Gentoo Linux Security Advisory 202405-9 - Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution. Versions greater than or equal to 23.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: MediaInfo, MediaInfoLib: Multiple Vulnerabilities  
     Date: May 04, 2024  
     Bugs: #778992, #836564, #875374, #917612  
       ID: 202405-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib,  
the worst of which could allow user-assisted remote code execution.

Background  
=========  
MediaInfo supplies technical and tag information about media files.  
MediaInfoLib contains MediaInfo libraries.

Affected packages  
================  
Package                  Vulnerable    Unaffected  
-----------------------  ------------  ------------  
media-libs/libmediainfo  < 23.10       >= 23.10  
media-video/mediainfo    < 23.10       >= 23.10

Description  
==========  
Multiple vulnerabilities have been discovered in MediaInfo and  
MediaInfoLib. Please review the CVE identifiers referenced below for  
details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All MediaInfo users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-video/mediainfo-23.10"

All MediaInfolib users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libmediainfo-23.10"

References  
=========

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-09

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-09

Gentoo Linux Security Advisory 202405-8 - Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution. Versions greater than or equal to 5.9.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: strongSwan: Multiple Vulnerabilities  
     Date: May 04, 2024  
     Bugs: #818841, #832460, #878887, #899964  
       ID: 202405-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in strongSwan, the worst  
of which could possibly lead to remote code execution.

Background  
=========  
strongSwan is an IPSec implementation for Linux.

Affected packages  
================  
Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
net-vpn/strongswan  < 5.9.10      >= 5.9.10

Description  
==========  
Multiple vulnerabilities have been discovered in strongSwan. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All strongSwan users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.9.10"

References  
=========  
[ 1 ] CVE-2021-41991  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41991  
[ 2 ] CVE-2021-45079  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45079  
[ 3 ] CVE-2022-40617  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40617  
[ 4 ] CVE-2023-26463  
      https://nvd.nist.gov/vuln/detail/CVE-2023-26463

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-08

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-08

Gentoo Linux Security Advisory 202405-7 - Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.9.16 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: HTMLDOC: Multiple Vulnerabilities  
     Date: May 04, 2024  
     Bugs: #780489  
       ID: 202405-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in HTMLDOC, the worst of  
which can lead to arbitrary code execution.

Background  
=========  
HTMLDOC is a HTML indexer and HTML to PS and PDF converter.

Affected packages  
================  
Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
app-text/htmldoc  < 1.9.16      >= 1.9.16

Description  
==========  
Multiple vulnerabilities have been discovered in HTMLDOC. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All HTMLDOC users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/htmldoc-1.9.16"

References  
=========  
[ 1 ] CVE-2021-20308  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20308  
[ 2 ] CVE-2021-23158  
      https://nvd.nist.gov/vuln/detail/CVE-2021-23158  
[ 3 ] CVE-2021-23165  
      https://nvd.nist.gov/vuln/detail/CVE-2021-23165  
[ 4 ] CVE-2021-23180  
      https://nvd.nist.gov/vuln/detail/CVE-2021-23180  
[ 5 ] CVE-2021-23191  
      https://nvd.nist.gov/vuln/detail/CVE-2021-23191  
[ 6 ] CVE-2021-23206  
      https://nvd.nist.gov/vuln/detail/CVE-2021-23206  
[ 7 ] CVE-2021-26252  
      https://nvd.nist.gov/vuln/detail/CVE-2021-26252  
[ 8 ] CVE-2021-26259  
      https://nvd.nist.gov/vuln/detail/CVE-2021-26259  
[ 9 ] CVE-2021-26948  
      https://nvd.nist.gov/vuln/detail/CVE-2021-26948  
[ 10 ] CVE-2021-33235  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33235  
[ 11 ] CVE-2021-33236  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33236  
[ 12 ] CVE-2021-40985  
      https://nvd.nist.gov/vuln/detail/CVE-2021-40985  
[ 13 ] CVE-2021-43579  
      https://nvd.nist.gov/vuln/detail/CVE-2021-43579  
[ 14 ] CVE-2022-0137  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0137  
[ 15 ] CVE-2022-0534  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0534  
[ 16 ] CVE-2022-24191  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24191  
[ 17 ] CVE-2022-27114  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27114  
[ 18 ] CVE-2022-28085  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28085  
[ 19 ] CVE-2022-34033  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34033  
[ 20 ] CVE-2022-34035  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34035

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-07

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-07

Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: mujs: Multiple Vulnerabilities  
     Date: May 04, 2024  
     Bugs: #833453, #845399, #882775  
       ID: 202405-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in mujs, the worst of  
which could lead to remote code execution.

