Gentoo Linux Security Advisory 202208-31 - Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution. Versions less than 1.16.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-31  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #766336, #785652, #785655, #785658, #785661, #835368, #843770, #765163  
       ID: 202208-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in GStreamer and its plugins,  
the worst of which could result in arbitrary code execution.

Background  
=========  
GStreamer is an open source multimedia framework.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/gst-plugins-bad < 1.16.3                    >= 1.16.3  
  2  media-libs/gst-plugins-base< 1.18.4                    >= 1.18.4  
  3  media-libs/gst-plugins-good< 1.18.4                    >= 1.18.4  
  4  media-libs/gst-plugins-ugly< 1.18.4                    >= 1.18.4  
  5  media-libs/gstreamer       < 1.20.2                    >= 1.20.2  
  6  media-plugins/gst-plugins-libav< 1.18.4                >= 1.18.4

Description  
==========  
Multiple vulnerabilities have been found in GStreamer and its plugins.  
Please review the CVE and GStreamer-SA identifiers referenced below for  
details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GStreamer users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.20.2"

All gst-plugins-bad users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-bad-1.20.2"

All gst-plugins-good users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-good-1.20.2"

All gst-plugins-ugly users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-ugly-1.20.2"

All gst-plugins-base users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-base-1.20.2"

All gst-plugins-libav users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-libav-1.20.2"

References  
=========  
[ 1 ] CVE-2021-3185  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3185  
[ 2 ] CVE-2021-3497  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3497  
[ 3 ] CVE-2021-3498  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3498  
[ 4 ] CVE-2021-3522  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3522  
[ 5 ] GStreamer-SA-2021-0001  
[ 6 ] GStreamer-SA-2021-0002  
[ 7 ] GStreamer-SA-2021-0004  
[ 8 ] GStreamer-SA-2021-0005

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-31

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-31

Gentoo Linux Security Advisory 202208-30 - Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service. Versions less than 2.38 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-30  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: GNU Binutils: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #778545, #792342, #829304  
       ID: 202208-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Binutils, the worst of  
which could result in denial of service.

Background  
=========  
The GNU Binutils are a collection of tools to create, modify and analyse  
binary files. Many of the files use BFD, the Binary File Descriptor  
library, to do low-level manipulation.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  sys-devel/binutils         < 2.38                        >= 2.38  
  2  sys-libs/binutils-libs     < 2.38                        >= 2.38

Description  
==========  
Multiple vulnerabilities have been discovered in GNU Binutils. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Binutils users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.38"

All Binutils library users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-libs/binutils-libs-2.38"

References  
=========  
[ 1 ] CVE-2021-3487  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3487  
[ 2 ] CVE-2021-3530  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3530  
[ 3 ] CVE-2021-3549  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3549  
[ 4 ] CVE-2021-20197  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20197  
[ 5 ] CVE-2021-20284  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20284  
[ 6 ] CVE-2021-20294  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20294  
[ 7 ] CVE-2021-45078  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45078

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-30

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-30

Gentoo Linux Security Advisory 202208-29 - Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service. Versions less than 1.13.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-29  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Nokogiri: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #846623, #837902, #762685  
       ID: 202208-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Nokogiri, the worst of  
which could result in denial of service.

Background  
=========  
Nokogiri is an HTML, XML, SAX, and Reader parser.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-ruby/nokogiri          < 1.13.6                    >= 1.13.6

Description  
==========  
Multiple vulnerabilities have been discovered in Nokogiri. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Nokogiri users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-ruby/nokogiri-1.13.6"

References  
=========  
[ 1 ] CVE-2020-26247  
      https://nvd.nist.gov/vuln/detail/CVE-2020-26247  
[ 2 ] CVE-2022-24836  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24836  
[ 3 ] CVE-2022-29181  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29181

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-29

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-29

Gentoo Linux Security Advisory 202208-28 - Multiple vulnerabilities have been discovered in Puma, the worst of which could result in denial of service. Versions less than 5.6.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Puma: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #794034, #817893, #833155, #836431  
       ID: 202208-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Puma, the worst of  
which could result in denial of service.

