mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 18:06:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #697 from dm0-/glsa

Browse Source 
bump(metadata/glsa): sync with upstream
This commit is contained in:
David Michael 2018-11-01 12:14:22 -04:00 committed by GitHub
commit 16e085aa67
11 changed files with 446 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MANIFEST Manifest.files.gz 428688 BLAKE2B ad7b0e93dc8d25ffce2b6b151e2b2f9d3f4644e2e0bd01b04b2cf32db642d1d55604ebfba538d50e5bffd72012f36cafeebb5fa8b059c51e9495a17ed7d24e61 SHA512 38eef2b8a964d52745f651dc5c44cb508b253654c94f1704d61e63093636d75a72c2f7e2db78f40261fe9fecdede9dacd2401b62f42b01813651f01c9fe87245
TIMESTAMP 2018-10-07T19:38:41Z
MANIFEST Manifest.files.gz 429647 BLAKE2B a411cce710ab8dd39a655bd0e0cc190fbcae6f53119ffd89cae0be474bd52b18b9f669c37dc08ddc9e6dc2a29bf677b9015df98cc57c2d30284d663c0b745fe0 SHA512 727e13fbfd98dfc90a62c0a63c29d8331a6b94e4b42d913790e4a78f814e95d07a616b3b426612b6bfed54ee01f6b9889ca7c2f42345120b9b84f4679ebf482d
TIMESTAMP 2018-11-01T14:08:44Z
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlu6YMFfFIAAAAAALgAo
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvbCO1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klBcCw/+KQFZnE+4IPn8ztI2u4v/O0Nsm2Nmv0gKVaRrGLSszOh1NQ7I2/Ran1vH
JH7U1joN/9/se20Sx5nqaXt2ubVNhu4jRYrFVNbbAuDyNqLr8NPi2I0YQPa0pqkW
bxvcNQjcQ5s2tWZTMANkt3DriA117zQidyFjOuZKcZkx5eiTcSq/ICtpF4vQT9U1
PaB9moOXB7gM+EVvskPYT5D3f16Pe2xTdMPVV7DqDCQFxO7VuiX1tZagVuTkR8Ik
bg5f26ap0TpZOGpCXD56VTOUupb5Yf4K8OJgeg9Q8OQEihXxx2q3fLg69Zf/4E0t
Nwg+uoXvov8EsL8v9W+Tmx9EZTPy1zgTPkqz4e9WsfrVq5QDvro3/tTR28AkhO1i
jzEsR4CZpghnVhl0yejTyrx0u3oP1txkoqpa7DPgUTE3dTICmYiEP/YGtKp7qoIv
/eoUnAA50ojeobe8kx7PxQrgWFZbK4ImWZZvTE+5oTVQrTiUse/vJb4il1Xe0xWU
Dalh9+9K8WrnBfZ6kv7hevdAEmnxZZzX1jPGe1gRLKoBVa/JeXLnmfq8v2li7W53
uT4nEWZ2Tv+SKSOET8oZfzPL4GjufIyWfNZ1noPjfonXy9J99yb1mkp7Wpcak0c+
8nMYs6pFmQeaerLMbnRGmitvGkpcipZFw3PJFlsh/xnq+/KCM0Y=
=tYDL
klA5CQ/+Pvm8ev0pfBO6Cs4RoX5CuI2J+zoJXpLwjZyyZ2tCQDQNf7yulp4XfHZa
QRgepSNvJQ9eYgdc2vTxgmXWqw21ARlJw2CK1Zckrvh0Q0eHWTcnWVQj/IKHa8TT
O4NIri0EMV6cEdUz5XCKDZrOffBPfl+uE5WI33SosM+YKZEYnFT0zBPJmFZysxSM
O9T/IiiRrk5rvP+0P8SVnCewmtm3Tw5lhyMU39yHnznY3klFAI4t8G0Di1wpIJ2N
lRhOITHi2cf/koGIcOCuroplkfvUkHWnssOnLD6wF3SPoC+aUFx9ErzidftUkO+C
nExOq7l1x0vu32bRxBVIDZCp3pWo3nkgk+F+kTi9Cbv+8nlbv8oEnmAl+CDHDh+J
UHF+P4u50VA/GIrulWH7LEqlhJQWMfUXxQEhcb/KZJmj7X2KMmGFGYVibIvnUVqJ
eEd84auxv3XtKMPIxIiv8y7kiqd09iFIoKkcM4FVSrEOiVFucRjpnIOn5mCOtych
cV4eM87C+JERmcqKoVCxm/QtWJON5w97U/MoiOc7iMs4jStR6YoMk5Wtig9JNRaI
90H7+DHyzDoznXi1Rlo8U9ANh1jTXaBk6YaoGIxEKMsT8GVRRMCfCGKMpyJWk1+1
UHZU3ahSMWXVGCNytJopG4qDRnHGsYFqZjEXcGCwQvQv/hnlB9U=
=Zg1g
-----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

