The following security advisories has been published for Gentoo Linux:
GLSA 201908-21 : Adobe Flash Player: Multiple vulnerabilities
GLSA 201908-22 : Patch: Multiple vulnerabilities
GLSA 201908-23 : VLC: Multiple vulnerabilities
GLSA 201908-24 : MariaDB, MySQL: Multiple vulnerabilities
GLSA 201908-25 : hostapd and wpa_supplicant: Denial of Service
GLSA 201908-21 : Adobe Flash Player: Multiple vulnerabilities
GLSA 201908-22 : Patch: Multiple vulnerabilities
GLSA 201908-23 : VLC: Multiple vulnerabilities
GLSA 201908-24 : MariaDB, MySQL: Multiple vulnerabilities
GLSA 201908-25 : hostapd and wpa_supplicant: Denial of Service
GLSA 201908-21 : Adobe Flash Player: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201908-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: August 18, 2019
Bugs: #683006, #687894
ID: 201908-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which could result in the arbitrary execution of code.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-plugins/adobe-flash < 32.0.0.207 >= 32.0.0.207
Description
===========
Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-32.0.0.207"
References
==========
[ 1 ] CVE-2019-7096
https://nvd.nist.gov/vuln/detail/CVE-2019-7096
[ 2 ] CVE-2019-7108
https://nvd.nist.gov/vuln/detail/CVE-2019-7108
[ 3 ] CVE-2019-7845
https://nvd.nist.gov/vuln/detail/CVE-2019-7845
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201908-21
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
GLSA 201908-22 : Patch: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201908-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Patch: Multiple vulnerabilities
Date: August 18, 2019
Bugs: #690136
ID: 201908-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Patch, the worst of which
could result in the arbitrary execution of code.
Background
==========
Patch takes a patch file containing a difference listing produced by
the diff program and applies those differences to one or more original
files, producing patched versions.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-devel/patch < 2.7.6-r4 >= 2.7.6-r4
Description
===========
Multiple vulnerabilities have been discovered in Patch. Please review
the CVE identifiers referenced below for details.
Impact
======
A local attacker could pass a specially crafted diff file to Patch,
possibly resulting in a Denial of Service condition or arbitrary code
execution.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Patch users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/patch-2.7.6-r4"
References
==========
[ 1 ] CVE-2019-13636
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
[ 2 ] CVE-2019-13638
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201908-22
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
GLSA 201908-23 : VLC: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201908-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: VLC: Multiple vulnerabilities
Date: August 18, 2019
Bugs: #688642
ID: 201908-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in VLC, the worst of which
could result in the arbitrary execution of code.
Background
==========
VLC is a cross-platform media player and streaming server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-video/vlc < 3.0.7 >= 3.0.7
Description
===========
Multiple vulnerabilities have been discovered in VLC. Please review the
CVE identifiers referenced below for details.
Impact
======
Remote attackers, by enticing a user to execute a specially crafted
media file, could cause a Denial of Service condition or possibly
execute arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All VLC users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.7"
References
==========
[ 1 ] CVE-2019-12874
https://nvd.nist.gov/vuln/detail/CVE-2019-12874
[ 2 ] CVE-2019-5439
https://nvd.nist.gov/vuln/detail/CVE-2019-5439
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201908-23
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
GLSA 201908-24 : MariaDB, MySQL: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201908-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: MariaDB, MySQL: Multiple vulnerabilities
Date: August 18, 2019
Bugs: #661500, #670388, #679024
ID: 201908-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in MariaDB and MySQL, the
worst of which could result in privilege escalation.
Background
==========
MariaDB is an enhanced, drop-in replacement for MySQL. MySQL is a
popular multi-threaded, multi-user SQL server. MySQL is a popular
multi-threaded, multi-user SQL server
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mariadb < 10.1.38-r1 >= 10.1.38-r1
< 10.2.22 >= 10.2.22
2 dev-db/mysql < 5.6.42 >= 5.6.42
< 5.7.24 >= 5.7.24
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in MariaDB and MySQL.
