Gentoo 2477 Published by

The following security updates are available for Gentoo Linux:

[ GLSA 202401-31 ] containerd: Multiple Vulnerabilities
[ GLSA 202401-30 ] X.Org X Server, XWayland: Multiple Vulnerabilities
[ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
[ GLSA 202401-33 ] WebKitGTK+: Multiple Vulnerabilities
[ GLSA 202401-32 ] libaom: Multiple Vulnerabilities




[ GLSA 202401-31 ] containerd: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202401-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: containerd: Multiple Vulnerabilities
Date: January 31, 2024
Bugs: #802948, #816315, #834689, #835917, #850124, #884803
ID: 202401-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in containerd, the worst of
which could result in privilege escalation.

Background
==========

containerd is a daemon with an API and a command line client, to manage
containers on one machine. It uses runC to run containers according to
the OCI specification.

Affected packages
=================

Package Vulnerable Unaffected
------------------------- ------------ ------------
app-containers/containerd < 1.6.14 >= 1.6.14

Description
===========

Multiple vulnerabilities have been discovered in containerd. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All containerd users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-containers/containerd-1.6.14"

References
==========

[ 1 ] CVE-2021-32760
https://nvd.nist.gov/vuln/detail/CVE-2021-32760
[ 2 ] CVE-2021-41103
https://nvd.nist.gov/vuln/detail/CVE-2021-41103
[ 3 ] CVE-2022-23471
https://nvd.nist.gov/vuln/detail/CVE-2022-23471
[ 4 ] CVE-2022-23648
https://nvd.nist.gov/vuln/detail/CVE-2022-23648
[ 5 ] CVE-2022-24769
https://nvd.nist.gov/vuln/detail/CVE-2022-24769
[ 6 ] CVE-2022-31030
https://nvd.nist.gov/vuln/detail/CVE-2022-31030

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202401-31

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202401-30 ] X.Org X Server, XWayland: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: X.Org X Server, XWayland: Multiple Vulnerabilities
Date: January 31, 2024
Bugs: #916254, #919803, #922395
ID: 202401-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been discovered in the Xorg Server and
XWayland, the worst of which can result in privilege escalation or
remote code execution.

Background
=========
The X Window System is a graphical windowing system based on a
client/server model.

Affected packages
================
Package Vulnerable Unaffected
-------------------- ------------ ------------
x11-base/xorg-server < 21.1.11 >= 21.1.11
x11-base/xwayland < 23.2.4 >= 23.2.4

Description
==========
Multiple vulnerabilities have been discovered in X.Org X Server and
XWayland. Please review the CVE identifiers referenced below for
details.

Impact
=====
The X server can be crashed by a malicious client, or potentially be
compromised for remote code execution in environments with X11
forwarding.

Workaround
=========
Users can ensure no untrusted clients can access the running X
implementation.

Resolution
=========
All X.Org X Server users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.11"

All XWayland users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.2.4"

References
=========
[ 1 ] CVE-2023-5367
https://nvd.nist.gov/vuln/detail/CVE-2023-5367
[ 2 ] CVE-2023-5380
https://nvd.nist.gov/vuln/detail/CVE-2023-5380
[ 3 ] CVE-2023-6377
https://nvd.nist.gov/vuln/detail/CVE-2023-6377
[ 4 ] CVE-2023-6478
https://nvd.nist.gov/vuln/detail/CVE-2023-6478
[ 5 ] CVE-2023-6816
https://nvd.nist.gov/vuln/detail/CVE-2023-6816
[ 6 ] CVE-2024-0229
https://nvd.nist.gov/vuln/detail/CVE-2024-0229
[ 7 ] CVE-2024-0408
https://nvd.nist.gov/vuln/detail/CVE-2024-0408
[ 8 ] CVE-2024-0409
https://nvd.nist.gov/vuln/detail/CVE-2024-0409
[ 9 ] CVE-2024-21885
https://nvd.nist.gov/vuln/detail/CVE-2024-21885
[ 10 ] CVE-2024-21886
https://nvd.nist.gov/vuln/detail/CVE-2024-21886