10
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201808-02.xml vendored
View File

@ -7,13 +7,13 @@
</synopsis>
<product type="ebuild">lxc</product>
<announced>2018-08-22</announced>
<revised count="2">2018-08-22</revised>
<revised count="3">2018-10-17</revised>
<bug>662780</bug>
<access>local</access>
<affected>
<package name="app-emulation/lxc" auto="yes" arch="*">
<unaffected range="ge">3.0.1-r1</unaffected>
<vulnerable range="lt">3.0.1-r1</vulnerable>
<unaffected range="ge">2.1.1-r1</unaffected>
<vulnerable range="lt">2.1.1-r1</vulnerable>
</package>
</affected>
<background>
@ -39,7 +39,7 @@
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-emulation/lxc-3.0.1-r1"
# emerge --ask --oneshot --verbose "&gt;=app-emulation/lxc-2.1.1-r1"
</code>
</resolution>
@ -47,5 +47,5 @@
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6556">CVE-2018-6556</uri>
</references>
<metadata tag="requester" timestamp="2018-08-13T17:16:02Z">irishluck83</metadata>
<metadata tag="submitter" timestamp="2018-08-22T21:31:58Z">Zlogene</metadata>
<metadata tag="submitter" timestamp="2018-10-17T23:09:04Z">Zlogene</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201810-05.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201810-05">
<title>xkbcommon: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in xkbcommon, the worst of
which may lead to a Denial of Service condition.
</synopsis>
<product type="ebuild">libxkbcommon</product>
<announced>2018-10-30</announced>
<revised count="1">2018-10-30</revised>
<bug>665702</bug>
<access>local</access>
<affected>
<package name="x11-libs/libxkbcommon" auto="yes" arch="*">
<unaffected range="ge">0.8.2</unaffected>
<vulnerable range="lt">0.8.2</vulnerable>
</package>
</affected>
<background>
<p>xkbcommon is a library to handle keyboard descriptions, including
loading them from disk, parsing them and handling their state.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libxkbcommon. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A local attacker could supply a specially crafted keymap file possibly
resulting in a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libxkbcommon users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=x11-libs/libxkbcommon-0.8.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15853">CVE-2018-15853</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15854">CVE-2018-15854</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15855">CVE-2018-15855</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15856">CVE-2018-15856</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15857">CVE-2018-15857</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15858">CVE-2018-15858</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15859">CVE-2018-15859</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15861">CVE-2018-15861</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15862">CVE-2018-15862</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15863">CVE-2018-15863</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15864">CVE-2018-15864</uri>
</references>
<metadata tag="requester" timestamp="2018-10-14T16:59:09Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-10-30T20:41:12Z">whissi</metadata>
</glsa>

83
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201810-06.xml vendored Normal file
View File

