diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 437d5a9beeb..30d2ac4858c 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 546124 BLAKE2B b8c960a7f19f0cac8ea254b9330e3a1add1f4be28ff0a9b4020f5e68f250a6b511280b7dd1dec4e472c73320abae493b0ab8441075c681803abfb19ea280332e SHA512 0dccc4f920463740ab2803f55b50f1cf0df2af9d58750c12c98fe5963dc8738d5a3e8d6a895c2e0d3ba8230bb61557b6e88b4fa56b2f05f5697577b68a9413df -TIMESTAMP 2023-07-01T06:39:56Z +MANIFEST Manifest.files.gz 546284 BLAKE2B ffce95d14dec8e0ecb1658575f411350a797650e5376e656bbe5d1c11b4e05372611ac4ca5de41270e2e69dfa9461b99f212aa044d6509bb082c7f94d92006b8 SHA512 c90fc6416d62b1b09cbafd89df9a8523e7e9eec12dd28fd39f81776bc9076c1e64fdb0203c709c330d323ea0c05daf6d59e5c469948b4d49cc6d59443f29557a +TIMESTAMP 2023-08-01T06:40:03Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmSfyjxfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmTIqMNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCNlxAAg+LXqNKPA6Om+jvnU7PqJvbnCGZtGLkW+pj21SRkZz/bZPNKctViyPUr -44favLaBAakcBt8I4F3sve5Xm1QofeJARyZQZ0u17FqD4eWZnprDkCC+mkGjjXjA -yb1zNK+u2kEUCzZt/zXkbQYKzUHnpskQ5V+n7NHZAv72BdZt00dAz0BY+sTnyuWp -cEUnhhmhJJQ8NG8l6T5cawChZ427ob7hBzA2bKz6z20B6+T5qZXf51jRo2ykBSr8 -K43d7zdEtXLdrTpsOxQBAgRJ9wVCyiFpfFCCR+yk0oyv+57H0gRn4uVAxodawAQd -U6FbGmjRmOlYUcL3l4Nb6X9D7l60WR+uLjCz6GxxXPCedXoZj45Ko27tN2Fw6VB/ -N/7ey4uCwBZajRbJjOvcQXLb+2/7SP9AgYNWwgCCj3NbHIdgyfw7DgiA7ZkjnVR2 -4v6Aot6VPs6UKplw+8TXQlotrIwN3WLHj0JRw6l79MccJzSUzPKlgjRuxXURLxR0 -Z5+r95iyTz/4udUvAicEbIdtgwxmdQXQSXe6cZnxuLMlVvLSRl7ro65lhfsM5mZ8 -ynyH9JXeqZMiMd1toX1WbsbGfsPwheNYa9hwfAgkQ8PhHfq8Hu+2/EKGNcX/aMBQ -7RFGpjGXcYlTaUoH5SYcdXpmvcFMhE2a8Hn+W9D+icrtS8atqDI= -=7mgn +klANARAAo6KXYP/HCX5kiEsBf5JWOje0quGzsCs5xplVYsD2JgbKn81fUau7PkWJ +UM7w/cPxGXbeVH2GiZLozD379jaVIjvjEuRy4yc1cOVnZ3ZuEdgBJjnrK3081RuO +j2PteSl9M9d3vHTZt6AdQEE9cKXYLB0qStTG0vyS95cioZlPllM36uEkDtHhHjv/ +hYajgE6PHv3E/WiMdOu1XZmjOaFTnOU4phG+oSL09YOGqdvu9nNCbQxwFkBjTb0L +VzRMfRFi99gRx/al2gaP3WvDRSSuYM9GuQID4ascPgbnjC4KHBafZYcsVB63MRar ++CHEKEyNLZ7TTgjfODeF/c6o0LIeVOurfsF0GrxZucnxKkBeduxEAR78LhBvPq/v +3m1XK+ektF0SJqEK7yNn4+lO55Hi/ZYLuJmpMOG9uMOxTy2Ehg4/k8coy7ECyfN5 ++NfbeMe3ifpfriUgMNLQkmg4n6rfaRPer1SQe7lyw0HBwFflDt9B5KuoiFkBoVhO +FqxsFuiZozfCbLnvBCdIqTvZwMKwMp7+G470nCPVrCChJc2QToX+xn/QCScaUAIL +DKwZ+eYK6OWGCrOm/nRNvtEj4I+mYgCCiLmbaEs+c3MSQl/HxhShrBQSN+rad8k5 +fz2G1Xa5uhlEGr4xu/fxRR5mYBqWycsv2xdN0HOga/XboKR+Ooc= +=/Mm9 -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index b00ee056dd1..933f01207b1 100644 Binary files a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz and b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz differ diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202307-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202307-01.xml new file mode 100644 index 00000000000..4fa7ed99c6c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202307-01.xml @@ -0,0 +1,46 @@ + + + + OpenSSH: Remote Code Execution + Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution. + openssh + 2023-07-20 + 2023-07-20 + 892936 + 905299 + 910553 + remote + + + 9.3_p2 + 9.3_p2 + + + +

OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.

+ + +

Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.

+ + +

Please review the CVE identifiers referenced below for details.

+ + +

CVE-2023-38408 can be worked around by avoiding connecting to untrusted servers with an SSH agent.

+ + +

All OpenSSH users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.3_p2" + + + + CVE-2023-25136 + CVE-2023-28531 + CVE-2023-38408 + + sam + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index a67be52a16b..4c58de29406 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 01 Jul 2023 06:39:53 +0000 +Tue, 01 Aug 2023 06:40:00 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index cfc786be508..e8299091e63 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -023c3018165ffad6f1f6a874561e1c3c555cb505 1685499625 2023-05-31T02:20:25+00:00 +6394ef8ae23b1cf183b45b603eceea6389a3c371 1689819508 2023-07-20T02:18:28+00:00