From f11d3515b4ee4d5badc9feaf6eba2c00860c6045 Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 16 Jun 2017 12:07:50 -0700 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../metadata/glsa/glsa-201701-75.xml | 12 +- .../metadata/glsa/glsa-201706-01.xml | 49 ++++++ .../metadata/glsa/glsa-201706-02.xml | 51 ++++++ .../metadata/glsa/glsa-201706-03.xml | 76 +++++++++ .../metadata/glsa/glsa-201706-04.xml | 52 ++++++ .../metadata/glsa/glsa-201706-05.xml | 58 +++++++ .../metadata/glsa/glsa-201706-06.xml | 61 +++++++ .../metadata/glsa/glsa-201706-07.xml | 64 ++++++++ .../metadata/glsa/glsa-201706-08.xml | 57 +++++++ .../metadata/glsa/glsa-201706-09.xml | 52 ++++++ .../metadata/glsa/glsa-201706-10.xml | 52 ++++++ .../metadata/glsa/glsa-201706-11.xml | 52 ++++++ .../metadata/glsa/glsa-201706-12.xml | 57 +++++++ .../metadata/glsa/glsa-201706-13.xml | 50 ++++++ .../metadata/glsa/glsa-201706-14.xml | 61 +++++++ .../metadata/glsa/glsa-201706-15.xml | 152 ++++++++++++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 18 files changed, 956 insertions(+), 4 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-15.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-75.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-75.xml index 988e1d9dba..d4de61e9a5 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-75.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-75.xml @@ -7,7 +7,7 @@ perl 2017-01-29 - 2017-01-29: 1 + 2017-06-01: 2 580612 588592 589680 @@ -44,6 +44,11 @@ # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.22.3_rc4" + +

Warning: When you are upgrading to a new major Perl version, the + commands above may not be sufficient. Please visit the Gentoo wiki + referenced below to learn how to upgrade to a new major Perl version. +

CVE-2015-8607 @@ -51,7 +56,10 @@ CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 + + Gentoo Wiki: How to upgrade Perl + whissi - b-man + b-man diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-01.xml new file mode 100644 index 0000000000..52668f780f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-01.xml @@ -0,0 +1,49 @@ + + + + MUNGE: Privilege escalation + Gentoo's MUNGE ebuilds are vulnerable to privilege escalation due + to improper permissions. + + munge + 2017-06-06 + 2017-06-06: 1 + 602596 + local + + + 0.5.10-r2 + 0.5.10-r2 + + + +

An authentication service for creating and validating credentials.

+ + +

It was discovered that Gentoo’s default MUNGE installation suffered + from a privilege escalation vulnerability (munge user to root) due to + improper permissions and a runscript which called chown() on a user + controlled file. +

+ + +

A local attacker, who either is already MUNGE’s system user or belongs + to MUNGE’s group, could potentially escalate privileges. +

+ + +

There is no known workaround at this time.

+ + +

All MUNGE users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/munge-0.5.10-r2" + + + + + whissi + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-02.xml new file mode 100644 index 0000000000..97ad98dfe0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-02.xml @@ -0,0 +1,51 @@ + + + + Shadow: Multiple vulnerabilities + Multiple vulnerabilities have been found in Shadow, the worst of + which might allow privilege escalation. + + shadow + 2017-06-06 + 2017-06-06: 1 + 610804 + 620510 + local + + + 4.4-r2 + 4.4-r2 + + + +

Shadow is a set of tools to deal with user accounts.

+ + +

Multiple vulnerabilities have been discovered in Shadow. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could possibly cause a Denial of Service condition, + gain privileges via crafted input, or SIGKILL arbitrary processes. +

+ + +

There is no known workaround at this time.

+ + +

All Shadow users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.4-r2" + + + + + CVE-2016-6252 + CVE-2017-2616 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-03.xml new file mode 100644 index 0000000000..d23c13f5ea --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-03.xml @@ -0,0 +1,76 @@ + + + + QEMU: Multiple vulnerabilities + Multiple vulnerabilities have been found in QEMU, the worst of + which may allow a remote attacker to cause a Denial of Service or gain + elevated privileges from a guest VM. + + qemu + 2017-06-06 + 2017-06-06: 1 + 614744 + 615874 + 616460 + 616462 + 616482 + 616484 + 616636 + 616870 + 616872 + 616874 + 618808 + 619018 + 619020 + 620322 + local, remote + + + 2.9.0-r2 + 2.9.0-r2 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker might cause a Denial of Service or gain escalated + privileges from a guest VM. +

