Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+ +Google Chrome is one fast, simple, and secure browser for all your + devices. +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +
+A remote attacker, by enticing a user to install malicious extensions, + could possibly escalate privileges, cause a Denial of Service condition, + or have other unspecified impacts. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-66.0.3359.170"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/google-chrome-66.0.3359.170"
+
+ Samba is a suite of SMB and CIFS client/server programs.
+Multiple vulnerabilities have been discovered in Samba. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code, cause a Denial + of Service condition, conduct a man-in-the-middle attack, or obtain + sensitive information. +
+There is no known workaround at this time.
+All Samba users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-4.5.16"
+
+ VirtualBox is a powerful virtualization product from Oracle.
+Multiple vulnerabilities have been discovered in VirtualBox. Please + review the CVE identifiers referenced below for details. +
+An attacker could take control of VirtualBox resulting in the execution + of arbitrary code with the privileges of the process, a Denial of Service + condition, or other unspecified impacts. +
+There is no known workaround at this time.
+All VirtualBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-5.1.36"
+
+
+ All VirtualBox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/virtualbox-bin-5.1.36.122089"
+
+ Shadow is a set of tools to deal with user accounts.
+A local attacker could possibly bypass security restrictions if an + administrator used “group blacklisting” to restrict access to file + system paths. +
+A local attacker could possibly bypass security restrictions.
+There is no known workaround at this time.
+All shadow users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.6"
+
+
+ A shell designed for interactive use, although it is also a powerful + scripting language. +
+Multiple vulnerabilities have been discovered in Zsh. Please review the + CVE identifiers referenced below for details. +
+A local attacker could execute arbitrary code, escalate privileges, or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Zsh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.5"
+
+ Scans for known and unknown rootkits, backdoors, and sniffers.
+A vulnerability was discovered in Rootkit Hunter that allows the + downloading of mirror updates over insecure channels (HTTP). + Furthermore, the mirror update is then executed in Bash. +
+A remote attacker, by performing a man-in-the-middle attack, could + execute arbitrary code, conduct a Denial of Service, or have other + unspecified impacts. +
+Users are advised to not trust insecure protocols such as HTTP and to + turn off any mirror updates utilizing such channels. +
+All Rootkit Hunter users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-forensics/rkhunter-1.4.6"
+
+ NTP contains software for the Network Time Protocol.
+Multiple vulnerabilities have been discovered in NTP. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All NTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p11"
+
+ Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +
+Multiple vulnerabilities have been discovered in Git. Please review the + CVE identifiers referenced below for details. +
+Remote attackers could execute arbitrary code on both client and server.
+There is no known workaround at this time.
+All Git users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.16.4"
+
+
+ A bunch of small useful utilities that give information about processes + using the /proc filesystem. +
+Multiple vulnerabilities have been discovered in procps. Please review + the CVE identifiers referenced below for details. +
+A local attacker could execute arbitrary code, escalate privileges, or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All procps users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/procps-3.3.15-r1"
+
+ The advanced PC speaker beeper.
+A race condition, if setuid, was discovered in beep.
+A local attacker could escalate privileges.
+There is no known workaround at this time.
+All beep users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/beep-1.3-r3"
+
+