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202401-30

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202401-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: January 31, 2024
Bugs: #907999, #908471, #909283, #910522, #911675, #912364, #913016, #913710, #914350, #914871, #915137, #915560, #915961, #916252, #916620, #917021, #917357, #918882, #919321, #919802, #920442, #921337
ID: 202401-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives, the worst of which can lead to remote code execution.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages
=================

Package Vulnerable Unaffected
------------------------- ---------------- -----------------
www-client/chromium < 120.0.6099.109 >= 120.0.6099.109
www-client/google-chrome < 120.0.6099.109 >= 120.0.6099.109
www-client/microsoft-edge < 120.0.2210.133 >= 120.0.2210.133

Description
===========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Google Chrome users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-120.0.6099.109"

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-120.0.6099.109"

All Microsoft Edge users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.133"

References
==========

[ 1 ] CVE-2023-2312
https://nvd.nist.gov/vuln/detail/CVE-2023-2312
[ 2 ] CVE-2023-2929
https://nvd.nist.gov/vuln/detail/CVE-2023-2929
[ 3 ] CVE-2023-2930
https://nvd.nist.gov/vuln/detail/CVE-2023-2930
[ 4 ] CVE-2023-2931
https://nvd.nist.gov/vuln/detail/CVE-2023-2931
[ 5 ] CVE-2023-2932
https://nvd.nist.gov/vuln/detail/CVE-2023-2932
[ 6 ] CVE-2023-2933
https://nvd.nist.gov/vuln/detail/CVE-2023-2933
[ 7 ] CVE-2023-2934
https://nvd.nist.gov/vuln/detail/CVE-2023-2934
[ 8 ] CVE-2023-2935
https://nvd.nist.gov/vuln/detail/CVE-2023-2935
[ 9 ] CVE-2023-2936
https://nvd.nist.gov/vuln/detail/CVE-2023-2936
[ 10 ] CVE-2023-2937
https://nvd.nist.gov/vuln/detail/CVE-2023-2937
[ 11 ] CVE-2023-2938
https://nvd.nist.gov/vuln/detail/CVE-2023-2938
[ 12 ] CVE-2023-2939
https://nvd.nist.gov/vuln/detail/CVE-2023-2939
[ 13 ] CVE-2023-2940
https://nvd.nist.gov/vuln/detail/CVE-2023-2940
[ 14 ] CVE-2023-2941
https://nvd.nist.gov/vuln/detail/CVE-2023-2941
[ 15 ] CVE-2023-3079
https://nvd.nist.gov/vuln/detail/CVE-2023-3079
[ 16 ] CVE-2023-3214
https://nvd.nist.gov/vuln/detail/CVE-2023-3214
[ 17 ] CVE-2023-3215
https://nvd.nist.gov/vuln/detail/CVE-2023-3215
[ 18 ] CVE-2023-3216
https://nvd.nist.gov/vuln/detail/CVE-2023-3216
[ 19 ] CVE-2023-3217
https://nvd.nist.gov/vuln/detail/CVE-2023-3217
[ 20 ] CVE-2023-3420
https://nvd.nist.gov/vuln/detail/CVE-2023-3420
[ 21 ] CVE-2023-3421
https://nvd.nist.gov/vuln/detail/CVE-2023-3421
[ 22 ] CVE-2023-3422
https://nvd.nist.gov/vuln/detail/CVE-2023-3422
