diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-12-19 07:47:44 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-12-19 07:47:44 +0000 |
commit | fcefa9aa213e0ff26901b351fccd47393113ae5d (patch) | |
tree | 16ff06e1d47c8dc06b954f726f24cd6f941e3596 /metadata/glsa | |
parent | 8bb75334c4b9f91e9f95784e986ed31b4bc11f92 (diff) |
gentoo auto-resync : 19:12:2022 - 07:47:44
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 537682 -> 538471 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-202212-01.xml | 72 | ||||
-rw-r--r-- | metadata/glsa/glsa-202212-02.xml | 45 | ||||
-rw-r--r-- | metadata/glsa/glsa-202212-03.xml | 61 | ||||
-rw-r--r-- | metadata/glsa/glsa-202212-04.xml | 53 | ||||
-rw-r--r-- | metadata/glsa/glsa-202212-05.xml | 48 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
9 files changed, 296 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 8b876a787a61..0534de4a7b2e 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 537682 BLAKE2B 5ea36706e9f3100f98a8bfc48465fc9c9965ad20b834454f02d0d345f47d095e5a9ed35b5f6e37007ee947d09446b720eafc19bfcbc8f9bac4db48a6a80580dd SHA512 0f5654de23f73899b445d3d10fa87c3ab643f77308df25999549e1b63748b5f101eb3f130afac8fb3e03eab64646d0e2016efd11a0f4eccc7a3b6117155d8d63 -TIMESTAMP 2022-12-19T01:09:56Z +MANIFEST Manifest.files.gz 538471 BLAKE2B b7385901234c82cabfe7b6fe500f9a2de535ba832c5fe98f7b1adcf90342ab9ac009a4eefb2c71141609f93233148e5db41c6f760cbea8413d0a285b67c25f90 SHA512 8b561e583b67bc367b59eefc1d958442632b1001434a1d0874a9ae00334c80cc4a27278dac1813b0d7b255f214d060c5e60573b828bb87fc8e319dc9233f12aa +TIMESTAMP 2022-12-19T07:09:56Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmOfueRfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmOgDkRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBWORAAqllxAzLJuJBXOh+whkjYbxQI4d91nQX7i0ZNcUFxFVOWjse3Gc44zI0h -Oxw4nzhOq2yTbPvib4HRMikaZW60tMKjYU9TIwKI37hhKfeRB7Lq7Vuxt9j5otDW -adwkNtHcnXawb90SI2c2qJ6qau81kcD8cJrU9uzSi07AE+19B7Tv/dPFoowIT//a -fSxE/iDqOpFW8WL9PuiGB0lo/J8skncwGyZj1gRgl5kXdjB4UkqkxcZg7b/0aqUQ -EDCV2cAhOrKIxxPxt4HtE0ShBI2j3Pu6wbkJEgU0fWRIt9RS+/x6nJKfVi9eNpdm -p5Z+NrboeNKhBYwwiK3PaO+eEWZioWglw4pd9N90c4hv3GxkerCXwRw2rDc1+i/P -3Az0KEdlq1DQvGxXja5gql6lG+bryivV/hlG+YlJB/dBgY/ouI/ax+phsfe0p6y8 -TBDENredfXkeIyoZ+mNPkLZCNybDrOR4CI9YGVX74hvcOkDDJzz9R5QOGZaQhGLn -+eUZLayHTT+mvDidWNDoObroUX4RXPbTYe6Y1UZC/rc+VbB4QGbj39qCuU7YPIv6 -rJvK3XESFDlRMVUvQ3aJyCYLmVES8UaT+lNDNLntOy6bc3JWEFemdtpuWfsPddBK -42jIqbLbtGZPW0aNM6034OhHexxhQvSQlKzCBTP83+M839X6pDM= -=ZmSw +klCqMRAAiS85QIrWOG7GEQupDhxFa8Qg2qkynW2EMTrAo8SOjQrCJPCmJJl+41+N +p8yS90hnD37EjPvJocFXQzlY1rJxmtTCImI0zcUFsqF7AAEoS7eWxTUvD58YJ0/+ +0Saiwbl9C5UaW5lQiD6+MjhjpQowleN7eV6gRhfYNlLueM4FHrj503KVVRY+nyIJ +66I+LFEcOQzMe83uOj089P43mnBeX5W0cMlQY2f/3Lg/eSMhv7k4za8qkz+LO1x3 +dcmBb1vU0DtP6DrMkVmLPUoadSWJ5qNl8qV6kUhH/6UXtZmWt4NFvoBbCHTOtco+ +7VWCcaS//6hlQHz06gY+ZbGzzMJ4sPyLljg1SjqoRiAjr0A+TzPBzBCkFOqAQ+yD +AwapIwvVfFDG2+l7p8K4RMSrWSNNz75/VoBeMQxVTe4DFSTiEMDyGFN2UtuOT5E/ +u7z0JtKCpKUQRqYU7H9smVpzeqsI0pDdTP6aEv40H+9O2HGtCymxeFanWmDZKci1 +Lf8EajFAq9TIMNZByBUmxMQHOaBXWba9sFsXkBSW2CZEOEOXFYx0IX4FoIinPyxd +YTfNc/eQPbrnq0D9NOrgcCFTslnHf3MqE2PZrYsBiqvKYTIWkkRCcpaqwfry/iGE +vN1wXKYKVdimOH9Axvice/Z5U8p0nAvFHJJems/c6aAncrzD5iQ= +=e+c5 -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 1de893074500..08a5b8f59c90 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202212-01.xml b/metadata/glsa/glsa-202212-01.xml new file mode 100644 index 000000000000..9eff8a9e59b1 --- /dev/null +++ b/metadata/glsa/glsa-202212-01.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202212-01"> + <title>curl: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.</synopsis> + <product type="ebuild">curl</product> + <announced>2022-12-19</announced> + <revised count="1">2022-12-19</revised> + <bug>803308</bug> + <bug>813270</bug> + <bug>841302</bug> + <bug>843824</bug> + <bug>854708</bug> + <bug>867679</bug> + <bug>878365</bug> + <access>remote</access> + <affected> + <package name="net-misc/curl" auto="yes" arch="*"> + <unaffected range="ge">7.86.0</unaffected> + <vulnerable range="lt">7.86.0</vulnerable> + </package> + </affected> + <background> + <p>A command line tool and library for transferring data with URLs.