Gentoo 2514 Published by

The following updates has been released for Gentoo Linux:

GLSA 201802-02 : Chromium, Google Chrome: Multiple vulnerabilities
GLSA 201802-03 : Mozilla Firefox: Multiple vulnerabilities
GLSA 201802-04 : MySQL: Multiple vulnerabilities
GLSA 201802-05 : Ruby: Command injection
GLSA 201802-06 : LibreOffice: Information disclosure



GLSA 201802-02 : Chromium, Google Chrome: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201802-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Chromium, Google Chrome: Multiple vulnerabilities
Date: February 19, 2018
Bugs: #647124, #647636
ID: 201802-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Chromium and Google Chrome,
the worst of which could result in the execution of arbitrary code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 64.0.3282.167 >= 64.0.3282.167
2 www-client/google-chrome
< 64.0.3282.167 >= 64.0.3282.167
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers and Google Chrome
Releases for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, bypass
content security controls, or conduct URL spoofing.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-64.0.3282.167"

All Google Chrome users should upgrade to the latest version:

# emerge --sync
# emerge -a --oneshot -v ">=www-client/google-chrome-64.0.3282.167"

References
==========

[ 1 ] CVE-2018-6031
https://nvd.nist.gov/vuln/detail/CVE-2018-6031
[ 2 ] CVE-2018-6032
https://nvd.nist.gov/vuln/detail/CVE-2018-6032
[ 3 ] CVE-2018-6033
https://nvd.nist.gov/vuln/detail/CVE-2018-6033
[ 4 ] CVE-2018-6034
https://nvd.nist.gov/vuln/detail/CVE-2018-6034
[ 5 ] CVE-2018-6035
https://nvd.nist.gov/vuln/detail/CVE-2018-6035
[ 6 ] CVE-2018-6036
https://nvd.nist.gov/vuln/detail/CVE-2018-6036
[ 7 ] CVE-2018-6037
https://nvd.nist.gov/vuln/detail/CVE-2018-6037
[ 8 ] CVE-2018-6038
https://nvd.nist.gov/vuln/detail/CVE-2018-6038
[ 9 ] CVE-2018-6039
https://nvd.nist.gov/vuln/detail/CVE-2018-6039
[ 10 ] CVE-2018-6040
https://nvd.nist.gov/vuln/detail/CVE-2018-6040
[ 11 ] CVE-2018-6041
https://nvd.nist.gov/vuln/detail/CVE-2018-6041
[ 12 ] CVE-2018-6042
https://nvd.nist.gov/vuln/detail/CVE-2018-6042
[ 13 ] CVE-2018-6043
https://nvd.nist.gov/vuln/detail/CVE-2018-6043
[ 14 ] CVE-2018-6045
https://nvd.nist.gov/vuln/detail/CVE-2018-6045
[ 15 ] CVE-2018-6046
https://nvd.nist.gov/vuln/detail/CVE-2018-6046
[ 16 ] CVE-2018-6047
https://nvd.nist.gov/vuln/detail/CVE-2018-6047
[ 17 ] CVE-2018-6048
https://nvd.nist.gov/vuln/detail/CVE-2018-6048
[ 18 ] CVE-2018-6049
https://nvd.nist.gov/vuln/detail/CVE-2018-6049
[ 19 ] CVE-2018-6050
https://nvd.nist.gov/vuln/detail/CVE-2018-6050
[ 20 ] CVE-2018-6051
https://nvd.nist.gov/vuln/detail/CVE-2018-6051
[ 21 ] CVE-2018-6052
https://nvd.nist.gov/vuln/detail/CVE-2018-6052
[ 22 ] CVE-2018-6053
https://nvd.nist.gov/vuln/detail/CVE-2018-6053
[ 23 ] CVE-2018-6054
https://nvd.nist.gov/vuln/detail/CVE-2018-6054
[ 24 ] CVE-2018-6056
https://nvd.nist.gov/vuln/detail/CVE-2018-6056
[ 25 ] Google Chrome Release 20180124
https://chromereleases.googleblog.com/2018/01/stable-channel-upd
ate-for-desktop_24.html
[ 26 ] Google Chrome Release 20180213
https://chromereleases.googleblog.com/2018/02/stable-channel-upd
ate-for-desktop_13.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201802-02

