[ GLSA 202412-11 ] OATH Toolkit: Privilege Escalation
[ GLSA 202412-10 ] Dnsmasq: Multiple Vulnerabilities
[ GLSA 202412-09 ] Salt: Multiple Vulnerabilities
[ GLSA 202412-08 ] icinga2: Multiple Vulnerabilities
[ GLSA 202412-07 ] OpenJDK: Multiple Vulnerabilities
[ GLSA 202412-06 ] Mozilla Thunderbird: Multiple Vulnerabilities
[ GLSA 202412-05 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
[ GLSA 202412-04 ] Mozilla Firefox: Multiple Vulnerabilities
[ GLSA 202412-03 ] Asterisk: Multiple Vulnerabilities
[ GLSA 202412-02 ] Cacti: Multiple Vulnerabilities
[ GLSA 202412-01 ] R: Arbitrary Code Execution
[ GLSA 202412-11 ] OATH Toolkit: Privilege Escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OATH Toolkit: Privilege Escalation
Date: December 07, 2024
Bugs: #940778
ID: 202412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in OATH Toolkit, which could lead to
local root privilege escalation.
Background
==========
OATH Toolkit provide components to build one-time password
authentication systems. It contains shared C libraries, command line
tools and a PAM module. Supported technologies include the event-based
HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and
Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key
data. OATH stands for Open AuTHentication, which is the organization
that specify the algorithms.
Affected packages
=================
Package Vulnerable Unaffected
--------------------- ------------ ------------
sys-auth/oath-toolkit < 2.6.12 >= 2.6.12
Description
===========
A vulnerability has been discovered in OATH Toolkit. Please review the
CVE identifier referenced below for details.
Impact
======
Please review the referenced CVE identifier for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OATH Toolkit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/oath-toolkit-2.6.12"
References
==========
[ 1 ] CVE-2024-47191
https://nvd.nist.gov/vuln/detail/CVE-2024-47191
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-11
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-10 ] Dnsmasq: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Dnsmasq: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #867322, #905321, #924448
ID: 202412-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Dnsmasq, the worst of
which could lead to a denial of service.
Background
==========
Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP
server.
Affected packages
=================
Package Vulnerable Unaffected
--------------- ------------ ------------
net-dns/dnsmasq < 2.90 >= 2.90
Description
===========
Multiple vulnerabilities have been discovered in Dnsmasq. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Dnsmasq users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.90"
References
==========
[ 1 ] CVE-2022-0934
https://nvd.nist.gov/vuln/detail/CVE-2022-0934
[ 2 ] CVE-2023-28450
https://nvd.nist.gov/vuln/detail/CVE-2023-28450
[ 3 ] CVE-2023-50387
https://nvd.nist.gov/vuln/detail/CVE-2023-50387
[ 4 ] CVE-2023-50868
https://nvd.nist.gov/vuln/detail/CVE-2023-50868
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-09 ] Salt: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Salt: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #916512, #925021
ID: 202412-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Salt, the worst of
which can lead to arbitrary code execution.
Background
==========
Salt is a fast, intelligent and scalable automation engine.
Affected packages
=================
Package Vulnerable Unaffected
-------------- ------------ ------------
app-admin/salt < 3006.6 >= 3006.6
Description
===========
Multiple vulnerabilities have been discovered in Salt. Please review the
CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Salt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/salt-3006.6"
References
==========
[ 1 ] CVE-2023-20897
https://nvd.nist.gov/vuln/detail/CVE-2023-20897
[ 2 ] CVE-2023-20898
https://nvd.nist.gov/vuln/detail/CVE-2023-20898
[ 3 ] CVE-2023-34049
https://nvd.nist.gov/vuln/detail/CVE-2023-34049
[ 4 ] CVE-2024-22231
https://nvd.nist.gov/vuln/detail/CVE-2024-22231
[ 5 ] CVE-2024-22232
https://nvd.nist.gov/vuln/detail/CVE-2024-22232
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-08 ] icinga2: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: icinga2: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #760660, #943329
ID: 202412-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Icinga2, the worst of
which could lead to arbitrary code execution.
Background
==========
Icinga2 is a distributed, general purpose, network monitoring engine.