Background  
=========  
Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server  
for Ruby/Rack.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-servers/puma           < 5.6.4                      >= 5.6.4

Description  
==========  
Multiple vulnerabilities have been discovered in Puma. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Puma users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/puma-5.6.4"

References  
=========  
[ 1 ] CVE-2021-29509  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29509  
[ 2 ] CVE-2021-41136  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41136  
[ 3 ] CVE-2022-23634  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23634  
[ 4 ] CVE-2022-24790  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24790

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-28

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-28

Gentoo Linux Security Advisory 202208-26 - Multiple vulnerabilities have been discovered in libarchive, the worst of which could result in arbitrary code execution. Versions less than 3.6.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libarchive: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #803128, #836352, #837266  
       ID: 202208-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in libarchive, the worst  
of which could result in arbitrary code execution.

Background  
=========  
libarchive is a library for manipulating different streaming archive  
formats, including certain tar variants, several cpio formats, and both  
BSD and GNU ar variants.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-arch/libarchive        < 3.6.1                      >= 3.6.1

Description  
==========  
Multiple vulnerabilities have been discovered in libarchive. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libarchive users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.6.1"

References  
=========  
[ 1 ] CVE-2021-31566  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31566  
[ 2 ] CVE-2021-36976  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36976  
[ 3 ] CVE-2022-26280  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26280  
[ 4 ] CVE-2022-28066  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28066

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-26

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-26

Gentoo Linux Security Advisory 202208-27 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202208-27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: QEMU: Multiple Vulnerabilities     Date: August 14, 2022     Bugs: #733448, #736605, #773220, #775713, #780816, #792624, #807055, #810544, #820743, #835607, #839762       ID: 202208-27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been discovered in QEMU, the worst ofwhich could result in remote code execution (guest sandbox escape).Background=========QEMU is a generic and open source machine emulator and virtualizer.Affected packages================    -------------------------------------------------------------------     Package              /     Vulnerable     /            Unaffected    -------------------------------------------------------------------  1  app-emulation/qemu         < 7.0.0                      >= 7.0.0Description==========Multiple vulnerabilities have been discovered in QEMU.Please review theCVE identifiers referenced below for details.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All QEMU users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=app-emulation/qemu-7.0.0"References=========[ 1 ] CVE-2020-15859      https://nvd.nist.gov/vuln/detail/CVE-2020-15859[ 2 ] CVE-2020-15863      https://nvd.nist.gov/vuln/detail/CVE-2020-15863[ 3 ] CVE-2020-16092      https://nvd.nist.gov/vuln/detail/CVE-2020-16092[ 4 ] CVE-2020-35504      https://nvd.nist.gov/vuln/detail/CVE-2020-35504[ 5 ] CVE-2020-35505      https://nvd.nist.gov/vuln/detail/CVE-2020-35505[ 6 ] CVE-2020-35506      https://nvd.nist.gov/vuln/detail/CVE-2020-35506[ 7 ] CVE-2020-35517      https://nvd.nist.gov/vuln/detail/CVE-2020-35517[ 8 ] CVE-2021-3409      https://nvd.nist.gov/vuln/detail/CVE-2021-3409[ 9 ] CVE-2021-3416      https://nvd.nist.gov/vuln/detail/CVE-2021-3416[ 10 ] CVE-2021-3527      https://nvd.nist.gov/vuln/detail/CVE-2021-3527[ 11 ] CVE-2021-3544      https://nvd.nist.gov/vuln/detail/CVE-2021-3544[ 12 ] CVE-2021-3545      https://nvd.nist.gov/vuln/detail/CVE-2021-3545[ 13 ] CVE-2021-3546      https://nvd.nist.gov/vuln/detail/CVE-2021-3546[ 14 ] CVE-2021-3582      https://nvd.nist.gov/vuln/detail/CVE-2021-3582[ 15 ] CVE-2021-3607      https://nvd.nist.gov/vuln/detail/CVE-2021-3607[ 16 ] CVE-2021-3608      https://nvd.nist.gov/vuln/detail/CVE-2021-3608[ 17 ] CVE-2021-3611      https://nvd.nist.gov/vuln/detail/CVE-2021-3611[ 18 ] CVE-2021-3682      https://nvd.nist.gov/vuln/detail/CVE-2021-3682[ 19 ] CVE-2021-3713      https://nvd.nist.gov/vuln/detail/CVE-2021-3713[ 20 ] CVE-2021-3748      https://nvd.nist.gov/vuln/detail/CVE-2021-3748[ 21 ] CVE-2021-3750      https://nvd.nist.gov/vuln/detail/CVE-2021-3750[ 22 ] CVE-2021-3929      https://nvd.nist.gov/vuln/detail/CVE-2021-3929[ 23 ] CVE-2021-3930      https://nvd.nist.gov/vuln/detail/CVE-2021-3930[ 24 ] CVE-2021-3947      https://nvd.nist.gov/vuln/detail/CVE-2021-3947[ 25 ] CVE-2021-4145      https://nvd.nist.gov/vuln/detail/CVE-2021-4145[ 26 ] CVE-2021-4158      https://nvd.nist.gov/vuln/detail/CVE-2021-4158[ 27 ] CVE-2021-4206      https://nvd.nist.gov/vuln/detail/CVE-2021-4206[ 28 ] CVE-2021-4207      https://nvd.nist.gov/vuln/detail/CVE-2021-4207[ 29 ] CVE-2021-20203      https://nvd.nist.gov/vuln/detail/CVE-2021-20203[ 30 ] CVE-2021-20257      https://nvd.nist.gov/vuln/detail/CVE-2021-20257[ 31 ] CVE-2021-20263      https://nvd.nist.gov/vuln/detail/CVE-2021-20263[ 32 ] CVE-2022-0358      https://nvd.nist.gov/vuln/detail/CVE-2022-0358[ 33 ] CVE-2022-26353      https://nvd.nist.gov/vuln/detail/CVE-2022-26353[ 34 ] CVE-2022-26354      https://nvd.nist.gov/vuln/detail/CVE-2022-26354Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202208-27Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2022 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-27

