From a978c074e4272bb901fbe4a10de0a7b2af574f17 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 4 May 2021 22:28:33 +0100 Subject: gentoo resync : 04.05.2021 --- metadata/glsa/Manifest | 30 +++---- metadata/glsa/Manifest.files.gz | Bin 501179 -> 502928 bytes metadata/glsa/glsa-202104-01.xml | 52 +++++++++++++ metadata/glsa/glsa-202104-02.xml | 51 ++++++++++++ metadata/glsa/glsa-202104-03.xml | 65 ++++++++++++++++ metadata/glsa/glsa-202104-04.xml | 84 ++++++++++++++++++++ metadata/glsa/glsa-202104-05.xml | 70 +++++++++++++++++ metadata/glsa/glsa-202104-06.xml | 56 ++++++++++++++ metadata/glsa/glsa-202104-07.xml | 49 ++++++++++++ metadata/glsa/glsa-202104-08.xml | 163 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202104-09.xml | 90 +++++++++++++++++++++ metadata/glsa/glsa-202104-10.xml | 115 +++++++++++++++++++++++++++ metadata/glsa/glsa-202105-01.xml | 74 ++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 15 files changed, 886 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202104-01.xml create mode 100644 metadata/glsa/glsa-202104-02.xml create mode 100644 metadata/glsa/glsa-202104-03.xml create mode 100644 metadata/glsa/glsa-202104-04.xml create mode 100644 metadata/glsa/glsa-202104-05.xml create mode 100644 metadata/glsa/glsa-202104-06.xml create mode 100644 metadata/glsa/glsa-202104-07.xml create mode 100644 metadata/glsa/glsa-202104-08.xml create mode 100644 metadata/glsa/glsa-202104-09.xml create mode 100644 metadata/glsa/glsa-202104-10.xml create mode 100644 metadata/glsa/glsa-202105-01.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 9a40583bc91b..b624f3d0141a 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 501179 BLAKE2B 8497331f9dd69ca6298da2b244da7c443f558ba5b1a3fe30fd16624181c44f495f273604ef8a4cf26755eba9c949c383c797e8057c9baf45d23d874b04364a7a SHA512 1bcbdcac9faaadcbf738837161742f91747423833b925f90f520b0d3356096c18fcd1565918d664e0bf798a9b1b666a396108d3b8f84b2c2fd74cd3e730a319c -TIMESTAMP 2021-04-28T18:38:32Z +MANIFEST Manifest.files.gz 502928 BLAKE2B 4e05777f9b079a42eb84d60a21da4ea6f5360b3577989267141081878f0b732bcb93075e1929366199e18d3e1a21a16ae70ed796931681b1b573aa0b10cc5078 SHA512 c56775c1540b0ebb8f0386f5b352030f212f18222cbbefb95a16fa57a60aae01a7069287ba96443202c19c8e16589238b433d1da54fea1ddc1c44b81ba9fa6b7 +TIMESTAMP 2021-05-04T21:09:06Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmCJq6hfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmCRt/JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klB+jg//Y0TJkIxdlLVt3oHtahHk8rBYELFtI2VEeQR7dGOy8o3tzJrEEj+zcPd4 -MJhLBpiliMIBTwlamyHxWVbZ3pG14XX+nYtrWYJ2qLuglLhllZDIVjiVvSLXW7Nd -e1noLA7C4YXuJyPDA8fkCox0EXVTsOw2RbGGKAEAfr+D/bQPG6dsvhQ4GPOfmCb1 -nFVPVl47D1ToHHFhzV67iMX26/UXjD2l0b8psJXWrj75+YZc18U1w0kaKJeTICd9 -dhnl2L9lKfiPirT3bjE76zNcS3aszK8LyT4Z7eI85f0JUMVvNsDuADlxcfclbhTF -QeK5Hz8BSPSWtbjmegD1itAvghHn9u3Gdsrq8W6AMGsg4+M+Ir9zC+l/Th196Kip -X1ixDf43hFwEUMecZwtznf8PXH1Wa1mvq6cke9cafP4qOxeNjlaCmxfdr/0v3yoT -mntfRa05SZpXIGU2Ax5xW3ZkaU27p1so/CldlqSx5uYRSlLBlOYvODQgIK+F+zB0 -GTrhpvjHMw73QsyUDD5npw6ZTOd8iLLDHy3t9orPAisE3VyWnXd6VJYZCSwB7aSd -3O+KkDm0u/FoE0nDXpCGO1yn6R2wx8o2dXs5NFP7ajZyd8b0ecvnaEFQ45aAmpIb -mpFftQlNd90ZbSk2jpHGKkk3UcLTtE2jdKei/Q+3QQBwwCuCgF0= -=AdQL +klBb7BAAlZO9wyh6g7gW9aUNtmtGW3b3PKAvPZlwQ8Cw9QCineszNmNMxP1YV0Ps +6HwdVrg147FAiy4eiv7NNkk/U+f+ouPspLPMp6FftWm3C7pXJUyv9TCAq68Dl9NF +6Lp88/pRjzooJWIoIEeCyGwYkDtxyhOVaKHuXEVMHV8xSuqDIocoPU/vsDlqhc9v +Z+4r9sKdNm/ZD9Mv0r4xGx6DFZRQgi3BfXBgEZ41fBUsS78TQ+7o72nvskI7Azai +tNaJB+XxGdJCT5TV2U1NrDx96QUbu3CX8Xc1KYufqM9I7P/dgwcMOx1NZfic47ea +OFkt1gMUSeHU51h7pzfUD15fsa2xEpe7pUVCcPYNqfVXCIbzXUJf2d4K34p5/mdP +1RuVXqqJk6le5i/bQ0fbq224CYE/VCRhZtryzAJnwtNvn/S0MGcPjXk+mSf2hx/T +OB80rNEWsJSKojhmh6wJjPjvcDpcK5mrolnlg4bn6rmW5hhk96AFVlj5PRvMt+Qu +GFnn64jwlWzPL5nvxC4hiP48nKslKL0ZNQa43vS04/nmeWeshub6mb+u+jpbgG9S +l30YzdgteO5rF5BbpdGJM+fxIJwVykJccJnjNJ8Tnzz3ts3qxdBQkP8BAhFZ0jwY +OcRbHEC6sijjCQuCZWea2lRoOp8EILL5gYtqYUxFUednSkkqKEw= +=5mdT -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 5c152816d44d..a665ea17c60d 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202104-01.xml b/metadata/glsa/glsa-202104-01.xml new file mode 100644 index 000000000000..74237596f227 --- /dev/null +++ b/metadata/glsa/glsa-202104-01.xml @@ -0,0 +1,52 @@ + + + + Git: User-assisted execution of arbitrary code + A vulnerability has been found in Git that could allow a remote + attacker to execute arbitrary code. + + git + 2021-04-30 + 2021-04-30 + 774678 + local + + + 2.26.3 + 2.26.3 + + + +