[ 23 ] CVE-2023-3727
https://nvd.nist.gov/vuln/detail/CVE-2023-3727
[ 24 ] CVE-2023-3728
https://nvd.nist.gov/vuln/detail/CVE-2023-3728
[ 25 ] CVE-2023-3730
https://nvd.nist.gov/vuln/detail/CVE-2023-3730
[ 26 ] CVE-2023-3732
https://nvd.nist.gov/vuln/detail/CVE-2023-3732
[ 27 ] CVE-2023-3733
https://nvd.nist.gov/vuln/detail/CVE-2023-3733
[ 28 ] CVE-2023-3734
https://nvd.nist.gov/vuln/detail/CVE-2023-3734
[ 29 ] CVE-2023-3735
https://nvd.nist.gov/vuln/detail/CVE-2023-3735
[ 30 ] CVE-2023-3736
https://nvd.nist.gov/vuln/detail/CVE-2023-3736
[ 31 ] CVE-2023-3737
https://nvd.nist.gov/vuln/detail/CVE-2023-3737
[ 32 ] CVE-2023-3738
https://nvd.nist.gov/vuln/detail/CVE-2023-3738
[ 33 ] CVE-2023-3740
https://nvd.nist.gov/vuln/detail/CVE-2023-3740
[ 34 ] CVE-2023-4068
https://nvd.nist.gov/vuln/detail/CVE-2023-4068
[ 35 ] CVE-2023-4069
https://nvd.nist.gov/vuln/detail/CVE-2023-4069
[ 36 ] CVE-2023-4070
https://nvd.nist.gov/vuln/detail/CVE-2023-4070
[ 37 ] CVE-2023-4071
https://nvd.nist.gov/vuln/detail/CVE-2023-4071
[ 38 ] CVE-2023-4072
https://nvd.nist.gov/vuln/detail/CVE-2023-4072
[ 39 ] CVE-2023-4073
https://nvd.nist.gov/vuln/detail/CVE-2023-4073
[ 40 ] CVE-2023-4074
https://nvd.nist.gov/vuln/detail/CVE-2023-4074
[ 41 ] CVE-2023-4075
https://nvd.nist.gov/vuln/detail/CVE-2023-4075
[ 42 ] CVE-2023-4076
https://nvd.nist.gov/vuln/detail/CVE-2023-4076
[ 43 ] CVE-2023-4077
https://nvd.nist.gov/vuln/detail/CVE-2023-4077
[ 44 ] CVE-2023-4078
https://nvd.nist.gov/vuln/detail/CVE-2023-4078
[ 45 ] CVE-2023-4349
https://nvd.nist.gov/vuln/detail/CVE-2023-4349
[ 46 ] CVE-2023-4350
https://nvd.nist.gov/vuln/detail/CVE-2023-4350
[ 47 ] CVE-2023-4351
https://nvd.nist.gov/vuln/detail/CVE-2023-4351
[ 48 ] CVE-2023-4352
https://nvd.nist.gov/vuln/detail/CVE-2023-4352
[ 49 ] CVE-2023-4353
https://nvd.nist.gov/vuln/detail/CVE-2023-4353
[ 50 ] CVE-2023-4354
https://nvd.nist.gov/vuln/detail/CVE-2023-4354
[ 51 ] CVE-2023-4355
https://nvd.nist.gov/vuln/detail/CVE-2023-4355
[ 52 ] CVE-2023-4356
https://nvd.nist.gov/vuln/detail/CVE-2023-4356
[ 53 ] CVE-2023-4357
https://nvd.nist.gov/vuln/detail/CVE-2023-4357
[ 54 ] CVE-2023-4358
https://nvd.nist.gov/vuln/detail/CVE-2023-4358
[ 55 ] CVE-2023-4359
https://nvd.nist.gov/vuln/detail/CVE-2023-4359
[ 56 ] CVE-2023-4360
https://nvd.nist.gov/vuln/detail/CVE-2023-4360
[ 57 ] CVE-2023-4361
https://nvd.nist.gov/vuln/detail/CVE-2023-4361
[ 58 ] CVE-2023-4362
https://nvd.nist.gov/vuln/detail/CVE-2023-4362
[ 59 ] CVE-2023-4363
https://nvd.nist.gov/vuln/detail/CVE-2023-4363
[ 60 ] CVE-2023-4364
https://nvd.nist.gov/vuln/detail/CVE-2023-4364
[ 61 ] CVE-2023-4365
https://nvd.nist.gov/vuln/detail/CVE-2023-4365
[ 62 ] CVE-2023-4366
https://nvd.nist.gov/vuln/detail/CVE-2023-4366
