Gentoo 2509 Published by

The following security updates are available for Gentoo Linux:

GLSA 201811-11 : Asterisk: Multiple vulnerabilities
GLSA 201811-12 : GPL Ghostscript: Multiple vulnerabilities
GLSA 201811-13 : Mozilla Thunderbird: Multiple vulnerabilities
GLSA 201811-14 : Exiv2: Multiple vulnerabilities



GLSA 201811-11 : Asterisk: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201811-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Asterisk: Multiple vulnerabilities
Date: November 24, 2018
Bugs: #636972, #645710, #668848
ID: 201811-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Asterisk, the worst of
which could result in a Denial of Service condition.

Background
==========

A Modular Open Source PBX System.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/asterisk < 13.23.1 >= 13.23.1

Description
===========

Multiple vulnerabilities have been discovered in Asterisk. Please
review the referenced CVE identifiers for details.

Impact
======

A remote attacker could cause a Denial of Service condition or conduct
information gathering.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Asterisk users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-13.23.1"

References
==========

[ 1 ] CVE-2017-16671
https://nvd.nist.gov/vuln/detail/CVE-2017-16671
[ 2 ] CVE-2017-16672
https://nvd.nist.gov/vuln/detail/CVE-2017-16672
[ 3 ] CVE-2017-17850
https://nvd.nist.gov/vuln/detail/CVE-2017-17850
[ 4 ] CVE-2018-12227
https://nvd.nist.gov/vuln/detail/CVE-2018-12227
[ 5 ] CVE-2018-17281
https://nvd.nist.gov/vuln/detail/CVE-2018-17281

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201811-11

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



GLSA 201811-12 : GPL Ghostscript: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201811-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GPL Ghostscript: Multiple vulnerabilities
Date: November 24, 2018
Bugs: #618820, #626418, #635426, #655404, #668846, #671732
ID: 201811-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in GPL Ghostscript, the worst
of which could result in the execution of arbitrary code.

Background
==========

Ghostscript is an interpreter for the PostScript language and for PDF.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/ghostscript-gpl
< 9.26 >= 9.26

Description
===========

Multiple vulnerabilities have been discovered in GPL Ghostscript.
Please review the CVE identifiers referenced below for additional
information.

Impact
======

A context-dependent attacker could entice a user to open a specially
crafted PostScript file or PDF document using GPL Ghostscript possibly
resulting in the execution of arbitrary code with the privileges of the
process, a Denial of Service condition, or other unspecified impacts,

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GPL Ghostscript users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.26"

References
==========

[ 1 ] CVE-2017-11714
https://nvd.nist.gov/vuln/detail/CVE-2017-11714
[ 2 ] CVE-2017-7948
https://nvd.nist.gov/vuln/detail/CVE-2017-7948
[ 3 ] CVE-2017-9610
https://nvd.nist.gov/vuln/detail/CVE-2017-9610
[ 4 ] CVE-2017-9611
https://nvd.nist.gov/vuln/detail/CVE-2017-9611
[ 5 ] CVE-2017-9612
https://nvd.nist.gov/vuln/detail/CVE-2017-9612
[ 6 ] CVE-2017-9618
https://nvd.nist.gov/vuln/detail/CVE-2017-9618
[ 7 ] CVE-2017-9619
https://nvd.nist.gov/vuln/detail/CVE-2017-9619
[ 8 ] CVE-2017-9620
https://nvd.nist.gov/vuln/detail/CVE-2017-9620
[ 9 ] CVE-2017-9726
https://nvd.nist.gov/vuln/detail/CVE-2017-9726
[ 10 ] CVE-2017-9727
https://nvd.nist.gov/vuln/detail/CVE-2017-9727
[ 11 ] CVE-2017-9739
https://nvd.nist.gov/vuln/detail/CVE-2017-9739
[ 12 ] CVE-2017-9740
https://nvd.nist.gov/vuln/detail/CVE-2017-9740
[ 13 ] CVE-2017-9835
https://nvd.nist.gov/vuln/detail/CVE-2017-9835
[ 14 ] CVE-2018-10194
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
[ 15 ] CVE-2018-15908
https://nvd.nist.gov/vuln/detail/CVE-2018-15908
[ 16 ] CVE-2018-15909
https://nvd.nist.gov/vuln/detail/CVE-2018-15909
[ 17 ] CVE-2018-15910
https://nvd.nist.gov/vuln/detail/CVE-2018-15910
[ 18 ] CVE-2018-15911
https://nvd.nist.gov/vuln/detail/CVE-2018-15911
[ 19 ] CVE-2018-16509
https://nvd.nist.gov/vuln/detail/CVE-2018-16509
[ 20 ] CVE-2018-16510
https://nvd.nist.gov/vuln/detail/CVE-2018-16510
[ 21 ] CVE-2018-16511
https://nvd.nist.gov/vuln/detail/CVE-2018-16511
[ 22 ] CVE-2018-16513
https://nvd.nist.gov/vuln/detail/CVE-2018-16513
[ 23 ] CVE-2018-16539
https://nvd.nist.gov/vuln/detail/CVE-2018-16539
[ 24 ] CVE-2018-16540
https://nvd.nist.gov/vuln/detail/CVE-2018-16540
[ 25 ] CVE-2018-16541
https://nvd.nist.gov/vuln/detail/CVE-2018-16541
[ 26 ] CVE-2018-16542
https://nvd.nist.gov/vuln/detail/CVE-2018-16542
[ 27 ] CVE-2018-16543
https://nvd.nist.gov/vuln/detail/CVE-2018-16543
[ 28 ] CVE-2018-16585
https://nvd.nist.gov/vuln/detail/CVE-2018-16585
[ 29 ] CVE-2018-16802
https://nvd.nist.gov/vuln/detail/CVE-2018-16802
[ 30 ] CVE-2018-18284
https://nvd.nist.gov/vuln/detail/CVE-2018-18284
[ 31 ] CVE-2018-19409
https://nvd.nist.gov/vuln/detail/CVE-2018-19409

