-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1203 from flatcar/buildbot/monthly-glsa-metadata-…
…updates-2023-10-01 Monthly GLSA metadata 2023-10-01
- Loading branch information
Showing
21 changed files
with
966 additions
and
17 deletions.
There are no files selected for viewing
30 changes: 15 additions & 15 deletions
30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,23 +1,23 @@ | ||
| -----BEGIN PGP SIGNED MESSAGE----- | ||
| Hash: SHA512 | ||
|
|
||
| MANIFEST Manifest.files.gz 546284 BLAKE2B ffce95d14dec8e0ecb1658575f411350a797650e5376e656bbe5d1c11b4e05372611ac4ca5de41270e2e69dfa9461b99f212aa044d6509bb082c7f94d92006b8 SHA512 c90fc6416d62b1b09cbafd89df9a8523e7e9eec12dd28fd39f81776bc9076c1e64fdb0203c709c330d323ea0c05daf6d59e5c469948b4d49cc6d59443f29557a | ||
| TIMESTAMP 2023-09-01T06:40:05Z | ||
| MANIFEST Manifest.files.gz 548981 BLAKE2B 81700173ea02c0d006e3065367bd4b6801ae8e0cad7f0b23c4d86a41c1b860a4cbdeb3051fb86eb2d3f114b8ba0353d6e09e279718eed8ed2607a21c4e7ec67d SHA512 a987e0e64b2dbf1006cecbff251dc3524b4d244d2e54417a697139ac9ee5a97d21aefdfb0fb940e1890076d7fa18c793f4f7a60db6960004ade2253826320f19 | ||
| TIMESTAMP 2023-10-01T06:40:07Z | ||
| -----BEGIN PGP SIGNATURE----- | ||
|
|
||
| iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmTxh0VfFIAAAAAALgAo | ||
| iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUZFEdfFIAAAAAALgAo | ||
| aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx | ||
| RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY | ||
| klA2EBAApIljsr72WlUh5e1T9ri6+5OJB0jKYPaEJlyar/W79IND0gCUZtN+5e4r | ||
| nGGpVvfWHSKAZwn/OOH7OMIJ31aodVmHU70cmE/Yu026X/0qZaIzTbYQO8pftEj0 | ||
| EDYO9cTV8Vo0t7l/SFJdnOxzCrjjDN25nnfLg/tvHKdbn0Zre5icJPToaYb7qZeJ | ||
| HXegiWgmE7+mDSabEwDwhZZ+JwWWdyVZy7phxku699hpzw+pGXA7YUWpMdIlzOa1 | ||
| 6sfz1+K4KANCx3AeR5358VZnxIw3hOaRBSZnAnz4mPlkQzvgD4YOqe0qvWn2PrNC | ||
| tzCBJ3k/GFFopYh1tBi8FQVj9RBcfyCvq9s7ZHsta37GD+op106+liK/gfJqVwPo | ||
| BcSSu5QMdGzbHTDhxN15HRUQILpQRE4nhgzBGVeu9tnff7xbbq5oyv5NR6O2OJFQ | ||
| OIKn/uNMWDlEqXTJK3ZzE5mkHYXWKH4OBGkSKzKOBW/J9rY8DWDjVDCHtXtwftT1 | ||
| kji/B60Zr2MbppfjiJ9uweBGg+Nd0Ht0WxWAPHDQOObFkEpLfa2z/oFHFdTkRwGS | ||
| EsQsBCCeCayvL39rRXDa+uXfERy7mAUMqgrmE1L5f1NfVP6gGwclT+i0iVhTJdY8 | ||
| bnqPPZqhsOuVQmc7QcI1AiHYDdDADxen8PaJuO/DJ7nn6UwFUYg= | ||
| =P6sX | ||
| klAXgg/9GGU9Zsh5GEuYoepVc11NhqztXU2fyrn8g4OkbIUFdOq45C/NDOzzmYkS | ||
| vve4BAhQZkGn6ixII2dbDqQHmvE4x4NFyobSXLRIYFFAbbQBSRUmib3HbDkxoMhb | ||
| nTbnNXX5kOq1m6nb3ydnjOKxfgew50dQYT0Yp+Uh9rRtU7sP74KYkseV9p5z+fp1 | ||
| +PKY7Nn0G9qANHMgf1YrxC1cgt4WWXXnXJI7YvjcQ/XZJTrAX2oEEGYee8GsLnAn | ||
| uGchKTPCbgBG1Dm9vM3jTctUpXKQ1s3B+T0ynciPHzb8IC0M0BvLdCVA1ZM99rCY | ||
| CcCJFkITrSBuUrJl3NJUzlYe1XQUH29c0kQe+mR0F4gDjav7gZBE1mKb9lqw/r2A | ||
| vLnm4/kF7IYdxVSFgO2B8GvpPvFQW0hiEAkz+GDRnqYeinVmPTRkBR4VqQfQql1T | ||
| rBuhQV9wQ/y/NIZq41X/rljjTdTpvtzB5ZSAxg9fOMmgo3WH6wb/k/6fgEK/WSGf | ||
| aTH44QoasTboF9kMrgfR+dB/aaTGAuFWC8Ulkjkxh4wE+HsLats2stAYsAnJfXL9 | ||
| jiW3dO8vdIvXYeI0Smmuxv6hHIz1ZJn8jvQv+iv+yonIbZEDQsgIBxxFPW5NrhiJ | ||
| a1oJARWuMGvHTeYaqAkfPbS7/ew6b5jLWN3174qxqX6HCsnIyF8= | ||
| =otvP | ||
| -----END PGP SIGNATURE----- |
Binary file modified
BIN
+2.63 KB
(100%)
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
Binary file not shown.
47 changes: 47 additions & 0 deletions
47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-01.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> | ||
| <glsa id="202309-01"> | ||
| <title>Apache HTTPD: Multiple Vulnerabilities</title> | ||
| <synopsis>Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service.</synopsis> | ||
| <product type="ebuild">apache</product> | ||
| <announced>2023-09-08</announced> | ||
| <revised count="1">2023-09-08</revised> | ||
| <bug>891211</bug> | ||
| <bug>900416</bug> | ||
| <access>remote</access> | ||
| <affected> | ||
| <package name="www-servers/apache" auto="yes" arch="*"> | ||
