[ GLSA 202405-22 ] rsync: Multiple Vulnerabilities
[ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities
[ GLSA 202405-28 ] NVIDIA Drivers: Multiple Vulnerabilities
[ GLSA 202405-27 ] Epiphany: Buffer Overflow
[ GLSA 202405-17 ] glibc: Multiple Vulnerabilities
[ GLSA 202405-26 ] qtsvg: Multiple Vulnerabilities
[ GLSA 202405-25 ] MariaDB: Multiple Vulnerabilities
[ GLSA 202405-24 ] ytnef: Multiple Vulnerabilities
[ GLSA 202405-23 ] U-Boot tools: double free vulnerability
[ GLSA 202405-22 ] rsync: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: rsync: Multiple Vulnerabilities
Date: May 08, 2024
Bugs: #792576, #838724, #862876
ID: 202405-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in rsync, the worst of
which can lead to denial of service or information disclosure.
Background
==========
rsync is a server and client utility that provides fast incremental file
transfers. It is used to efficiently synchronize files between hosts and
is used by emerge to fetch Gentoo's Portage tree.
Affected packages
=================
Package Vulnerable Unaffected
-------------- ------------ -------------
net-misc/rsync < 3.2.5_pre1 >= 3.2.5_pre1
Description
===========
Multiple vulnerabilities have been discovered in rsync. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All rsync users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/rsync-3.2.5_pre1"
References
==========
[ 1 ] CVE-2018-25032
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
[ 2 ] CVE-2020-14387
https://nvd.nist.gov/vuln/detail/CVE-2020-14387
[ 3 ] CVE-2022-29154
https://nvd.nist.gov/vuln/detail/CVE-2022-29154
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-22
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Node.js: Multiple Vulnerabilities
Date: May 08, 2024
Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614
ID: 202405-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Node.js.
Background
==========
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
Affected packages
=================
Package Vulnerable Unaffected
--------------- ------------ ------------
net-libs/nodejs < 16.20.2 >= 16.20.2
Description
===========
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Node.js 20 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"
All Node.js 18 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"
All Node.js 16 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"
References
==========
[ 1 ] CVE-2020-7774
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
[ 2 ] CVE-2021-3672
https://nvd.nist.gov/vuln/detail/CVE-2021-3672
[ 3 ] CVE-2021-22883
https://nvd.nist.gov/vuln/detail/CVE-2021-22883
[ 4 ] CVE-2021-22884
https://nvd.nist.gov/vuln/detail/CVE-2021-22884
[ 5 ] CVE-2021-22918
https://nvd.nist.gov/vuln/detail/CVE-2021-22918
[ 6 ] CVE-2021-22930
https://nvd.nist.gov/vuln/detail/CVE-2021-22930
[ 7 ] CVE-2021-22931
https://nvd.nist.gov/vuln/detail/CVE-2021-22931
[ 8 ] CVE-2021-22939
https://nvd.nist.gov/vuln/detail/CVE-2021-22939
[ 9 ] CVE-2021-22940
https://nvd.nist.gov/vuln/detail/CVE-2021-22940
[ 10 ] CVE-2021-22959
https://nvd.nist.gov/vuln/detail/CVE-2021-22959
[ 11 ] CVE-2021-22960
https://nvd.nist.gov/vuln/detail/CVE-2021-22960
[ 12 ] CVE-2021-37701
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
[ 13 ] CVE-2021-37712
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
[ 14 ] CVE-2021-39134
https://nvd.nist.gov/vuln/detail/CVE-2021-39134
[ 15 ] CVE-2021-39135
https://nvd.nist.gov/vuln/detail/CVE-2021-39135
[ 16 ] CVE-2021-44531
https://nvd.nist.gov/vuln/detail/CVE-2021-44531
[ 17 ] CVE-2021-44532
https://nvd.nist.gov/vuln/detail/CVE-2021-44532
[ 18 ] CVE-2021-44533
https://nvd.nist.gov/vuln/detail/CVE-2021-44533
[ 19 ] CVE-2022-0778