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5


GLSA 201802-03 : Mozilla Firefox: Multiple vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201802-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Mozilla Firefox: Multiple vulnerabilities
Date: February 20, 2018
Bugs: #616030, #621722, #632400, #639854, #645510, #648198
ID: 201802-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mozilla Firefox, the worst
of which may allow execution of arbitrary code.

Background
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla
Project.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 52.6.0 >= 52.6.0
2 www-client/firefox-bin < 52.6.0 >= 52.6.0
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox.
Please review the referenced CVE identifiers for details.

Impact
======

A remote attacker could entice a user to view a specially crafted web
page, possibly resulting in the execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to perform Man-in-the-Middle
attacks, obtain sensitive information, spoof the address bar, conduct
clickjacking attacks, bypass security restrictions and protection
mechanisms, or have other unspecified impact.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-52.6.0"

All Mozilla Firefox binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-52.6.0"

References
==========

[ 1 ] CVE-2016-10195
https://nvd.nist.gov/vuln/detail/CVE-2016-10195
[ 2 ] CVE-2016-10196
https://nvd.nist.gov/vuln/detail/CVE-2016-10196
[ 3 ] CVE-2016-10197
https://nvd.nist.gov/vuln/detail/CVE-2016-10197
[ 4 ] CVE-2016-6354
https://nvd.nist.gov/vuln/detail/CVE-2016-6354
[ 5 ] CVE-2017-5429
https://nvd.nist.gov/vuln/detail/CVE-2017-5429
[ 6 ] CVE-2017-5432
https://nvd.nist.gov/vuln/detail/CVE-2017-5432
[ 7 ] CVE-2017-5433
https://nvd.nist.gov/vuln/detail/CVE-2017-5433
[ 8 ] CVE-2017-5434
https://nvd.nist.gov/vuln/detail/CVE-2017-5434
[ 9 ] CVE-2017-5435
https://nvd.nist.gov/vuln/detail/CVE-2017-5435
[ 10 ] CVE-2017-5436
https://nvd.nist.gov/vuln/detail/CVE-2017-5436
[ 11 ] CVE-2017-5437
https://nvd.nist.gov/vuln/detail/CVE-2017-5437
[ 12 ] CVE-2017-5438
https://nvd.nist.gov/vuln/detail/CVE-2017-5438
[ 13 ] CVE-2017-5439
https://nvd.nist.gov/vuln/detail/CVE-2017-5439
[ 14 ] CVE-2017-5440
https://nvd.nist.gov/vuln/detail/CVE-2017-5440
[ 15 ] CVE-2017-5441
https://nvd.nist.gov/vuln/detail/CVE-2017-5441
