mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-17 18:06:59 +02:00
bump(metadata/glsa): sync with upstream
This commit is contained in:
David Michael
parent
1f41089ac2
commit
c466ed4f47
50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-21.xml
vendored
Normal file
50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-21.xml
vendored
Normal file
@ -0,0 +1,50 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201710-21">
|
||||
<title>Kodi: Arbitrary code execution </title>
|
||||
<synopsis>An integer overflow vulnerability in Kodi could result in remote
|
||||
execution of arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">kodi</product>
|
||||
<announced>2017-10-22</announced>
|
||||
<revised>2017-10-22: 1</revised>
|
||||
<bug>622384</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="media-tv/kodi" auto="yes" arch="*">
|
||||
<unaffected range="ge">17.3-r1</unaffected>
|
||||
<vulnerable range="lt">17.3-r1</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>Kodi is a free and open source media-center and entertainment hub
|
||||
previously known as XBMC.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Kodi is vulnerable due to shipping with an embedded version of UnRAR.
|
||||
Please review the referenced CVE identifier for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker, by enticing a user to process a specifically crafted
|
||||
RAR file, could execute arbitrary code.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Kodi users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=media-tv/kodi-17.3-r1"
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-6706">CVE-2012-6706</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-10-18T03:54:48Z">jmbailey</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-10-22T00:24:12Z">jmbailey</metadata>
|
||||
</glsa>
|
||||
51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-22.xml
vendored
Normal file
51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-22.xml
vendored
Normal file
@ -0,0 +1,51 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201710-22">
|
||||
<title>Adobe Flash Player: Remote execution of arbitrary code</title>
|
||||
<synopsis>A vulnerability in Adobe Flash Player might allow remote attackers
|
||||
to execute arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">adobeflash</product>
|
||||
<announced>2017-10-22</announced>
|
||||
<revised>2017-10-22: 1</revised>
|
||||
<bug>634456</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
|
||||
<unaffected range="ge">27.0.0.170</unaffected>
|
||||
<vulnerable range="lt">27.0.0.170</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>The Adobe Flash Player is a renderer for the SWF file format, which is
|
||||
commonly used to provide interactive websites.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>A critical type confusion vulnerability was discovered in Adobe Flash
|
||||
Player.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could execute arbitrary code.</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Adobe Flash Player users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose
|
||||
">=www-plugins/adobe-flash-27.0.0.170"
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11292">
|
||||
CVE-2017-11292
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-10-16T21:42:03Z">whissi</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-10-22T00:27:40Z">b-man</metadata>
|
||||
</glsa>
|
||||
55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-23.xml
vendored
Normal file
55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-23.xml
vendored
Normal file
@ -0,0 +1,55 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201710-23">
|
||||
<title>Go: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in Go, the worst of which
|
||||
may result in the execution of arbitrary commands.
|
||||
</synopsis>
|
||||
<product type="ebuild">go</product>
|
||||
<announced>2017-10-23</announced>
|
||||
<revised>2017-10-23: 1</revised>
|
||||
<bug>632408</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="dev-lang/go" auto="yes" arch="*">
|
||||
<unaffected range="ge">1.9.1</unaffected>
|
||||
<vulnerable range="lt">1.9.1</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>Go is an open source programming language that makes it easy to build
|
||||
simple, reliable, and efficient software.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in Go. Please review the
|
||||
references below for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>Remote attackers could execute arbitrary Go commands or conduct a man in
|
||||
the middle attack.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Go users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.9.1"
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15041">
|
||||
CVE-2017-15041
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15042">
|
||||
CVE-2017-15042
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-10-16T22:06:50Z">chrisadr</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-10-23T01:03:41Z">b-man</metadata>
|
||||
</glsa>
|
||||
131
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-24.xml
vendored
Normal file
131
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-24.xml
vendored
Normal file
@ -0,0 +1,131 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201710-24">
|
||||
<title>Chromium, Google Chrome: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in Chromium and Google
|
||||
Chrome, the worst of which could result in the execution of arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">chromium,chrome</product>
|
||||
<announced>2017-10-23</announced>
|
||||
<revised>2017-10-23: 1</revised>
|
||||
<bug>634664</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="www-client/chromium" auto="yes" arch="*">
|
||||
<unaffected range="ge">62.0.3202.62</unaffected>
|
||||
<vulnerable range="lt">62.0.3202.62</vulnerable>
|
||||
</package>
|
||||
<package name="www-client/google-chrome" auto="yes" arch="*">
|
||||
<unaffected range="ge">62.0.3202.62</unaffected>
|
||||
<vulnerable range="lt">62.0.3202.62</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>Chromium is an open-source browser project that aims to build a safer,
|
||||
faster, and more stable way for all users to experience the web.