| <unaffected range="ge">2.4.56</unaffected> | ||
| <vulnerable range="lt">2.4.56</vulnerable> | ||
| </package> | ||
| </affected> | ||
| <background> | ||
| <p>The Apache HTTP server is one of the most popular web servers on the Internet.</p> | ||
| </background> | ||
| <description> | ||
| <p>Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.</p> | ||
| </description> | ||
| <impact type="low"> | ||
| <p>Please review the referenced CVE identifiers for details.</p> | ||
| </impact> | ||
| <workaround> | ||
| <p>There is no known workaround at this time.</p> | ||
| </workaround> | ||
| <resolution> | ||
| <p>All Apache HTTPD users should upgrade to the latest version:</p> | ||
|
|
||
| <code> | ||
| # emerge --sync | ||
| # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.56" | ||
| </code> | ||
| </resolution> | ||
| <references> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2006-20001">CVE-2006-20001</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36760">CVE-2022-36760</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37436">CVE-2022-37436</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25690">CVE-2023-25690</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-27522">CVE-2023-27522</uri> | ||
| </references> | ||
| <metadata tag="requester" timestamp="2023-09-08T19:12:28.502608Z">ajak</metadata> | ||
| <metadata tag="submitter" timestamp="2023-09-08T19:12:28.508873Z">graaff</metadata> | ||
| </glsa> |
64 changes: 64 additions & 0 deletions
64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-02.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> | ||
| <glsa id="202309-02"> | ||
| <title>Wireshark: Multiple Vulnerabilities</title> | ||
| <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service.</synopsis> | ||
| <product type="ebuild">wireshark</product> | ||
| <announced>2023-09-17</announced> | ||
| <revised count="1">2023-09-17</revised> | ||
| <bug>878421</bug> | ||
| <bug>899548</bug> | ||
| <bug>904248</bug> | ||
| <bug>907133</bug> | ||
| <access>remote</access> | ||
| <affected> | ||
| <package name="net-analyzer/wireshark" auto="yes" arch="*"> | ||
| <unaffected range="ge">4.0.6</unaffected> | ||
| <vulnerable range="lt">4.0.6</vulnerable> | ||
| </package> | ||
| </affected> | ||
| <background> | ||
| <p>Wireshark is a versatile network protocol analyzer.</p> | ||
| </background> | ||
| <description> | ||
| <p>Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.</p> | ||
| </description> | ||
| <impact type="low"> | ||
| <p>Please review the referenced CVE identifiers for details.</p> | ||
| </impact> | ||
| <workaround> | ||
| <p>There is no known workaround at this time.</p> | ||
| </workaround> | ||
| <resolution> | ||
| <p>All Wireshark users should upgrade to the latest version:</p> | ||
|
|
||
| <code> | ||
| # emerge --sync | ||
| # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-4.0.6" | ||
| </code> | ||
| </resolution> | ||
| <references> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3725">CVE-2022-3725</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0666">CVE-2023-0666</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0667">CVE-2023-0667</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0668">CVE-2023-0668</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1161">CVE-2023-1161</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1992">CVE-2023-1992</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1993">CVE-2023-1993</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1994">CVE-2023-1994</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2854">CVE-2023-2854</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2855">CVE-2023-2855</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2856">CVE-2023-2856</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2857">CVE-2023-2857</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2858">CVE-2023-2858</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2879">CVE-2023-2879</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2952">CVE-2023-2952</uri> | ||
