FreeRADIUS is an open source RADIUS authentication server.
+It was discovered that the implementation of TTLS and PEAP in FreeRADIUS + skips inner authentication when it handles a resumed TLS connection. The + affected versions of FreeRADIUS fails to reliably prevent the resumption + of unauthenticated sessions unless the TLS session cache is disabled + completely. +
+An unauthenticated remote user can bypass authentication by starting a + session, and then resuming an unauthenticated TLS session before inner + authentication has been completed successfully. +
+Set “enabled = no” in the cache subsection of eap module settings to + disable TLS session caching. +
+All FreeRADIUS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-3.0.14"
+
+
+ LibreOffice is a powerful office suite; its clean interface and powerful + tools let you unleash your creativity and grow your productivity. +
+Multiple vulnerabilities have been discovered in LibreOffice. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted file + using LibreOffice, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All LibreOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.2.7.2"
+
+
+ All LibreOffice binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-office/libreoffice-bin-5.2.7.2"
+
+
+ KAuth provides a convenient, system-integrated way to offload actions + that need to be performed as a privileged user (root, for example) to + small (hopefully secure) helper utilities. +
+ +The KDE libraries, basis of KDE and used by many open source projects.
+KAuth and KDELibs contains a logic flaw in which the service invoking + D-Bus is not properly checked. This allows spoofing the identity of the + caller and with some carefully crafted calls can lead to gaining root + from an unprivileged account. +
+A local attacker could spoof the identity of the caller invoking D-Bus, + possibly resulting in gaining privileges. +
+There is no known workaround at this time.
+All KAuth users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-frameworks/kauth-5.29.0-r1"
+
+
+ All KDELibs users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-frameworks/kdelibs-4.14.32"
+
+
+ IcedTea’s aim is to provide OpenJDK in a form suitable for easy + configuration, compilation and distribution with the primary goal of + allowing inclusion in GNU/Linux distributions. +
+Multiple vulnerabilities have been discovered in IcedTea. Please review + the CVE identifiers referenced below for details. +
+ +Note: If the web browser plug-in provided by the dev-java/icedtea-web + package was installed, the issues exposed via Java applets could have + been exploited without user interaction if a user visited a malicious + website. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, gain access to information, or cause a Denial + of Service condition. +
+There is no known workaround at this time.
+All IcedTea binary 7.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.10:7"
+
+
+ All IcedTea binary 3.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.4.0:8"
+
+ Game Music Emu is a multi-purpose console music emulator and player + library. +
+Multiple vulnerabilities have been discovered in Game Music Emu. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted SPC + music file, using Game Music Emu or an application linked against the + Game Music Emu library, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Game Music Emu users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/game-music-emu-0.6.1"
+
+ phpMyAdmin is a web-based management tool for MySQL databases.
+A vulnerability was discovered where the restrictions caused by + “$cfg[‘Servers’][$i][‘AllowNoPassword’] = false” are bypassed + under certain PHP versions. This can lead compromised user accounts, who + have no passwords set, even if the administrator has set + “$cfg[‘Servers’][$i][‘AllowNoPassword’]” to false (which is + the default). +
+ +This behavior depends on the PHP version used (it seems PHP 5 is + affected, while PHP 7.0 is not). +
+A remote attacker, who only needs to know the username, could bypass + security restrictions and access phpMyAdmin. +
+Set a password for all users.
+All phpMyAdmin 4.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/phpmyadmin-4.0.10.20:4.0.10.20"
+
+
+ All other phpMyAdmin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.7.0:4.7.0"
+
+ libsndfile is a C library for reading and writing files containing + sampled sound. +
+Multiple vulnerabilities have been discovered in libsndfile. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the execution of arbitrary code with the privileges + of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All libsndfile users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.28"
+
+
+ OpenSLP is an open-source implementation of Service Location Protocol + (SLP). +
+Multiple vulnerabilities have been discovered in OpenSLP. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition or + have other unspecified impacts. +
+There is no known workaround at this time.
+All OpenSLP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/openslp-2.0.0-r4"
+
+ A virtual 3D GPU library, that allows the guest operating system to use + the host GPU to accelerate 3D rendering. +
+Multiple vulnerabilities have been discovered in virglrenderer. Please + review the CVE identifiers referenced below for details. +
+A local attacker could cause a Denial of Service condition.
+There is no known workaround at this time.
+All virglrenderer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/virglrenderer-0.6.0"
+
+ JasPer is a software-based implementation of the codec specified in the + JPEG-2000 Part-1 standard. +
+Multiple vulnerabilities have been discovered in JasPer. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted image + file using JasPer possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All JasPer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/jasper-2.0.12"
+
+ feh is an X11 image viewer aimed mostly at console users.
+Tobias Stoeckmann discovered it was possible to trigger an + out-of-boundary heap write with the image viewer feh while receiving an + IPC message. +
+A remote attacker, pretending to be the E17 window manager, could + possibly trigger an out-of-boundary heap write in feh while receiving an + IPC message. This could result in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All feh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/feh-2.18.3"
+
+ GNOME applet for NetworkManager is a GTK+ 3 front-end which works under + Xorg environments with a systray. +
+Frederic Bardy and Quentin Biguenet discovered that GNOME applet for + NetworkManager incorrectly checked permissions when connecting to certain + wireless networks. +
+A local attacker could bypass security restrictions at the login screen + to access local files. +
+There is no known workaround at this time.
+All GNOME applet for NetworkManager users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-extra/nm-applet-1.4.6-r1"
+
+ VLC is a cross-platform media player and streaming server.
+Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to open a specially crafted + subtitles file, could possibly execute arbitrary code with the privileges + of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All VLC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-2.2.6"
+
+ Free and open source webmail software for the masses, written in PHP.
+Authenticated users can arbitrarily reset passwords due to a problem + caused by an improperly restricted exec call in the virtualmin and sasl + drivers of the password plugin. +
+Authenticated users can bypass security restrictions and elevate + privileges. +
+There is no known workaround at this time.
+All RoundCube users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/roundcube-1.2.5"
+
+ MAN DB is a man replacement that utilizes BerkelyDB instead of flat + files. +
+The /var/cache/man directory as part of the MAN DB package has group + permissions set to root. +
+A local user who does not belong to the root group, but has the ability + to modify the /var/cache/man directory can escalate privileges to the + group root. +
+There is no known workaround at this time.
+All MAN DB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/man-db-2.7.6.1-r2"
+
+ libcroco is a standalone CSS2 parsing and manipulation library.
+Multiple vulnerabilities have been discovered in libcroco. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted CSS + file possibly resulting in a Denial of Service condition or other + unspecified impacts. +
+There is no known workaround at this time.
+All libcroco users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libcroco-0.6.12-r1"
+
+