Gentoo Linux Security Advisory 202208-23 - Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 4.15.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Xen: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #810341, #812485, #816882, #825354, #832039, #835401, #850802  
       ID: 202208-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Xen, the worst of which  
could result in remote code execution (guest sandbox escape).

Background  
=========  
Xen is a bare-metal hypervisor.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-emulation/xen          < 4.15.3                    >= 4.15.3  
  2  app-emulation/xen-tools    < 4.15.3                    >= 4.15.3

Description  
==========  
Multiple vulnerabilities have been discovered in Xen. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Xen users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.15.3"

All Xen tools users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.15.3"

References  
=========  
[ 1 ] CVE-2021-28694  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28694  
[ 2 ] CVE-2021-28695  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28695  
[ 3 ] CVE-2021-28696  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28696  
[ 4 ] CVE-2021-28697  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28697  
[ 5 ] CVE-2021-28698  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28698  
[ 6 ] CVE-2021-28699  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28699  
[ 7 ] CVE-2021-28700  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28700  
[ 8 ] CVE-2021-28701  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28701  
[ 9 ] CVE-2021-28702  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28702  
[ 10 ] CVE-2021-28710  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28710  
[ 11 ] CVE-2022-21123  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21123  
[ 12 ] CVE-2022-21125  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21125  
[ 13 ] CVE-2022-21166  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21166  
[ 14 ] CVE-2022-23033  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23033  
[ 15 ] CVE-2022-23034  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23034  
[ 16 ] CVE-2022-23035  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23035  
[ 17 ] CVE-2022-26362  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26362  
[ 18 ] CVE-2022-26363  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26363  
[ 19 ] CVE-2022-26364  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26364  
[ 20 ] XSA-378  
[ 21 ] XSA-379  
[ 22 ] XSA-380  
[ 23 ] XSA-382  
[ 24 ] XSA-383  
[ 25 ] XSA-384  
[ 26 ] XSA-386  
[ 27 ] XSA-390  
[ 28 ] XSA-401  
[ 29 ] XSA-402  
[ 30 ] XSA-404