Background  
=========  
mujs is an embeddable Javascript interpreter in C.

Affected packages  
================  
Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
dev-lang/mujs  < 1.3.2       >= 1.3.2

Description  
==========  
Multiple vulnerabilities have been discovered in mujs. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All mujs users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-lang/mujs-1.3.2"

References  
=========  
[ 1 ] CVE-2021-45005  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45005  
[ 2 ] CVE-2022-30974  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30974  
[ 3 ] CVE-2022-30975  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30975  
[ 4 ] CVE-2022-44789  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44789

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-06

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-06

Gentoo Linux Security Advisory 202405-5 - Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: MPlayer: Multiple Vulnerabilities  
     Date: May 04, 2024  
     Bugs: #870406  
       ID: 202405-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in MPlayer, the worst of  
which can lead to arbitrary code execution.

Background  
=========  
MPlayer is a media player capable of handling multiple multimedia file  
formats.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-video/mplayer  < 1.5         >= 1.5

Description  
==========  
Multiple vulnerabilities have been discovered in MPlayer. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All MPlayer users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.5"

References  
=========  
[ 1 ] CVE-2022-38600  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38600  
[ 2 ] CVE-2022-38850  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38850  
[ 3 ] CVE-2022-38851  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38851  
[ 4 ] CVE-2022-38853  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38853  
[ 5 ] CVE-2022-38855  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38855  
[ 6 ] CVE-2022-38856  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38856  
[ 7 ] CVE-2022-38858  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38858  
[ 8 ] CVE-2022-38860  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38860  
[ 9 ] CVE-2022-38861  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38861  
[ 10 ] CVE-2022-38862  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38862  
[ 11 ] CVE-2022-38863  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38863  
[ 12 ] CVE-2022-38864  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38864  
[ 13 ] CVE-2022-38865  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38865  
[ 14 ] CVE-2022-38866  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38866

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-05

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-05

Debian Linux Security Advisory 5679-1 - Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5679-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoMay 03, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : lessCVE ID         : CVE-2022-48624 CVE-2024-32487Debian Bug     : 1064293 1068938 1069681Several vulnerabilities were discovered in less, a file pager, which mayresult in the execution of arbitrary commands if a file with a speciallycrafted file name is processed.For the oldstable distribution (bullseye), these problems have been fixedin version 551-2+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 590-2.1~deb12u2.We recommend that you upgrade your less packages.For the detailed security status of less please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/lessFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY1UxpfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Rt9Q//RATJdOip2H457Vmye1lZb/mUKci2CJBtj5/JOE1MVH8B0w/Vv5EIWCCaMaBzfq3Wv9FmkLMIkfLp1IbM1KZ20+tVz9rz2tVHq0vp+fSjw8wurBv4AoFiRyI8pFwTzXEtwWVPVBhsquvOXLNVuOyNBq4fmAc8ETccvhcm9rODsEh4gxKR/BURJxPFjckpSv2EnEx/EEwSdFCaeJ5mjGDVN+Sd4V1LldyDLGCbRfY0RuC1hzGsX99o5NZ9IEt2ZNQ+9OVQQCcpC6ayKtOkPFGKcRKTxhWZ2Q2gNl6tb0bYaQygHlxxRhiqok3Gli898tnb+nI/ZlksblIn6gUwEzBH2a5P0/LJg4iF/N1htz2fv1C+/C8/AVvE9iBrlTV7RAo1xaIuV4yAgFsv+XJ7YsWtJKSwXkSRHAlcU3OGNmtQUxs6iQUrRJ97ax9L0O/3wh7dXbmkU42EZlybTxYh7eMi074PzLva7t0im8KwC5sjvH7yLe6jLXCJ2+Kx4apKfxPwTYn0bBqaeNgBBFHWwlYn+Rkofo4N5VdbFDWaMwctZ2FFLrpn3LQ3Mojnssgf/uchU1M8Vpjp01H3Jr0S97nz5cCwE+LlFddMNVlqNL/hA1xU8zNkyRLJcFaiJQVhtvLmuSFOW+FtvTjBB09T3o8lbPKYHacO1/h8/ZB+TKqlwQo=tUOa-----END PGP SIGNATURE-----

Debian Security Advisory 5679-1

Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: systemd: Multiple Vulnerabilities  
     Date: May 04, 2024  
     Bugs: #882769, #887581  
       ID: 202405-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in systemd, the worst of  
which can lead to a denial of service.

