDgYiIj3opDKgb3E3JeBwmAR7wZ/cxRiDjq6LyutjR+ +KcWQ7yt0CENXm//I2zs17QjL0Cbr6O8nKUBD8FVPmck9VBk6Mi4jsdHk+WNOefYB +OF51OqST9wbNjbDH9ViBED2kb9b9TTkrcb8kawSTWj03YdkqIsGJU9+FW2auvYuQ +A1ly42q2CG0dCkhiSLhO26UaOy5EeXqOYDIVni9gz3Cn8o145XzGVaWLQv1hXJX6 +ErSxolVQb+2uukprBNLfKdeUy1vt1poQ7K/aHq88O+XidEanozs= +=3s3j -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index a924ccd14e63..2c573718af44 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201807-02.xml b/metadata/glsa/glsa-201807-02.xml new file mode 100644 index 000000000000..ec691f42d00e --- /dev/null +++ b/metadata/glsa/glsa-201807-02.xml @@ -0,0 +1,51 @@ + + + + Passenger: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Passenger, the worst of + which could result in the execution of arbitrary code. + + passenger + 2018-07-22 + 2018-07-22 + 658346 + remote + + + 5.3.2 + 5.3.2 + + + +

Passenger runs and manages your Ruby, Node.js, and Python apps.

+ + +

Multiple vulnerabilities have been discovered in Passenger. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could escalate privileges, execute arbitrary code, + cause a Denial of Service condition, or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Passenger users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/passenger-5.3.2" + + + + CVE-2018-12026 + CVE-2018-12027 + CVE-2018-12028 + CVE-2018-12029 + + irishluck83 + irishluck83 + diff --git a/metadata/glsa/glsa-201807-03.xml b/metadata/glsa/glsa-201807-03.xml new file mode 100644 index 000000000000..f6a41e2fa62d --- /dev/null +++ b/metadata/glsa/glsa-201807-03.xml @@ -0,0 +1,48 @@ + + + + ZNC:Multiple Vulnerabilities + Multiple vulnerabilities have been found in ZNC, the worst of which + could result in privilege escalation. + + ZNC + 2018-07-29 + 2018-07-29 + 661228 + remote + + + 1.7.1 + 1.7.1 + + + +

ZNC is an advanced IRC bouncer.

+ + +

Multiple vulnerabilities have been discovered in ZNC. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could read arbitary files and esclate privileges.

+ + +

There is no known workaround at this time.

+ + +

All ZNC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/znc-1.7.1" + + + + + CVE-2018-14055 + CVE-2018-14056 + + Zlogene + irishluck83 + diff --git a/metadata/glsa/glsa-201807-04.xml b/metadata/glsa/glsa-201807-04.xml new file mode 100644 index 000000000000..38cedbc06c3c --- /dev/null +++ b/metadata/glsa/glsa-201807-04.xml @@ -0,0 +1,50 @@ + + + + cURL:Heap-based Buffer Overflow + A heap-based buffer overflow in cURL might allow remote attackers + to execute arbitrary code. + + curl + 2018-07-29 + 2018-07-29 + 660894 + remote + + + 7.61.0 + 7.61.0 + + + +

A command line tool and library for transferring data with URLs.

+ + + +

A heap-based buffer overflow was discovered in cURL’s + Curl_smtp_escape_eob() function. +

+ + +

An attacker could cause a Denial of Service condition or execute + arbitrary code via SMTP connections. +

+ + +

There is no known workaround at this time.

+ + +

All cURL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.61.0" + + + + + CVE-2018-0500 + + irishluck83 + irishluck83 + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 12cc7817ec00..0254be2da60c 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 21 Jul 2018 18:38:24 +0000 +Sat, 04 Aug 2018 07:08:35 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 9cf5b169a530..39d5ceab637c 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -05c861bfc6df24f1e1d8bdfbeddfde0b268a1418 1531886373 2018-07-18T03:59:33+00:00 +bc003b9516bfd3c1d933c8cd919b86b13f8c5548 1532902339 2018-07-29T22:12:19+00:00 -- cgit v1.2.3