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
[ 20 ] CVE-2022-3602
https://nvd.nist.gov/vuln/detail/CVE-2022-3602
[ 21 ] CVE-2022-3786
https://nvd.nist.gov/vuln/detail/CVE-2022-3786
[ 22 ] CVE-2022-21824
https://nvd.nist.gov/vuln/detail/CVE-2022-21824
[ 23 ] CVE-2022-32212
https://nvd.nist.gov/vuln/detail/CVE-2022-32212
[ 24 ] CVE-2022-32213
https://nvd.nist.gov/vuln/detail/CVE-2022-32213
[ 25 ] CVE-2022-32214
https://nvd.nist.gov/vuln/detail/CVE-2022-32214
[ 26 ] CVE-2022-32215
https://nvd.nist.gov/vuln/detail/CVE-2022-32215
[ 27 ] CVE-2022-32222
https://nvd.nist.gov/vuln/detail/CVE-2022-32222
[ 28 ] CVE-2022-35255
https://nvd.nist.gov/vuln/detail/CVE-2022-35255
[ 29 ] CVE-2022-35256
https://nvd.nist.gov/vuln/detail/CVE-2022-35256
[ 30 ] CVE-2022-35948
https://nvd.nist.gov/vuln/detail/CVE-2022-35948
[ 31 ] CVE-2022-35949
https://nvd.nist.gov/vuln/detail/CVE-2022-35949
[ 32 ] CVE-2022-43548
https://nvd.nist.gov/vuln/detail/CVE-2022-43548
[ 33 ] CVE-2023-30581
https://nvd.nist.gov/vuln/detail/CVE-2023-30581
[ 34 ] CVE-2023-30582
https://nvd.nist.gov/vuln/detail/CVE-2023-30582
[ 35 ] CVE-2023-30583
https://nvd.nist.gov/vuln/detail/CVE-2023-30583
[ 36 ] CVE-2023-30584
https://nvd.nist.gov/vuln/detail/CVE-2023-30584
[ 37 ] CVE-2023-30586
https://nvd.nist.gov/vuln/detail/CVE-2023-30586
[ 38 ] CVE-2023-30587
https://nvd.nist.gov/vuln/detail/CVE-2023-30587
[ 39 ] CVE-2023-30588
https://nvd.nist.gov/vuln/detail/CVE-2023-30588
[ 40 ] CVE-2023-30589
https://nvd.nist.gov/vuln/detail/CVE-2023-30589
[ 41 ] CVE-2023-30590
https://nvd.nist.gov/vuln/detail/CVE-2023-30590
[ 42 ] CVE-2023-32002
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
[ 43 ] CVE-2023-32003
https://nvd.nist.gov/vuln/detail/CVE-2023-32003
[ 44 ] CVE-2023-32004
https://nvd.nist.gov/vuln/detail/CVE-2023-32004
[ 45 ] CVE-2023-32005
https://nvd.nist.gov/vuln/detail/CVE-2023-32005
[ 46 ] CVE-2023-32006
https://nvd.nist.gov/vuln/detail/CVE-2023-32006
[ 47 ] CVE-2023-32558
https://nvd.nist.gov/vuln/detail/CVE-2023-32558
[ 48 ] CVE-2023-32559
https://nvd.nist.gov/vuln/detail/CVE-2023-32559
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-29
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202405-28 ] NVIDIA Drivers: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: NVIDIA Drivers: Multiple Vulnerabilities
Date: May 08, 2024
Bugs: #909226, #916583
ID: 202405-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in NVIDIA Drivers, the
worst of which could result in root privilege escalation.
Background
=========
NVIDIA Drivers are NVIDIA's accelerated graphics driver.
Affected packages
================
Package Vulnerable Unaffected
-------------------------- ------------ -------------
x11-drivers/nvidia-drivers < 470.223.02 >= 470.223.02
Description
==========
Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All NVIDIA Drivers 470 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-470.223.02:0/470"
All NVIDIA Drivers 525 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-525.147.05:0/525"
All NVIDIA Drivers 535 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.129.03:0/535"
References
=========
[ 1 ] CVE-2023-25515
https://nvd.nist.gov/vuln/detail/CVE-2023-25515
[ 2 ] CVE-2023-25516
https://nvd.nist.gov/vuln/detail/CVE-2023-25516
[ 3 ] CVE-2023-31022
https://nvd.nist.gov/vuln/detail/CVE-2023-31022
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-28
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202405-27 ] Epiphany: Buffer Overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Epiphany: Buffer Overflow
Date: May 08, 2024
Bugs: #839786
ID: 202405-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in Epiphany, which can lead to a
buffer overflow.