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201811-12

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



GLSA 201811-13 : Mozilla Thunderbird: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201811-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla Thunderbird: Multiple vulnerabilities
Date: November 24, 2018
Bugs: #651862, #656092, #660342, #669960, #670102
ID: 201811-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mozilla Thunderbird, the
worst of which could lead to the execution of arbitrary code.

Background
==========

Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-client/thunderbird < 60.3.0 >= 60.3.0
2 mail-client/thunderbird-bin
< 60.3.0 >= 60.3.0
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.

Impact
======

A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition, obtain sensitive information, or conduct
Cross-Site Request Forgery (CSRF).

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-60.3.0"

All Thunderbird binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-60.3.0"

References
==========

[ 1 ] CVE-2017-16541
https://nvd.nist.gov/vuln/detail/CVE-2017-16541
[ 2 ] CVE-2018-12359
https://nvd.nist.gov/vuln/detail/CVE-2018-12359
[ 3 ] CVE-2018-12360
https://nvd.nist.gov/vuln/detail/CVE-2018-12360
[ 4 ] CVE-2018-12361
https://nvd.nist.gov/vuln/detail/CVE-2018-12361
[ 5 ] CVE-2018-12362
https://nvd.nist.gov/vuln/detail/CVE-2018-12362
[ 6 ] CVE-2018-12363
https://nvd.nist.gov/vuln/detail/CVE-2018-12363
[ 7 ] CVE-2018-12364
https://nvd.nist.gov/vuln/detail/CVE-2018-12364
[ 8 ] CVE-2018-12365
https://nvd.nist.gov/vuln/detail/CVE-2018-12365
[ 9 ] CVE-2018-12366
https://nvd.nist.gov/vuln/detail/CVE-2018-12366
[ 10 ] CVE-2018-12367
https://nvd.nist.gov/vuln/detail/CVE-2018-12367
[ 11 ] CVE-2018-12371
https://nvd.nist.gov/vuln/detail/CVE-2018-12371
[ 12 ] CVE-2018-12372
https://nvd.nist.gov/vuln/detail/CVE-2018-12372
[ 13 ] CVE-2018-12373
https://nvd.nist.gov/vuln/detail/CVE-2018-12373
[ 14 ] CVE-2018-12374
https://nvd.nist.gov/vuln/detail/CVE-2018-12374
[ 15 ] CVE-2018-12376
https://nvd.nist.gov/vuln/detail/CVE-2018-12376
[ 16 ] CVE-2018-12377
https://nvd.nist.gov/vuln/detail/CVE-2018-12377
[ 17 ] CVE-2018-12378
https://nvd.nist.gov/vuln/detail/CVE-2018-12378
[ 18 ] CVE-2018-12379
https://nvd.nist.gov/vuln/detail/CVE-2018-12379
[ 19 ] CVE-2018-12383
https://nvd.nist.gov/vuln/detail/CVE-2018-12383
[ 20 ] CVE-2018-12385
https://nvd.nist.gov/vuln/detail/CVE-2018-12385
[ 21 ] CVE-2018-12389
https://nvd.nist.gov/vuln/detail/CVE-2018-12389
[ 22 ] CVE-2018-12390
https://nvd.nist.gov/vuln/detail/CVE-2018-12390
[ 23 ] CVE-2018-12391
https://nvd.nist.gov/vuln/detail/CVE-2018-12391
[ 24 ] CVE-2018-12392
https://nvd.nist.gov/vuln/detail/CVE-2018-12392
[ 25 ] CVE-2018-12393
https://nvd.nist.gov/vuln/detail/CVE-2018-12393
[ 26 ] CVE-2018-5125
https://nvd.nist.gov/vuln/detail/CVE-2018-5125
[ 27 ] CVE-2018-5127
https://nvd.nist.gov/vuln/detail/CVE-2018-5127
[ 28 ] CVE-2018-5129
https://nvd.nist.gov/vuln/detail/CVE-2018-5129
[ 29 ] CVE-2018-5144
https://nvd.nist.gov/vuln/detail/CVE-2018-5144
[ 30 ] CVE-2018-5145
https://nvd.nist.gov/vuln/detail/CVE-2018-5145
[ 31 ] CVE-2018-5146
https://nvd.nist.gov/vuln/detail/CVE-2018-5146
[ 32 ] CVE-2018-5150
https://nvd.nist.gov/vuln/detail/CVE-2018-5150
[ 33 ] CVE-2018-5154
https://nvd.nist.gov/vuln/detail/CVE-2018-5154
[ 34 ] CVE-2018-5155
https://nvd.nist.gov/vuln/detail/CVE-2018-5155
[ 35 ] CVE-2018-5156
https://nvd.nist.gov/vuln/detail/CVE-2018-5156
[ 36 ] CVE-2018-5159
https://nvd.nist.gov/vuln/detail/CVE-2018-5159
[ 37 ] CVE-2018-5161
https://nvd.nist.gov/vuln/detail/CVE-2018-5161
[ 38 ] CVE-2018-5162
https://nvd.nist.gov/vuln/detail/CVE-2018-5162
[ 39 ] CVE-2018-5168
https://nvd.nist.gov/vuln/detail/CVE-2018-5168
[ 40 ] CVE-2018-5170
https://nvd.nist.gov/vuln/detail/CVE-2018-5170
[ 41 ] CVE-2018-5178
https://nvd.nist.gov/vuln/detail/CVE-2018-5178
[ 42 ] CVE-2018-5183
https://nvd.nist.gov/vuln/detail/CVE-2018-5183
[ 43 ] CVE-2018-5184
https://nvd.nist.gov/vuln/detail/CVE-2018-5184
[ 44 ] CVE-2018-5185
https://nvd.nist.gov/vuln/detail/CVE-2018-5185
[ 45 ] CVE-2018-5187
https://nvd.nist.gov/vuln/detail/CVE-2018-5187
[ 46 ] CVE-2018-5188
https://nvd.nist.gov/vuln/detail/CVE-2018-5188