| <uri>WNPA-SEC-2022-07</uri> | ||
| <uri>WNPA-SEC-2023-08</uri> | ||
| <uri>WNPA-SEC-2023-09</uri> | ||
| <uri>WNPA-SEC-2023-10</uri> | ||
| <uri>WNPA-SEC-2023-11</uri> | ||
| </references> | ||
| <metadata tag="requester" timestamp="2023-09-17T05:24:05.630380Z">ajak</metadata> | ||
| <metadata tag="submitter" timestamp="2023-09-17T05:24:05.633911Z">sam</metadata> | ||
| </glsa> |
45 changes: 45 additions & 0 deletions
45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-03.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> | ||
| <glsa id="202309-03"> | ||
| <title>GPL Ghostscript: Multiple Vulnerabilities</title> | ||
| <synopsis>Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution.</synopsis> | ||
| <product type="ebuild">ghostscript-gpl</product> | ||
| <announced>2023-09-17</announced> | ||
| <revised count="1">2023-09-17</revised> | ||
| <bug>904245</bug> | ||
| <bug>910294</bug> | ||
| <access>remote</access> | ||
| <affected> | ||
| <package name="app-text/ghostscript-gpl" auto="yes" arch="*"> | ||
| <unaffected range="ge">10.01.2</unaffected> | ||
| <vulnerable range="lt">10.01.2</vulnerable> | ||
| </package> | ||
| </affected> | ||
| <background> | ||
| <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p> | ||
| </background> | ||
| <description> | ||
| <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.</p> | ||
| </description> | ||
| <impact type="high"> | ||
| <p>Please review the referenced CVE identifiers for details.</p> | ||
| </impact> | ||
| <workaround> | ||
| <p>There is no known workaround at this time.</p> | ||
| </workaround> | ||
| <resolution> | ||
| <p>All GPL Ghostscript users should upgrade to the latest version:</p> | ||
|
|
||
| <code> | ||
| # emerge --sync | ||
| # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-10.01.2" | ||
| </code> | ||
| </resolution> | ||
| <references> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2085">CVE-2022-2085</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28879">CVE-2023-28879</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-36664">CVE-2023-36664</uri> | ||
| </references> | ||
| <metadata tag="requester" timestamp="2023-09-17T05:24:21.503128Z">ajak</metadata> | ||
| <metadata tag="submitter" timestamp="2023-09-17T05:24:21.506324Z">sam</metadata> | ||
| </glsa> |
56 changes: 56 additions & 0 deletions
56
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-04.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> | ||
| <glsa id="202309-04"> | ||
| <title>RAR, UnRAR: Arbitrary File Overwrite</title> | ||
| <synopsis>An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution.</synopsis> | ||
| <product type="ebuild">rar,unrar</product> | ||
| <announced>2023-09-17</announced> | ||
| <revised count="1">2023-09-17</revised> | ||
| <bug>843611</bug> | ||
| <bug>849686</bug> | ||
| <bug>912652</bug> | ||
| <access>remote</access> | ||
| <affected> | ||
| <package name="app-arch/rar" auto="yes" arch="*"> | ||
| <unaffected range="ge">6.23</unaffected> | ||
| <vulnerable range="lt">6.23</vulnerable> | ||
| </package> | ||
| <package name="app-arch/unrar" auto="yes" arch="*"> | ||
| <unaffected range="ge">6.2.10</unaffected> | ||
| <vulnerable range="lt">6.2.10</vulnerable> | ||
| </package> | ||
| </affected> | ||
| <background> | ||
| <p>RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.</p> | ||
| </background> | ||
| <description> | ||
| <p>Due to an error in the validation of symbolic links within archives, RAR and UnRAR can potentially write files to a directory which is outside of the intended unpack directory.</p> | ||
