From 12c98a960f86d0bb23d3f06379f87d3d39d494ed Mon Sep 17 00:00:00 2001 From: David Michael Date: Wed, 18 Oct 2017 12:25:42 -0700 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../metadata/glsa/glsa-201710-17.xml | 98 +++++++++++++++++++ .../metadata/glsa/glsa-201710-18.xml | 69 +++++++++++++ .../metadata/glsa/glsa-201710-19.xml | 58 +++++++++++ .../metadata/glsa/glsa-201710-20.xml | 60 ++++++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 6 files changed, 287 insertions(+), 2 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-20.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-17.xml new file mode 100644 index 0000000000..4aaef6b683 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-17.xml @@ -0,0 +1,98 @@ + + + + Xen: Multiple vulnerabilities + Multiple vulnerabilities have been found in Xen, the worst of which + may allow local attackers to escalate privileges. + + xen + 2017-10-18 + 2017-10-18: 1 + 624112 + 624116 + 624118 + 624124 + 624128 + local + + + 4.7.3 + 4.7.3 + + + 4.7.3 + 4.7.3 + + + 4.7.3 + 4.7.3 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + referenced CVE identifiers for details. +

+ + +

A local attacker could escalate privileges, cause a Denial of Service + condition, obtain sensitive information, or have other unspecified + impacts. +

+ + +

There is no known workaround at this time.

+ + +

All Xen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.7.3" + + +

All Xen pvgrub users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.7.3" + + +

All Xen Tools users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.7.3" + + + + + CVE-2017-10912 + + + CVE-2017-10913 + + + CVE-2017-10914 + + + CVE-2017-10915 + + + CVE-2017-10918 + + + CVE-2017-10920 + + + CVE-2017-10921 + + + CVE-2017-10922 + + + b-man + chrisadr + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-18.xml new file mode 100644 index 0000000000..e06ac6f879 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-18.xml @@ -0,0 +1,69 @@ + + + + Ruby: Multiple vulnerabilities + Multiple vulnerabilities have been found in Ruby, the worst of + which could lead to the remote execution of arbitrary code. + + ruby + 2017-10-18 + 2017-10-18: 1 + 605536 + 629484 + 631034 + remote + + + 2.2.8 + 2.2.8 + + + +

Ruby is an interpreted object-oriented programming language. The + elaborate standard library includes an HTTP server (“WEBRick”) and a + class for XML parsing (“REXML”). +

+ + +

Multiple vulnerabilities have been discovered in Ruby. Please review the + referenced CVE identifiers for details. +

+ + + +

A remote attacker could execute arbitrary code, cause a Denial of + Service condition, or obtain sensitive information. +

+ + + +

There is no known workaround at this time.

+ + +

All Ruby users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.2.8" + + + + + CVE-2016-2337 + + + CVE-2017-0898 + + + CVE-2017-10784 + + + CVE-2017-14033 + + + CVE-2017-14064 + + + b-man + chrisadr + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-19.xml new file mode 100644 index 0000000000..26dcefc9ce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-19.xml @@ -0,0 +1,58 @@ + + + + libarchive: Multiple vulnerabilities + Multiple vulnerabilities have been found in libarchive, the worst + of which could lead to a Denial of Service condition. + + libarchive + 2017-10-18 + 2017-10-18: 1 + 618026 + remote + + + 3.3.0 + 3.3.0 + + + +

libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +

+ + +

Multiple vulnerabilities have been discovered in libarchive. Please + review the referenced CVE identifiers for details. +

+ + + +

A remote attacker, via a specially crafted file, could possibly cause a + Denial of Service condition. +

+ + + +

There is no known workaround at this time.

+ + +

All libarchive users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.3.0" + + + + + CVE-2016-10349 + + + CVE-2016-10350 + + + b-man + chrisadr + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-20.xml new file mode 100644 index 0000000000..d7af0c0ae9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-20.xml @@ -0,0 +1,60 @@ + + + + Nagios: Multiple vulnerabilities + Multiple vulnerabilities have been found in Nagios, the worst of + which could lead to the remote execution of arbitrary code. + + nagios + 2017-10-18 + 2017-10-18: 1 + 602216 + 628086 + local, remote + + + 4.3.3 + 4.3.3 + + + +

Nagios is an open source host, service and network monitoring program.

+ + +

Multiple vulnerabilities have been discovered in Nagios. Please review + the referenced CVE identifiers for details. +

+ + + +

A remote attacker could possibly escalate privileges to root, thus + allowing the execution of arbitrary code, by leveraging CVE-2016-9565. + Additionally, a local attacker could cause a Denial of Service condition + against arbitrary processes due to the improper dropping of privileges. +

+ + +

There is no known workaround at this time.

+ + +

All Nagios users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-4.3.3" + + + + + CVE-2016-9565 + + + CVE-2016-9566 + + + CVE-2017-12847 + + + BlueKnight + chrisadr + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index a3e68c623d..81719f848a 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 15 Oct 2017 21:09:21 +0000 +Wed, 18 Oct 2017 18:39:05 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index a05cb74363..5e2249358c 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -f5081800804d6a1f4598cbc03e5a8f2664f6a070 1508098974 2017-10-15T20:22:54+00:00 +8c9b32528b910251b1fe3992838c97ba223db5d7 1508289507 2017-10-18T01:18:27+00:00