@ -0,0 +1,83 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201810-06">
<title>Xen: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
could cause a Denial of Service condition.
</synopsis>
<product type="ebuild">xen</product>
<announced>2018-10-30</announced>
<revised count="2">2018-10-30</revised>
<bug>643350</bug>
<bug>655188</bug>
<bug>655544</bug>
<bug>659442</bug>
<access>local</access>
<affected>
<package name="app-emulation/xen" auto="yes" arch="*">
<unaffected range="ge">4.10.1-r2</unaffected>
<vulnerable range="lt">4.10.1-r2</vulnerable>
</package>
<package name="app-emulation/xen-tools" auto="yes" arch="*">
<unaffected range="ge">4.10.1-r2</unaffected>
<vulnerable range="lt">4.10.1-r2</vulnerable>
</package>
</affected>
<background>
<p>Xen is a bare-metal hypervisor.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Xen. Please review the
referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>A local attacker could cause a Denial of Service condition or disclose
sensitive information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Xen users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.10.1-r2"
</code>
<p>All Xen tools users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=app-emulation/xen-tools-4.10.1-r2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5715">CVE-2017-5715</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5753">CVE-2017-5753</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5754">CVE-2017-5754</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10471">CVE-2018-10471</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10472">CVE-2018-10472</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10981">CVE-2018-10981</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10982">CVE-2018-10982</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12891">CVE-2018-12891</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12892">CVE-2018-12892</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12893">CVE-2018-12893</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15468">CVE-2018-15468</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15469">CVE-2018-15469</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15470">CVE-2018-15470</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3620">CVE-2018-3620</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3646">CVE-2018-3646</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5244">CVE-2018-5244</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7540">CVE-2018-7540</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7541">CVE-2018-7541</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7542">CVE-2018-7542</uri>
</references>
<metadata tag="requester" timestamp="2018-09-10T09:38:20Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-10-30T20:59:58Z">irishluck83</metadata>
</glsa>

77
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201810-07.xml vendored Normal file
View File

@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201810-07">
<title>Mutt, NeoMutt: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mutt and NeoMutt, the
worst of which allows for arbitrary code execution.
</synopsis>
<product type="ebuild">mutt, neomutt</product>
<announced>2018-10-30</announced>
<revised count="2">2018-10-30</revised>
<bug>661436</bug>
<access>remote</access>
<affected>
<package name="net-client/mutt" auto="yes" arch="*">
<unaffected range="ge">1.10.1</unaffected>
<vulnerable range="lt">1.10.1</vulnerable>
</package>
<package name="mail-client/neomutt" auto="yes" arch="*">
<unaffected range="ge">20180716</unaffected>
<vulnerable range="lt">20180716</vulnerable>
</package>
</affected>
<background>
<p>Mutt is a small but very powerful text-based mail client.</p>
<p>NeoMutt is a command line mail reader (or MUA). Its a fork of Mutt
with added features.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mutt, and NeoMutt.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted mail
message or connect to malicious mail server using Mutt or NeoMutt,
possibly resulting in execution of arbitrary code or directory traversal
with the privileges of the process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mutt users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-client/mutt-1.10.1"
</code>
<p>All NeoMuutt users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-client/neomutt-20180716"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14349">CVE-2018-14349</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14350">CVE-2018-14350</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14351">CVE-2018-14351</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14352">CVE-2018-14352</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14353">CVE-2018-14353</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14354">CVE-2018-14354</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14355">CVE-2018-14355</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14356">CVE-2018-14356</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14357">CVE-2018-14357</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14358">CVE-2018-14358</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14359">CVE-2018-14359</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14362">CVE-2018-14362</uri>
</references>
<metadata tag="requester" timestamp="2018-08-22T23:01:20Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-10-30T22:34:46Z">irishluck83</metadata>
</glsa>

98
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201810-08.xml vendored Normal file
View File