|
||||
</p>
|
||||
|
||||
<p>Google Chrome is one fast, simple, and secure browser for all your
|
||||
devices
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in Chromium and Google
|
||||
Chrome. Please review the referenced CVE identifiers and Google Chrome
|
||||
Releases for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could possibly execute arbitrary code with the
|
||||
privileges of the process, cause a Denial of Service condition, bypass
|
||||
content security controls, or conduct URL spoofing.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Chromium users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose
|
||||
">=www-client/chromium-62.0.3202.62"
|
||||
</code>
|
||||
|
||||
<p>All Google Chrome users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose
|
||||
">=www-client/google-chrome-62.0.3202.62"
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15386">
|
||||
CVE-2017-15386
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15387">
|
||||
CVE-2017-15387
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15388">
|
||||
CVE-2017-15388
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15389">
|
||||
CVE-2017-15389
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15390">
|
||||
CVE-2017-15390
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15391">
|
||||
CVE-2017-15391
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15392">
|
||||
CVE-2017-15392
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15393">
|
||||
CVE-2017-15393
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15394">
|
||||
CVE-2017-15394
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15395">
|
||||
CVE-2017-15395
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5124">
|
||||
CVE-2017-5124
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5125">
|
||||
CVE-2017-5125
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5126">
|
||||
CVE-2017-5126
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5127">
|
||||
CVE-2017-5127
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5128">
|
||||
CVE-2017-5128
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5129">
|
||||
CVE-2017-5129
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5130">
|
||||
CVE-2017-5130
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5131">
|
||||
CVE-2017-5131
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5132">
|
||||
CVE-2017-5132
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5133">
|
||||
CVE-2017-5133
|
||||
</uri>
|
||||
<uri link="https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html">
|
||||
Google Chrome Releases
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-10-20T19:48:32Z">b-man</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-10-23T01:10:56Z">chrisadr</metadata>
|
||||
</glsa>
|
||||
69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-25.xml
vendored
Normal file
69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-25.xml
vendored
Normal file
@ -0,0 +1,69 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201710-25">
|
||||
<title>PCRE: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in the PCRE Library, the
|
||||
worst of which may allow remote attackers to cause a Denial of Service
|
||||
condition.
|
||||
</synopsis>
|
||||
<product type="ebuild">libpcre</product>
|
||||
<announced>2017-10-23</announced>
|
||||
<revised>2017-10-23: 1</revised>
|
||||
<bug>614048</bug>
|
||||
<bug>614052</bug>
|
||||
<bug>614054</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="dev-libs/libpcre" auto="yes" arch="*">
|
||||
<unaffected range="ge">8.41</unaffected>
|
||||
<vulnerable range="lt">8.41</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>The PCRE Library provides functions for Perl-compatible regular
|
||||
expressions.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in The PCRE Library.
|
||||
Please review the references below for details.
|
||||
</p>
|
||||
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could possibly cause a Denial of Service condition or
|
||||
other unspecified impacts via a specially crafted file.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All PCRE users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=dev-libs/libpcre-8.41"
|
||||
</code>
|
||||
|
||||
<p>Packages which depend on this library may need to be recompiled. Tools
|
||||
such as revdep-rebuild may assist in identifying some of these packages.
