From 2fa0c8dbba3b2455531e5616eed64f2fe66cb58b Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 24 Jan 2024 04:45:52 +0000 Subject: gentoo auto-resync : 24:01:2024 - 04:45:52 --- metadata/glsa/Manifest | 30 +++++++++--------- metadata/glsa/Manifest.files.gz | Bin 562328 -> 562804 bytes metadata/glsa/glsa-202401-27.xml | 65 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202401-28.xml | 42 +++++++++++++++++++++++++ metadata/glsa/glsa-202401-29.xml | 42 +++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 7 files changed, 166 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-27.xml create mode 100644 metadata/glsa/glsa-202401-28.xml create mode 100644 metadata/glsa/glsa-202401-29.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index d8d80cf748ec..3d21c5c89300 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 562328 BLAKE2B f917e7f3715dafbea4631d1e8735246d5b9887c3efe70c6ba46f3209bd4352c3858fb9f3b94eddfea989436bd50ec90a84cb7490a3686cfafe856b8100fc8b3c SHA512 d02be3afe2c6c1c06c58a6413b27e2ddfa1c0d22459c4da9eb5fbc7afe9b5335376f1397c09c4bae95745e7e93f1941a58053c3f1b7dfe65b33c41f933bb9720 -TIMESTAMP 2024-01-23T22:10:01Z +MANIFEST Manifest.files.gz 562804 BLAKE2B 118759e499ee06efcf469cd651c855c8e6025e7b662267a1b5da3bfe2ccef4c25c889a7a7567ac40f48ee9c0c76ce2d0b683994d7c8ea20d119f873560597ce6 SHA512 c0126932c2d8318cd86cdefffeb7cfd409d8e0d6bcc493ab0dcefe34d856d1802c7974fd3b803e43cbdf7049c64d457e8301dd8d89a6e659513c7d8786ec635a +TIMESTAMP 2024-01-24T04:10:09Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWwOTlfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWwjaFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDH7xAAlPcZCHSJc5EIICa6PdigGRDL+hot/PdElhf7fHIRJhmCHv/0GT6Lfe8a -20LFLx1TD5UJ8cHgGtnDErvsiHsdD06NLcbKLzANpq87pV4T54SWJVXR1C8Kga4r -Af5NjdXisihpIc7CH+g8IOxGcx7PEkCnhR7OjAp5a1OZ8rOTh8vVc5SmCVpuMvKn -v0cKQCSIZu51JItMwR9R3cjGfRbPoF4MBnlL3BuBzE5TAr+t9pkHrh8SfzE9D0lA -K16O2NOsIvTbfw1nPEkghzKDvt0aLid6www8WmE4mSZyL/4d8993Klek6mWAMph5 -m2HPoDE/+pl5ZhuUHPT39ZOv1KOORHGtWBKI7VmWezm1Pi4mAGgrHI87b1i501pP -wwHGMLUcLM+BcTZbJ+T7tAhirEBvxdIAoEG5vuKzrIr5knuT6w3QT4r+AyDFGU7X -5Q6o8GoZ3j3BFFDopRaGhpZFz4hxIzMxRR+2tg6Kc5kABkB2XnksH27d6RRuj5+K -kGwhsez5+F7P0TIiMyjnG9CDx2kn75lJqsa+7gemf0atgUYfJm6fjkyqFYYbQpex -JJguIfxfvlRuTmpBY24axnPqG+vTMumioOZsJPkhiF6ATyWqTia5YdycJ4zXQKDN -2nWRJkxjofKSLMR3omDxOU3ZGHRyJTeVnocpHMZaGY6qJKdRAZs= -=w3eD +klCOVA/+MIpS0KSCNXcoPPTnCurqBJvsyT9CG8jqzxG63hM5cH+YVgIvZAf9xfgT +f7WMSAvxVmNrwdCwuuzJ6vXv9VjDTzKAkPuLy3Ry9SAFmrjVLvABi1t/P25MkF/F +1jdk+y9o6V0HvTKnw+5M9tchusgO7hjgP1dQU3NB8fgpUKukKvjv9Pf4KBqItORv +wDJNuYZCSIZITOgJGa3hulnVOrqAohFidrnXUb0OEzjlAmKAB03agrBDQlr49scE +rBLfxSjFKFn5OGaCJ5ma2PljWJkTWX2QM+PioAhRDL3Sv6n1l7nImQlIypABnLSI +szH4wFVOwUXHnWtvmJzh677YTKJrtCc3UKWTrAEY7EbGtW5XFMrEPXQFPxhs7M3o +ZIC1WkEoChEStFg63pMx5Y9WE2Ie8/huPsaHJUoqudCzxSnAz7UyXyWNG74yFnGx +GpypgizE+cUMysl08Nz6kfFCCzet1Bi4kCTcCbB+RRgZ8D/Hz0H01dMQb5AV3evg +emMbfjiB9X635vCT4Y6DLqFe5iKsSo3G9EJD+tSauz4vCUb2Ni11TwFFj/wKlL4o +sMvebfUR8eukfBbnVUwTz+z3OXjPgudpfFd398p+Z6P3QHmMXxLJJbnHl8EN9iN2 +4tgL2dHaXLOYINqVNKfRP+lvY2lVCy+QSqBLEjx5lLIhsn3kZz8= +=+tWW -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 89879b805fe9..8955e9622fe8 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-27.xml b/metadata/glsa/glsa-202401-27.xml new file mode 100644 index 000000000000..d1863a090450 --- /dev/null +++ b/metadata/glsa/glsa-202401-27.xml @@ -0,0 +1,65 @@ + + + + Ruby: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. + ruby + 2024-01-24 + 2024-01-24 + 747007 + 801061 + 827251 + 838073 + 882893 + 903630 + local and remote + + + 3.1.4 + 3.2.2 + 2.5.9 + 2.6.10 + 2.7.8 + 3.0.6 + 3.1.4 + 3.2.2 + + + +

Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server ("WEBrick").

+ + +

Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Ruby users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --depclean ruby:2.5 ruby:2.6 ruby:2.7 ruby:3.0 + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.1.4:3.1" + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.2.2:3.2" + + + + CVE-2020-25613 + CVE-2021-31810 + CVE-2021-32066 + CVE-2021-33621 + CVE-2021-41816 + CVE-2021-41817 + CVE-2021-41819 + CVE-2022-28738 + CVE-2022-28739 + CVE-2023-28755 + CVE-2023-28756 + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202401-28.xml b/metadata/glsa/glsa-202401-28.xml new file mode 100644 index 000000000000..c119a331b6ee --- /dev/null +++ b/metadata/glsa/glsa-202401-28.xml @@ -0,0 +1,42 @@ + + + + GOCR: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in GOCR, the worst of which could lead to arbitrary code execution. + gocr + 2024-01-24 + 2024-01-24 + 824290 + remote + + + 0.52-r1 + + + +

GOCR is an OCR (Optical Character Recognition) program, developed under the GNU Public License. It converts scanned images of text back to text files.

+ + +

Multiple vulnerabilities have been discovered in GOCR. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for GOCR. We recommend that users unmerge it:

+ + + # emerge --ask --depclean "app-text/gocr" + + + + CVE-2021-33479 + CVE-2021-33480 + CVE-2021-33481 + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202401-29.xml b/metadata/glsa/glsa-202401-29.xml new file mode 100644 index 000000000000..fdac8be5d920 --- /dev/null +++ b/metadata/glsa/glsa-202401-29.xml @@ -0,0 +1,42 @@ + + + + sudo: Memory Manipulation + A vulnerability has been discovered in sudo which can lead to execution manipulation through rowhammer-style memory manipulation. + sudo + 2024-01-24 + 2024-01-24 + 920510 + remote + + + 1.9.15_p2 + 1.9.15_p2 + + + +

sudo allows a system administrator to give users the ability to run commands as other users.

+ + +

Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details.

+ + +

Stack/register variables can be flipped via fault injection, affecting execution flow in security-sensitive code.

+ + +

There is no known workaround at this time.

+ + +

All sudo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.15_p2" + + + + CVE-2023-42465 + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index b6dbf9c1096f..9c934f607886 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 23 Jan 2024 22:09:57 +0000 +Wed, 24 Jan 2024 04:10:07 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index edc30d72137e..67aaaee449e1 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -6ee7e022f8f6a1893b71cb4e09707f9eb56fa40b 1705934279 2024-01-22T14:37:59+00:00 +8c2ac2c642d0add8a4a53de8486398a7e94c2a7e 1706069210 2024-01-24T04:06:50+00:00 -- cgit v1.2.3