Gentoo alert 202409-04 (calibre)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202409-04 ] calibre: Multiple Vulnerabilities | |
| Date: | Sun, 22 Sep 2024 05:54:13 -0000 | |
| Message-ID: | <172698445357.7.12497582471783624955@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: calibre: Multiple Vulnerabilities Date: September 22, 2024 Bugs: #918429, #936961 ID: 202409-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution. Background ========== calibre is a powerful and easy to use e-book manager. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ app-text/calibre < 7.16.0 >= 7.16.0 Description =========== Multiple vulnerabilities have been discovered in calibre. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All calibre users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/calibre-7.16.0" References ========== [ 1 ] CVE-2023-46303 https://nvd.nist.gov/vuln/detail/CVE-2023-46303 [ 2 ] CVE-2024-6781 https://nvd.nist.gov/vuln/detail/CVE-2024-6781 [ 3 ] CVE-2024-6782 https://nvd.nist.gov/vuln/detail/CVE-2024-6782 [ 4 ] CVE-2024-7008 https://nvd.nist.gov/vuln/detail/CVE-2024-7008 [ 5 ] CVE-2024-7009 https://nvd.nist.gov/vuln/detail/CVE-2024-7009 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmbvsQUACgkQFMQkOaVy +9ma4w/9HjVeuHXnpd5svas1GTdkG2DdEz1L1Qd0LAwoNYqiVg9Y+MIvQE1JWrVS AVvfG6rvestgp9NwmOPDXP+ddl+B17nRU9DuG+tzhasoXVMbv2FyiOqSVgnKn/O5 i+CrwvINnDY+9hNq1Pxq174/sPp4Km46dtAEJ082JA0NHYRYYzlVxjwjZ8Nt1P7p jjcc8gYt5LhoVoRagZnUpaggotJylHqFte2oqglBPyjnR5HogO56yw6cmYGiiChq lNdoUMEoVb6UXBR+yLEi3viREp0a3AmV4fwbNzM6T7wTb87RxDKeWXB0u+eMrUZS tFiMGC+c4T2eshp943uPHbP9THtWqhfivI+GThVH4JlbSPbdzgXLoiRMI09foAvq EbBJiOIDCBoYvOLEco4VcLE1oXijm85PGiWhwjt+ROaBnFc4up0LnzR5SWqfA6ZQ AlDsjs+7Zoy5LssVbyW/gORpFqOOsDUEyZ/+Jh+Osj631UCEoKcSmvweb8woX9Bn DkKJPmP0lUI3/PT28AspPzDL+piP4jUUm9cdEe3aXEtkDSdMsD4gZaJ6tMcohcd3 NiNASexuEwnmi77vytRxUSo/pgzwM+KTU0nptRBEr8LMeNt2vpzZvqwCveY7W90+ 6xhfaC0K0pzC2+chJrLuE6ngvruD0fZkD3yoHB85Nh2m0uRgByM= =wCRw -----END PGP SIGNATURE-----