From abe17cf152eeb7571da8db4b25a30465644a41ba Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Thu, 7 Nov 2024 03:03:27 +0000 Subject: gentoo auto-resync : 07:11:2024 - 03:03:27 --- metadata/glsa/Manifest | 30 +++++++++++++-------------- metadata/glsa/Manifest.files.gz | Bin 590436 -> 591237 bytes metadata/glsa/glsa-202411-01.xml | 41 +++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202411-02.xml | 43 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202411-03.xml | 42 ++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202411-04.xml | 42 ++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202411-05.xml | 43 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 9 files changed, 228 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202411-01.xml create mode 100644 metadata/glsa/glsa-202411-02.xml create mode 100644 metadata/glsa/glsa-202411-03.xml create mode 100644 metadata/glsa/glsa-202411-04.xml create mode 100644 metadata/glsa/glsa-202411-05.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 657aaae12866..385b04e44fd7 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 590436 BLAKE2B 15aabc4185729e136cdcfaf5f8f985f8037a950c2674b40f4a60d6db55b6e66ddf62465183eec797a8745737731f08c9f5b7997b3092ca23932abe139760e3a2 SHA512 d4bc062a4c9898005fcd53314c2db40baaef3e5725ab92e762d55ae3747dcb34a1602299c2aa4bdf60a06b6f322e89ee0b897eafffb10de6e5392274ab828bc5 -TIMESTAMP 2024-11-06T02:40:48Z +MANIFEST Manifest.files.gz 591237 BLAKE2B 337b7bfb955540c4a1db37248b67e090eaeeb7b8bd1be2166a7b7b6b7877361e29661e73dffac923196433912a6797bf800bd067ee7f993890f6ac1e2f34bc49 SHA512 3ec2beca56ab3930f53a204889fc0b11246eb13af838a455e7955b61d8b6e21c61a23bc9f21acf3897bce56f1f4d035316c961dd19264f3c406050ed06677149 +TIMESTAMP 2024-11-07T02:40:47Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmcq1zBfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmcsKK9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBbkxAAhQ524ukEQl0f6NJaTU9R3UmBbuvIJnxQ8L8BKE9lAWrDgyodl7TKebyc -qGCYJ/j8xCIhmAxdxdEZo8QKtJ9219zQXcr6cP/5T5zfRSBdaENqRvAEQ6+58Phc -V0lw7xtadAPtw5+7g0q8M63QNhmtcpOxLA7tgkioG+iGhc4Atf4clXtBs0dsg2h1 -pcXTwG+DPcr+VpXPqiHNfJI2j6C4Sx+O13PtdqU/AHg0EmQHJiyYWlD7hU469FrF -TD6uLE0E0GA/rdzyFaX8JbwDMI15bDpOFOqT6Jfk69Q72FaTUE8q52XFJARt5gwW -sLYfMD4LGRKvu2JB+74J1VlIg8MNe+dh0y7Tme7dLNiw7TGwgA5u4HcmfqhOns0x -ohuOUrRUm3LLXnwAMbR9lvpbIBac/U6KehKt2ZUDQCDE5BHKU4gZ6MVamPNHsKcK -YYV3qoPbi0b7FJMwnMkhCopK37yHHWAUF1dYyQK5asqHkYV26QdQY3oms5Xs27tz -LjNV+FY9dTBwJH5aDjv2JKYZ+GW7rGJUOcXLW4larmMgOgcZhA3+MjM8gG/RDBgV -lNWOx31VQrVcQYiWXx9lbMFDg6Vq+2GbioYgqVYC9rRJW2cMyoKRII5aEswWVxSd -jzpUfELrv/k/5hOKxeQyZk22dzqRFzffvBL8eHjw80VxHeqaxe0= -=1gxs +klDapA//ZxCIpvWq6w9eD6Ivc+r+Kj7cmRZAi/+F++QYh8luRI8MTtGat6FdYLSy +R8JOLwOh1kdtbzCYJ3kinpeYOxPaUEXxCAR1ToP17VVnftRDGF3K8psg1u6evv+Z +u1Ai5mz/CdwXtLq6jmbeNs/B/We4kytCbHQIROodOrCcHqCxk5f7UfyS7Nq4g83k +v8kKbvWtModsyjij/f0mmlcEtTCVdQe90aAAbWaUJ5DfBSKnvQwJHTsu5hnsvQF+ +xwClnbPCDdMdKx+YhDQvHe6P+HbcDUWogwtwGSQWhFtawdDr8rY/Oe9pf9xH9m5p +3PqJkI91s+wCNS1q+o0mNoLi891T+zq2PRMegEqeVqdWg/GdUbrXYQjOfKD0w+Qv +R42qF4PSrJpOGGAbKzh3CJJPOtzaTY8ftHfaN+2sdbMl+9uV3RFsfyK6/BXzwUqP +StVYDAdLofB7QaVIhH4h6x07niQC/uLRjovABeXNp+n1bgrCOY5LHQPhH6HT8dzG +GNss76rzzeraQuRamY+uOz3ObE57S1Laj/EGUv0vziNaZcBubyLqe5IAp593aaW/ +fOgfCaH4lZ/T/Z4WQ8SC7alWj5nMHCnEXSWdQoZVWq0p42uzHFhkXKfYrBLRbh97 +ur+DsRoktbInkvArHQGA1SVJysfsZvEUf5WC7C0dkuJgMLXwjVA= +=F5FX -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 3b2eab36a094..6a5fd4ebf046 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202411-01.xml b/metadata/glsa/glsa-202411-01.xml new file mode 100644 index 000000000000..3cd99d6fb585 --- /dev/null +++ b/metadata/glsa/glsa-202411-01.xml @@ -0,0 +1,41 @@ + + + + Neat VNC: Authentication Bypass + A vulnerability has been discovered in Neat VNC, which can lead to authentication bypass. + neatvnc + 2024-11-06 + 2024-11-06 + 937140 + remote + + + 0.8.1 + 0.8.1 + + + +