Please review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All MariaDB 10.1.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.1.38-r1"
All MariaDB 10.2.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.2.22"
All MySQL 5.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.42"
All MySQL 5.7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.24"
References
==========
[ 1 ] CVE-2018-2755
https://nvd.nist.gov/vuln/detail/CVE-2018-2755
[ 2 ] CVE-2018-2759
https://nvd.nist.gov/vuln/detail/CVE-2018-2759
[ 3 ] CVE-2018-2761
https://nvd.nist.gov/vuln/detail/CVE-2018-2761
[ 4 ] CVE-2018-2766
https://nvd.nist.gov/vuln/detail/CVE-2018-2766
[ 5 ] CVE-2018-2771
https://nvd.nist.gov/vuln/detail/CVE-2018-2771
[ 6 ] CVE-2018-2777
https://nvd.nist.gov/vuln/detail/CVE-2018-2777
[ 7 ] CVE-2018-2781
https://nvd.nist.gov/vuln/detail/CVE-2018-2781
[ 8 ] CVE-2018-2782
https://nvd.nist.gov/vuln/detail/CVE-2018-2782
[ 9 ] CVE-2018-2784
https://nvd.nist.gov/vuln/detail/CVE-2018-2784
[ 10 ] CVE-2018-2786
https://nvd.nist.gov/vuln/detail/CVE-2018-2786
[ 11 ] CVE-2018-2787
https://nvd.nist.gov/vuln/detail/CVE-2018-2787
[ 12 ] CVE-2018-2810
https://nvd.nist.gov/vuln/detail/CVE-2018-2810
[ 13 ] CVE-2018-2813
https://nvd.nist.gov/vuln/detail/CVE-2018-2813
[ 14 ] CVE-2018-2817
https://nvd.nist.gov/vuln/detail/CVE-2018-2817
[ 15 ] CVE-2018-2819
https://nvd.nist.gov/vuln/detail/CVE-2018-2819
[ 16 ] CVE-2018-3143
https://nvd.nist.gov/vuln/detail/CVE-2018-3143
[ 17 ] CVE-2018-3156
https://nvd.nist.gov/vuln/detail/CVE-2018-3156
[ 18 ] CVE-2018-3162
https://nvd.nist.gov/vuln/detail/CVE-2018-3162
[ 19 ] CVE-2018-3173
https://nvd.nist.gov/vuln/detail/CVE-2018-3173
[ 20 ] CVE-2018-3174
https://nvd.nist.gov/vuln/detail/CVE-2018-3174
[ 21 ] CVE-2018-3185
https://nvd.nist.gov/vuln/detail/CVE-2018-3185
[ 22 ] CVE-2018-3200
https://nvd.nist.gov/vuln/detail/CVE-2018-3200
[ 23 ] CVE-2018-3251
https://nvd.nist.gov/vuln/detail/CVE-2018-3251
[ 24 ] CVE-2018-3252
https://nvd.nist.gov/vuln/detail/CVE-2018-3252
[ 25 ] CVE-2018-3277
https://nvd.nist.gov/vuln/detail/CVE-2018-3277
[ 26 ] CVE-2018-3282
https://nvd.nist.gov/vuln/detail/CVE-2018-3282
[ 27 ] CVE-2018-3284
https://nvd.nist.gov/vuln/detail/CVE-2018-3284
[ 28 ] CVE-2019-2510
https://nvd.nist.gov/vuln/detail/CVE-2019-2510
[ 29 ] CVE-2019-2529
https://nvd.nist.gov/vuln/detail/CVE-2019-2529
[ 30 ] CVE-2019-2537
https://nvd.nist.gov/vuln/detail/CVE-2019-2537
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201908-24
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
GLSA 201908-25 : hostapd and wpa_supplicant: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201908-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: hostapd and wpa_supplicant: Denial of Service
Date: August 18, 2019
Bugs: #685860, #688588
ID: 201908-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability in hostapd and wpa_supplicant could lead to a Denial of
Service condition.
Background
==========
wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
802.11i / RSN).
hostapd is a user space daemon for access point and authentication
servers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-wireless/hostapd < 2.8 >= 2.8
2 net-wireless/wpa_supplicant
< 2.8 >= 2.8
-------------------------------------------------------------------
2 affected packages
Description
===========
A vulnerability was discovered in hostapd's and wpa_supplicant's
eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c files.
Impact
======
An attacker could cause a possible Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All hostapd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.8"
All wpa_supplicant users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-wireless/wpa_supplicant-2.8"
References
==========
[ 1 ] CVE-2019-11555
https://nvd.nist.gov/vuln/detail/CVE-2019-11555
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201908-25
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5