Affected packages
=================
Package Vulnerable Unaffected
-------------------- ------------ ------------
net-analyzer/icinga2 < 2.14.3 >= 2.14.3
Description
===========
Multiple vulnerabilities have been discovered in Icinga2. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Icinga2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/icinga2-2.14.3"
References
==========
[ 1 ] CVE-2020-29663
https://nvd.nist.gov/vuln/detail/CVE-2020-29663
[ 2 ] CVE-2021-32739
https://nvd.nist.gov/vuln/detail/CVE-2021-32739
[ 3 ] CVE-2021-32743
https://nvd.nist.gov/vuln/detail/CVE-2021-32743
[ 4 ] CVE-2021-37698
https://nvd.nist.gov/vuln/detail/CVE-2021-37698
[ 5 ] CVE-2024-49369
https://nvd.nist.gov/vuln/detail/CVE-2024-49369
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-08
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-07 ] OpenJDK: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenJDK: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #912719, #916211, #925020, #941689
ID: 202412-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in OpenJDK, the worst of
which could lead to remote code execution.
Background
==========
OpenJDK is an open source implementation of the Java programming
language.
Affected packages
=================
Package Vulnerable Unaffected
------------------------ --------------- ----------------
dev-java/openjdk < 11.0.24_p8:11 >= 11.0.24_p8:11
< 17.0.12_p7:17 >= 17.0.12_p7:17
< 8.422_p05:8 >= 8.422_p05:8
dev-java/openjdk-bin < 11.0.24_p8:11 >= 11.0.24_p8:11
< 17.0.12_p7:17 >= 17.0.12_p7:17
< 8.422_p05:8 >= 8.422_p05:8
dev-java/openjdk-jre-bin < 11.0.24_p8:11 >= 11.0.24_p8:11
< 17.0.12_p7:17 >= 17.0.12_p7:17
< 8.422_p05:8 >= 8.422_p05:8
Description
===========
Multiple vulnerabilities have been discovered in OpenJDK. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenJDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.422_p05:8"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.24_p8:11"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.12_p7:17"
All OpenJDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.442_p05:8"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.24_p8:11"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.12_p7:17"
All OpenJDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.442_p05:8"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.24_p8:11"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.12_p7:17"
References
==========
[ 1 ] CVE-2023-22006
https://nvd.nist.gov/vuln/detail/CVE-2023-22006
[ 2 ] CVE-2023-22025
https://nvd.nist.gov/vuln/detail/CVE-2023-22025
[ 3 ] CVE-2023-22036
https://nvd.nist.gov/vuln/detail/CVE-2023-22036
[ 4 ] CVE-2023-22041
https://nvd.nist.gov/vuln/detail/CVE-2023-22041
[ 5 ] CVE-2023-22044
https://nvd.nist.gov/vuln/detail/CVE-2023-22044
[ 6 ] CVE-2023-22045
https://nvd.nist.gov/vuln/detail/CVE-2023-22045
[ 7 ] CVE-2023-22049
https://nvd.nist.gov/vuln/detail/CVE-2023-22049
[ 8 ] CVE-2023-22067
https://nvd.nist.gov/vuln/detail/CVE-2023-22067
[ 9 ] CVE-2023-22081
https://nvd.nist.gov/vuln/detail/CVE-2023-22081
[ 10 ] CVE-2024-20918
https://nvd.nist.gov/vuln/detail/CVE-2024-20918
[ 11 ] CVE-2024-20919
https://nvd.nist.gov/vuln/detail/CVE-2024-20919
[ 12 ] CVE-2024-20921
https://nvd.nist.gov/vuln/detail/CVE-2024-20921
[ 13 ] CVE-2024-20926
https://nvd.nist.gov/vuln/detail/CVE-2024-20926
[ 14 ] CVE-2024-20932
https://nvd.nist.gov/vuln/detail/CVE-2024-20932
[ 15 ] CVE-2024-20945
https://nvd.nist.gov/vuln/detail/CVE-2024-20945
[ 16 ] CVE-2024-20952
https://nvd.nist.gov/vuln/detail/CVE-2024-20952
[ 17 ] CVE-2024-21208
https://nvd.nist.gov/vuln/detail/CVE-2024-21208
[ 18 ] CVE-2024-21210
https://nvd.nist.gov/vuln/detail/CVE-2024-21210
[ 19 ] CVE-2024-21217
https://nvd.nist.gov/vuln/detail/CVE-2024-21217
[ 20 ] CVE-2024-21235
https://nvd.nist.gov/vuln/detail/CVE-2024-21235
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-07
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-06 ] Mozilla Thunderbird: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Mozilla Thunderbird: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #935551, #936216, #937468, #941170, #941175, #942470
ID: 202412-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Mozilla Thunderbird,
the worst of which could lead to remote code execution.