Git is a distributed version control system designed.

+ + +

It was discovered that Git could be fooled into running remote code + during a clone on case-insensitive file systems with support for symbolic + links, if Git is configured globally to apply delay-capable clean/smudge + filters (such as Git LFS). +

+ + +

A remote attacker could entice a user to clone a specially crafted + repository, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Git users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.26.3" + + + + + CVE-2021-21300 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-02.xml b/metadata/glsa/glsa-202104-02.xml new file mode 100644 index 000000000000..fc7805e8fe2d --- /dev/null +++ b/metadata/glsa/glsa-202104-02.xml @@ -0,0 +1,51 @@ + + + + X.Org X Server: Privilege escalation + A vulnerability in X.Org X Server may allow users to escalate + privileges. + + xorg-server + 2021-04-30 + 2021-04-30 + 782679 + local, remote + + + 1.20.11 + 1.20.11 + + + +

The X Window System is a graphical windowing system based on a + client/server model. +

+ + +

It was discovered that X.Org X Server did not sufficiently check the + length of the XInput extension’s ChangeFeedbackControl request. +

+ + +

An authorized attacker could possibly escalate privileges, or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All X.Org X Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.20.11" + + + + + CVE-2021-3472 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-03.xml b/metadata/glsa/glsa-202104-03.xml new file mode 100644 index 000000000000..1486ced0fbaf --- /dev/null +++ b/metadata/glsa/glsa-202104-03.xml @@ -0,0 +1,65 @@ + + + + WebkitGTK+: Multiple vulnerabilities + Multiple vulnerabilities have been found in WebkitGTK+, the worst + of which could result in the arbitrary execution of code. + + webkit-gtk + 2021-04-30 + 2021-04-30 + 770793 + 773193 + local, remote + + + 2.30.6 + 2.30.6 + + + +

WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. +

+ + +

Multiple vulnerabilities have been discovered in WebkitGTK+. Please + review the CVE identifiers referenced below for details. +

+ + +

An attacker, by enticing a user to visit maliciously crafted web + content, may be able to execute arbitrary code, violate iframe sandboxing + policy, access restricted ports on arbitrary servers, cause memory + corruption, or could cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All WebkitGTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6" + + + + + CVE-2020-13558 + CVE-2020-27918 + CVE-2020-29623 + CVE-2020-9947 + CVE-2021-1765 + CVE-2021-1789 + CVE-2021-1799 + CVE-2021-1801 + CVE-2021-1870 + WSA-2021-0001 + WSA-2021-0002 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-04.xml b/metadata/glsa/glsa-202104-04.xml new file mode 100644 index 000000000000..09f39c7237d8 --- /dev/null +++ b/metadata/glsa/glsa-202104-04.xml @@ -0,0 +1,84 @@ + + + + Python: Multiple vulnerabilities + Multiple vulnerabilities have been found in Python, the worst of + which might allow attackers to access sensitive information. + + python + 2021-04-30 + 2021-04-30 + 770853 + 779841 + 779844 + local, remote + + + 2.7.18_p8 + 3.6.13_p1 + 3.7.10_p1 + 3.8.8_p1 + 3.9.2_p1 + 3.9.2_p1 + + + +

Python is an interpreted, interactive, object-oriented programming + language. +

+ + +

Multiple vulnerabilities have been discovered in Python. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Python 2.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.18_p8" + + +

All Python 3.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.6.13_p1" + + +

All Python 3.7 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.7.10_p1" + + +

All Python 3.8 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.8_p1" + + +

All Python 3.9 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.2_p1" + + + + + CVE-2021-23336 + CVE-2021-3426 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-05.xml b/metadata/glsa/glsa-202104-05.xml new file mode 100644 index 000000000000..9f9c0ce72f3e --- /dev/null +++ b/metadata/glsa/glsa-202104-05.xml @@ -0,0 +1,70 @@ + + + + GRUB: Multiple vulnerabilities + Multiple vulnerabilities have been found in GRUB, the worst might + allow for circumvention of UEFI Secure Boot. + + grub + 2021-04-30 + 2021-04-30 + 734654 + 773991 + local + + + 2.06_rc1 + 2.06_rc1 + + + +

GNU GRUB is a multiboot boot loader used by most Linux systems.

+ + +

Multiple vulnerabilities have been discovered in GRUB. Please review the + CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All GRUB users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/grub-2.06_rc1" + + +

After upgrading, make sure to run the grub-install command with options + appropriate for your system. See the GRUB Quick Start guide in the + references below for examples. Your system will be vulnerable until this + action is performed. +

+ + + CVE-2020-10713 + CVE-2020-14308 + CVE-2020-14309 + CVE-2020-14310 + CVE-2020-14311 + CVE-2020-14372 + CVE-2020-15705 + CVE-2020-15706 + CVE-2020-15707 + CVE-2020-25632 + CVE-2020-25647 + CVE-2020-27749 + CVE-2020-27779 + CVE-2021-20225 + CVE-2021-20233 + GRUB Quick Start + guide + + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-06.xml b/metadata/glsa/glsa-202104-06.xml new file mode 100644 index 000000000000..ec8e0eaa696c --- /dev/null +++ b/metadata/glsa/glsa-202104-06.xml @@ -0,0 +1,56 @@ + + + + libTIFF: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibTIFF, the worst of + which could result in the execution of arbitrary code. + + libtiff + 2021-04-30 + 2021-04-30 + 775125 + local, remote + + + 4.2.0 + 4.2.0 + + + +

The TIFF library contains encoding and decoding routines for the Tag + Image File Format. It is called by numerous programs, including GNOME and + KDE applications, to interpret TIFF images. +

+ + +

Multiple vulnerabilities have been discovered in LibTIFF. Please review + the referenced CVE identifiers for details. +

+ + +

A remote attacker, by enticing the user to process a specially crafted + TIFF file, could possibly execute arbitrary code with the privileges of + the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All LibTIFF users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.2.0" + + + + + CVE-2020-35521 + CVE-2020-35522 + CVE-2020-35523 + CVE-2020-35524 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-07.xml b/metadata/glsa/glsa-202104-07.xml new file mode 100644 index 000000000000..bd3937bee365 --- /dev/null +++ b/metadata/glsa/glsa-202104-07.xml @@ -0,0 +1,49 @@ + + + + ClamAV: Denial of Service + A vulnerability in ClamAV could lead to a Denial of Service + condition. + + clamav + 2021-04-30 + 2021-04-30 + 780894 + local, remote + + + 0.103.2 + 0.103.2 + + + +

ClamAV is a GPL virus scanner.