Background
==========
Epiphany is a GNOME webbrowser based on the Mozilla rendering engine
Gecko.
Affected packages
=================
Package Vulnerable Unaffected
------------------- ------------ ------------
www-client/epiphany < 42.4 >= 42.4
Description
===========
A vulnerability has been discovered in Epiphany. Please review the CVE
identifier referenced below for details.
Impact
======
In GNOME Epiphany an HTML document can trigger a client buffer overflow
(in ephy_string_shorten) via a long page title. The issue occurs because
the number of bytes for a UTF-8 ellipsis character is not properly
considered.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Epiphany users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/epiphany-42.4"
References
==========
[ 1 ] CVE-2022-29536
https://nvd.nist.gov/vuln/detail/CVE-2022-29536
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-27
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202405-17 ] glibc: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: glibc: Multiple Vulnerabilities
Date: May 06, 2024
Bugs: #930177, #930667
ID: 202405-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in glibc, the worst of
which could lead to remote code execution.
Background
==========
glibc is a package that contains the GNU C library.
Affected packages
=================
Package Vulnerable Unaffected
-------------- ------------ ------------
sys-libs/glibc < 2.38-r13 >= 2.38-r13
Description
===========
Multiple vulnerabilities have been discovered in glibc. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All glibc users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.38-r13"
References
==========
[ 1 ] CVE-2024-2961
https://nvd.nist.gov/vuln/detail/CVE-2024-2961
[ 2 ] CVE-2024-33599
https://nvd.nist.gov/vuln/detail/CVE-2024-33599
[ 3 ] CVE-2024-33600
https://nvd.nist.gov/vuln/detail/CVE-2024-33600
[ 4 ] CVE-2024-33601
https://nvd.nist.gov/vuln/detail/CVE-2024-33601
[ 5 ] CVE-2024-33602
https://nvd.nist.gov/vuln/detail/CVE-2024-33602
[ 6 ] GLIBC-SA-2024-0004
[ 7 ] GLIBC-SA-2024-0005
[ 8 ] GLIBC-SA-2024-0006
[ 9 ] GLIBC-SA-2024-0007
[ 10 ] GLIBC-SA-2024-0008
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-17
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202405-26 ] qtsvg: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: qtsvg: Multiple Vulnerabilities
Date: May 08, 2024
Bugs: #830381, #906465
ID: 202405-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in qtsvg, the worst of
which could lead to a denial of service.
Background
==========
qtsvg is a SVG rendering library for the Qt framework.
Affected packages
=================
Package Vulnerable Unaffected
------------ ------------ ------------
dev-qt/qtsvg < 5.15.9-r1 >= 5.15.9-r1
Description
===========
Multiple vulnerabilities have been discovered in qtsvg. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All qtsvg users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtsvg-5.15.9-r1:5"
References
==========
[ 1 ] CVE-2021-45930
https://nvd.nist.gov/vuln/detail/CVE-2021-45930
[ 2 ] CVE-2023-32573
https://nvd.nist.gov/vuln/detail/CVE-2023-32573
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-26
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202405-25 ] MariaDB: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: MariaDB: Multiple Vulnerabilities
Date: May 08, 2024
Bugs: #699874, #822759, #832490, #838244, #847526, #856484, #891781
ID: 202405-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in MariaDB, the worst fo
which can lead to arbitrary execution of code.
Background
==========
MariaDB is an enhanced, drop-in replacement for MySQL.