|
||||
</p>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7186">
|
||||
CVE-2017-7186
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7244">
|
||||
CVE-2017-7244
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7245">
|
||||
CVE-2017-7245
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7246">
|
||||
CVE-2017-7246
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-10-18T23:44:30Z">b-man</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-10-23T01:19:24Z">chrisadr</metadata>
|
||||
</glsa>
|
||||
114
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-26.xml
vendored
Normal file
114
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-26.xml
vendored
Normal file
@ -0,0 +1,114 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201710-26">
|
||||
<title>OpenJPEG: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in OpenJPEG, the worst of
|
||||
which may allow remote attackers to execute arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">openjpeg</product>
|
||||
<announced>2017-10-23</announced>
|
||||
<revised>2017-10-23: 1</revised>
|
||||
<bug>602180</bug>
|
||||
<bug>606618</bug>
|
||||
<bug>628504</bug>
|
||||
<bug>629372</bug>
|
||||
<bug>629668</bug>
|
||||
<bug>630120</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="media-libs/openjpeg" auto="yes" arch="*">
|
||||
<unaffected range="ge" slot="2">2.3.0</unaffected>
|
||||
<vulnerable range="lt" slot="2">2.3.0</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>OpenJPEG is an open-source JPEG 2000 library.</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review
|
||||
the references below for details.
|
||||
</p>
|
||||
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker, via a crafted BMP, PDF, or j2k document, could
|
||||
execute arbitrary code, cause a Denial of Service condition, or have
|
||||
other unspecified impacts.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All OpenJPEG users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=media-libs/openjpeg-2.3.0:2"
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10504">
|
||||
CVE-2016-10504
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10505">
|
||||
CVE-2016-10505
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10506">
|
||||
CVE-2016-10506
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10507">
|
||||
CVE-2016-10507
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626">
|
||||
CVE-2016-1626
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628">
|
||||
CVE-2016-1628
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9112">
|
||||
CVE-2016-9112
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9113">
|
||||
CVE-2016-9113
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9114">
|
||||
CVE-2016-9114
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9115">
|
||||
CVE-2016-9115
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9116">
|
||||
CVE-2016-9116
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9117">
|
||||
CVE-2016-9117
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9118">
|
||||
CVE-2016-9118
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9572">
|
||||
CVE-2016-9572
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9573">
|
||||
CVE-2016-9573
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9580">
|
||||
CVE-2016-9580
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9581">
|
||||
CVE-2016-9581
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12982">
|
||||
CVE-2017-12982
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14039">
|
||||
CVE-2017-14039
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14164">
|
||||
CVE-2017-14164
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-10-22T00:00:11Z">b-man</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-10-23T01:39:09Z">chrisadr</metadata>
|
||||
</glsa>
|
||||
68
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-27.xml
vendored
Normal file
68
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-27.xml
vendored
Normal file
@ -0,0 +1,68 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201710-27">
|
||||
<title>Dnsmasq: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in Dnsmasq, the worst of
|
||||
which may allow remote attackers to execute arbitrary code.
|
||||
|
||||
</synopsis>
|
||||
<product type="ebuild">dnsmasq</product>
|
||||
<announced>2017-10-23</announced>
|
||||
<revised>2017-10-23: 1</revised>
|
||||
<bug>632692</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="net-dns/dnsmasq" auto="yes" arch="*">
|
||||
<unaffected range="ge">2.78</unaffected>
|
||||
<vulnerable range="lt">2.78</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP
|
||||
server.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in Dnsmasq. Please review
|
||||
the references below for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could execute arbitrary code or cause a Denial of
|
||||
Service condition via crafted DNS, IPv6, or DHCPv6 packets.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Dnsmasq users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.78"
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491">
|
||||
CVE-2017-14491
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492">
|
||||
CVE-2017-14492
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493">
|
||||
CVE-2017-14493
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494">
|
||||
CVE-2017-14494
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495">
|
||||
CVE-2017-14495
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496">
|
||||
CVE-2017-14496
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-10-22T23:49:34Z">b-man</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-10-23T01:46:04Z">chrisadr</metadata>
|
||||
</glsa>
|
||||
@ -1 +1 @@
|
||||
Wed, 18 Oct 2017 18:39:05 +0000
|
||||
Mon, 23 Oct 2017 17:39:28 +0000
|
||||
|
||||
@ -1 +1 @@
|
||||
8c9b32528b910251b1fe3992838c97ba223db5d7 1508289507 2017-10-18T01:18:27+00:00
|
||||
3c64211d24fa5a633310d841c0bd5cddc991cc02 1508723227 2017-10-23T01:47:07+00:00
|
||||
|
||||
Loading…
Reference in New Issue
Block a user