+ + +

A vulnerability has been discovered in ClamAV. Please review the CVE + identifier referenced below for details. +

+ + +

A remote attacker could cause ClamAV to scan a specially crafted file, + possibly resulting a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ClamAV users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.2" + + + + + CVE-2021-1405 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-08.xml b/metadata/glsa/glsa-202104-08.xml new file mode 100644 index 000000000000..8fca53ce6b6a --- /dev/null +++ b/metadata/glsa/glsa-202104-08.xml @@ -0,0 +1,163 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + + chromium,google-chrome + 2021-04-30 + 2021-04-30 + 768459 + 768831 + 771012 + 774015 + 776181 + 779493 + 782802 + 782970 + 784554 + 785889 + local, remote + + + 90.0.4430.93 + 90.0.4430.93 + + + 90.0.4430.93 + 90.0.4430.93 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-90.0.4430.93" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-90.0.4430.93" + + + + + CVE-2021-21142 + CVE-2021-21143 + CVE-2021-21144 + CVE-2021-21145 + CVE-2021-21146 + CVE-2021-21147 + CVE-2021-21148 + CVE-2021-21149 + CVE-2021-21150 + CVE-2021-21151 + CVE-2021-21152 + CVE-2021-21153 + CVE-2021-21154 + CVE-2021-21155 + CVE-2021-21156 + CVE-2021-21157 + CVE-2021-21159 + CVE-2021-21160 + CVE-2021-21161 + CVE-2021-21162 + CVE-2021-21163 + CVE-2021-21165 + CVE-2021-21166 + CVE-2021-21167 + CVE-2021-21168 + CVE-2021-21169 + CVE-2021-21170 + CVE-2021-21171 + CVE-2021-21172 + CVE-2021-21173 + CVE-2021-21174 + CVE-2021-21175 + CVE-2021-21176 + CVE-2021-21177 + CVE-2021-21178 + CVE-2021-21179 + CVE-2021-21180 + CVE-2021-21181 + CVE-2021-21182 + CVE-2021-21183 + CVE-2021-21184 + CVE-2021-21185 + CVE-2021-21186 + CVE-2021-21187 + CVE-2021-21188 + CVE-2021-21189 + CVE-2021-2119 + CVE-2021-21191 + CVE-2021-21192 + CVE-2021-21193 + CVE-2021-21194 + CVE-2021-21195 + CVE-2021-21196 + CVE-2021-21197 + CVE-2021-21198 + CVE-2021-21199 + CVE-2021-21201 + CVE-2021-21202 + CVE-2021-21203 + CVE-2021-21204 + CVE-2021-21205 + CVE-2021-21206 + CVE-2021-21207 + CVE-2021-21208 + CVE-2021-21209 + CVE-2021-21210 + CVE-2021-21211 + CVE-2021-21212 + CVE-2021-21213 + CVE-2021-21214 + CVE-2021-21215 + CVE-2021-21216 + CVE-2021-21217 + CVE-2021-21218 + CVE-2021-21219 + CVE-2021-21220 + CVE-2021-21221 + CVE-2021-21222 + CVE-2021-21223 + CVE-2021-21224 + CVE-2021-21225 + CVE-2021-21226 + CVE-2021-21227 + CVE-2021-21228 + CVE-2021-21229 + CVE-2021-21230 + CVE-2021-21231 + CVE-2021-21232 + CVE-2021-21233 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-09.xml b/metadata/glsa/glsa-202104-09.xml new file mode 100644 index 000000000000..079925cdc2cd --- /dev/null +++ b/metadata/glsa/glsa-202104-09.xml @@ -0,0 +1,90 @@ + + + + Mozilla Thunderbird: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Thunderbird, + the worst of which could result in the arbitrary execution of code. + + thunderbird + 2021-04-30 + 2021-04-30 + 772287 + 778272 + 784578 + local, remote + + + 78.10.0 + 78.10.0 + + + 78.10.0 + 78.10.0 + + + +

Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-78.10.0" + + +

All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-78.10.0" + + + + + CVE-2021-23961 + CVE-2021-23968 + CVE-2021-23969 + CVE-2021-23973 + CVE-2021-23978 + CVE-2021-23981 + CVE-2021-23982 + CVE-2021-23984 + CVE-2021-23987 + CVE-2021-23994 + CVE-2021-23995 + CVE-2021-23998 + CVE-2021-23999 + CVE-2021-24002 + CVE-2021-29945 + CVE-2021-29946 + CVE-2021-29948 + + MFSA-2021-09 + + + MFSA-2021-12 + + + MFSA-2021-14 + + + whissi + whissi + diff --git a/metadata/glsa/glsa-202104-10.xml b/metadata/glsa/glsa-202104-10.xml new file mode 100644 index 000000000000..02a76e567bf1 --- /dev/null +++ b/metadata/glsa/glsa-202104-10.xml @@ -0,0 +1,115 @@ + + + + Mozilla Firefox: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which could result in the arbitrary execution of code. + + firefox + 2021-04-30 + 2021-04-30 + 772305 + 778269 + 784572 + local, remote + + + 78.10.0 + 88.0 + 88.0 + + + 78.10.0 + 88.0 + 88.0 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla + project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox ESR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-78.10.0" + + +

All Mozilla Firefox ESR binary users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-78.10.0" + + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-88.0" + + +

All Mozilla Firefox binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-88.0" + + + + + CVE-2021-23961 + CVE-2021-23968 + CVE-2021-23969 + CVE-2021-23970 + CVE-2021-23971 + CVE-2021-23972 + CVE-2021-23973 + CVE-2021-23974 + CVE-2021-23975 + CVE-2021-23976 + CVE-2021-23977 + CVE-2021-23978 + CVE-2021-23981 + CVE-2021-23982 + CVE-2021-23983 + CVE-2021-23984 + CVE-2021-23985 + CVE-2021-23986 + CVE-2021-23987 + CVE-2021-23988 + CVE-2021-23994 + CVE-2021-23995 + CVE-2021-23998 + CVE-2021-23999 + CVE-2021-24002 + CVE-2021-29945 + CVE-2021-29946 + + MFSA-2021-08 + + + MFSA-2021-11 + + + MFSA-2021-15 + + + whissi + whissi + diff --git a/metadata/glsa/glsa-202105-01.xml b/metadata/glsa/glsa-202105-01.xml new file mode 100644 index 000000000000..9d471cc9a50c --- /dev/null +++ b/metadata/glsa/glsa-202105-01.xml @@ -0,0 +1,74 @@ + + + + Exim: Multiple vulnerabilities + Multiple vulnerabilities have been found in Exim, the worst of + which allows remote attackers to execute arbitrary code. + + exim + 2021-05-04 + 2021-05-04 + 786945 + local, remote + + + 4.94.2 + 4.94.2 + + + +

Exim is a message transfer agent (MTA) designed to be a a highly + configurable, drop-in replacement for sendmail. +

+ + +

Multiple vulnerabilities have been discovered in Exim. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker, by connecting to the SMTP listener daemon, could + possibly execute arbitrary code with the privileges of the process or + cause a Denial of Service condition. Furthermore, a local attacker could + perform symlink attacks to overwrite arbitrary files with the privileges + of the user running the application or escalate privileges. +

+ + +

There is no known workaround at this time.

+ + +

All Exim users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.94.2" + + + + + CVE-2020-28007 + CVE-2020-28008 + CVE-2020-28009 + CVE-2020-28010 + CVE-2020-28011 + CVE-2020-28012 + CVE-2020-28013 + CVE-2020-28014 + CVE-2020-28015 + CVE-2020-28016 + CVE-2020-28017 + CVE-2020-28018 + CVE-2020-28019 + CVE-2020-28020 + CVE-2020-28021 + CVE-2020-28022 + CVE-2020-28023 + CVE-2020-28024 + CVE-2020-28025 + CVE-2020-28026 + CVE-2021-27216 + + whissi + whissi + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 8e00199f4a7a..2d5a3dd5b3b6 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 28 Apr 2021 18:38:28 +0000 +Tue, 04 May 2021 21:09:02 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 212cb4faf828..785900450f6b 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -9df841975125d76bb458214192472faedfc1d3f7 1617193334 2021-03-31T12:22:14+00:00 +ce41c6125acff2a3d4d5dec0069d73d86997778a 1620156660 2021-05-04T19:31:00+00:00 -- cgit v1.2.3