[ 16 ] CVE-2017-5442
https://nvd.nist.gov/vuln/detail/CVE-2017-5442
[ 17 ] CVE-2017-5443
https://nvd.nist.gov/vuln/detail/CVE-2017-5443
[ 18 ] CVE-2017-5444
https://nvd.nist.gov/vuln/detail/CVE-2017-5444
[ 19 ] CVE-2017-5445
https://nvd.nist.gov/vuln/detail/CVE-2017-5445
[ 20 ] CVE-2017-5446
https://nvd.nist.gov/vuln/detail/CVE-2017-5446
[ 21 ] CVE-2017-5447
https://nvd.nist.gov/vuln/detail/CVE-2017-5447
[ 22 ] CVE-2017-5448
https://nvd.nist.gov/vuln/detail/CVE-2017-5448
[ 23 ] CVE-2017-5459
https://nvd.nist.gov/vuln/detail/CVE-2017-5459
[ 24 ] CVE-2017-5460
https://nvd.nist.gov/vuln/detail/CVE-2017-5460
[ 25 ] CVE-2017-5461
https://nvd.nist.gov/vuln/detail/CVE-2017-5461
[ 26 ] CVE-2017-5462
https://nvd.nist.gov/vuln/detail/CVE-2017-5462
[ 27 ] CVE-2017-5464
https://nvd.nist.gov/vuln/detail/CVE-2017-5464
[ 28 ] CVE-2017-5465
https://nvd.nist.gov/vuln/detail/CVE-2017-5465
[ 29 ] CVE-2017-5469
https://nvd.nist.gov/vuln/detail/CVE-2017-5469
[ 30 ] CVE-2017-5470
https://nvd.nist.gov/vuln/detail/CVE-2017-5470
[ 31 ] CVE-2017-5472
https://nvd.nist.gov/vuln/detail/CVE-2017-5472
[ 32 ] CVE-2017-7749
https://nvd.nist.gov/vuln/detail/CVE-2017-7749
[ 33 ] CVE-2017-7750
https://nvd.nist.gov/vuln/detail/CVE-2017-7750
[ 34 ] CVE-2017-7751
https://nvd.nist.gov/vuln/detail/CVE-2017-7751
[ 35 ] CVE-2017-7752
https://nvd.nist.gov/vuln/detail/CVE-2017-7752
[ 36 ] CVE-2017-7753
https://nvd.nist.gov/vuln/detail/CVE-2017-7753
[ 37 ] CVE-2017-7754
https://nvd.nist.gov/vuln/detail/CVE-2017-7754
[ 38 ] CVE-2017-7756
https://nvd.nist.gov/vuln/detail/CVE-2017-7756
[ 39 ] CVE-2017-7757
https://nvd.nist.gov/vuln/detail/CVE-2017-7757
[ 40 ] CVE-2017-7758
https://nvd.nist.gov/vuln/detail/CVE-2017-7758
[ 41 ] CVE-2017-7764
https://nvd.nist.gov/vuln/detail/CVE-2017-7764
[ 42 ] CVE-2017-7771
https://nvd.nist.gov/vuln/detail/CVE-2017-7771
[ 43 ] CVE-2017-7772
https://nvd.nist.gov/vuln/detail/CVE-2017-7772
[ 44 ] CVE-2017-7773
https://nvd.nist.gov/vuln/detail/CVE-2017-7773
[ 45 ] CVE-2017-7774
https://nvd.nist.gov/vuln/detail/CVE-2017-7774
[ 46 ] CVE-2017-7775
https://nvd.nist.gov/vuln/detail/CVE-2017-7775
[ 47 ] CVE-2017-7776
https://nvd.nist.gov/vuln/detail/CVE-2017-7776
[ 48 ] CVE-2017-7777
https://nvd.nist.gov/vuln/detail/CVE-2017-7777
[ 49 ] CVE-2017-7778
https://nvd.nist.gov/vuln/detail/CVE-2017-7778
[ 50 ] CVE-2017-7779