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-23

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-23

Gentoo Linux Security Advisory 202208-25 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20220618>= are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202208-25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities     Date: August 14, 2022     Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372       ID: 202208-25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been found in Chromium and itsderivatives, the worst of which could result in remote code execution.Background=========Chromium is an open-source browser project that aims to build a safer,faster, and more stable way for all users to experience the web.Google Chrome is one fast, simple, and secure browser for all yourdevices.Microsoft Edge is a browser that combines a minimal design withsophisticated technology to make the web faster, safer, and easier.Affected packages================    -------------------------------------------------------------------     Package              /     Vulnerable     /            Unaffected    -------------------------------------------------------------------  1  dev-qt/qtwebengine         < 5.15.5_p20220618>= 5.15.5_p20220618  2  www-client/chromium        < 103.0.5060.53      >= 103.0.5060.53  3  www-client/google-chrome   < 103.0.5060.53      >= 103.0.5060.53  4  www-client/microsoft-edge  < 101.0.1210.47      >= 101.0.1210.47Description==========Multiple vulnerabilities have been discovered in Chromium and itsderivatives. Please review the CVE identifiers referenced below fordetails.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All Chromium users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"All Chromium binary users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"All Google Chrome users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"All Microsoft Edge users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"All QtWebEngine users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.5_p20220618"References=========[ 1 ] CVE-2021-4052      https://nvd.nist.gov/vuln/detail/CVE-2021-4052[ 2 ] CVE-2021-4053      https://nvd.nist.gov/vuln/detail/CVE-2021-4053[ 3 ] CVE-2021-4054      https://nvd.nist.gov/vuln/detail/CVE-2021-4054[ 4 ] CVE-2021-4055      https://nvd.nist.gov/vuln/detail/CVE-2021-4055[ 5 ] CVE-2021-4056      https://nvd.nist.gov/vuln/detail/CVE-2021-4056[ 6 ] CVE-2021-4057      https://nvd.nist.gov/vuln/detail/CVE-2021-4057[ 7 ] CVE-2021-4058      https://nvd.nist.gov/vuln/detail/CVE-2021-4058[ 8 ] CVE-2021-4059      https://nvd.nist.gov/vuln/detail/CVE-2021-4059[ 9 ] CVE-2021-4061      https://nvd.nist.gov/vuln/detail/CVE-2021-4061[ 10 ] CVE-2021-4062      https://nvd.nist.gov/vuln/detail/CVE-2021-4062[ 11 ] CVE-2021-4063      https://nvd.nist.gov/vuln/detail/CVE-2021-4063[ 12 ] CVE-2021-4064      https://nvd.nist.gov/vuln/detail/CVE-2021-4064[ 13 ] CVE-2021-4065      https://nvd.nist.gov/vuln/detail/CVE-2021-4065[ 14 ] CVE-2021-4066      https://nvd.nist.gov/vuln/detail/CVE-2021-4066[ 15 ] CVE-2021-4067      https://nvd.nist.gov/vuln/detail/CVE-2021-4067[ 16 ] CVE-2021-4068      https://nvd.nist.gov/vuln/detail/CVE-2021-4068[ 17 ] CVE-2021-4078      https://nvd.nist.gov/vuln/detail/CVE-2021-4078[ 18 ] CVE-2021-4079      https://nvd.nist.gov/vuln/detail/CVE-2021-4079[ 19 ] CVE-2021-30551      https://nvd.nist.gov/vuln/detail/CVE-2021-30551[ 20 ] CVE-2022-0789      https://nvd.nist.gov/vuln/detail/CVE-2022-0789[ 21 ] CVE-2022-0790      https://nvd.nist.gov/vuln/detail/CVE-2022-0790[ 22 ] CVE-2022-0791      https://nvd.nist.gov/vuln/detail/CVE-2022-0791[ 