Background
==========
Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.
Affected packages
=================
Package Vulnerable Unaffected
--------------------------- ------------ ------------
mail-client/thunderbird < 128.4.0 >= 128.4.0
mail-client/thunderbird-bin < 128.4.0 >= 128.4.0
Description
===========
Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.4.0"
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.4.0"
References
==========
[ 1 ] CVE-2024-5693
https://nvd.nist.gov/vuln/detail/CVE-2024-5693
[ 2 ] CVE-2024-5696
https://nvd.nist.gov/vuln/detail/CVE-2024-5696
[ 3 ] CVE-2024-5700
https://nvd.nist.gov/vuln/detail/CVE-2024-5700
[ 4 ] CVE-2024-6601
https://nvd.nist.gov/vuln/detail/CVE-2024-6601
[ 5 ] CVE-2024-6602
https://nvd.nist.gov/vuln/detail/CVE-2024-6602
[ 6 ] CVE-2024-6603
https://nvd.nist.gov/vuln/detail/CVE-2024-6603
[ 7 ] CVE-2024-6604
https://nvd.nist.gov/vuln/detail/CVE-2024-6604
[ 8 ] CVE-2024-7518
https://nvd.nist.gov/vuln/detail/CVE-2024-7518
[ 9 ] CVE-2024-7519
https://nvd.nist.gov/vuln/detail/CVE-2024-7519
[ 10 ] CVE-2024-7520
https://nvd.nist.gov/vuln/detail/CVE-2024-7520
[ 11 ] CVE-2024-7521
https://nvd.nist.gov/vuln/detail/CVE-2024-7521
[ 12 ] CVE-2024-7522
https://nvd.nist.gov/vuln/detail/CVE-2024-7522
[ 13 ] CVE-2024-7523
https://nvd.nist.gov/vuln/detail/CVE-2024-7523
[ 14 ] CVE-2024-7524
https://nvd.nist.gov/vuln/detail/CVE-2024-7524
[ 15 ] CVE-2024-7525
https://nvd.nist.gov/vuln/detail/CVE-2024-7525
[ 16 ] CVE-2024-7526
https://nvd.nist.gov/vuln/detail/CVE-2024-7526
[ 17 ] CVE-2024-7527
https://nvd.nist.gov/vuln/detail/CVE-2024-7527
[ 18 ] CVE-2024-7528
https://nvd.nist.gov/vuln/detail/CVE-2024-7528
[ 19 ] CVE-2024-7529
https://nvd.nist.gov/vuln/detail/CVE-2024-7529
[ 20 ] CVE-2024-7531
https://nvd.nist.gov/vuln/detail/CVE-2024-7531
[ 21 ] CVE-2024-8381
https://nvd.nist.gov/vuln/detail/CVE-2024-8381
[ 22 ] CVE-2024-8382
https://nvd.nist.gov/vuln/detail/CVE-2024-8382
[ 23 ] CVE-2024-8383
https://nvd.nist.gov/vuln/detail/CVE-2024-8383
[ 24 ] CVE-2024-8384
https://nvd.nist.gov/vuln/detail/CVE-2024-8384
[ 25 ] CVE-2024-8385
https://nvd.nist.gov/vuln/detail/CVE-2024-8385
[ 26 ] CVE-2024-8386
https://nvd.nist.gov/vuln/detail/CVE-2024-8386
[ 27 ] CVE-2024-8387
https://nvd.nist.gov/vuln/detail/CVE-2024-8387
[ 28 ] CVE-2024-8389
https://nvd.nist.gov/vuln/detail/CVE-2024-8389
[ 29 ] CVE-2024-8394
https://nvd.nist.gov/vuln/detail/CVE-2024-8394
[ 30 ] CVE-2024-8900
https://nvd.nist.gov/vuln/detail/CVE-2024-8900
[ 31 ] CVE-2024-9391
https://nvd.nist.gov/vuln/detail/CVE-2024-9391
[ 32 ] CVE-2024-9392
https://nvd.nist.gov/vuln/detail/CVE-2024-9392
[ 33 ] CVE-2024-9395
https://nvd.nist.gov/vuln/detail/CVE-2024-9395