https://nvd.nist.gov/vuln/detail/CVE-2017-7779
[ 51 ] CVE-2017-7784
https://nvd.nist.gov/vuln/detail/CVE-2017-7784
[ 52 ] CVE-2017-7785
https://nvd.nist.gov/vuln/detail/CVE-2017-7785
[ 53 ] CVE-2017-7786
https://nvd.nist.gov/vuln/detail/CVE-2017-7786
[ 54 ] CVE-2017-7787
https://nvd.nist.gov/vuln/detail/CVE-2017-7787
[ 55 ] CVE-2017-7791
https://nvd.nist.gov/vuln/detail/CVE-2017-7791
[ 56 ] CVE-2017-7792
https://nvd.nist.gov/vuln/detail/CVE-2017-7792
[ 57 ] CVE-2017-7793
https://nvd.nist.gov/vuln/detail/CVE-2017-7793
[ 58 ] CVE-2017-7798
https://nvd.nist.gov/vuln/detail/CVE-2017-7798
[ 59 ] CVE-2017-7800
https://nvd.nist.gov/vuln/detail/CVE-2017-7800
[ 60 ] CVE-2017-7801
https://nvd.nist.gov/vuln/detail/CVE-2017-7801
[ 61 ] CVE-2017-7802
https://nvd.nist.gov/vuln/detail/CVE-2017-7802
[ 62 ] CVE-2017-7803
https://nvd.nist.gov/vuln/detail/CVE-2017-7803
[ 63 ] CVE-2017-7805
https://nvd.nist.gov/vuln/detail/CVE-2017-7805
[ 64 ] CVE-2017-7807
https://nvd.nist.gov/vuln/detail/CVE-2017-7807
[ 65 ] CVE-2017-7809
https://nvd.nist.gov/vuln/detail/CVE-2017-7809
[ 66 ] CVE-2017-7810
https://nvd.nist.gov/vuln/detail/CVE-2017-7810
[ 67 ] CVE-2017-7814
https://nvd.nist.gov/vuln/detail/CVE-2017-7814
[ 68 ] CVE-2017-7818
https://nvd.nist.gov/vuln/detail/CVE-2017-7818
[ 69 ] CVE-2017-7819
https://nvd.nist.gov/vuln/detail/CVE-2017-7819
[ 70 ] CVE-2017-7823
https://nvd.nist.gov/vuln/detail/CVE-2017-7823
[ 71 ] CVE-2017-7824
https://nvd.nist.gov/vuln/detail/CVE-2017-7824
[ 72 ] CVE-2017-7843
https://nvd.nist.gov/vuln/detail/CVE-2017-7843
[ 73 ] CVE-2017-7844
https://nvd.nist.gov/vuln/detail/CVE-2017-7844
[ 74 ] CVE-2018-5089
https://nvd.nist.gov/vuln/detail/CVE-2018-5089
[ 75 ] CVE-2018-5091
https://nvd.nist.gov/vuln/detail/CVE-2018-5091
[ 76 ] CVE-2018-5095
https://nvd.nist.gov/vuln/detail/CVE-2018-5095
[ 77 ] CVE-2018-5096
https://nvd.nist.gov/vuln/detail/CVE-2018-5096
[ 78 ] CVE-2018-5097
https://nvd.nist.gov/vuln/detail/CVE-2018-5097
[ 79 ] CVE-2018-5098
https://nvd.nist.gov/vuln/detail/CVE-2018-5098
[ 80 ] CVE-2018-5099
https://nvd.nist.gov/vuln/detail/CVE-2018-5099
[ 81 ] CVE-2018-5102
https://nvd.nist.gov/vuln/detail/CVE-2018-5102
[ 82 ] CVE-2018-5103
https://nvd.nist.gov/vuln/detail/CVE-2018-5103
[ 83 ] CVE-2018-5104
https://nvd.nist.gov/vuln/detail/CVE-2018-5104
[ 84 ] CVE-2018-5117
https://nvd.nist.gov/vuln/detail/CVE-2018-5117