23 ] CVE-2022-0792      https://nvd.nist.gov/vuln/detail/CVE-2022-0792[ 24 ] CVE-2022-0793      https://nvd.nist.gov/vuln/detail/CVE-2022-0793[ 25 ] CVE-2022-0794      https://nvd.nist.gov/vuln/detail/CVE-2022-0794[ 26 ] CVE-2022-0795      https://nvd.nist.gov/vuln/detail/CVE-2022-0795[ 27 ] CVE-2022-0796      https://nvd.nist.gov/vuln/detail/CVE-2022-0796[ 28 ] CVE-2022-0797      https://nvd.nist.gov/vuln/detail/CVE-2022-0797[ 29 ] CVE-2022-0798      https://nvd.nist.gov/vuln/detail/CVE-2022-0798[ 30 ] CVE-2022-0799      https://nvd.nist.gov/vuln/detail/CVE-2022-0799[ 31 ] CVE-2022-0800      https://nvd.nist.gov/vuln/detail/CVE-2022-0800[ 32 ] CVE-2022-0801      https://nvd.nist.gov/vuln/detail/CVE-2022-0801[ 33 ] CVE-2022-0802      https://nvd.nist.gov/vuln/detail/CVE-2022-0802[ 34 ] CVE-2022-0803      https://nvd.nist.gov/vuln/detail/CVE-2022-0803[ 35 ] CVE-2022-0804      https://nvd.nist.gov/vuln/detail/CVE-2022-0804[ 36 ] CVE-2022-0805      https://nvd.nist.gov/vuln/detail/CVE-2022-0805[ 37 ] CVE-2022-0806      https://nvd.nist.gov/vuln/detail/CVE-2022-0806[ 38 ] CVE-2022-0807      https://nvd.nist.gov/vuln/detail/CVE-2022-0807[ 39 ] CVE-2022-0808      https://nvd.nist.gov/vuln/detail/CVE-2022-0808[ 40 ] CVE-2022-0809      https://nvd.nist.gov/vuln/detail/CVE-2022-0809[ 41 ] CVE-2022-0971      https://nvd.nist.gov/vuln/detail/CVE-2022-0971[ 42 ] CVE-2022-0972      https://nvd.nist.gov/vuln/detail/CVE-2022-0972[ 43 ] CVE-2022-0973      https://nvd.nist.gov/vuln/detail/CVE-2022-0973[ 44 ] CVE-2022-0974      https://nvd.nist.gov/vuln/detail/CVE-2022-0974[ 45 ] CVE-2022-0975      https://nvd.nist.gov/vuln/detail/CVE-2022-0975[ 46 ] CVE-2022-0976      https://nvd.nist.gov/vuln/detail/CVE-2022-0976[ 47 ] CVE-2022-0977      https://nvd.nist.gov/vuln/detail/CVE-2022-0977[ 48 ] CVE-2022-0978      https://nvd.nist.gov/vuln/detail/CVE-2022-0978[ 49 ] CVE-2022-0979      https://nvd.nist.gov/vuln/detail/CVE-2022-0979[ 50 ] CVE-2022-0980      https://nvd.nist.gov/vuln/detail/CVE-2022-0980[ 51 ] CVE-2022-1096      https://nvd.nist.gov/vuln/detail/CVE-2022-1096[ 52 ] CVE-2022-1125      https://nvd.nist.gov/vuln/detail/CVE-2022-1125[ 53 ] CVE-2022-1127      https://nvd.nist.gov/vuln/detail/CVE-2022-1127[ 54 ] CVE-2022-1128      https://nvd.nist.gov/vuln/detail/CVE-2022-1128[ 55 ] CVE-2022-1129      https://nvd.nist.gov/vuln/detail/CVE-2022-1129[ 56 ] CVE-2022-1130      https://nvd.nist.gov/vuln/detail/CVE-2022-1130[ 57 ] CVE-2022-1131      https://nvd.nist.gov/vuln/detail/CVE-2022-1131[ 58 ] CVE-2022-1132      https://nvd.nist.gov/vuln/detail/CVE-2022-1132[ 59 ] CVE-2022-1133      https://nvd.nist.gov/vuln/detail/CVE-2022-1133[ 60 ] CVE-2022-1134      https://nvd.nist.gov/vuln/detail/CVE-2022-1134[ 61 ] CVE-2022-1135      https://nvd.nist.gov/vuln/detail/CVE-2022-1135[ 62 ] CVE-2022-1136      https://nvd.nist.gov/vuln/detail/CVE-2022-1136[ 63 ] CVE-2022-1137      https://nvd.nist.gov/vuln/detail/CVE-2022-1137[ 64 ] CVE-2022-1138      https://nvd.nist.gov/vuln/detail/CVE-2022-1138[ 65 ] CVE-2022-1139      https://nvd.nist.gov/vuln/detail/CVE-2022-1139[ 66 ] CVE-2022-1141      https://nvd.nist.gov/vuln/detail/CVE-2022-1141[ 67 ] CVE-2022-1142      https://nvd.nist.gov/vuln/detail/CVE-2022-1142[ 68 ] CVE-2022-1143      https://nvd.nist.gov/vuln/detail/CVE-2022-1143[ 69 ] CVE-2022-1144      https://nvd.nist.gov/vuln/detail/CVE-2022-1144[ 70 ] CVE-2022-1145      https://nvd.nist.gov/vuln/detail/CVE-2022-1145[ 71 ] CVE-2022-1146      https://nvd.nist.gov/vuln/detail/CVE-2022-1146[ 72 ] CVE-2022-1232      https://nvd.nist.gov/vuln/detail/CVE-2022-1232[ 73 ] CVE-2022-1305      https://nvd.nist.gov/vuln/detail/CVE-2022-1305[ 