Affected packages
=================
Package Vulnerable Unaffected
-------------- --------------- ----------------
dev-db/mariadb < 10.11.3:10.11 >= 10.11.3:10.11
< 10.11.3:10.6 >= 10.6.13:10.6
< 10.11.3 >= 10.6.13
Description
===========
Multiple vulnerabilities have been discovered in MariaDB. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All MariaDB 10.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.6"
All MariaDB 10.11 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.11"
References
==========
[ 1 ] CVE-2019-2938
https://nvd.nist.gov/vuln/detail/CVE-2019-2938
[ 2 ] CVE-2019-2974
https://nvd.nist.gov/vuln/detail/CVE-2019-2974
[ 3 ] CVE-2021-46661
https://nvd.nist.gov/vuln/detail/CVE-2021-46661
[ 4 ] CVE-2021-46662
https://nvd.nist.gov/vuln/detail/CVE-2021-46662
[ 5 ] CVE-2021-46663
https://nvd.nist.gov/vuln/detail/CVE-2021-46663
[ 6 ] CVE-2021-46664
https://nvd.nist.gov/vuln/detail/CVE-2021-46664
[ 7 ] CVE-2021-46665
https://nvd.nist.gov/vuln/detail/CVE-2021-46665
[ 8 ] CVE-2021-46666
https://nvd.nist.gov/vuln/detail/CVE-2021-46666
[ 9 ] CVE-2021-46667
https://nvd.nist.gov/vuln/detail/CVE-2021-46667
[ 10 ] CVE-2021-46668
https://nvd.nist.gov/vuln/detail/CVE-2021-46668
[ 11 ] CVE-2021-46669
https://nvd.nist.gov/vuln/detail/CVE-2021-46669
[ 12 ] CVE-2022-24048
https://nvd.nist.gov/vuln/detail/CVE-2022-24048
[ 13 ] CVE-2022-24050
https://nvd.nist.gov/vuln/detail/CVE-2022-24050
[ 14 ] CVE-2022-24051
https://nvd.nist.gov/vuln/detail/CVE-2022-24051
[ 15 ] CVE-2022-24052
https://nvd.nist.gov/vuln/detail/CVE-2022-24052
[ 16 ] CVE-2022-27376
https://nvd.nist.gov/vuln/detail/CVE-2022-27376
[ 17 ] CVE-2022-27377
https://nvd.nist.gov/vuln/detail/CVE-2022-27377
[ 18 ] CVE-2022-27378
https://nvd.nist.gov/vuln/detail/CVE-2022-27378
[ 19 ] CVE-2022-27379
https://nvd.nist.gov/vuln/detail/CVE-2022-27379
[ 20 ] CVE-2022-27380
https://nvd.nist.gov/vuln/detail/CVE-2022-27380
[ 21 ] CVE-2022-27381
https://nvd.nist.gov/vuln/detail/CVE-2022-27381
[ 22 ] CVE-2022-27382
https://nvd.nist.gov/vuln/detail/CVE-2022-27382
[ 23 ] CVE-2022-27383
https://nvd.nist.gov/vuln/detail/CVE-2022-27383
[ 24 ] CVE-2022-27384
https://nvd.nist.gov/vuln/detail/CVE-2022-27384
[ 25 ] CVE-2022-27385
https://nvd.nist.gov/vuln/detail/CVE-2022-27385
[ 26 ] CVE-2022-27386
https://nvd.nist.gov/vuln/detail/CVE-2022-27386
[ 27 ] CVE-2022-27444
https://nvd.nist.gov/vuln/detail/CVE-2022-27444
[ 28 ] CVE-2022-27445
https://nvd.nist.gov/vuln/detail/CVE-2022-27445
[ 29 ] CVE-2022-27446
https://nvd.nist.gov/vuln/detail/CVE-2022-27446
[ 30 ] CVE-2022-27447
https://nvd.nist.gov/vuln/detail/CVE-2022-27447
[ 31 ] CVE-2022-27448
https://nvd.nist.gov/vuln/detail/CVE-2022-27448
[ 32 ] CVE-2022-27449
https://nvd.nist.gov/vuln/detail/CVE-2022-27449
[ 33 ] CVE-2022-27451
https://nvd.nist.gov/vuln/detail/CVE-2022-27451
[ 34 ] CVE-2022-27452
https://nvd.nist.gov/vuln/detail/CVE-2022-27452
[ 35 ] CVE-2022-27455
https://nvd.nist.gov/vuln/detail/CVE-2022-27455
[ 36 ] CVE-2022-27456
https://nvd.nist.gov/vuln/detail/CVE-2022-27456
[ 37 ] CVE-2022-27457
https://nvd.nist.gov/vuln/detail/CVE-2022-27457
[ 38 ] CVE-2022-27458
https://nvd.nist.gov/vuln/detail/CVE-2022-27458
[ 39 ] CVE-2022-31621
https://nvd.nist.gov/vuln/detail/CVE-2022-31621
[ 40 ] CVE-2022-31622
https://nvd.nist.gov/vuln/detail/CVE-2022-31622
[ 41 ] CVE-2022-31623
https://nvd.nist.gov/vuln/detail/CVE-2022-31623
[ 42 ] CVE-2022-31624
https://nvd.nist.gov/vuln/detail/CVE-2022-31624
[ 43 ] CVE-2022-32081
https://nvd.nist.gov/vuln/detail/CVE-2022-32081