| </description> | ||
| <impact type="normal"> | ||
| <p>If the user running RAR or UnRAR extracts a malicious archive, the archive could overwrite a file such as the user's shell initialization scripts, potentially resulting in arbitrary code execution in the context of that user.</p> | ||
| </impact> | ||
| <workaround> | ||
| <p>There is no known workaround at this time.</p> | ||
| </workaround> | ||
| <resolution> | ||
| <p>All RAR users should upgrade to the latest version:</p> | ||
|
|
||
| <code> | ||
| # emerge --sync | ||
| # emerge --ask --oneshot --verbose ">=app-arch/rar-6.23" | ||
| </code> | ||
|
|
||
| <p>All UnRAR users should upgrade to the latest version:</p> | ||
|
|
||
| <code> | ||
| # emerge --sync | ||
| # emerge --ask --oneshot --verbose ">=app-arch/unrar-6.2.10" | ||
| </code> | ||
| </resolution> | ||
| <references> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30333">CVE-2022-30333</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40477">CVE-2023-40477</uri> | ||
| </references> | ||
| <metadata tag="requester" timestamp="2023-09-17T05:24:38.613653Z">ajak</metadata> | ||
| <metadata tag="submitter" timestamp="2023-09-17T05:24:38.615853Z">sam</metadata> | ||
| </glsa> |
44 changes: 44 additions & 0 deletions
44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-05.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> | ||
| <glsa id="202309-05"> | ||
| <title>WebP: Multiple vulnerabilities</title> | ||
| <synopsis>Multiple vulnerabilities have been discovered in WebP, the worst of which could result in remote code execution.</synopsis> | ||
| <product type="ebuild">libwebp</product> | ||
| <announced>2023-09-17</announced> | ||
| <revised count="1">2023-09-17</revised> | ||
| <bug>909369</bug> | ||
| <bug>914010</bug> | ||
| <access>remote</access> | ||
| <affected> | ||
| <package name="media-libs/libwebp" auto="yes" arch="*"> | ||
| <unaffected range="ge">1.3.1_p20230908</unaffected> | ||
| <vulnerable range="lt">1.3.1_p20230908</vulnerable> | ||
| </package> | ||
| </affected> | ||
| <background> | ||
| <p>WebP is an image format employing both lossy and lossless compression.</p> | ||
| </background> | ||
| <description> | ||
| <p>Multiple vulnerabilities have been discovered in WebP. Please review the CVE identifiers referenced below for details.</p> | ||
| </description> | ||
| <impact type="normal"> | ||
| <p>Please review the CVE identifiers referenced below for details.</p> | ||
| </impact> | ||
| <workaround> | ||
| <p>There is no known workaround at this time.</p> | ||
| </workaround> | ||
| <resolution> | ||
| <p>All WebP users should upgrade to the latest version:</p> | ||
|
|
||
| <code> | ||
| # emerge --sync | ||
| # emerge --ask --oneshot --verbose ">=media-libs/libwebp-1.3.1_p20230908" | ||
| </code> | ||
| </resolution> | ||
| <references> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1999">CVE-2023-1999</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4863">CVE-2023-4863</uri> | ||
| </references> | ||
| <metadata tag="requester" timestamp="2023-09-17T05:52:57.540704Z">sam</metadata> | ||
| <metadata tag="submitter" timestamp="2023-09-17T05:52:57.543709Z">sam</metadata> | ||
| </glsa> |
86 changes: 86 additions & 0 deletions
86
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-06.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> | ||
| <glsa id="202309-06"> | ||
| <title>Samba: Multiple Vulnerabilities</title> | ||
| <synopsis>Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution.</synopsis> | ||
| <product type="ebuild">samba</product> | ||
| <announced>2023-09-17</announced> | ||
| <revised count="1">2023-09-17</revised> | ||
| <bug>820566</bug> | ||
| <bug>821688</bug> | ||
| <bug>830983</bug> | ||
| <bug>832433</bug> | ||
| <bug>861512</bug> | ||
| <bug>866225</bug> | ||