[ 34 ] CVE-2024-9396
https://nvd.nist.gov/vuln/detail/CVE-2024-9396
[ 35 ] CVE-2024-9397
https://nvd.nist.gov/vuln/detail/CVE-2024-9397
[ 36 ] CVE-2024-9399
https://nvd.nist.gov/vuln/detail/CVE-2024-9399
[ 37 ] CVE-2024-9400
https://nvd.nist.gov/vuln/detail/CVE-2024-9400
[ 38 ] CVE-2024-9401
https://nvd.nist.gov/vuln/detail/CVE-2024-9401
[ 39 ] CVE-2024-9402
https://nvd.nist.gov/vuln/detail/CVE-2024-9402
[ 40 ] CVE-2024-9403
https://nvd.nist.gov/vuln/detail/CVE-2024-9403
[ 41 ] CVE-2024-10458
https://nvd.nist.gov/vuln/detail/CVE-2024-10458
[ 42 ] CVE-2024-10459
https://nvd.nist.gov/vuln/detail/CVE-2024-10459
[ 43 ] CVE-2024-10460
https://nvd.nist.gov/vuln/detail/CVE-2024-10460
[ 44 ] CVE-2024-10461
https://nvd.nist.gov/vuln/detail/CVE-2024-10461
[ 45 ] CVE-2024-10462
https://nvd.nist.gov/vuln/detail/CVE-2024-10462
[ 46 ] CVE-2024-10463
https://nvd.nist.gov/vuln/detail/CVE-2024-10463
[ 47 ] CVE-2024-10464
https://nvd.nist.gov/vuln/detail/CVE-2024-10464
[ 48 ] CVE-2024-10465
https://nvd.nist.gov/vuln/detail/CVE-2024-10465
[ 49 ] CVE-2024-10466
https://nvd.nist.gov/vuln/detail/CVE-2024-10466
[ 50 ] CVE-2024-10467
https://nvd.nist.gov/vuln/detail/CVE-2024-10467
[ 51 ] CVE-2024-10468
https://nvd.nist.gov/vuln/detail/CVE-2024-10468
[ 52 ] MFSA-2024-25
[ 53 ] MFSA-2024-26
[ 54 ] MFSA-2024-28
[ 55 ] MFSA2024-29
[ 56 ] MFSA2024-30
[ 57 ] MFSA2024-31
[ 58 ] MFSA2024-33
[ 59 ] MFSA2024-34
[ 60 ] MFSA2024-35
[ 61 ] MFSA2024-38
[ 62 ] MFSA2024-39
[ 63 ] MFSA2024-40
[ 64 ] MFSA2024-41
[ 65 ] MFSA2024-43
[ 66 ] MFSA2024-44
[ 67 ] MFSA2024-46
[ 68 ] MFSA2024-47
[ 69 ] MFSA2024-48
[ 70 ] MFSA2024-49
[ 71 ] MFSA2024-50
[ 72 ] MFSA2024-55
[ 73 ] MFSA2024-56
[ 74 ] MFSA2024-57
[ 75 ] MFSA2024-58
[ 76 ] MFSA2024-59
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-06
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-05 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #924450, #925161, #925666, #926230, #926869, #927312, #927928, #928462, #929112, #930124, #930647, #930994, #931548
ID: 202412-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Chromium and its
derivatives, the worst of which can lead to remote code execution.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web. Google
Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.
Opera is a fast and secure web browser.
Affected packages
=================
Package Vulnerable Unaffected
------------------------- ---------------- -----------------
ww-client/microsoft-edge >= 124.0.2478.97
www-client/chromium < 124.0.6367.155 >= 124.0.6367.155
www-client/google-chrome < 124.0.6367.155 >= 124.0.6367.155
www-client/microsoft-edge < 124.0.2478.97 Vulnerable!