74 ] CVE-2022-1306      https://nvd.nist.gov/vuln/detail/CVE-2022-1306[ 75 ] CVE-2022-1307      https://nvd.nist.gov/vuln/detail/CVE-2022-1307[ 76 ] CVE-2022-1308      https://nvd.nist.gov/vuln/detail/CVE-2022-1308[ 77 ] CVE-2022-1309      https://nvd.nist.gov/vuln/detail/CVE-2022-1309[ 78 ] CVE-2022-1310      https://nvd.nist.gov/vuln/detail/CVE-2022-1310[ 79 ] CVE-2022-1311      https://nvd.nist.gov/vuln/detail/CVE-2022-1311[ 80 ] CVE-2022-1312      https://nvd.nist.gov/vuln/detail/CVE-2022-1312[ 81 ] CVE-2022-1313      https://nvd.nist.gov/vuln/detail/CVE-2022-1313[ 82 ] CVE-2022-1314      https://nvd.nist.gov/vuln/detail/CVE-2022-1314[ 83 ] CVE-2022-1364      https://nvd.nist.gov/vuln/detail/CVE-2022-1364[ 84 ] CVE-2022-1477      https://nvd.nist.gov/vuln/detail/CVE-2022-1477[ 85 ] CVE-2022-1478      https://nvd.nist.gov/vuln/detail/CVE-2022-1478[ 86 ] CVE-2022-1479      https://nvd.nist.gov/vuln/detail/CVE-2022-1479[ 87 ] CVE-2022-1480      https://nvd.nist.gov/vuln/detail/CVE-2022-1480[ 88 ] CVE-2022-1481      https://nvd.nist.gov/vuln/detail/CVE-2022-1481[ 89 ] CVE-2022-1482      https://nvd.nist.gov/vuln/detail/CVE-2022-1482[ 90 ] CVE-2022-1483      https://nvd.nist.gov/vuln/detail/CVE-2022-1483[ 91 ] CVE-2022-1484      https://nvd.nist.gov/vuln/detail/CVE-2022-1484[ 92 ] CVE-2022-1485      https://nvd.nist.gov/vuln/detail/CVE-2022-1485[ 93 ] CVE-2022-1486      https://nvd.nist.gov/vuln/detail/CVE-2022-1486[ 94 ] CVE-2022-1487      https://nvd.nist.gov/vuln/detail/CVE-2022-1487[ 95 ] CVE-2022-1488      https://nvd.nist.gov/vuln/detail/CVE-2022-1488[ 96 ] CVE-2022-1489      https://nvd.nist.gov/vuln/detail/CVE-2022-1489[ 97 ] CVE-2022-1490      https://nvd.nist.gov/vuln/detail/CVE-2022-1490[ 98 ] CVE-2022-1491      https://nvd.nist.gov/vuln/detail/CVE-2022-1491[ 99 ] CVE-2022-1492      https://nvd.nist.gov/vuln/detail/CVE-2022-1492[ 100 ] CVE-2022-1493      https://nvd.nist.gov/vuln/detail/CVE-2022-1493[ 101 ] CVE-2022-1494      https://nvd.nist.gov/vuln/detail/CVE-2022-1494[ 102 ] CVE-2022-1495      https://nvd.nist.gov/vuln/detail/CVE-2022-1495[ 103 ] CVE-2022-1496      https://nvd.nist.gov/vuln/detail/CVE-2022-1496[ 104 ] CVE-2022-1497      https://nvd.nist.gov/vuln/detail/CVE-2022-1497[ 105 ] CVE-2022-1498      https://nvd.nist.gov/vuln/detail/CVE-2022-1498[ 106 ] CVE-2022-1499      https://nvd.nist.gov/vuln/detail/CVE-2022-1499[ 107 ] CVE-2022-1500      https://nvd.nist.gov/vuln/detail/CVE-2022-1500[ 108 ] CVE-2022-1501      https://nvd.nist.gov/vuln/detail/CVE-2022-1501[ 109 ] CVE-2022-1633      https://nvd.nist.gov/vuln/detail/CVE-2022-1633[ 110 ] CVE-2022-1634      https://nvd.nist.gov/vuln/detail/CVE-2022-1634[ 111 ] CVE-2022-1635      https://nvd.nist.gov/vuln/detail/CVE-2022-1635[ 112 ] CVE-2022-1636      https://nvd.nist.gov/vuln/detail/CVE-2022-1636[ 113 ] CVE-2022-1637      https://nvd.nist.gov/vuln/detail/CVE-2022-1637[ 114 ] CVE-2022-1639      https://nvd.nist.gov/vuln/detail/CVE-2022-1639[ 115 ] CVE-2022-1640      https://nvd.nist.gov/vuln/detail/CVE-2022-1640[ 116 ] CVE-2022-1641      https://nvd.nist.gov/vuln/detail/CVE-2022-1641[ 117 ] CVE-2022-1853      https://nvd.nist.gov/vuln/detail/CVE-2022-1853[ 118 ] CVE-2022-1854      https://nvd.nist.gov/vuln/detail/CVE-2022-1854[ 119 ] CVE-2022-1855      https://nvd.nist.gov/vuln/detail/CVE-2022-1855[ 120 ] CVE-2022-1856      https://nvd.nist.gov/vuln/detail/CVE-2022-1856[ 121 ] CVE-2022-1857      https://nvd.nist.gov/vuln/detail/CVE-2022-1857[ 122 ] CVE-2022-1858      https://nvd.nist.gov/vuln/detail/CVE-2022-1858[ 123 ] CVE-2022-1859      https://nvd.nist.gov/vuln/detail/CVE-2022-1859[ 124 ] CVE-2022-1860      