| <bug>869122</bug> | ||
| <bug>878273</bug> | ||
| <bug>880437</bug> | ||
| <bug>886153</bug> | ||
| <bug>903621</bug> | ||
| <bug>905320</bug> | ||
| <bug>910334</bug> | ||
| <access>remote</access> | ||
| <affected> | ||
| <package name="net-fs/samba" auto="yes" arch="*"> | ||
| <unaffected range="ge">4.18.4</unaffected> | ||
| <vulnerable range="lt">4.18.4</vulnerable> | ||
| </package> | ||
| </affected> | ||
| <background> | ||
| <p>Samba is a suite of SMB and CIFS client/server programs.</p> | ||
| </background> | ||
| <description> | ||
| <p>Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.</p> | ||
| </description> | ||
| <impact type="high"> | ||
| <p>Please review the referenced CVE identifiers for details.</p> | ||
| </impact> | ||
| <workaround> | ||
| <p>There is no known workaround at this time.</p> | ||
| </workaround> | ||
| <resolution> | ||
| <p>All Samba users should upgrade to the latest version:</p> | ||
|
|
||
| <code> | ||
| # emerge --sync | ||
| # emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.4" | ||
| </code> | ||
| </resolution> | ||
| <references> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2007-4559">CVE-2007-4559</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-2124">CVE-2016-2124</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17049">CVE-2020-17049</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25717">CVE-2020-25717</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25718">CVE-2020-25718</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25719">CVE-2020-25719</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25721">CVE-2020-25721</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25722">CVE-2020-25722</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3670">CVE-2021-3670</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3738">CVE-2021-3738</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20251">CVE-2021-20251</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20316">CVE-2021-20316</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23192">CVE-2021-23192</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44141">CVE-2021-44141</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44142">CVE-2021-44142</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0336">CVE-2022-0336</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1615">CVE-2022-1615</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2031">CVE-2022-2031</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3437">CVE-2022-3437</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3592">CVE-2022-3592</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32742">CVE-2022-32742</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32743">CVE-2022-32743</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32744">CVE-2022-32744</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32745">CVE-2022-32745</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32746">CVE-2022-32746</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37966">CVE-2022-37966</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37967">CVE-2022-37967</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38023">CVE-2022-38023</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42898">CVE-2022-42898</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45141">CVE-2022-45141</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0225">CVE-2023-0225</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0614">CVE-2023-0614</uri> | ||
| <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0922">CVE-2023-0922</uri> | ||
| </references> | ||
| <metadata tag="requester" timestamp="2023-09-17T05:56:23.727556Z">ajak</metadata> | ||
| <metadata tag="submitter" timestamp="2023-09-17T05:56:23.731410Z">sam</metadata> | ||
| </glsa> |
Oops, something went wrong.