www-client/opera < 110.0.5130.35 >= 110.0.5130.35
Description
===========
Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Google Chrome users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-124.0.6367.155"
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-124.0.6367.155 "
All Microsoft Edge users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-124.0.2478.97"
All Oprea users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-110.0.5130.35"
References
==========
[ 1 ] CVE-2024-1669
https://nvd.nist.gov/vuln/detail/CVE-2024-1669
[ 2 ] CVE-2024-1670
https://nvd.nist.gov/vuln/detail/CVE-2024-1670
[ 3 ] CVE-2024-1671
https://nvd.nist.gov/vuln/detail/CVE-2024-1671
[ 4 ] CVE-2024-1672
https://nvd.nist.gov/vuln/detail/CVE-2024-1672
[ 5 ] CVE-2024-1673
https://nvd.nist.gov/vuln/detail/CVE-2024-1673
[ 6 ] CVE-2024-1674
https://nvd.nist.gov/vuln/detail/CVE-2024-1674
[ 7 ] CVE-2024-1675
https://nvd.nist.gov/vuln/detail/CVE-2024-1675
[ 8 ] CVE-2024-1676
https://nvd.nist.gov/vuln/detail/CVE-2024-1676
[ 9 ] CVE-2024-2173
https://nvd.nist.gov/vuln/detail/CVE-2024-2173
[ 10 ] CVE-2024-2174
https://nvd.nist.gov/vuln/detail/CVE-2024-2174
[ 11 ] CVE-2024-2176
https://nvd.nist.gov/vuln/detail/CVE-2024-2176
[ 12 ] CVE-2024-2400
https://nvd.nist.gov/vuln/detail/CVE-2024-2400
[ 13 ] CVE-2024-2625
https://nvd.nist.gov/vuln/detail/CVE-2024-2625
[ 14 ] CVE-2024-2626
https://nvd.nist.gov/vuln/detail/CVE-2024-2626
[ 15 ] CVE-2024-2627
https://nvd.nist.gov/vuln/detail/CVE-2024-2627
[ 16 ] CVE-2024-2628
https://nvd.nist.gov/vuln/detail/CVE-2024-2628
[ 17 ] CVE-2024-2883
https://nvd.nist.gov/vuln/detail/CVE-2024-2883
[ 18 ] CVE-2024-2885
https://nvd.nist.gov/vuln/detail/CVE-2024-2885
[ 19 ] CVE-2024-2886
https://nvd.nist.gov/vuln/detail/CVE-2024-2886
[ 20 ] CVE-2024-2887
https://nvd.nist.gov/vuln/detail/CVE-2024-2887
[ 21 ] CVE-2024-3156
https://nvd.nist.gov/vuln/detail/CVE-2024-3156
[ 22 ] CVE-2024-3158
https://nvd.nist.gov/vuln/detail/CVE-2024-3158
[ 23 ] CVE-2024-3159
https://nvd.nist.gov/vuln/detail/CVE-2024-3159
[ 24 ] CVE-2024-3832
https://nvd.nist.gov/vuln/detail/CVE-2024-3832
[ 25 ] CVE-2024-3833
https://nvd.nist.gov/vuln/detail/CVE-2024-3833
[ 26 ] CVE-2024-3834
https://nvd.nist.gov/vuln/detail/CVE-2024-3834
[ 27 ] CVE-2024-4058
https://nvd.nist.gov/vuln/detail/CVE-2024-4058
[ 28 ] CVE-2024-4059
https://nvd.nist.gov/vuln/detail/CVE-2024-4059
[ 29 ] CVE-2024-4060
https://nvd.nist.gov/vuln/detail/CVE-2024-4060
[ 30 ] CVE-2024-4331
https://nvd.nist.gov/vuln/detail/CVE-2024-4331
[ 31 ] CVE-2024-4368
https://nvd.nist.gov/vuln/detail/CVE-2024-4368
[ 32 ] CVE-2024-4558
https://nvd.nist.gov/vuln/detail/CVE-2024-4558
[ 33 ] CVE-2024-4559
https://nvd.nist.gov/vuln/detail/CVE-2024-4559
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-04 ] Mozilla Firefox: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Mozilla Firefox: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #936215, #937467, #941169, #941174, #941224
ID: 202412-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Mozilla Firefox, the
worst of which arbitrary code execution.
Background
==========
Mozilla Firefox is a popular open-source web browser from the Mozilla
project.