Neat VNC is a liberally licensed VNC server library that's intended to be fast and neat.

+ + +

Neat VNC allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

+ + +

A remote attacker can opt not to use any authentication method and access the VNC server.

+ + +

There is no known workaround at this time.

+ + +

All Neat VNC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=gui-libs/neatvnc-0.8.1" + + + + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202411-02.xml b/metadata/glsa/glsa-202411-02.xml new file mode 100644 index 000000000000..12faaef09e82 --- /dev/null +++ b/metadata/glsa/glsa-202411-02.xml @@ -0,0 +1,43 @@ + + + + Flatpak: Sandbox Escape + A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape. + flatpak + 2024-11-06 + 2024-11-06 + 937936 + remote + + + 1.4.10 + 1.4.10 + + + +

Flatpak is a Linux application sandboxing and distribution framework.

+ + +

A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details.

+ + +

A malicious or compromised Flatpak app using persistent directories could +read and write files in locations it would not normally have access to.

+ + +

There is no known workaround at this time.

+ + +

All Flatpak users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.4.10" + + + + CVE-2024-42472 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202411-03.xml b/metadata/glsa/glsa-202411-03.xml new file mode 100644 index 000000000000..3b801a3310b8 --- /dev/null +++ b/metadata/glsa/glsa-202411-03.xml @@ -0,0 +1,42 @@ + + + + Ubiquiti UniFi: Privilege Escalation + A vulnerability has been discovered in Ubiquiti UniFi, which can lead to local privilege escalation. + unifi + 2024-11-06 + 2024-11-06 + 941922 + local + + + 8.5.6 + 8.5.6 + + + +

Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs.

+ + +

A vulnerability has been discovered in Ubiquiti UniFi. Please review the CVE identifier referenced below for details.

+ + +

The vulnerability allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.

+ + +

There is no known workaround at this time.

+ + +

All Ubiquiti UniFi users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/unifi-8.5.6" + + + + CVE-2024-42028 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202411-04.xml b/metadata/glsa/glsa-202411-04.xml new file mode 100644 index 000000000000..719a3378d3ef --- /dev/null +++ b/metadata/glsa/glsa-202411-04.xml @@ -0,0 +1,42 @@ + + + + EditorConfig core C library: arbitrary stack write + A vulnerability has been discovered in EditorConfig Core C library, which may lead to arbitrary code execution. + editorconfig-core-c + 2024-11-06 + 2024-11-06 + 905308 + local and remote + + + 0.12.6 + 0.12.6 + + + +

EditorConfig core library written in C (for use by plugins supporting EditorConfig parsing)

+ + +

A vulnerability has been discovered in EditorConfig Core C library. Please review the CVE identifier referenced below for details.

+ + +

Please review the referenced CVE identifier for details.

+ + +

There is no known workaround at this time.

+ + +

All EditorConfig core C library users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/editorconfig-core-c-0.12.6" + + + + CVE-2023-0341 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/glsa-202411-05.xml b/metadata/glsa/glsa-202411-05.xml new file mode 100644 index 000000000000..bbff68c04a71 --- /dev/null +++ b/metadata/glsa/glsa-202411-05.xml @@ -0,0 +1,43 @@ + + + + libgit2: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in libgit2, the worst of which could lead to arbitrary code execution. + libgit2 + 2024-11-06 + 2024-11-06 + 891525 + 923971 + remote + + + 1.7.2 + 1.7.2 + + + +

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language that supports C bindings.

+ + +

Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libgit2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libgit2-1.7.2" + + + + CVE-2023-22742 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 82d56615b53b..b2379dc33b1d 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 06 Nov 2024 02:40:45 +0000 +Thu, 07 Nov 2024 02:40:42 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 7474dc84acd3..4ae8a8888c86 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -93155fde00088b123d8b46acf068ecadcf7bcfdb 1727512056 2024-09-28T08:27:36Z +781f9b3a3d3c32e196db69205e615bdfd40b6c49 1730902566 2024-11-06T14:16:06Z -- cgit v1.2.3