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.9.0-r2" + + + + + CVE-2016-9603 + CVE-2017-7377 + CVE-2017-7471 + CVE-2017-7493 + CVE-2017-7718 + CVE-2017-7980 + CVE-2017-8086 + CVE-2017-8112 + CVE-2017-8309 + CVE-2017-8379 + CVE-2017-8380 + CVE-2017-9060 + CVE-2017-9310 + CVE-2017-9330 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-04.xml new file mode 100644 index 0000000000..33dbc80b44 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-04.xml @@ -0,0 +1,52 @@ + + + + Git: Security bypass + A vulnerability in Git might allow remote attackers to bypass + security restrictions. + + git + 2017-06-06 + 2017-06-06: 1 + 618126 + remote + + + 2.13.0 + 2.13.0 + + + +

Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +

+ + +

Timo Schmid discovered that the Git restricted shell incorrectly + filtered allowed commands. +

+ + +

A remote attacker could possibly bypass security restrictions and access + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All Git users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.13.0" + + + + + CVE-2017-8386 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-05.xml new file mode 100644 index 0000000000..dc91daa63c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-05.xml @@ -0,0 +1,58 @@ + + + + D-Bus: Multiple vulnerabilities + Multiple vulnerabilities in D-Bus might allow an attacker to + overwrite files with a fixed filename in arbitrary directories or conduct a + symlink attack. + + dbus + 2017-06-06 + 2017-06-06: 1 + 611392 + local, remote + + + 1.10.18 + 1.10.18 + + + +

D-Bus is a message bus system which processes can use to talk to each + other. +

+ + +

Multiple vulnerabilities have been discovered in D-Bus. Please review + the original report referenced below for details. +

+ + +

An attacker could possibly overwrite arbitrary files named “once” + with content not controlled by the attacker. +

+ +

A local attacker could perform a symlink attack against D-Bus’ test + suite. +

+ + +

There is no known workaround at this time.

+ + +

All D-Bus users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.10.18" + + + + + + Original report + + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-06.xml new file mode 100644 index 0000000000..900a24ba63 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-06.xml @@ -0,0 +1,61 @@ + + + + ImageWorsener: Multiple vulnerabilities + Multiple vulnerabilities have been found in ImageWorsener, the + worst of which allows remote attackers to cause a Denial of Service + condition or have other unspecified impact. + + ImageWorsener + 2017-06-06 + 2017-06-06: 1 + 618014 + remote + + + 1.3.1 + 1.3.1 + + + +

ImageWorsener is a cross-platform command-line utility and library for + image scaling and other image processing. +

+ + +

Multiple vulnerabilities have been discovered in ImageWorsener. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to process a specially crafted + image file using ImageWorsener, possibly resulting in a Denial of Service + condition or have other unspecified impacts. +

+ + +

There is no known workaround at this time.

+ + +

All ImageWorsener users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/imageworsener-1.3.1" + + + + + CVE-2017-7452 + CVE-2017-7453 + CVE-2017-7454 + CVE-2017-7939 + CVE-2017-7940 + CVE-2017-7962 + CVE-2017-8325 + CVE-2017-8326 + CVE-2017-8327 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-07.xml new file mode 100644 index 0000000000..738142005b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-07.xml @@ -0,0 +1,64 @@ + + + + Libtirpc and RPCBind: Denial of Service + A vulnerability has been found in Libtirpc and RPCBind which may + allow a remote attacker to cause a Denial of Service condition. + + RPCBind,Libtirpc + 2017-06-06 + 2017-06-06: 2 + 617472 + remote + + + 0.2.4-r1 + 0.2.4-r1 + + + 1.0.1-r1 + 1.0.1-r1 + + + +

The RPCBind utility is a server that converts RPC program numbers into + universal addresses. +

+ +

Libtirpc is a port of Suns Transport-Independent RPC library to Linux.

+ + +

It was found that due to the way RPCBind uses libtirpc (libntirpc), a + memory leak can occur when parsing specially crafted XDR messages. +

+ + +

A remote attacker could send thousands of messages to RPCBind, possibly + resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All RPCBind users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nds/rpcbind-0.2.4-r1" + + +

All Libtirpc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libtirpc-1.0.1-r1" + + + + + CVE-2017-8779 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-08.xml new file mode 100644 index 0000000000..a57a37f043 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-08.xml @@ -0,0 +1,57 @@ + + + + MuPDF: Multiple vulnerabilities + Multiple vulnerabilities have been found in MuPDF, the worst of + which allows remote attackers to cause a Denial of Service condition or + have other unspecified impact. + + mupdf + 2017-06-06 + 2017-06-06: 1 + 611444 + 614044 + 614852 + remote + + + 1.11-r1 + 1.11-r1 + + + +

A lightweight PDF, XPS, and E-book viewer.

