[gentoo-announce] [ GLSA 202006-10 ] GNU Readline: Multiple vulnerabilities - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202006-10 ] GNU Readline: Multiple vulnerabilities
Date:	Sat, 13 Jun 2020 02:21:17
Message-Id:	`20200613014742.GM17996@bubba`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202006-10

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Low

8

    Title: GNU Readline: Multiple vulnerabilities

9

     Date: June 13, 2020

10

     Bugs: #717924

11

       ID: 202006-10

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in GNU Readline, the worst of

19

which could result in a Denial of Service condition.

20

21

Background

22

==========

23

24

The GNU Readline library provides a set of functions for use by

25

applications that allow users to edit command lines as they are typed

26

in.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package              /     Vulnerable     /            Unaffected

33

    -------------------------------------------------------------------

34

  1  sys-libs/readline             < 8.0                       >= 8.0 

35

36

Description

37

===========

38

39

Multiple vulnerabilities have been discovered in GNU Readline. Please

40

review the CVE identifiers referenced below for details.

41

42

Impact

43

======

44

45

Please review the referenced CVE identifiers for details.

46

47

Workaround

48

==========

49

50

There is no known workaround at this time.

51

52

Resolution

53

==========

54

55

All GNU Readline users should upgrade to the latest version:

56

57

  # emerge --sync

58

  # emerge --ask --oneshot --verbose ">=sys-libs/readline-8.0"

59

60

References

61

==========

62

63

64

Availability

65

============

66

67

This GLSA and any updates to it are available for viewing at

68

the Gentoo Security Website:

69

70

 https://security.gentoo.org/glsa/202006-10

71

72

Concerns?

73

=========

74

75

Security is a primary focus of Gentoo Linux and ensuring the

76

confidentiality and security of our users' machines is of utmost

77

importance to us. Any security concerns should be addressed to

78

security@g.o or alternatively, you may file a bug at

79

https://bugs.gentoo.org.

80

81

License

82

=======

83

84

Copyright 2020 Gentoo Foundation, Inc; referenced text

85

belongs to its owner(s).

86

87

The contents of this document are licensed under the

88

Creative Commons - Attribution / Share Alike license.

89

90

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202006-10
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Low
8	Title: GNU Readline: Multiple vulnerabilities
9	Date: June 13, 2020
10	Bugs: #717924
11	ID: 202006-10
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in GNU Readline, the worst of
19	which could result in a Denial of Service condition.
20
21	Background
22	==========
23
24	The GNU Readline library provides a set of functions for use by
25	applications that allow users to edit command lines as they are typed
26	in.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 sys-libs/readline < 8.0 >= 8.0
35
36	Description
37	===========
38
39	Multiple vulnerabilities have been discovered in GNU Readline. Please
40	review the CVE identifiers referenced below for details.
41
42	Impact
43	======
44
45	Please review the referenced CVE identifiers for details.
46
47	Workaround
48	==========
49
50	There is no known workaround at this time.
51
52	Resolution
53	==========
54
55	All GNU Readline users should upgrade to the latest version:
56
57	# emerge --sync
58	# emerge --ask --oneshot --verbose ">=sys-libs/readline-8.0"
59
60	References
61	==========
62
63
64	Availability
65	============
66
67	This GLSA and any updates to it are available for viewing at
68	the Gentoo Security Website:
69
70	https://security.gentoo.org/glsa/202006-10
71
72	Concerns?
73	=========
74
75	Security is a primary focus of Gentoo Linux and ensuring the
76	confidentiality and security of our users' machines is of utmost
77	importance to us. Any security concerns should be addressed to
78	security@g.o or alternatively, you may file a bug at
79	https://bugs.gentoo.org.
80
81	License
82	=======
83
84	Copyright 2020 Gentoo Foundation, Inc; referenced text
85	belongs to its owner(s).
86
87	The contents of this document are licensed under the
88	Creative Commons - Attribution / Share Alike license.
89
90	https://creativecommons.org/licenses/by-sa/2.5