For further information, please see the Qualys Security Advisory
A local attacker can pretend that his tty is any character device on the
@@ -43,7 +45,7 @@
RubyGems is a sophisticated package manager for Ruby. Multiple vulnerabilities have been discovered in RubyGems. Please review
+ the referenced CVE identifiers for details.
+ A remote attacker, by enticing a user to install a specially crafted
+ gem, could possibly execute arbitrary code with the privileges of the
+ process or cause a Denial of Service condition.
+ There is no known workaround at this time. All RubyGems users should upgrade to the latest version: file is a utility that guesses a file format by scanning binary data for
+ patterns.
+ An issue discovered in file allows attackers to write 20 bytes to the
+ stack buffer via a specially crafted .notes section.
+ A remote attacker, by using a specially crafted .notes section in an ELF
+ binary, could execute arbitrary code or cause a Denial of Service
+ condition.
+ There is no known workaround at this time. All file users should upgrade to the latest version: ICU is a mature, widely used set of C/C++ and Java libraries providing
+ Unicode and Globalization support for software applications.
+ Multiple vulnerabilities have been discovered in ICU. Please review the
+ referenced CVE identifiers for details.
+ A remote attacker could possibly execute arbitrary code with the
+ privileges of the process or cause a Denial of Service condition.
+ There is no known workaround at this time. All ICU users should upgrade to the latest version: Packages which depend on this library may need to be recompiled. Tools
+ such as revdep-rebuild may assist in identifying some of these packages.
+ sudo (su “do”) allows a system administrator to delegate authority
+ to give certain users (or groups of users) the ability to run some (or
+ all) commands as root or another user while providing an audit trail of
+ the commands and their arguments.
+ The fix present in app-admin/sudo-1.8.20_p1 (GLSA 201705-15) was
+ incomplete as it did not address the problem of a command with a newline
+ in the name.
+ A local attacker could execute arbitrary code with root privileges. There is no known workaround at this time. All sudo users should upgrade to the latest version: Munin is an open source server monitoring tool. When Munin is compiled with CGI graphics enabled then the files
+ accessible to the www-data user can be overwritten.
+ A local attacker, by setting multiple upper_limit GET parameters, could
+ overwrite files accessible to the www-user.
+ There is no known workaround at this time. All Munin users should upgrade to the latest version: PostgreSQL is an open source object-relational database management
+ system.
+ Multiple vulnerabilities have been discovered in PostgreSQL. Please
+ review the referenced CVE identifiers for details.
+ A remote attacker could escalate privileges, cause a Denial of Service
+ condition, obtain passwords, cause a loss in information, or obtain
+ sensitive information.
+ There is no known workaround at this time. All PostgreSQL 9.6.x users should upgrade to the latest version: All PostgreSQL 9.5.x users should upgrade to the latest version: All PostgreSQL 9.4.x users should upgrade to the latest version: All PostgreSQL 9.3.x users should upgrade to the latest version: All PostgreSQL 9.2.x users should upgrade to the latest version: OCaml is a high-level, strongly-typed, functional, and object-oriented
+ programming language from the ML family of languages.
+ A bad sanitization of environment variables: CAML_CPLUGINS,
+ CAML_NATIVE_CPLUGINS and CAML_BYTE_CPLUGINS in the OCaml compiler allows
+ the execution of raised privileges via external code.
+ A local attacker, by using specially crafted environment variables,
+ could possibly escalate privileges to the root group.
+ There is no known workaround at this time. All OCaml users should upgrade to the latest version: Pacemaker is an Open Source, High Availability resource manager suitable
+ for both small and large clusters.
+ Multiple vulnerabilities have been discovered in Pacemaker. Please
+ review the referenced CVE identifiers for details.
+ A remote attacker could execute arbitrary code or a local attacker could
+ escalate privileges.
+ There is no known workaround at this time. All Pacemaker users should upgrade to the latest version: PCRE2 is a project based on PCRE (Perl Compatible Regular Expressions)
+ which has a new and revised API.
+ Multiple vulnerabilities have been discovered in PCRE2. Please review
+ the referenced CVE identifiers for details.
+ A remote attacker could possibly execute arbitrary code with the
+ privileges of the process, cause a Denial of Service condition, or have
+ other unspecified impacts.
+ There is no known workaround at this time. All PCRE2 users should upgrade to the latest version: Packages which depend on this library may need to be recompiled. Tools
+ such as revdep-rebuild may assist in identifying some of these packages.
+
# emerge --sync
- # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p1"
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p2"
@@ -51,7 +53,10 @@
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rubygems-2.6.13"
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-5.32"
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/icu-58.2-r1"
+
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p2"
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/munin-2.0.33"
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.4"
+
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.8"
+
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.13"
+
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.18"
+
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.2.22"
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ocaml-4.04.2"
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/pacemaker-1.1.16 "
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libpcre2-10.30"
+
+
+