+ + +

Multiple vulnerabilities have been discovered in MuPDF. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to process a specially crafted PDF + document or image using MuPDF, possibly resulting in a Denial of Service + condition or have other unspecified impact. +

+ + +

There is no known workaround at this time.

+ + +

All MuPDF users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.11-r1" + + + + + + CVE-2016-10221 + + CVE-2017-5991 + CVE-2017-6060 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-09.xml new file mode 100644 index 0000000000..f6f851c717 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-09.xml @@ -0,0 +1,52 @@ + + + + FileZilla: Buffer overflow + A vulnerability in a bundled copy of PuTTY in FileZilla might allow + remote attackers to execute arbitrary code or cause a denial of service. + + filezilla + 2017-06-06 + 2017-06-06: 1 + 610554 + remote + + + 3.25.2 + 3.25.2 + + + +

FileZilla is an open source FTP client.

+ + +

FileZilla is affected by the same vulnerability as reported in “GLSA + 201703-03” because the package included a vulnerable copy of PuTTY. + Please read the GLSA for PuTTY referenced below for details. +

+ + +

A remote attacker, utilizing the SSH agent forwarding of an SSH server, + could execute arbitrary code with the privileges of the user running + FileZilla or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All FileZilla users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/filezilla-3.25.2" + + + + + CVE-2017-6542 + GLSA 201703-03 + + whissi + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-10.xml new file mode 100644 index 0000000000..f694d03813 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-10.xml @@ -0,0 +1,52 @@ + + + + Pidgin: Arbitrary code execution + A vulnerability in Pidgin might allow remote attackers to execute + arbitrary code. + + pidgin + 2017-06-06 + 2017-06-06: 1 + 612188 + remote + + + 2.12.0 + 2.12.0 + + + +

Pidgin is a GTK Instant Messenger client for a variety of instant + messaging protocols. +

+ + +

Joseph Bisch discovered that Pidgin incorrectly handled certain xml + messages. +

+ + +

A remote attacker could send a specially crafted instant message, + possibly resulting in execution of arbitrary code with the privileges of + the Pidgin process. +

+ + +

There is no known workaround at this time.

+ + +

All Pidgin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.12.0" + + + + + CVE-2017-2640 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-11.xml new file mode 100644 index 0000000000..fc7b750346 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-11.xml @@ -0,0 +1,52 @@ + + + + PCRE library: Denial of Service + A vulnerability in PCRE library allows remote attackers to cause a + Denial of Service condition. + + PCRE + 2017-06-06 + 2017-06-06: 1 + 609592 + remote + + + 8.40-r1 + 8.40-r1 + + + +

PCRE library is a set of functions that implement regular expression + pattern matching using the same syntax and semantics as Perl 5. +

+ + +

It was found that the compile_bracket_matchingpath function in + pcre_jit_compile.c in PCRE library is vulnerable to an out-of-bounds + read. +

+ + +

A remote attacker could possibly cause a Denial of Service condition via + a special crafted regular expression. +

+ + +

There is no known workaround at this time.

+ + +

All PCRE library users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-8.40-r1" + + + + + CVE-2017-6004 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-12.xml new file mode 100644 index 0000000000..960b5cb8a8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-12.xml @@ -0,0 +1,57 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark, the worst of + which allows remote attackers to cause a Denial of Service condition. + + wireshark + 2017-06-06 + 2017-06-06: 1 + 609646 + 615462 + remote + + + 2.2.6 + 2.2.6 + + + +

Wireshark is a network protocol analyzer formerly known as ethereal.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to process a specially crafted + network packet using Wireshark, possibly resulting a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Wireshark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-2.2.6" + + + + + CVE-2017-6014 + CVE-2017-7700 + CVE-2017-7701 + CVE-2017-7702 + CVE-2017-7703 + CVE-2017-7704 + CVE-2017-7705 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-13.xml new file mode 100644 index 0000000000..eadd50981f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-13.xml @@ -0,0 +1,50 @@ + + + + minicom: Remote execution of arbitrary code + An out-of-bounds data access in minicom might allow remote + attackers to execute arbitrary code. + + minicom + 2017-06-06 + 2017-06-06: 1 + 615996 + remote + + + 2.7.1 + 2.7.1 + + + +

Minicom is a text-based serial port communications program.

+ + +

In minicom before version 2.7.1, the escparms[] buffer in vt100.c is + vulnerable to an overflow. +

+ + +

A remote attacker, able to connect to a minicom port, could possibly + execute arbitrary code with the privileges of the process, or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All minicom users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dialup/minicom-2.7.1" + + + + + CVE-2017-7467 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-14.xml new file mode 100644 index 0000000000..67f67bb4db --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-14.xml @@ -0,0 +1,61 @@ + + + + FreeType: Multiple vulnerabilities + Multiple vulnerabilities have been found in FreeType, the worst of + which allows remote attackers to execute arbitrary code. + + freetype + 2017-06-06 + 2017-06-06: 1 + 612192 + 616730 + remote + + + 2.8 + 2.8 + + + +

FreeType is a high-quality and portable font engine.

