diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-01-24 04:45:52 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-01-24 04:45:52 +0000 |
| commit | 2fa0c8dbba3b2455531e5616eed64f2fe66cb58b (patch) | |
| tree | e29569d7d1b5ed28ee38e5bd8c78df62da608d67 /metadata/glsa | |
| parent | 87340091ed79698e591084bd7d9d76c58c94820b (diff) | |
gentoo auto-resync : 24:01:2024 - 04:45:52
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 562328 -> 562804 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202401-27.xml | 65 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202401-28.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202401-29.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
7 files changed, 166 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index d8d80cf748ec..3d21c5c89300 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 562328 BLAKE2B f917e7f3715dafbea4631d1e8735246d5b9887c3efe70c6ba46f3209bd4352c3858fb9f3b94eddfea989436bd50ec90a84cb7490a3686cfafe856b8100fc8b3c SHA512 d02be3afe2c6c1c06c58a6413b27e2ddfa1c0d22459c4da9eb5fbc7afe9b5335376f1397c09c4bae95745e7e93f1941a58053c3f1b7dfe65b33c41f933bb9720 -TIMESTAMP 2024-01-23T22:10:01Z +MANIFEST Manifest.files.gz 562804 BLAKE2B 118759e499ee06efcf469cd651c855c8e6025e7b662267a1b5da3bfe2ccef4c25c889a7a7567ac40f48ee9c0c76ce2d0b683994d7c8ea20d119f873560597ce6 SHA512 c0126932c2d8318cd86cdefffeb7cfd409d8e0d6bcc493ab0dcefe34d856d1802c7974fd3b803e43cbdf7049c64d457e8301dd8d89a6e659513c7d8786ec635a +TIMESTAMP 2024-01-24T04:10:09Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWwOTlfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWwjaFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDH7xAAlPcZCHSJc5EIICa6PdigGRDL+hot/PdElhf7fHIRJhmCHv/0GT6Lfe8a -20LFLx1TD5UJ8cHgGtnDErvsiHsdD06NLcbKLzANpq87pV4T54SWJVXR1C8Kga4r -Af5NjdXisihpIc7CH+g8IOxGcx7PEkCnhR7OjAp5a1OZ8rOTh8vVc5SmCVpuMvKn -v0cKQCSIZu51JItMwR9R3cjGfRbPoF4MBnlL3BuBzE5TAr+t9pkHrh8SfzE9D0lA -K16O2NOsIvTbfw1nPEkghzKDvt0aLid6www8WmE4mSZyL/4d8993Klek6mWAMph5 -m2HPoDE/+pl5ZhuUHPT39ZOv1KOORHGtWBKI7VmWezm1Pi4mAGgrHI87b1i501pP -wwHGMLUcLM+BcTZbJ+T7tAhirEBvxdIAoEG5vuKzrIr5knuT6w3QT4r+AyDFGU7X -5Q6o8GoZ3j3BFFDopRaGhpZFz4hxIzMxRR+2tg6Kc5kABkB2XnksH27d6RRuj5+K -kGwhsez5+F7P0TIiMyjnG9CDx2kn75lJqsa+7gemf0atgUYfJm6fjkyqFYYbQpex -JJguIfxfvlRuTmpBY24axnPqG+vTMumioOZsJPkhiF6ATyWqTia5YdycJ4zXQKDN -2nWRJkxjofKSLMR3omDxOU3ZGHRyJTeVnocpHMZaGY6qJKdRAZs= -=w3eD +klCOVA/+MIpS0KSCNXcoPPTnCurqBJvsyT9CG8jqzxG63hM5cH+YVgIvZAf9xfgT +f7WMSAvxVmNrwdCwuuzJ6vXv9VjDTzKAkPuLy3Ry9SAFmrjVLvABi1t/P25MkF/F +1jdk+y9o6V0HvTKnw+5M9tchusgO7hjgP1dQU3NB8fgpUKukKvjv9Pf4KBqItORv +wDJNuYZCSIZITOgJGa3hulnVOrqAohFidrnXUb0OEzjlAmKAB03agrBDQlr49scE +rBLfxSjFKFn5OGaCJ5ma2PljWJkTWX2QM+PioAhRDL3Sv6n1l7nImQlIypABnLSI +szH4wFVOwUXHnWtvmJzh677YTKJrtCc3UKWTrAEY7EbGtW5XFMrEPXQFPxhs7M3o +ZIC1WkEoChEStFg63pMx5Y9WE2Ie8/huPsaHJUoqudCzxSnAz7UyXyWNG74yFnGx +GpypgizE+cUMysl08Nz6kfFCCzet1Bi4kCTcCbB+RRgZ8D/Hz0H01dMQb5AV3evg +emMbfjiB9X635vCT4Y6DLqFe5iKsSo3G9EJD+tSauz4vCUb2Ni11TwFFj/wKlL4o +sMvebfUR8eukfBbnVUwTz+z3OXjPgudpfFd398p+Z6P3QHmMXxLJJbnHl8EN9iN2 +4tgL2dHaXLOYINqVNKfRP+lvY2lVCy+QSqBLEjx5lLIhsn3kZz8= +=+tWW -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 89879b805fe9..8955e9622fe8 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202401-27.xml b/metadata/glsa/glsa-202401-27.xml new file mode 100644 index 000000000000..d1863a090450 --- /dev/null +++ b/metadata/glsa/glsa-202401-27.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202401-27"> + <title>Ruby: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.</synopsis> + <product type="ebuild">ruby</product> + <announced>2024-01-24</announced> + <revised count="1">2024-01-24</revised> + <bug>747007</bug> + <bug>801061</bug> + <bug>827251</bug> + <bug>838073</bug> + <bug>882893</bug> + <bug>903630</bug> + <access>local and remote</access> + <affected> + <package name="dev-lang/ruby" auto="yes" arch="*"> + <unaffected range="ge" slot="3.1">3.1.4</unaffected> + <unaffected range="ge" slot="3.2">3.2.2</unaffected> + <vulnerable range="lt" slot="2.5">2.5.9</vulnerable> + <vulnerable range="lt" slot="2.6">2.6.10</vulnerable> + <vulnerable range="lt" slot="2.7">2.7.8</vulnerable> + <vulnerable range="lt" slot="3.0">3.0.6</vulnerable> + <vulnerable range="lt" slot="3.1">3.1.4</vulnerable> + <vulnerable range="lt" slot="3.2">3.2.2</vulnerable> + </package> + </affected> + <background> + <p>Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server ("WEBrick").</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Ruby users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --depclean ruby:2.5 ruby:2.6 ruby:2.7 ruby:3.0 + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.1.4:3.1" + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.2.2:3.