1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202402-30 ] Glances: Arbitrary Code Execution

    From [email protected]@21:1/5 to All on Mon Feb 26 13:10:02 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202402-30
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: Glances: Arbitrary Code Execution
    Date: February 26, 2024
    Bugs: #791565
    ID: 202402-30

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    A vulnerability has been found in Glances which may lead to arbitrary
    code execution.

    Background
    ==========

    Glances is an open-source system cross-platform monitoring tool. It
    allows real-time monitoring of various aspects of your system such as
    CPU, memory, disk, network usage etc.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ------------------- ------------ ------------
    sys-process/glances < 3.1.7 >= 3.1.7

    Description
    ===========

    A vulnerability in XML parsing may lead to a variety of XML attacks.

    Impact
    ======

    A vulnerability in XML parsing may lead to a variety of XML attacks.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All Glances users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-process/glances-3.1.7"

    References
    ==========


    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202402-30

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmXcfxkACgkQFMQkOaVy +9lzJBAAy4WuTOzYpoVqHdpNsdALIponXv7erRb6M7Pp800RcXIOa3Ddbq7ejBeD 6B5KHkVcj/czSa2XEKMyXxEd3pKVdL6ogmRPcE4lsUAIzaYAOJzix+eQ9t68HEtK o6u+TKQzn6+gBrnWmLhI7GiHSeUV+3+KZu8jTnA7BI5M+tKvtkj/u9GvOVMsrPdA aIputN5jNKJRqoqaUwy3Z4fsjrgtsaOJfj5ZPBDqgrHsf+NY08SVYIuTuS6IIE7W JKjsFypnT3uJbgwZPksM24z0XYVc/16lLKH8CYQqNohmCwXhgSSL9wOSVjhaB9ja V6P7i1NPUc/SzohLekWUQ2NJLfTk+TMFZ/9+weua0+3mlHggRgcJ94v6c1ovF8OR +XXraJyeq/ZwwlO5NdHk2aCrl4akcF9X9spW0/MJiDiOefJUp/pJS6nnDbPUg4oQ bavPiI8ja1vLiBCd1Tjy/zyY+ARY94juRQWkUpNNDYixGiYhCctzmg9cVfRjLJgY M1xgxDq2SlgLada296we47Tzun7n2dbYaBFmUP52EJI36x/MIidooZ4MDHz5Yt0q i2jmDqw5uGrxXO9JQogFgpZGC3slpg/xtREaOUck2aIWCThvqHUMpZuBWmVVRPHL CXWj5E6P877R06OaWS47odFw76LdLwLyf0qUC7NxSpNlEDDzzfQ=
    =yLv2
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)