+ + +

Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to use a specially crafted font + file using FreeType, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All FreeType users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.8" + + + + + + CVE-2016-10244 + + + CVE-2016-10328 + + CVE-2017-7857 + CVE-2017-7858 + CVE-2017-7864 + CVE-2017-8105 + CVE-2017-8287 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-15.xml new file mode 100644 index 0000000000..d7c2f08d8a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-15.xml @@ -0,0 +1,152 @@ + + + + WebKitGTK+: Multiple vulnerabilities + Multiple vulnerabilities have been found in WebKitGTK+, the worst + of which allows remote attackers to execute arbitrary code. + + webkit-gtk + 2017-06-07 + 2017-06-07: 1 + 543650 + 573656 + 577068 + 608958 + 614876 + 619788 + remote + + + 2.16.3 + 2.16.3 + + + +

WebKitGTK+ is a full-featured port of the WebKit rendering engine.

+ + +

Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attack can use multiple vectors to execute arbitrary code or + cause a denial of service condition. +

+ + +

There is no known workaround at this time.

+ + +

All WebKitGTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4" + + + + + CVE-2015-2330 + CVE-2015-7096 + CVE-2015-7098 + CVE-2016-1723 + CVE-2016-1724 + CVE-2016-1725 + CVE-2016-1726 + CVE-2016-1727 + CVE-2016-1728 + CVE-2016-4692 + CVE-2016-4743 + CVE-2016-7586 + CVE-2016-7587 + CVE-2016-7589 + CVE-2016-7592 + CVE-2016-7598 + CVE-2016-7599 + CVE-2016-7610 + CVE-2016-7611 + CVE-2016-7623 + CVE-2016-7632 + CVE-2016-7635 + CVE-2016-7639 + CVE-2016-7640 + CVE-2016-7641 + CVE-2016-7642 + CVE-2016-7645 + CVE-2016-7646 + CVE-2016-7648 + CVE-2016-7649 + CVE-2016-7652 + CVE-2016-7654 + CVE-2016-7656 + CVE-2016-9642 + CVE-2016-9643 + CVE-2017-2350 + CVE-2017-2354 + CVE-2017-2355 + CVE-2017-2356 + CVE-2017-2362 + CVE-2017-2363 + CVE-2017-2364 + CVE-2017-2365 + CVE-2017-2366 + CVE-2017-2367 + CVE-2017-2369 + CVE-2017-2371 + CVE-2017-2373 + CVE-2017-2376 + CVE-2017-2377 + CVE-2017-2386 + CVE-2017-2392 + CVE-2017-2394 + CVE-2017-2395 + CVE-2017-2396 + CVE-2017-2405 + CVE-2017-2415 + CVE-2017-2419 + CVE-2017-2433 + CVE-2017-2442 + CVE-2017-2445 + CVE-2017-2446 + CVE-2017-2447 + CVE-2017-2454 + CVE-2017-2455 + CVE-2017-2457 + CVE-2017-2459 + CVE-2017-2460 + CVE-2017-2464 + CVE-2017-2465 + CVE-2017-2466 + CVE-2017-2468 + CVE-2017-2469 + CVE-2017-2470 + CVE-2017-2471 + CVE-2017-2475 + CVE-2017-2476 + CVE-2017-2481 + CVE-2017-2496 + CVE-2017-2504 + CVE-2017-2505 + CVE-2017-2506 + CVE-2017-2508 + CVE-2017-2510 + CVE-2017-2514 + CVE-2017-2515 + CVE-2017-2521 + CVE-2017-2525 + CVE-2017-2526 + CVE-2017-2528 + CVE-2017-2530 + CVE-2017-2531 + CVE-2017-2536 + CVE-2017-2539 + CVE-2017-2544 + CVE-2017-2547 + CVE-2017-2549 + CVE-2017-6980 + CVE-2017-6984 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index cc5d47a2b2..b71ca59b35 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 31 May 2017 20:08:57 +0000 +Fri, 16 Jun 2017 18:39:35 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index ae68b5bd77..0fd976b0ad 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -742dfe25646ca49d62bb5f6452a3600f934c798d 1496157625 2017-05-30T15:20:25+00:00 +c2f911fc13b81dd715a1b756f739b077f8718170 1496836599 2017-06-07T11:56:39+00:00