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25613">CVE-2020-25613</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31810">CVE-2021-31810</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32066">CVE-2021-32066</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33621">CVE-2021-33621</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41816">CVE-2021-41816</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41817">CVE-2021-41817</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41819">CVE-2021-41819</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28738">CVE-2022-28738</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28739">CVE-2022-28739</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28755">CVE-2023-28755</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28756">CVE-2023-28756</uri> + </references> + <metadata tag="requester" timestamp="2024-01-24T04:04:06.335865Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-01-24T04:04:06.338696Z">ajak</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202401-28.xml b/metadata/glsa/glsa-202401-28.xml new file mode 100644 index 000000000000..c119a331b6ee --- /dev/null +++ b/metadata/glsa/glsa-202401-28.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202401-28"> + <title>GOCR: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in GOCR, the worst of which could lead to arbitrary code execution.</synopsis> + <product type="ebuild">gocr</product> + <announced>2024-01-24</announced> + <revised count="1">2024-01-24</revised> + <bug>824290</bug> + <access>remote</access> + <affected> + <package name="app-text/gocr" auto="yes" arch="*"> + <vulnerable range="le">0.52-r1</vulnerable> + </package> + </affected> + <background> + <p>GOCR is an OCR (Optical Character Recognition) program, developed under the GNU Public License. It converts scanned images of text back to text files.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GOCR. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>Gentoo has discontinued support for GOCR. We recommend that users unmerge it:</p> + + <code> + # emerge --ask --depclean "app-text/gocr" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33479">CVE-2021-33479</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33480">CVE-2021-33480</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33481">CVE-2021-33481</uri> + </references> + <metadata tag="requester" timestamp="2024-01-24T04:04:56.645847Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-01-24T04:04:56.650159Z">ajak</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202401-29.xml b/metadata/glsa/glsa-202401-29.xml new file mode 100644 index 000000000000..fdac8be5d920 --- /dev/null +++ b/metadata/glsa/glsa-202401-29.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202401-29"> + <title>sudo: Memory Manipulation</title> + <synopsis>A vulnerability has been discovered in sudo which can lead to execution manipulation through rowhammer-style memory manipulation.</synopsis> + <product type="ebuild">sudo</product> + <announced>2024-01-24</announced> + <revised count="1">2024-01-24</revised> + <bug>920510</bug> + <access>remote</access> + <affected> + <package name="app-admin/sudo" auto="yes" arch="*"> + <unaffected range="ge">1.9.15_p2</unaffected> + <vulnerable range="lt">1.9.15_p2</vulnerable> + </package> + </affected> + <background> + <p>sudo allows a system administrator to give users the ability to run commands as other users.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Stack/register variables can be flipped via fault injection, affecting execution flow in security-sensitive code.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All sudo users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.15_p2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42465">CVE-2023-42465</uri> + </references> + <metadata tag="requester" timestamp="2024-01-24T04:05:24.519163Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-01-24T04:05:24.521789Z">ajak</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index b6dbf9c1096f..9c934f607886 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 23 Jan 2024 22:09:57 +0000 +Wed, 24 Jan 2024 04:10:07 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index edc30d72137e..67aaaee449e1 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -6ee7e022f8f6a1893b71cb4e09707f9eb56fa40b 1705934279 2024-01-22T14:37:59+00:00 +8c2ac2c642d0add8a4a53de8486398a7e94c2a7e 1706069210 2024-01-24T04:06:50+00:00 |