[ 63 ] CVE-2023-4367
https://nvd.nist.gov/vuln/detail/CVE-2023-4367
[ 64 ] CVE-2023-4368
https://nvd.nist.gov/vuln/detail/CVE-2023-4368
[ 65 ] CVE-2023-4427
https://nvd.nist.gov/vuln/detail/CVE-2023-4427
[ 66 ] CVE-2023-4428
https://nvd.nist.gov/vuln/detail/CVE-2023-4428
[ 67 ] CVE-2023-4429
https://nvd.nist.gov/vuln/detail/CVE-2023-4429
[ 68 ] CVE-2023-4430
https://nvd.nist.gov/vuln/detail/CVE-2023-4430
[ 69 ] CVE-2023-4431
https://nvd.nist.gov/vuln/detail/CVE-2023-4431
[ 70 ] CVE-2023-4572
https://nvd.nist.gov/vuln/detail/CVE-2023-4572
[ 71 ] CVE-2023-4761
https://nvd.nist.gov/vuln/detail/CVE-2023-4761
[ 72 ] CVE-2023-4762
https://nvd.nist.gov/vuln/detail/CVE-2023-4762
[ 73 ] CVE-2023-4763
https://nvd.nist.gov/vuln/detail/CVE-2023-4763
[ 74 ] CVE-2023-4764
https://nvd.nist.gov/vuln/detail/CVE-2023-4764
[ 75 ] CVE-2023-4900
https://nvd.nist.gov/vuln/detail/CVE-2023-4900
[ 76 ] CVE-2023-4901
https://nvd.nist.gov/vuln/detail/CVE-2023-4901
[ 77 ] CVE-2023-4902
https://nvd.nist.gov/vuln/detail/CVE-2023-4902
[ 78 ] CVE-2023-4903
https://nvd.nist.gov/vuln/detail/CVE-2023-4903
[ 79 ] CVE-2023-4904
https://nvd.nist.gov/vuln/detail/CVE-2023-4904
[ 80 ] CVE-2023-4905
https://nvd.nist.gov/vuln/detail/CVE-2023-4905
[ 81 ] CVE-2023-4906
https://nvd.nist.gov/vuln/detail/CVE-2023-4906
[ 82 ] CVE-2023-4907
https://nvd.nist.gov/vuln/detail/CVE-2023-4907
[ 83 ] CVE-2023-4908
https://nvd.nist.gov/vuln/detail/CVE-2023-4908
[ 84 ] CVE-2023-4909
https://nvd.nist.gov/vuln/detail/CVE-2023-4909
[ 85 ] CVE-2023-5186
https://nvd.nist.gov/vuln/detail/CVE-2023-5186
[ 86 ] CVE-2023-5187
https://nvd.nist.gov/vuln/detail/CVE-2023-5187
[ 87 ] CVE-2023-5217
https://nvd.nist.gov/vuln/detail/CVE-2023-5217
[ 88 ] CVE-2023-5218
https://nvd.nist.gov/vuln/detail/CVE-2023-5218
[ 89 ] CVE-2023-5346
https://nvd.nist.gov/vuln/detail/CVE-2023-5346
[ 90 ] CVE-2023-5472
https://nvd.nist.gov/vuln/detail/CVE-2023-5472
[ 91 ] CVE-2023-5473
https://nvd.nist.gov/vuln/detail/CVE-2023-5473
[ 92 ] CVE-2023-5474
https://nvd.nist.gov/vuln/detail/CVE-2023-5474
[ 93 ] CVE-2023-5475
https://nvd.nist.gov/vuln/detail/CVE-2023-5475
[ 94 ] CVE-2023-5476
https://nvd.nist.gov/vuln/detail/CVE-2023-5476
[ 95 ] CVE-2023-5477
https://nvd.nist.gov/vuln/detail/CVE-2023-5477
[ 96 ] CVE-2023-5478
https://nvd.nist.gov/vuln/detail/CVE-2023-5478
[ 97 ] CVE-2023-5479
https://nvd.nist.gov/vuln/detail/CVE-2023-5479
[ 98 ] CVE-2023-5480
https://nvd.nist.gov/vuln/detail/CVE-2023-5480
[ 99 ] CVE-2023-5481
https://nvd.nist.gov/vuln/detail/CVE-2023-5481
[ 100 ] CVE-2023-5482
https://nvd.nist.gov/vuln/detail/CVE-2023-5482
[ 101 ] CVE-2023-5483
https://nvd.nist.gov/vuln/detail/CVE-2023-5483
[ 102 ] CVE-2023-5484
https://nvd.nist.gov/vuln/detail/CVE-2023-5484