Affected packages
=================
Package Vulnerable Unaffected
---------------------- --------------- ----------------
www-client/firefox < 128.3.1:esr >= 123.3.1:esr
< 131.0.2:rapid >= 131.0.2:rapid
www-client/firefox-bin < 128.3.1:esr >= 128.3.1:esr
< 131.0.2:rapid >= 131.0.2:rapid
Description
===========
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version in their
release channel:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-131.0.2:rapid"
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.3.1:esr"
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-131.0.2:rapid"
# emerge --ask --oneshot --verbose ">=www-client/firefox-128.3.1:esr"
References
==========
[ 1 ] CVE-2024-6601
https://nvd.nist.gov/vuln/detail/CVE-2024-6601
[ 2 ] CVE-2024-6602
https://nvd.nist.gov/vuln/detail/CVE-2024-6602
[ 3 ] CVE-2024-6603
https://nvd.nist.gov/vuln/detail/CVE-2024-6603
[ 4 ] CVE-2024-6604
https://nvd.nist.gov/vuln/detail/CVE-2024-6604
[ 5 ] CVE-2024-6606
https://nvd.nist.gov/vuln/detail/CVE-2024-6606
[ 6 ] CVE-2024-6607
https://nvd.nist.gov/vuln/detail/CVE-2024-6607
[ 7 ] CVE-2024-6608
https://nvd.nist.gov/vuln/detail/CVE-2024-6608
[ 8 ] CVE-2024-6609
https://nvd.nist.gov/vuln/detail/CVE-2024-6609
[ 9 ] CVE-2024-6610
https://nvd.nist.gov/vuln/detail/CVE-2024-6610
[ 10 ] CVE-2024-6611
https://nvd.nist.gov/vuln/detail/CVE-2024-6611
[ 11 ] CVE-2024-6612
https://nvd.nist.gov/vuln/detail/CVE-2024-6612
[ 12 ] CVE-2024-6613
https://nvd.nist.gov/vuln/detail/CVE-2024-6613
[ 13 ] CVE-2024-6614
https://nvd.nist.gov/vuln/detail/CVE-2024-6614
[ 14 ] CVE-2024-6615
https://nvd.nist.gov/vuln/detail/CVE-2024-6615
[ 15 ] CVE-2024-7518
https://nvd.nist.gov/vuln/detail/CVE-2024-7518
[ 16 ] CVE-2024-7519
https://nvd.nist.gov/vuln/detail/CVE-2024-7519
[ 17 ] CVE-2024-7520
https://nvd.nist.gov/vuln/detail/CVE-2024-7520
[ 18 ] CVE-2024-7521
https://nvd.nist.gov/vuln/detail/CVE-2024-7521
[ 19 ] CVE-2024-7522
https://nvd.nist.gov/vuln/detail/CVE-2024-7522
[ 20 ] CVE-2024-7523
https://nvd.nist.gov/vuln/detail/CVE-2024-7523
[ 21 ] CVE-2024-7524
https://nvd.nist.gov/vuln/detail/CVE-2024-7524
[ 22 ] CVE-2024-7525
https://nvd.nist.gov/vuln/detail/CVE-2024-7525
[ 23 ] CVE-2024-7526
https://nvd.nist.gov/vuln/detail/CVE-2024-7526
[ 24 ] CVE-2024-7527
https://nvd.nist.gov/vuln/detail/CVE-2024-7527
[ 25 ] CVE-2024-7528
https://nvd.nist.gov/vuln/detail/CVE-2024-7528
[ 26 ] CVE-2024-7529
https://nvd.nist.gov/vuln/detail/CVE-2024-7529
[ 27 ] CVE-2024-7530
https://nvd.nist.gov/vuln/detail/CVE-2024-7530
[ 28 ] CVE-2024-7531
https://nvd.nist.gov/vuln/detail/CVE-2024-7531
[ 29 ] CVE-2024-8381
https://nvd.nist.gov/vuln/detail/CVE-2024-8381
[ 30 ] CVE-2024-8382
https://nvd.nist.gov/vuln/detail/CVE-2024-8382
[ 31 ] CVE-2024-8383
https://nvd.nist.gov/vuln/detail/CVE-2024-8383
[ 32 ] CVE-2024-8384
https://nvd.nist.gov/vuln/detail/CVE-2024-8384
[ 33 ] CVE-2024-8385
https://nvd.nist.gov/vuln/detail/CVE-2024-8385
[ 34 ] CVE-2024-8386
https://nvd.nist.gov/vuln/detail/CVE-2024-8386
[ 35 ] CVE-2024-8387
https://nvd.nist.gov/vuln/detail/CVE-2024-8387
[ 36 ] CVE-2024-8389
https://nvd.nist.gov/vuln/detail/CVE-2024-8389
[ 37 ] CVE-2024-8394
https://nvd.nist.gov/vuln/detail/CVE-2024-8394
[ 38 ] CVE-2024-8900
https://nvd.nist.gov/vuln/detail/CVE-2024-8900
[ 39 ] CVE-2024-9391
https://nvd.nist.gov/vuln/detail/CVE-2024-9391
[ 40 ] CVE-2024-9392
