From fe1c8b732bd548b699d4c2ef725f67f8b8c8911c Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 4 May 2018 11:22:40 +0100 Subject: gentoo resync : 04.05.2018 --- metadata/glsa/Manifest | 30 ++++++++-------- metadata/glsa/Manifest.files.gz | Bin 422971 -> 423449 bytes metadata/glsa/glsa-201805-01.xml | 50 +++++++++++++++++++++++++++ metadata/glsa/glsa-201805-02.xml | 52 ++++++++++++++++++++++++++++ metadata/glsa/glsa-201805-03.xml | 72 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 7 files changed, 191 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201805-01.xml create mode 100644 metadata/glsa/glsa-201805-02.xml create mode 100644 metadata/glsa/glsa-201805-03.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index a265a3fa9c63..cdd84f421118 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 422971 BLAKE2B ea5a8afb2444da16a6c088605ba9c8961cc9cd6cb4556e7fd6b341f8cf071cb886137416ae20c139fdcbaf3bc1ed107454ccba1610a638e2bbc802d94d1b0d22 SHA512 326344d87327efd232cbb04fac7cee4d2e42315a8e9fd26f5c155bfacff92f0112a397371bb749b92ab35a58695c81fad3b55fab3e7482a39592891f68a0a5f3 -TIMESTAMP 2018-05-02T12:08:39Z +MANIFEST Manifest.files.gz 423449 BLAKE2B 490b3d49b1771ae622d89196faa36c2d3d274e6d765ed1a321c6f9c87e1eb16d0203672388185976cbe2316abc3aecaee60e0fd848bbf8c908b233ead62e69f8 SHA512 dbad8dc00d617765448bf9e5b166abdc6106321cb88ddbcbdeb94b96a977fd0d73a2a2806812a142d60c061d18208f0f31b4d01f9b25406ea237913f539f54fd +TIMESTAMP 2018-05-04T09:38:38Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrpqkdfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrsKh5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCWcw//adI2SAGe3eb2BwN5MiJujBU7zH1+5z0FwHmxW7C6xPq249rXnOVkclO6 -+0ao62evFt8zTGumW7lmfb1X1DZV58ioyX3kbWF+wU1iWk7mIMJJujlhOKrGEwzM -Sc1R3Cov4271y26swvnr85A3m5QWF0K/X3W8iOUlLF6zJTqorfaU8d1rRI648ha3 -EPfptf4bUU1b0quQsACi/hnTr1kL0WcHPE4PxgklEPtFYCPWOWO397Cz1zOpDtrn -BwGRS+kQq+08gztWSx3YadoYOH7TEkJl746BWpKHMbePlEFJ5+cNdbK8Qcpcs471 -OC+5eHvjvPvmEb5NNN34IUEzNyKnfoz9Iy8Qb6H/6C8o878zwrtfIBJYNiIWBvbL -wqZd+fT4g2Ro5vcrTvGxeDvbCQdp8enUSIL4kndo1pl2CMGLuXZ745phO/VZcqnj -x/xt4IuLyGtYCDyRYlVAPHw1CpbDqPw7WXAwThGf/r+dohoOPdABqc+LfaeOCNHU -AarEQX2fL5+yTzWWn8m7USP7bY9WfwFuHEisPFLiktYEzqs6SF41Y7yGaPyGbVyN -XVrICSIXBT5f+TcjDURJxLohnS90+gj7b7Y7SbDHFssSZS7qVGQ0+4BhucK1CGRd -/cqNWZUOCMg73FfHUj6/S6eKhFI+JayoRV/GPcItw7AywTd1boc= -=Mgoj +klAYYg/9Fw0XLA/ZkCfBQD1lq/jXZxlt5WzuGRDd4t5oQrJqdXdVT3UKrK7/rxb0 +ai7P+Ve7/yPa3SeLE+kRQcrqEtsW5p8CtEO/qBRMJ5c0jT9hAfehJRrrP4DMVWCn +TWy8/1SWZB2LhpbADzifoJM7Ryea3Io7h13rmH8mavuXs9pscfTIZEnrI/xfbobF +Tobu43Tqh4brcC7zBfAQOhuQBqkjDEeylB5rsrbfvVCm/Ht1HEg8ikF5DH+UNlcE +78us142npC21sIh4RlGrksSBb73ZdDaeOG6WfMrvY39JqKrNsPa5BLw28Ae3/Wat +0/l+z3E2a1kKtsfijwd1ZFNzh8HWzfNpkAX87QVRKGzZMLbL+KYf2MogIloeR2kM +7fs7Qo7MUW1WiZcHCZrnKHdmAeYKeIEbjkg+b5scUJodVIkiQBrTe+QqFwnvXGeS +HeGQplHfSIFCK4Moeg4GXXhfd4OwGPtbOEkDRVnyb5+pZ2uydKYuh8AYfAY3iL0W +ATAZwzDaMshOuJXUpImgSMz2EXnZ0KEqxN/T9nbNi4sUG3O0XeqrMbRRIZ2ivwCD +XOnaDsNVqIJr6BxqUdT7fMa+6LG33MS2SnctpAy+BOR4wdUL3bQxYGrkEv3D7GW/ +p4F5xwFweuqUU7PJ8+ocHK/W+740UhxDvW7YFmZbV342B2kxNE4= +=z7WG -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 4a2634690d83..18c8fa3d4261 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201805-01.xml b/metadata/glsa/glsa-201805-01.xml new file mode 100644 index 000000000000..36f403874270 --- /dev/null +++ b/metadata/glsa/glsa-201805-01.xml @@ -0,0 +1,50 @@ + + + + hesiod: Root privilege escalation + A vulnerability was discovered in hesiod which may allow remote + attackers to gain root privileges. + + hesiod + 2018-05-02 + 2018-05-02 + 606652 + local, remote + + + 3.1.0 + + + +