[ 44 ] CVE-2022-32082
https://nvd.nist.gov/vuln/detail/CVE-2022-32082
[ 45 ] CVE-2022-32083
https://nvd.nist.gov/vuln/detail/CVE-2022-32083
[ 46 ] CVE-2022-32084
https://nvd.nist.gov/vuln/detail/CVE-2022-32084
[ 47 ] CVE-2022-32085
https://nvd.nist.gov/vuln/detail/CVE-2022-32085
[ 48 ] CVE-2022-32086
https://nvd.nist.gov/vuln/detail/CVE-2022-32086
[ 49 ] CVE-2022-32088
https://nvd.nist.gov/vuln/detail/CVE-2022-32088
[ 50 ] CVE-2022-32089
https://nvd.nist.gov/vuln/detail/CVE-2022-32089
[ 51 ] CVE-2022-32091
https://nvd.nist.gov/vuln/detail/CVE-2022-32091
[ 52 ] CVE-2022-38791
https://nvd.nist.gov/vuln/detail/CVE-2022-38791
[ 53 ] CVE-2022-47015
https://nvd.nist.gov/vuln/detail/CVE-2022-47015
[ 54 ] CVE-2023-5157
https://nvd.nist.gov/vuln/detail/CVE-2023-5157
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-25
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202405-24 ] ytnef: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ytnef: Multiple Vulnerabilities
Date: May 08, 2024
Bugs: #774255
ID: 202405-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in ytnef, the worst of
which could potentially lead to remote code execution.
Background
==========
ytnef is a TNEF stream reader for reading winmail.dat files.
Affected packages
=================
Package Vulnerable Unaffected
-------------- ------------ ------------
net-mail/ytnef < 2.0 >= 2.0
Description
===========
The TNEFSubjectHandler function in lib/ytnef.c allows remote attackers
to cause a denial-of-service (and potentially code execution) due to a
double free which can be triggered via a crafted file.
The SwapWord function in lib/ytnef.c allows remote attackers to cause a
denial-of-service (and potentially code execution) due to a heap buffer
overflow which can be triggered via a crafted file.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All ytnef users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/ytnef-2.0"
References
==========
[ 1 ] CVE-2021-3403
https://nvd.nist.gov/vuln/detail/CVE-2021-3403
[ 2 ] CVE-2021-3404
https://nvd.nist.gov/vuln/detail/CVE-2021-3404
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-24
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202405-23 ] U-Boot tools: double free vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202405-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: U-Boot tools: double free vulnerability
Date: May 08, 2024
Bugs: #717000
ID: 202405-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in U-Boot tools which can lead to
execution of arbitary code.
Background
==========
U-Boot tools provides utiiities for working with Das U-Boot.
Affected packages
=================
Package Vulnerable Unaffected
------------------------- ------------ ------------
dev-embedded/u-boot-tools < 2020.04 >= 2020.04
Description
===========
A vulnerability has been discovered in U-Boot tools. Please review the
CVE identifier referenced below for details.
Impact
======
In Das U-Boot a double free has been found in the cmd/gpt.c
do_rename_gpt_parts() function. Double freeing may result in a write-
what-where condition, allowing an attacker to execute arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All U-Boot tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-embedded/u-boot-tools-2020.04"
References
==========
[ 1 ] CVE-2020-8432
https://nvd.nist.gov/vuln/detail/CVE-2020-8432
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-23
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