https://nvd.nist.gov/vuln/detail/CVE-2024-9392
[ 41 ] CVE-2024-9395
https://nvd.nist.gov/vuln/detail/CVE-2024-9395
[ 42 ] CVE-2024-9396
https://nvd.nist.gov/vuln/detail/CVE-2024-9396
[ 43 ] CVE-2024-9397
https://nvd.nist.gov/vuln/detail/CVE-2024-9397
[ 44 ] CVE-2024-9399
https://nvd.nist.gov/vuln/detail/CVE-2024-9399
[ 45 ] CVE-2024-9400
https://nvd.nist.gov/vuln/detail/CVE-2024-9400
[ 46 ] CVE-2024-9401
https://nvd.nist.gov/vuln/detail/CVE-2024-9401
[ 47 ] CVE-2024-9402
https://nvd.nist.gov/vuln/detail/CVE-2024-9402
[ 48 ] CVE-2024-9403
https://nvd.nist.gov/vuln/detail/CVE-2024-9403
[ 49 ] CVE-2024-9680
https://nvd.nist.gov/vuln/detail/CVE-2024-9680
[ 50 ] MFSA2024-29
[ 51 ] MFSA2024-30
[ 52 ] MFSA2024-31
[ 53 ] MFSA2024-33
[ 54 ] MFSA2024-34
[ 55 ] MFSA2024-35
[ 56 ] MFSA2024-38
[ 57 ] MFSA2024-39
[ 58 ] MFSA2024-40
[ 59 ] MFSA2024-41
[ 60 ] MFSA2024-43
[ 61 ] MFSA2024-44
[ 62 ] MFSA2024-46
[ 63 ] MFSA2024-47
[ 64 ] MFSA2024-48
[ 65 ] MFSA2024-49
[ 66 ] MFSA2024-50
[ 67 ] MFSA2024-51
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-03 ] Asterisk: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Asterisk: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #771318, #803440, #838391, #884797, #920026, #937844, #939159
ID: 202412-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Asterisk, the worst of
which can lead to privilege escalation.
Background
==========
Asterisk is an open source telephony engine and toolkit.
Affected packages
=================
Package Vulnerable Unaffected
----------------- ------------ ------------
net-misc/asterisk < 18.24.3 >= 18.24.3
Description
===========
Multiple vulnerabilities have been discovered in Asterisk. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Asterisk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-18.24.3"
References
==========
[ 1 ] CVE-2020-35776
https://nvd.nist.gov/vuln/detail/CVE-2020-35776
[ 2 ] CVE-2021-26712
https://nvd.nist.gov/vuln/detail/CVE-2021-26712
[ 3 ] CVE-2021-26713
https://nvd.nist.gov/vuln/detail/CVE-2021-26713
[ 4 ] CVE-2021-26714
https://nvd.nist.gov/vuln/detail/CVE-2021-26714
[ 5 ] CVE-2021-26717
https://nvd.nist.gov/vuln/detail/CVE-2021-26717
[ 6 ] CVE-2021-26906
https://nvd.nist.gov/vuln/detail/CVE-2021-26906
[ 7 ] CVE-2021-31878
https://nvd.nist.gov/vuln/detail/CVE-2021-31878
[ 8 ] CVE-2021-32558
https://nvd.nist.gov/vuln/detail/CVE-2021-32558
[ 9 ] CVE-2022-26498
https://nvd.nist.gov/vuln/detail/CVE-2022-26498
[ 10 ] CVE-2022-26499
https://nvd.nist.gov/vuln/detail/CVE-2022-26499
[ 11 ] CVE-2022-26651
https://nvd.nist.gov/vuln/detail/CVE-2022-26651
[ 12 ] CVE-2022-37325
https://nvd.nist.gov/vuln/detail/CVE-2022-37325
[ 13 ] CVE-2022-42705
https://nvd.nist.gov/vuln/detail/CVE-2022-42705
[ 14 ] CVE-2022-42706
https://nvd.nist.gov/vuln/detail/CVE-2022-42706
[ 15 ] CVE-2023-37457
https://nvd.nist.gov/vuln/detail/CVE-2023-37457
[ 16 ] CVE-2023-49294
https://nvd.nist.gov/vuln/detail/CVE-2023-49294
[ 17 ] CVE-2023-49786
https://nvd.nist.gov/vuln/detail/CVE-2023-49786
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-02 ] Cacti: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Cacti: Multiple Vulnerabilities
Date: December 07, 2024
Bugs: #823788, #834597, #884799
ID: 202412-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Cacti, the worst of
which can lead to privilege escalation.