DNS functionality to access to DB of information that changes + infrequently. +

+ + +

Multiple vulnerabilities have been discovered in hesiod that have + remained unaddressed. Please review the referenced CVE identifiers for + details. +

+ + +

A remote or local attacker may be able to escalate privileges to root.

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for hesiod and recommends that users + unmerge the package: +

+ + + # emerge --unmerge "net-dns/hesiod" + + + + CVE-2016-10151 + CVE-2016-10152 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201805-02.xml b/metadata/glsa/glsa-201805-02.xml new file mode 100644 index 000000000000..d23f963400e8 --- /dev/null +++ b/metadata/glsa/glsa-201805-02.xml @@ -0,0 +1,52 @@ + + + + Python: Buffer overflow + A buffer overflow in Python might allow remote attackers to execute + arbitrary code. + + python + 2018-05-02 + 2018-05-02 + 637938 + remote + + + 2.7.14 + 2.7.14 + + + +

Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

A buffer overflow was discovered in Python’s PyString_DecodeEscape + function in stringobject.c. +

+ + +

Remote attackers, by enticing a user to process a specially crafted + file, could execute arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All Python 2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.14:2.7" + + + + + CVE-2017-1000158 + + + b-man + b-man + diff --git a/metadata/glsa/glsa-201805-03.xml b/metadata/glsa/glsa-201805-03.xml new file mode 100644 index 000000000000..4b3387ed8c40 --- /dev/null +++ b/metadata/glsa/glsa-201805-03.xml @@ -0,0 +1,72 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the execution of arbitrary code. + + chromium, google-chrome + 2018-05-02 + 2018-05-02 + 654384 + remote + + + 66.0.3359.139 + 66.0.3359.139 + + + 66.0.3359.139 + 66.0.3359.139 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-66.0.3359.139" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-66.0.3359.139" + + + + + CVE-2018-6118 + + Google Chrome Release 20180426 + + + chrisadr + chrisadr + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 9fce18c6350a..ccccf2b20026 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 02 May 2018 12:08:36 +0000 +Fri, 04 May 2018 09:38:34 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 6c42d45c6836..94cb37af3cfa 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -33ab85714fe99f05395695e2dec17da4e91d4e4c 1524529671 2018-04-24T00:27:51+00:00 +e5c04f29237a0b5ac8d5c241b6f686f89d46e211 1525305465 2018-05-02T23:57:45+00:00 -- cgit v1.2.3