diff options
author | Repository mirror & CI <repomirrorci@gentoo.org> | 2024-07-06 06:51:18 +0000 |
---|---|---|
committer | Repository mirror & CI <repomirrorci@gentoo.org> | 2024-07-06 06:51:18 +0000 |
commit | 27e0b84a62435ff22b2ebef850359b9e9c5fdd61 (patch) | |
tree | 00e505ec94dce2ce02d21b479684e81ecc063c16 /metadata/glsa | |
parent | Merge updates from master (diff) | |
parent | [ GLSA 202407-21 ] X.Org X11 library: Multiple Vulnerabilities (diff) | |
download | gentoo-27e0b84a62435ff22b2ebef850359b9e9c5fdd61.tar.gz gentoo-27e0b84a62435ff22b2ebef850359b9e9c5fdd61.tar.bz2 gentoo-27e0b84a62435ff22b2ebef850359b9e9c5fdd61.zip |
Merge commit 'ad043d75ef1974c869c6e376d93dc9e7f4518860'
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/glsa-202407-20.xml | 48 | ||||
-rw-r--r-- | metadata/glsa/glsa-202407-21.xml | 49 |
2 files changed, 97 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202407-20.xml b/metadata/glsa/glsa-202407-20.xml new file mode 100644 index 000000000000..84856ba8345c --- /dev/null +++ b/metadata/glsa/glsa-202407-20.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-20"> + <title>KDE Plasma Workspaces: Privilege Escalation</title> + <synopsis>A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation.</synopsis> + <product type="ebuild">plasma-workspace</product> + <announced>2024-07-06</announced> + <revised count="1">2024-07-06</revised> + <bug>933342</bug> + <access>remote</access> + <affected> + <package name="kde-plasma/plasma-workspace" auto="yes" arch="*"> + <unaffected range="ge">5.27.11.1</unaffected> + <vulnerable range="lt">5.27.11.1</vulnerable> + </package> + </affected> + <background> + <p>KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE
+based purely on the host, allowing all local connections. This allows
+another user on the same machine to gain access to the session
+manager.
+
+A well crafted client could use the session restore feature to execute
+arbitrary code as the user on the next boot.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All KDE Plasma Workspaces users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-36041">CVE-2024-36041</uri> + </references> + <metadata tag="requester" timestamp="2024-07-06T06:45:04.101679Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-06T06:45:04.105556Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202407-21.xml b/metadata/glsa/glsa-202407-21.xml new file mode 100644 index 000000000000..12c0a2e5a2ed --- /dev/null +++ b/metadata/glsa/glsa-202407-21.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202407-21"> + <title>X.Org X11 library: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service.</synopsis> + <product type="ebuild">libX11</product> + <announced>2024-07-06</announced> + <revised count="1">2024-07-06</revised> + <bug>877461</bug> + <bug>908549</bug> + <bug>915129</bug> + <access>remote</access> + <affected> + <package name="x11-libs/libX11" auto="yes" arch="*"> + <unaffected range="ge">1.8.7</unaffected> + <vulnerable range="lt">1.8.7</vulnerable> + </package> + </affected> + <background> + <p>X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All X.Org X11 library users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.8.7" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3554">CVE-2022-3554</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3555">CVE-2022-3555</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3138">CVE-2023-3138</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43785">CVE-2023-43785</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43786">CVE-2023-43786</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43787">CVE-2023-43787</uri> + </references> + <metadata tag="requester" timestamp="2024-07-06T06:46:25.255732Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-07-06T06:46:25.259127Z">graaff</metadata> +</glsa>
\ No newline at end of file |