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201811-13

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



GLSA 201811-14 : Exiv2: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201811-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Exiv2: Multiple vulnerabilities
Date: November 24, 2018
Bugs: #647810, #647812, #647816, #652822, #655842, #655958, #658236
ID: 201811-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Exiv2, the worst of which
could result in a Denial of Service condition.

Background
==========

Exiv2 is a C++ library and a command line utility to manage image
metadata.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-gfx/exiv2 < 0.26_p20180811-r3 >= 0.26_p20180811-r3

Description
===========

Multiple vulnerabilities have been discovered in Exiv2. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could cause a Denial of Service condition or obtain
sensitive information via a specially crafted file.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Exiv2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=media-gfx/exiv2-0.26_p20180811-r3"

References
==========

[ 1 ] CVE-2017-17723
https://nvd.nist.gov/vuln/detail/CVE-2017-17723
[ 2 ] CVE-2017-17724
https://nvd.nist.gov/vuln/detail/CVE-2017-17724
[ 3 ] CVE-2018-10780
https://nvd.nist.gov/vuln/detail/CVE-2018-10780
[ 4 ] CVE-2018-10958
https://nvd.nist.gov/vuln/detail/CVE-2018-10958
[ 5 ] CVE-2018-10998
https://nvd.nist.gov/vuln/detail/CVE-2018-10998
[ 6 ] CVE-2018-10999
https://nvd.nist.gov/vuln/detail/CVE-2018-10999
[ 7 ] CVE-2018-11037
https://nvd.nist.gov/vuln/detail/CVE-2018-11037
[ 8 ] CVE-2018-11531
https://nvd.nist.gov/vuln/detail/CVE-2018-11531
[ 9 ] CVE-2018-12264
https://nvd.nist.gov/vuln/detail/CVE-2018-12264
[ 10 ] CVE-2018-12265
https://nvd.nist.gov/vuln/detail/CVE-2018-12265
[ 11 ] CVE-2018-5772
https://nvd.nist.gov/vuln/detail/CVE-2018-5772
[ 12 ] CVE-2018-8976
https://nvd.nist.gov/vuln/detail/CVE-2018-8976
[ 13 ] CVE-2018-8977
https://nvd.nist.gov/vuln/detail/CVE-2018-8977
[ 14 ] CVE-2018-9144
https://nvd.nist.gov/vuln/detail/CVE-2018-9144
[ 15 ] CVE-2018-9145
https://nvd.nist.gov/vuln/detail/CVE-2018-9145
[ 16 ] CVE-2018-9146
https://nvd.nist.gov/vuln/detail/CVE-2018-9146
[ 17 ] CVE-2018-9303
https://nvd.nist.gov/vuln/detail/CVE-2018-9303
[ 18 ] CVE-2018-9304
https://nvd.nist.gov/vuln/detail/CVE-2018-9304
[ 19 ] CVE-2018-9305
https://nvd.nist.gov/vuln/detail/CVE-2018-9305
[ 20 ] CVE-2018-9306
https://nvd.nist.gov/vuln/detail/CVE-2018-9306

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201811-14

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5