https://nvd.nist.gov/vuln/detail/CVE-2022-1860[ 125 ] CVE-2022-1861      https://nvd.nist.gov/vuln/detail/CVE-2022-1861[ 126 ] CVE-2022-1862      https://nvd.nist.gov/vuln/detail/CVE-2022-1862[ 127 ] CVE-2022-1863      https://nvd.nist.gov/vuln/detail/CVE-2022-1863[ 128 ] CVE-2022-1864      https://nvd.nist.gov/vuln/detail/CVE-2022-1864[ 129 ] CVE-2022-1865      https://nvd.nist.gov/vuln/detail/CVE-2022-1865[ 130 ] CVE-2022-1866      https://nvd.nist.gov/vuln/detail/CVE-2022-1866[ 131 ] CVE-2022-1867      https://nvd.nist.gov/vuln/detail/CVE-2022-1867[ 132 ] CVE-2022-1868      https://nvd.nist.gov/vuln/detail/CVE-2022-1868[ 133 ] CVE-2022-1869      https://nvd.nist.gov/vuln/detail/CVE-2022-1869[ 134 ] CVE-2022-1870      https://nvd.nist.gov/vuln/detail/CVE-2022-1870[ 135 ] CVE-2022-1871      https://nvd.nist.gov/vuln/detail/CVE-2022-1871[ 136 ] CVE-2022-1872      https://nvd.nist.gov/vuln/detail/CVE-2022-1872[ 137 ] CVE-2022-1873      https://nvd.nist.gov/vuln/detail/CVE-2022-1873[ 138 ] CVE-2022-1874      https://nvd.nist.gov/vuln/detail/CVE-2022-1874[ 139 ] CVE-2022-1875      https://nvd.nist.gov/vuln/detail/CVE-2022-1875[ 140 ] CVE-2022-1876      https://nvd.nist.gov/vuln/detail/CVE-2022-1876[ 141 ] CVE-2022-2007      https://nvd.nist.gov/vuln/detail/CVE-2022-2007[ 142 ] CVE-2022-2010      https://nvd.nist.gov/vuln/detail/CVE-2022-2010[ 143 ] CVE-2022-2011      https://nvd.nist.gov/vuln/detail/CVE-2022-2011[ 144 ] CVE-2022-2156      https://nvd.nist.gov/vuln/detail/CVE-2022-2156[ 145 ] CVE-2022-2157      https://nvd.nist.gov/vuln/detail/CVE-2022-2157[ 146 ] CVE-2022-2158      https://nvd.nist.gov/vuln/detail/CVE-2022-2158[ 147 ] CVE-2022-2160      https://nvd.nist.gov/vuln/detail/CVE-2022-2160[ 148 ] CVE-2022-2161      https://nvd.nist.gov/vuln/detail/CVE-2022-2161[ 149 ] CVE-2022-2162      https://nvd.nist.gov/vuln/detail/CVE-2022-2162[ 150 ] CVE-2022-2163      https://nvd.nist.gov/vuln/detail/CVE-2022-2163[ 151 ] CVE-2022-2164      https://nvd.nist.gov/vuln/detail/CVE-2022-2164[ 152 ] CVE-2022-2165      https://nvd.nist.gov/vuln/detail/CVE-2022-2165[ 153 ] CVE-2022-22021      https://nvd.nist.gov/vuln/detail/CVE-2022-22021[ 154 ] CVE-2022-24475      https://nvd.nist.gov/vuln/detail/CVE-2022-24475[ 155 ] CVE-2022-24523      https://nvd.nist.gov/vuln/detail/CVE-2022-24523[ 156 ] CVE-2022-26891      https://nvd.nist.gov/vuln/detail/CVE-2022-26891[ 157 ] CVE-2022-26894      https://nvd.nist.gov/vuln/detail/CVE-2022-26894[ 158 ] CVE-2022-26895      https://nvd.nist.gov/vuln/detail/CVE-2022-26895[ 159 ] CVE-2022-26900      https://nvd.nist.gov/vuln/detail/CVE-2022-26900[ 160 ] CVE-2022-26905      https://nvd.nist.gov/vuln/detail/CVE-2022-26905[ 161 ] CVE-2022-26908      https://nvd.nist.gov/vuln/detail/CVE-2022-26908[ 162 ] CVE-2022-26909      https://nvd.nist.gov/vuln/detail/CVE-2022-26909[ 163 ] CVE-2022-26912      https://nvd.nist.gov/vuln/detail/CVE-2022-26912[ 164 ] CVE-2022-29144      https://nvd.nist.gov/vuln/detail/CVE-2022-29144[ 165 ] CVE-2022-29146      https://nvd.nist.gov/vuln/detail/CVE-2022-29146[ 166 ] CVE-2022-29147      https://nvd.nist.gov/vuln/detail/CVE-2022-29147[ 167 ] CVE-2022-30127      https://nvd.nist.gov/vuln/detail/CVE-2022-30127[ 168 ] CVE-2022-30128      https://nvd.nist.gov/vuln/detail/CVE-2022-30128[ 169 ] CVE-2022-30192      https://nvd.nist.gov/vuln/detail/CVE-2022-30192[ 170 ] CVE-2022-33638      https://nvd.nist.gov/vuln/detail/CVE-2022-33638[ 171 ] CVE-2022-33639      https://nvd.nist.gov/vuln/detail/CVE-2022-33639Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202208-25Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2022 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-25