[ 103 ] CVE-2023-5485
https://nvd.nist.gov/vuln/detail/CVE-2023-5485
[ 104 ] CVE-2023-5486
https://nvd.nist.gov/vuln/detail/CVE-2023-5486
[ 105 ] CVE-2023-5487
https://nvd.nist.gov/vuln/detail/CVE-2023-5487
[ 106 ] CVE-2023-5849
https://nvd.nist.gov/vuln/detail/CVE-2023-5849
[ 107 ] CVE-2023-5850
https://nvd.nist.gov/vuln/detail/CVE-2023-5850
[ 108 ] CVE-2023-5851
https://nvd.nist.gov/vuln/detail/CVE-2023-5851
[ 109 ] CVE-2023-5852
https://nvd.nist.gov/vuln/detail/CVE-2023-5852
[ 110 ] CVE-2023-5853
https://nvd.nist.gov/vuln/detail/CVE-2023-5853
[ 111 ] CVE-2023-5854
https://nvd.nist.gov/vuln/detail/CVE-2023-5854
[ 112 ] CVE-2023-5855
https://nvd.nist.gov/vuln/detail/CVE-2023-5855
[ 113 ] CVE-2023-5856
https://nvd.nist.gov/vuln/detail/CVE-2023-5856
[ 114 ] CVE-2023-5857
https://nvd.nist.gov/vuln/detail/CVE-2023-5857
[ 115 ] CVE-2023-5858
https://nvd.nist.gov/vuln/detail/CVE-2023-5858
[ 116 ] CVE-2023-5859
https://nvd.nist.gov/vuln/detail/CVE-2023-5859
[ 117 ] CVE-2023-5996
https://nvd.nist.gov/vuln/detail/CVE-2023-5996
[ 118 ] CVE-2023-5997
https://nvd.nist.gov/vuln/detail/CVE-2023-5997
[ 119 ] CVE-2023-6112
https://nvd.nist.gov/vuln/detail/CVE-2023-6112
[ 120 ] CVE-2023-6345
https://nvd.nist.gov/vuln/detail/CVE-2023-6345
[ 121 ] CVE-2023-6346
https://nvd.nist.gov/vuln/detail/CVE-2023-6346
[ 122 ] CVE-2023-6347
https://nvd.nist.gov/vuln/detail/CVE-2023-6347
[ 123 ] CVE-2023-6348
https://nvd.nist.gov/vuln/detail/CVE-2023-6348
[ 124 ] CVE-2023-6350
https://nvd.nist.gov/vuln/detail/CVE-2023-6350
[ 125 ] CVE-2023-6351
https://nvd.nist.gov/vuln/detail/CVE-2023-6351
[ 126 ] CVE-2023-6508
https://nvd.nist.gov/vuln/detail/CVE-2023-6508
[ 127 ] CVE-2023-6509
https://nvd.nist.gov/vuln/detail/CVE-2023-6509
[ 128 ] CVE-2023-6510
https://nvd.nist.gov/vuln/detail/CVE-2023-6510
[ 129 ] CVE-2023-6511
https://nvd.nist.gov/vuln/detail/CVE-2023-6511
[ 130 ] CVE-2023-6512
https://nvd.nist.gov/vuln/detail/CVE-2023-6512
[ 131 ] CVE-2023-6702
https://nvd.nist.gov/vuln/detail/CVE-2023-6702
[ 132 ] CVE-2023-6703
https://nvd.nist.gov/vuln/detail/CVE-2023-6703
[ 133 ] CVE-2023-6704
https://nvd.nist.gov/vuln/detail/CVE-2023-6704
[ 134 ] CVE-2023-6705
https://nvd.nist.gov/vuln/detail/CVE-2023-6705
[ 135 ] CVE-2023-6706
https://nvd.nist.gov/vuln/detail/CVE-2023-6706
[ 136 ] CVE-2023-6707
https://nvd.nist.gov/vuln/detail/CVE-2023-6707
[ 137 ] CVE-2023-7024
https://nvd.nist.gov/vuln/detail/CVE-2023-7024
[ 138 ] CVE-2024-0222
https://nvd.nist.gov/vuln/detail/CVE-2024-0222
[ 139 ] CVE-2024-0223
https://nvd.nist.gov/vuln/detail/CVE-2024-0223
[ 140 ] CVE-2024-0224
https://nvd.nist.gov/vuln/detail/CVE-2024-0224
[ 141 ] CVE-2024-0225
https://nvd.nist.gov/vuln/detail/CVE-2024-0225