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All curl users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22922">CVE-2021-22922</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22923">CVE-2021-22923</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22925">CVE-2021-22925</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22926">CVE-2021-22926</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22945">CVE-2021-22945</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22946">CVE-2021-22946</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22947">CVE-2021-22947</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22576">CVE-2022-22576</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27774">CVE-2022-27774</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27775">CVE-2022-27775</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27776">CVE-2022-27776</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27779">CVE-2022-27779</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27780">CVE-2022-27780</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27781">CVE-2022-27781</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27782">CVE-2022-27782</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30115">CVE-2022-30115</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32205">CVE-2022-32205</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32206">CVE-2022-32206</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32207">CVE-2022-32207</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32208">CVE-2022-32208</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32221">CVE-2022-32221</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35252">CVE-2022-35252</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35260">CVE-2022-35260</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42915">CVE-2022-42915</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42916">CVE-2022-42916</uri> + </references> + <metadata tag="requester" timestamp="2022-12-19T01:59:44.525711Z">ajak</metadata> + <metadata tag="submitter" timestamp="2022-12-19T01:59:44.532611Z">ajak</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202212-02.xml b/metadata/glsa/glsa-202212-02.xml new file mode 100644 index 000000000000..8048cd8cb806 --- /dev/null +++ b/metadata/glsa/glsa-202212-02.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202212-02"> + <title>Unbound: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Unbound, the worst of which could result in denial of service.</synopsis> + <product type="ebuild">unbound</product> + <announced>2022-12-19</announced> + <revised count="1">2022-12-19</revised> + <bug>872209</bug> + <bug>866881</bug> + <access>remote</access> + <affected> + <package name="net-dns/unbound" auto="yes" arch="*"> + <unaffected range="ge">1.16.3</unaffected> + <vulnerable range="lt">1.16.3</vulnerable> + </package> + </affected> + <background> + <p>Unbound is a validating, recursive, and caching DNS resolver.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Unbound. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Unbound users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/unbound-1.16.3" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3204">CVE-2022-3204</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30698">CVE-2022-30698</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30699">CVE-2022-30699</uri> + </references> + <metadata tag="requester" timestamp="2022-12-19T02:00:44.972233Z">ajak</metadata> + <metadata tag="submitter" timestamp="2022-12-19T02:00:44.976942Z">ajak</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202212-03.xml b/metadata/glsa/glsa-202212-03.xml new file mode 100644 index 000000000000..a025a7bd3169 --- /dev/null +++ b/metadata/glsa/glsa-202212-03.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202212-03"> + <title>Oracle VirtualBox: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.</synopsis> + <product type="ebuild">virtualbox,virtualbox-modules</product> + <announced>2022-12-19</announced> + <revised count="1">2022-12-19</revised> + <bug>877601</bug> + <access>remote</access> + <affected> + <package name="app-emulation/virtualbox" auto="yes" arch="*"> + <unaffected range="ge">6.1.40</unaffected> + <vulnerable range="lt">6.1.40</vulnerable> + </package> + <package name="app-emulation/virtualbox-modules" auto="yes" arch="*"> + <unaffected range="ge">6.1.40</unaffected> + <vulnerable range="lt">6.1.40</vulnerable> + </package> + </affected> + <background> + <p>VirtualBox is a powerful virtualization product from Oracle.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Oracle VirtualBox. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Oracle VirtualBox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.40" + </code> + + <p>All Oracle VirtualBox modules users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-modules-6.1.40" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21620">CVE-2022-21620</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21621">CVE-2022-21621</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21627">CVE-2022-21627</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39421">CVE-2022-39421</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39422">CVE-2022-39422</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39423">CVE-2022-39423</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39424">CVE-2022-39424</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39425">CVE-2022-39425</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39426">CVE-2022-39426</uri> + </references> + <metadata tag="requester" timestamp="2022-12-19T02:01:20.545221Z">ajak</metadata> + <metadata tag="submitter" timestamp="2022-12-19T02:01:20.550934Z">ajak</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202212-04.xml b/metadata/glsa/glsa-202212-04.xml new file mode 100644 index 000000000000..89b0b0039175 --- /dev/null +++ b/metadata/glsa/glsa-202212-04.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202212-04"> + <title>LibreOffice: Arbitrary Code Execution</title> + <synopsis>A vulnerability has been discovered in LibreOffice which could result in arbitrary script execution via crafted links.</synopsis> + <product type="ebuild">libreoffice,libreoffice-bin</product> + <announced>2022-12-19</announced> + <revised count="1">2022-12-19</revised> + <bug>876869</bug> + <access>remote</access> + <affected> + <package name="app-office/libreoffice" auto="yes" arch="*"> + <unaffected range="ge">7.3.6.2</unaffected> + <vulnerable range="lt">7.3.6.2</vulnerable> + </package> + <package name="app-office/libreoffice-bin" auto="yes" arch="*"> + <unaffected range="ge">7.3.6.2</unaffected> + <vulnerable range="lt">7.3.6.2</vulnerable> + </package> + </affected> + <background> + <p>LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity.</p> + </background> + <description> + <p>LibreOffice links using the vnd.libreoffice.command scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning.</p> + </description> + <impact type="high"> + <p>An attacker able to coerce a victim into opening a crafted LibreOffice document and execute certain actions with it could achieve remote code execution.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All LibreOffice users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-7.3.6.2" + </code> + + <p>All LibreOffice binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-7.3.6.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3140">CVE-2022-3140</uri> + </references> + <metadata tag="requester" timestamp="2022-12-19T02:01:40.422783Z">ajak</metadata> + <metadata tag="submitter" timestamp="2022-12-19T02:01:40.427016Z">ajak</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202212-05.xml b/metadata/glsa/glsa-202212-05.xml new file mode 100644 index 000000000000..9c936babde8f --- /dev/null +++ b/metadata/glsa/glsa-202212-05.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202212-05"> + <title>Mozilla Network Security Service (NSS): Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution.</synopsis> + <product type="ebuild">nss</product> + <announced>2022-12-19</announced> + <revised count="1">2022-12-19</revised> + <bug>827946</bug> + <bug>836386</bug> + <bug>848984</bug> + <bug>877169</bug> + <access>remote</access> + <affected> + <package name="dev-libs/nss" auto="yes" arch="*"> + <unaffected range="ge">3.79.2</unaffected> + <vulnerable range="lt">3.79.2</vulnerable> + </package> + </affected> + <background> + <p>The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Network Security Service (NSS). Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Network Security Service (NSS) users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.79.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43527">CVE-2021-43527</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1097">CVE-2022-1097</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3479">CVE-2022-3479</uri> + <uri>MFSA-2021-51</uri> + </references> + <metadata tag="requester" timestamp="2022-12-19T02:01:58.039074Z">ajak</metadata> + <metadata tag="submitter" timestamp="2022-12-19T02:01:58.043521Z">ajak</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 867187f303cf..3acc99a24bd0 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 19 Dec 2022 01:09:52 +0000 +Mon, 19 Dec 2022 07:09:53 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index bc76378b1cd8..2b634000a4d7 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -be9dce898af341b1581822048910cec753530cb0 1669334514 2022-11-25T00:01:54+00:00 +300d0a6989f134e6228f91cb9ea405db485ee8f0 1671415469 2022-12-19T02:04:29+00:00 |