Gentoo Linux Security Advisory 202208-24 - Multiple vulnerabilities have been discovered in the GNU C Library, the worst of which could result in denial of service. Versions less than 2.34 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: GNU C Library: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #803437, #807935, #831096, #831212  
       ID: 202208-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in the GNU C Library, the  
worst of which could result in denial of service.

Background  
=========  
The GNU C library is the standard C library used by Gentoo Linux  
systems. It provides programs with basic facilities and interfaces to  
system calls. ld.so is the dynamic linker which prepares dynamically  
linked programs for execution by resolving runtime dependencies and  
related functions.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  sys-libs/glibc             < 2.34                        >= 2.34

Description  
==========  
Multiple vulnerabilities have been discovered in GNU C Library. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GNU C Library users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.34-r7"

References  
=========  
[ 1 ] CVE-2021-3998  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3998  
[ 2 ] CVE-2021-3999  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3999  
[ 3 ] CVE-2021-35942  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35942  
[ 4 ] CVE-2021-38604  
      https://nvd.nist.gov/vuln/detail/CVE-2021-38604  
[ 5 ] CVE-2022-23218  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23218  
[ 6 ] CVE-2022-23219  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23219

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-24

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-24

Gentoo Linux Security Advisory 202208-21 - A heap-based buffer overflow in libeml might allow attackers to execute arbitrary code. Versions less than 1.4.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libebml: Heap buffer overflow vulnerability  
     Date: August 14, 2022  
     Bugs: #772272  
       ID: 202208-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A heap-based buffer overflow in libeml might allow attackers to execute  
arbitrary code.

Background  
=========  
libebml is a C++ library to parse EBML files.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-libs/libebml           < 1.4.2                      >= 1.4.2

Description  
==========  
On 32bit builds of libebml, the length of a string is miscalculated,  
potentially leading to an exploitable heap overflow.

Impact  
=====  
An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
Users of libebml on 32 bit architectures should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/libebml-1.4.2"

References  
=========  
[ 1 ] CVE-2021-3405  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3405

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-21

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#mac