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201802-03

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

GLSA 201802-04 : MySQL: Multiple vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201802-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: MySQL: Multiple vulnerabilities
Date: February 20, 2018
Bugs: #616486, #625626, #634652, #644986
ID: 201802-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities were found in MySQL, the worst of which may
allow remote execution of arbitrary code.

Background
==========

A fast, multi-threaded, multi-user SQL database server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mysql < 5.6.39 >= 5.6.39

Description
===========

Multiple vulnerabilities have been discovered in MySQL. Please review
the referenced CVE identifiers for details.

Impact
======

A remote attacker could execute arbitrary code without authentication
or cause a partial denial of service condition.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.39"

References
==========

[ 1 ] CVE-2017-10155
https://nvd.nist.gov/vuln/detail/CVE-2017-10155
[ 2 ] CVE-2017-10227
https://nvd.nist.gov/vuln/detail/CVE-2017-10227
[ 3 ] CVE-2017-10268
https://nvd.nist.gov/vuln/detail/CVE-2017-10268
[ 4 ] CVE-2017-10276
https://nvd.nist.gov/vuln/detail/CVE-2017-10276
[ 5 ] CVE-2017-10283
https://nvd.nist.gov/vuln/detail/CVE-2017-10283
[ 6 ] CVE-2017-10286
https://nvd.nist.gov/vuln/detail/CVE-2017-10286
[ 7 ] CVE-2017-10294
https://nvd.nist.gov/vuln/detail/CVE-2017-10294
[ 8 ] CVE-2017-10314
https://nvd.nist.gov/vuln/detail/CVE-2017-10314
[ 9 ] CVE-2017-10378
https://nvd.nist.gov/vuln/detail/CVE-2017-10378
[ 10 ] CVE-2017-10379
https://nvd.nist.gov/vuln/detail/CVE-2017-10379
[ 11 ] CVE-2017-10384
https://nvd.nist.gov/vuln/detail/CVE-2017-10384
[ 12 ] CVE-2017-3308
https://nvd.nist.gov/vuln/detail/CVE-2017-3308
[ 13 ] CVE-2017-3309
https://nvd.nist.gov/vuln/detail/CVE-2017-3309
[ 14 ] CVE-2017-3329
https://nvd.nist.gov/vuln/detail/CVE-2017-3329
[ 15 ] CVE-2017-3450
https://nvd.nist.gov/vuln/detail/CVE-2017-3450
[ 16 ] CVE-2017-3452
https://nvd.nist.gov/vuln/detail/CVE-2017-3452
[ 17 ] CVE-2017-3453
https://nvd.nist.gov/vuln/detail/CVE-2017-3453
[ 18 ] CVE-2017-3456
https://nvd.nist.gov/vuln/detail/CVE-2017-3456
[ 19 ] CVE-2017-3461
https://nvd.nist.gov/vuln/detail/CVE-2017-3461
[ 20 ] CVE-2017-3462
https://nvd.nist.gov/vuln/detail/CVE-2017-3462
[ 21 ] CVE-2017-3463
https://nvd.nist.gov/vuln/detail/CVE-2017-3463
[ 22 ] CVE-2017-3464
https://nvd.nist.gov/vuln/detail/CVE-2017-3464
[ 23 ] CVE-2017-3599
https://nvd.nist.gov/vuln/detail/CVE-2017-3599
[ 24 ] CVE-2017-3600
https://nvd.nist.gov/vuln/detail/CVE-2017-3600
[ 25 ] CVE-2017-3633
https://nvd.nist.gov/vuln/detail/CVE-2017-3633
[ 26 ] CVE-2017-3634
https://nvd.nist.gov/vuln/detail/CVE-2017-3634
[ 27 ] CVE-2017-3635
https://nvd.nist.gov/vuln/detail/CVE-2017-3635
[ 28 ] CVE-2017-3636
https://nvd.nist.gov/vuln/detail/CVE-2017-3636
[ 29 ] CVE-2017-3637
https://nvd.nist.gov/vuln/detail/CVE-2017-3637
[ 30 ] CVE-2017-3641
https://nvd.nist.gov/vuln/detail/CVE-2017-3641
[ 31 ] CVE-2017-3647
https://nvd.nist.gov/vuln/detail/CVE-2017-3647
[ 32 ] CVE-2017-3648
https://nvd.nist.gov/vuln/detail/CVE-2017-3648
[ 33 ] CVE-2017-3649
https://nvd.nist.gov/vuln/detail/CVE-2017-3649
[ 34 ] CVE-2017-3651
https://nvd.nist.gov/vuln/detail/CVE-2017-3651
[ 35 ] CVE-2017-3652
https://nvd.nist.gov/vuln/detail/CVE-2017-3652
[ 36 ] CVE-2017-3653
https://nvd.nist.gov/vuln/detail/CVE-2017-3653
[ 37 ] CVE-2017-3732
https://nvd.nist.gov/vuln/detail/CVE-2017-3732
[ 38 ] CVE-2018-2562
https://nvd.nist.gov/vuln/detail/CVE-2018-2562
[ 39 ] CVE-2018-2573
https://nvd.nist.gov/vuln/detail/CVE-2018-2573
[ 40 ] CVE-2018-2583
https://nvd.nist.gov/vuln/detail/CVE-2018-2583
[ 41 ] CVE-2018-2590
https://nvd.nist.gov/vuln/detail/CVE-2018-2590
[ 42 ] CVE-2018-2591
https://nvd.nist.gov/vuln/detail/CVE-2018-2591
[ 43 ] CVE-2018-2612
https://nvd.nist.gov/vuln/detail/CVE-2018-2612
[ 44 ] CVE-2018-2622
https://nvd.nist.gov/vuln/detail/CVE-2018-2622
[ 45 ] CVE-2018-2640
https://nvd.nist.gov/vuln/detail/CVE-2018-2640
[ 46 ] CVE-2018-2645
https://nvd.nist.gov/vuln/detail/CVE-2018-2645
[ 47 ] CVE-2018-2647
https://nvd.nist.gov/vuln/detail/CVE-2018-2647
[ 48 ] CVE-2018-2665
https://nvd.nist.gov/vuln/detail/CVE-2018-2665
[ 49 ] CVE-2018-2668
https://nvd.nist.gov/vuln/detail/CVE-2018-2668
[ 50 ] CVE-2018-2696
https://nvd.nist.gov/vuln/detail/CVE-2018-2696
[ 51 ] CVE-2018-2703
https://nvd.nist.gov/vuln/detail/CVE-2018-2703