@ -0,0 +1,98 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201810-08">
<title>PostgreSQL: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
which could lead to privilege escalation.
</synopsis>
<product type="ebuild">postgresql</product>
<announced>2018-10-30</announced>
<revised count="1">2018-10-30</revised>
<bug>603716</bug>
<bug>603720</bug>
<bug>664332</bug>
<access>local, remote</access>
<affected>
<package name="dev-db/postgresql" auto="yes" arch="*">
<unaffected range="ge" slot="9.3">9.3.24</unaffected>
<unaffected range="ge" slot="9.4">9.4.19</unaffected>
<unaffected range="ge" slot="9.5">9.5.14</unaffected>
<unaffected range="ge" slot="9.6">9.6.10</unaffected>
<unaffected range="ge" slot="10">10.5</unaffected>
<vulnerable range="lt">10.5</vulnerable>
</package>
</affected>
<background>
<p>PostgreSQL is an open source object-relational database management
system.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
review the referenced CVE identifiers for details.
</p>
<p>In addition it was discovered that Gentoos PostgreSQL installation
suffered from a privilege escalation vulnerability due to a runscript
which called OpenRCs checkpath() on a user controlled path and allowed
user running PostgreSQL to kill arbitrary processes via PID file
manipulation.
</p>
</description>
<impact type="high">
<p>A remote attacker could bypass certain client-side connection security
features, read arbitrary server memory or alter certain data.
</p>
<p>In addition, a local attacker could gain privileges or cause a Denial of
Service condition by killing arbitrary processes.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PostgreSQL users up to 9.3 should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.3.24:9.3"
</code>
<p>All PostgreSQL 9.4 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.4.19:9.4"
</code>
<p>All PostgreSQL 9.5 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.14:9.5"
</code>
<p>All PostgreSQL 9.6 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.10:9.6"
</code>
<p>All PostgreSQL 10 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.5:10"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10915">CVE-2018-10915</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10925">CVE-2018-10925</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1115">CVE-2018-1115</uri>
</references>
<metadata tag="requester" timestamp="2018-09-20T23:00:55Z">irishluck83</metadata>
<metadata tag="submitter" timestamp="2018-10-30T20:41:59Z">irishluck83</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201810-09.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201810-09">
<title>X.Org X Server: Privilege escalation</title>
<synopsis>A vulnerability in X.Org X Server allows local users to escalate
privileges.
</synopsis>
<product type="ebuild">xorg x server</product>
<announced>2018-10-30</announced>
<revised count="1">2018-10-30</revised>
<bug>669588</bug>
<access>local</access>
<affected>
<package name="x11-base/xorg-server" auto="yes" arch="*">
<unaffected range="ge">1.20.3</unaffected>
<vulnerable range="lt">1.20.3</vulnerable>
</package>
</affected>
<background>
<p>The X Window System is a graphical windowing system based on a
client/server model.
</p>
</background>
<description>
<p>An incorrect permission check for -modulepath and -logfile options when
starting Xorg. X server allows unprivileged users with the ability to log
in to the system via physical console to escalate their privileges and
run arbitrary code under root privileges.
</p>
</description>
<impact type="high">
<p>A local attacker can escalate privileges to root by passing crafted
parameters to the X.org X server.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All X.Org X Server users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.20.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14665">CVE-2018-14665</uri>
</references>
<metadata tag="requester" timestamp="2018-10-30T15:53:55Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-10-30T20:42:13Z">whissi</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201810-10.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201810-10">
<title>systemd: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in systemd, the worst of
which may allow execution of arbitrary code.
</synopsis>
<product type="ebuild">systemd</product>
<announced>2018-10-30</announced>
<revised count="1">2018-10-30</revised>
<bug>669664</bug>
<bug>669716</bug>
<access>local, remote</access>
<affected>
<package name="sys-apps/systemd" auto="yes" arch="*">
<unaffected range="ge">239-r2</unaffected>
<vulnerable range="lt">239-r2</vulnerable>
</package>
</affected>
<background>
<p>A system and service manager.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in systemd. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>An attacker could possibly execute arbitrary code, cause a Denial of
Service condition, or gain escalated privileges.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All systemd users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/systemd-239-r2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15686">CVE-2018-15686</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15687">CVE-2018-15687</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15688">CVE-2018-15688</uri>
</references>
<metadata tag="requester" timestamp="2018-10-30T15:33:52Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-10-30T20:42:27Z">whissi</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Sun, 07 Oct 2018 19:38:38 +0000
Thu, 01 Nov 2018 14:08:41 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
b914ac7ce64b6f61d701c5cf4173dd03fafdca0e 1538845801 2018-10-06T17:10:01+00:00
3fe134c9c609fe0fa952396df0dd91b901ef64de 1540938926 2018-10-30T22:35:26+00:00