Background
==========
Cacti is a web-based network graphing and reporting tool.
Affected packages
=================
Package Vulnerable Unaffected
------------------ ------------ ------------
net-analyzer/cacti < 1.2.26 >= 1.2.26
Description
===========
Multiple vulnerabilities have been discovered in Cacti. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Cacti users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.26"
References
==========
[ 1 ] CVE-2020-14424
https://nvd.nist.gov/vuln/detail/CVE-2020-14424
[ 2 ] CVE-2022-0730
https://nvd.nist.gov/vuln/detail/CVE-2022-0730
[ 3 ] CVE-2022-46169
https://nvd.nist.gov/vuln/detail/CVE-2022-46169
[ 4 ] CVE-2022-48547
https://nvd.nist.gov/vuln/detail/CVE-2022-48547
[ 5 ] CVE-2023-30534
https://nvd.nist.gov/vuln/detail/CVE-2023-30534
[ 6 ] CVE-2023-31132
https://nvd.nist.gov/vuln/detail/CVE-2023-31132
[ 7 ] CVE-2023-39357
https://nvd.nist.gov/vuln/detail/CVE-2023-39357
[ 8 ] CVE-2023-39358
https://nvd.nist.gov/vuln/detail/CVE-2023-39358
[ 9 ] CVE-2023-39359
https://nvd.nist.gov/vuln/detail/CVE-2023-39359
[ 10 ] CVE-2023-39360
https://nvd.nist.gov/vuln/detail/CVE-2023-39360
[ 11 ] CVE-2023-39361
https://nvd.nist.gov/vuln/detail/CVE-2023-39361
[ 12 ] CVE-2023-39362
https://nvd.nist.gov/vuln/detail/CVE-2023-39362
[ 13 ] CVE-2023-39365
https://nvd.nist.gov/vuln/detail/CVE-2023-39365
[ 14 ] CVE-2023-39510
https://nvd.nist.gov/vuln/detail/CVE-2023-39510
[ 15 ] CVE-2023-39511
https://nvd.nist.gov/vuln/detail/CVE-2023-39511
[ 16 ] CVE-2023-39512
https://nvd.nist.gov/vuln/detail/CVE-2023-39512
[ 17 ] CVE-2023-39513
https://nvd.nist.gov/vuln/detail/CVE-2023-39513
[ 18 ] CVE-2023-39514
https://nvd.nist.gov/vuln/detail/CVE-2023-39514
[ 19 ] CVE-2023-39515
https://nvd.nist.gov/vuln/detail/CVE-2023-39515
[ 20 ] CVE-2023-39516
https://nvd.nist.gov/vuln/detail/CVE-2023-39516
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202412-01 ] R: Arbitrary Code Execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: R: Arbitrary Code Execution
Date: December 07, 2024
Bugs: #930936
ID: 202412-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in R, which can lead to arbitrary
code execution.
Background
==========
R is a language and environment for statistical computing and graphics.
Affected packages
=================
Package Vulnerable Unaffected
---------- ------------ ------------
dev-lang/R < 4.4.1 >= 4.4.1
Description
===========
Deserialization of untrusted data can occur in the R statistical
programming language, enabling a maliciously crafted RDS (R Data
Serialization) formatted file or R package to run arbitrary code on an
end user’s system when interacted with.
Impact
======
Arbitrary code may be run when deserializing untrusted data.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All R users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/R-4.4.1"
References
==========
[ 1 ] CVE-2024-27322
https://nvd.nist.gov/vuln/detail/CVE-2024-27322
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202412-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