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202401-34

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202401-33 ] WebKitGTK+: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202401-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: WebKitGTK+: Multiple Vulnerabilities
Date: January 31, 2024
Bugs: #915222, #918667
ID: 202401-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may lead to remote code execution.

Background
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.

Affected packages
=================

Package Vulnerable Unaffected
------------------- ------------ -------------
net-libs/webkit-gtk < 2.42.2:4 >= 2.42.2:4
< 2.42.2:4.1 >= 2.42.2:4.1
< 2.42.2:6 >= 2.42.2:6

Description
===========

Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All WebKitGTK+ users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.2"

References
==========

[ 1 ] CVE-2023-32359
https://nvd.nist.gov/vuln/detail/CVE-2023-32359
[ 2 ] CVE-2023-35074
https://nvd.nist.gov/vuln/detail/CVE-2023-35074
[ 3 ] CVE-2023-39434
https://nvd.nist.gov/vuln/detail/CVE-2023-39434
[ 4 ] CVE-2023-39928
https://nvd.nist.gov/vuln/detail/CVE-2023-39928
[ 5 ] CVE-2023-40451
https://nvd.nist.gov/vuln/detail/CVE-2023-40451
[ 6 ] CVE-2023-41074
https://nvd.nist.gov/vuln/detail/CVE-2023-41074
[ 7 ] CVE-2023-41983
https://nvd.nist.gov/vuln/detail/CVE-2023-41983
[ 8 ] CVE-2023-41993
https://nvd.nist.gov/vuln/detail/CVE-2023-41993
[ 9 ] CVE-2023-42852
https://nvd.nist.gov/vuln/detail/CVE-2023-42852
[ 10 ] CVE-2023-42890
https://nvd.nist.gov/vuln/detail/CVE-2023-42890
[ 11 ] WSA-2023-0009
https://webkitgtk.org/security/WSA-2023-0009.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202401-33

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202401-32 ] libaom: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202401-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: libaom: Multiple Vulnerabilities
Date: January 31, 2024
Bugs: #793932, #798126, #828112
ID: 202401-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in libaom, the worst of
which can lead to remote code execution.

Background
==========

libaom is the Alliance for Open Media's AV1 Codec SDK.

Affected packages
=================

Package Vulnerable Unaffected
----------------- ------------ ------------
media-libs/libaom < 3.2.0 >= 3.2.0

Description
===========

Multiple vulnerabilities have been discovered in libaom. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All libaom users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libaom-3.2.0"

References
==========

[ 1 ] CVE-2020-36129
https://nvd.nist.gov/vuln/detail/CVE-2020-36129
[ 2 ] CVE-2020-36130
https://nvd.nist.gov/vuln/detail/CVE-2020-36130
[ 3 ] CVE-2020-36131
https://nvd.nist.gov/vuln/detail/CVE-2020-36131
[ 4 ] CVE-2020-36133
https://nvd.nist.gov/vuln/detail/CVE-2020-36133
[ 5 ] CVE-2020-36134
https://nvd.nist.gov/vuln/detail/CVE-2020-36134
[ 6 ] CVE-2020-36135
https://nvd.nist.gov/vuln/detail/CVE-2020-36135
[ 7 ] CVE-2021-30473
https://nvd.nist.gov/vuln/detail/CVE-2021-30473
[ 8 ] CVE-2021-30474
https://nvd.nist.gov/vuln/detail/CVE-2021-30474
[ 9 ] CVE-2021-30475
https://nvd.nist.gov/vuln/detail/CVE-2021-30475

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202401-32

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5