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201802-04

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

GLSA 201802-05 : Ruby: Command injection



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201802-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Ruby: Command injection
Date: February 20, 2018
Bugs: #641090
ID: 201802-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been found in Ruby which may allow for arbitrary
command execution.

Background
==========

Ruby is an interpreted object-oriented programming language. The
elaborate standard library includes an HTTP server (WEBRick) and a
class for XML parsing (REXML).

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/ruby < 2.2.9:2.2 >= 2.2.9:2.2

Description
===========

A command injection flaw was discovered in Net::FTP which impacts Ruby.

Impact
======

A remote attacker, by enticing a user to download and open a crafted
file from a malicious FTP server, could execute arbitrary commands with
the privileges of the process.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Ruby users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.2.9:2.2"

References
==========

[ 1 ] CVE-2017-17405
https://nvd.nist.gov/vuln/detail/CVE-2017-17405

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201802-05

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

GLSA 201802-06 : LibreOffice: Information disclosure


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201802-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: LibreOffice: Information disclosure
Date: February 20, 2018
Bugs: #647186
ID: 201802-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in LibreOffice might allow remote attackers to read
arbitrary files.

Background
==========

LibreOffice is a powerful office suite; its clean interface and
powerful tools let you unleash your creativity and grow your
productivity.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-office/libreoffice < 5.4.5.1 >= 5.4.5.1
2 app-office/libreoffice-bin
< 5.4.5.1 >= 5.4.5.1
-------------------------------------------------------------------
2 affected packages

Description
===========

It was discovered that missing restrictions in the implementation of
the WEBSERVICE function in LibreOffice could result in the disclosure
of arbitrary files.

Impact
======

A remote attacker could entice a user to open a specially crafted
document using LibreOffice, possibly resulting in the disclosure of
arbitrary files readable by the victim.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All LibreOffice users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.4.5.1"

All LibreOffice binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=app-office/libreoffice-bin-5.4.5.1"

References
==========

[ 1 ] CVE-2018-6871
https://nvd.nist.gov/vuln/detail/CVE-2018-6871

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201802-06

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5