jq is a lightweight and flexible command-line JSON processor.
+An off-by-one error was discovered in the tokenadd function in + jv_parse.c which triggers a heap-based buffer overflow. +
+A remote attacker could trick a victim into processing a specially + crafted JSON file, possibly resulting in the execution of arbitrary code + with the privileges of the process. Additionally, a remote attacker + could cause a Denial of Service condition. +
+There is no known workaround at this time.
+All jq users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/jq-1.5-r2"
+
+ SQLite is a C library that implements an SQL database engine.
+Multiple vulnerabilities have been discovered in SQLite. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All sqlite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.11.1"
+
+
+ The GNU Core Utilities are the basic file, shell and text manipulation + utilities of the GNU operating system. +
+A memory corruption flaw in GNU Coreutils’ parse_datetime function was + reported. Applications using parse_datetime(), such as touch or date, may + accepted untrusted input. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Coreutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/coreutils-8.23"
+
+ socat is a multipurpose bidirectional relay, similar to netcat.
+Multiple vulnerabilities have been discovered in socat. Please review + the references below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or obtain confidential information. +
+There is no known workaround at this time.
+All socat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/socat-1.7.3.1"
+
+ The GNU Binutils are a collection of tools to create, modify and analyse + binary files. Many of the files use BFD, the Binary File Descriptor + library, to do low-level manipulation. +
+Multiple vulnerabilities have been discovered in Binutils. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted file, + possibly resulting in execution of arbitrary code with the privileges of + the process, cause a Denial of Service condition, or overwrite arbitrary + files. +
+There is no known workaround at this time.
+All Binutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.25"
+
+ CrackLib is a library used to enforce strong passwords by comparing user + selected passwords to words in chosen word lists. +
+A stack-based buffer overflow was discovered in the FascistGecosUser + function of lib/fascist.c. +
+A local attacker could set a specially crafted GECOS field value in + “/etc/passwd”; possibly resulting in the execution of arbitrary code + with the privileges of the process, a Denial of Service condition, or the + escalation of privileges. +
+There is no known workaround at this time.
+All CrackLib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/cracklib-2.9.6-r1"
+
+ OpenJPEG is an open-source JPEG 2000 library.
+Multiple vulnerabilities have been discovered in OpenJPEG. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted JPEG + file, possibly resulting in execution of arbitrary code or a Denial of + Service condition. Furthermore, a remote attacker may be able to obtain + sensitive information. +
+There is no known workaround at this time.
+All OpenJPEG 2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/openjpeg-2.1.1_p20160922:2"
+
+ VirtualBox is a powerful virtualization product from Oracle.
+Multiple vulnerabilities have been discovered in VirtualBox. Please + review the CVE identifiers referenced below for details. +
+Local attackers could cause a Denial of Service condition, execute + arbitrary code, or escalate their privileges. +
+There is no known workaround at this time.
+All VirtualBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.3.28"
+
+
+ All VirtualBox-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/virtualbox-bin-4.3.28"
+
+ Docker is the world’s leading software containerization platform.
+Docker does not properly distinguish between numeric UIDs and string + usernames. +
+Local attackers could possibly escalate their privileges.
+There is no known workaround at this time.
+All Docker users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/docker-1.11.0"
+
+ libmms is a library for downloading (streaming) media files using the + mmst and mmsh protocols. +
+A heap-based buffer overflow was discovered in the get_answer function + within mmsh.c of libmms. +
+A remote attacker might send a specially crafted MMS over HTTP (MMSH) + response, possibly resulting in the remote execution of arbitrary code + with the privileges of the process. +
+There is no known workaround at this time.
+All libmms users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libmms-0.6.4"
+
+ SoX is a command line utility that can convert various formats of + computer audio files in to other formats. +
+A heap-based buffer overflow can be triggered when processing a + malicious NIST Sphere or WAV audio file. +
+A remote attacker could coerce the victim to run SoX against their + malicious file. This may be leveraged by an attacker to gain control of + program execution with the privileges of the user. +
+There is no known workaround at this time.
+All SoX users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/sox-14.4.2"
+
+
+ A full-featured exFAT file system implementation for Unix-like systems.
+Two vulnerabilities were found in exFAT. A malformed input can cause a + write heap overflow or cause an endless loop. +
+Remote attackers could execute arbitrary code or cause Denial of + Service. +
+There is no known workaround at this time.
+All exFAT users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/exfat-utils-1.2.1"
+
+