From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-announce+bounces-2623-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 535D51382C5
	for <garchives@archives.gentoo.org>; Sat, 13 Jun 2020 01:46:15 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E99A2E0961;
	Sat, 13 Jun 2020 01:43:13 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9CB4BE08C0
	for <gentoo-announce@lists.gentoo.org>; Sat, 13 Jun 2020 01:04:37 +0000 (UTC)
Date: Fri, 12 Jun 2020 21:04:31 -0400
From: Aaron Bauman <bman@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Subject: [gentoo-announce] [ GLSA 202006-04 ] glibc: Multiple vulnerabilities
Message-ID: <20200613010431.GB17996@bubba>
Reply-To: security@gentoo.org
Precedence: bulk
List-Post: <mailto:gentoo-announce@lists.gentoo.org>
List-Help: <mailto:gentoo-announce+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-announce+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-announce+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-announce.gentoo.org>
X-BeenThere: gentoo-announce@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="aVD9QWMuhilNxW9f"
Content-Disposition: inline
X-Archives-Salt: b5db6a5a-d57d-4278-b6d2-10917e7312d8
X-Archives-Hash: 4cd0434270bfb1aeb8ac5f80016a19a6


--aVD9QWMuhilNxW9f
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202006-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: glibc: Multiple vulnerabilities
     Date: June 13, 2020
     Bugs: #677272, #679044, #711558, #717938, #719472
       ID: 202006-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in glibc, the worst of which
could result in a Denial of Service condition.

Background
==========

glibc is a package that contains the GNU C library.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  sys-libs/glibc              < 2.30-r8                 >= 2.30-r8

Description
===========

Multiple vulnerabilities have been discovered in glibc. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All glibc users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.30-r8"

References
==========

[ 1 ] CVE-2019-6488
      https://nvd.nist.gov/vuln/detail/CVE-2019-6488
[ 2 ] CVE-2019-7309
      https://nvd.nist.gov/vuln/detail/CVE-2019-7309
[ 3 ] CVE-2019-9169
      https://nvd.nist.gov/vuln/detail/CVE-2019-9169
[ 4 ] CVE-2020-10029
      https://nvd.nist.gov/vuln/detail/CVE-2020-10029
[ 5 ] CVE-2020-1751
      https://nvd.nist.gov/vuln/detail/CVE-2020-1751

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202006-04

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

--aVD9QWMuhilNxW9f
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEDA48qNrrn8VVVcst4yp5f7HQy3AFAl7kJh8ACgkQ4yp5f7HQ
y3D6xAf8DhMjfUx7UQfeW4ODttCtcLgKcv7k17/w1dIwOKFmNB/rkMneqHDPchxb
5j9jvm3Rf7CEWijIT2Bs/FtRECwQm8qMX3cW6nsO1x/AUv5b+rF5cbJLegZyL8HH
NcMm9pzKZHbW4qOMFANm60M/0SaIV5C2c7VTQMoRrpLnYJoSeF2AUWKhIp09j6NS
4zLIIEwPsN/vQbP+9woISWk1Drgfzal6MjJ5wDQDNBt7VPRkjfb9WcRxUeZQwFwe
eHzS3rIVzRTQbnHqtv821osvfyJAYUvDA7Xo7SqmKKcFyKIDHUQZW0nWoRDbePgb
/atD5EhVsxg+pRxWWxfSjyX93bvYLw==
=qN0f
-----END PGP SIGNATURE-----

--aVD9QWMuhilNxW9f--