Background  
==========

A system and service manager.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
sys-apps/systemd  < 252.4       >= 252.4

Description  
===========

Multiple vulnerabilities have been discovered in systemd. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All systemd users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-apps/systemd-252.4"

References  
==========

[ 1 ] CVE-2022-4415  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4415  
[ 2 ] CVE-2022-45873  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45873

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-04

Gentoo Linux Security Advisory 202405-3 - A vulnerability has been discovered in Dalli, which can lead to code injection. Versions greater than or equal to 3.2.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Dalli: Code Injection  
     Date: May 04, 2024  
     Bugs: #882077  
       ID: 202405-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Dalli, which can lead to code  
injection.

Background  
==========

Dalli is a high performance pure Ruby client for accessing memcached  
servers.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-ruby/dalli  < 3.2.3       >= 3.2.3

Description  
===========

A vulnerability was found in Dalli. Affected is the function  
self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb  
of the component Meta Protocol Handler. The manipulation leads to  
injection.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Dalli users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-ruby/dalli-3.2.3"

References  
==========

[ 1 ] CVE-2022-4064  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4064

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-03

Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202405-02- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: ImageMagick: Multiple Vulnerabilities     Date: May 04, 2024     Bugs: #835931, #843833, #852947, #871954, #893526, #904357, #908082, #917594       ID: 202405-02- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========Multiple vulnerabilities have been discovered in ImageMagick, the worstof which can lead to remote code execution.Background==========ImageMagick is a software suite to create, edit, and compose bitmapimages, that can also read, write, and convert images in many otherformats.Affected packages=================Package                Vulnerable    Unaffected---------------------  ------------  ------------media-gfx/imagemagick  < 6.9.12.88   >= 6.9.13.0Description===========Multiple vulnerabilities have been discovered in ImageMagick. Pleasereview the CVE identifiers referenced below for details.Impact======Please review the referenced CVE identifiers for details.Workaround==========There is no known workaround at this time.Resolution==========All ImageMagick 6.x users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.13.0" =media-gfx/imagemagick-6*"All ImageMagick 7.x users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-7.1.1.22"References==========[ 1 ] CVE-2021-4219      https://nvd.nist.gov/vuln/detail/CVE-2021-4219[ 2 ] CVE-2021-20224      https://nvd.nist.gov/vuln/detail/CVE-2021-20224[ 3 ] CVE-2022-0284      https://nvd.nist.gov/vuln/detail/CVE-2022-0284[ 4 ] CVE-2022-1115      https://nvd.nist.gov/vuln/detail/CVE-2022-1115[ 5 ] CVE-2022-2719      https://nvd.nist.gov/vuln/detail/CVE-2022-2719[ 6 ] CVE-2022-3213      https://nvd.nist.gov/vuln/detail/CVE-2022-3213[ 7 ] CVE-2022-28463      https://nvd.nist.gov/vuln/detail/CVE-2022-28463[ 8 ] CVE-2022-32545      https://nvd.nist.gov/vuln/detail/CVE-2022-32545[ 9 ] CVE-2022-32546      https://nvd.nist.gov/vuln/detail/CVE-2022-32546[ 10 ] CVE-2022-32547      https://nvd.nist.gov/vuln/detail/CVE-2022-32547[ 11 ] CVE-2022-44267      https://nvd.nist.gov/vuln/detail/CVE-2022-44267[ 12 ] CVE-2022-44268      https://nvd.nist.gov/vuln/detail/CVE-2022-44268[ 13 ] CVE-2023-1906      https://nvd.nist.gov/vuln/detail/CVE-2023-1906[ 14 ] CVE-2023-2157      https://nvd.nist.gov/vuln/detail/CVE-2023-2157[ 15 ] CVE-2023-5341      https://nvd.nist.gov/vuln/detail/CVE-2023-5341[ 16 ] CVE-2023-34151      https://nvd.nist.gov/vuln/detail/CVE-2023-34151[ 17 ] CVE-2023-34153      https://nvd.nist.gov/vuln/detail/CVE-2023-34153Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202405-02Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-02

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware.
Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs.
The exact distribution vector is currently unclear, although there are

Tag

#mac