# emerge --sync
- # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.7.1"
+ # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.6.2-r1"
AtomicParsley is a command line program for manipulating iTunes-style metadata in MPEG4 files.
+Multiple vulnerabilities have been discovered in AtomicParsley. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+Users can pass only trusted input to AtomicParsley.
+Previously, the "wez" AtomicParsley fork was packaged in Gentoo as media-video/atomicparsley-wez. This fork is now packaged as media-video/atomicparsley, so users of the fork's package should now depclean it:
+ +
+ # emerge --ask --depclean "media-video/atomicparsley-wez"
+
+
+ All AtomicParsley users should upgrade to the latest version, which is a packaging of the "wez" AtomicParsley fork:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/atomicparsley-0.9.6_p20210715_p151551"
+
+ Python is an interpreted, interactive, object-oriented, cross-platform programming language.
+Multiple vulnerabilities have been discovered in Python and PyPy3. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Python 3.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.15_p3:3.8"
+
+
+ All Python 3.9 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.15_p3:3.9"
+
+
+ All Python 3.10 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.8_p3:3.10"
+
+
+ All Python 3.11 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.0_p2:3.11"
+
+
+ All Python 3.12 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.0_alpha1_p2"
+
+
+ All PyPy3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy3-7.3.9_p9"
+
+ ProFTPD is an advanced and very configurable FTP server.
+ProFTPd unconditionally sends passwords to Radius servers for authentication in multiples of 16 bytes. If a password is not of a length that is a multiple of 16 bytes, ProFTPd will read beyond the end of the password string and send bytes beyond the end of the string buffer.
+Radius servers used for authentication can receive the contents of the ProFTPd process' memory.
+There is no known workaround at this time.
+All ProFTPd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.7c"
+
+ dbus-broker is a Linux D-Bus message broker.
+Multiple vulnerabilities have been discovered in dbus-broker. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All dbus-broker users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-broker-31"
+
+ xfce4-settings contains the configuration system for the Xfce desktop environment.
+xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool (which is called when a user clicks a link in e.g. Firefox).
+The vulnerability can be leveraged into 1-click universal cross site scripting in some browsers, or potentially other unspecified impact.
+There is no known workaround at this time.
+All xfce4-settings users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=xfce-base/xfce4-settings-4.17.1"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.7.0:esr"
+
+
+ All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-102.7.0:esr"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-109.0:rapid"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-109.0:rapid"
+
+ slixmpp is a Python 3 library for XMPP.
+slixmpp does not validate hostnames in certificates used by connected servers.
+An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp.
+There is no known workaround at this time.
+All slixmpp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --upgrade --verbose ">=dev-python/slixmpp-1.8.3"
+
+ D-Bus is a daemon providing a framework for applications to communicate with one another.
+Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All D-Bus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.14.4"
+
+ syslog replacement with advanced filtering features.
+An integer overflow in the RFC3164 parser allows remote attackers to cause a denial of service via crafted syslog input that is mishandled by the tcp or network function.
+Attackers with access to input syslogs over syslog-ng's network functionality can cause a denial of service.
+There is no known workaround at this time.
+All syslog-ng users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.38.1"
+
+ Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. + +Google Chrome is one fast, simple, and secure browser for all your devices. + +Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
+Multiple vulnerabilities have been discovered in Chromium, Google Chrome, Microsoft Edge. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-109.0.5414.74-r1"
+
+
+ All Chromium binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-109.0.5414.74"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-109.0.5414.74"
+
+
+ All Microsoft Edge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-109.0.1518.61"
+
+ Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.
+Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Tor users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.7.13"
+
+ sudo allows a system administrator to give users the ability to run commands as other users.
+The sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.
+The improper processing of user's environment variables could lead to the editing of arbitrary files as root, potentially leading to root privilege escalation.
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.12_p2"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.7.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.7.0"
+
+ uptimed is a system uptime record daemon that keeps track of your highest uptimes.
+Via unnecessary file ownership modifications in the pkg_postinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time.
+The uptimed user could achieve root privileges when the uptimed package is emerged.
+There is no known workaround at this time.
+All uptimed users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/uptimed-0.4.6-r1"
+
+ A system and service manager.
+Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All systemd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/systemd-251.3"
+
+
+ All systemd-utils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/systemd-utils-251.3"
+
+
+ Gentoo has discontinued support for sys-apps/systemd-tmpfiles, sys-boot/systemd-boot, and sys-fs/udev. See the 2022-04-19-systemd-utils news item. Users should unmerge it in favor of sys-apps/systemd-utils on non-systemd systems:
+ +
+ # emerge --ask --depclean --verbose "sys-apps/systemd-tmpfiles" "sys-boot/systemd-boot" "sys-fs/udev"
+ # emerge --ask --verbose --oneshot ">=sys-apps/systemd-utils-251.3"
+
+ Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
+Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Vim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157"
+
+
+ All gVim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157"
+
+
+ All vim-core users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157"
+
+ Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.
+Multiple vulnerabilities have been discovered in SDL. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libsdl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsdl-1.2.15_p20221201"
+
+ Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.
+Multiple vulnerabilities have been discovered in libsdl2. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libsdl2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsdl2-2.26.0"
+
+ A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
+Firejail does not sufficiently validate the user's environment prior to using it as the root user when using the --join command line option.
+An unprivileged user can exploit this vulnerability to achieve local root privileges.
+System administrators can mitigate this vulnerability via adding either "force-nonewprivs yes" or "join no" to the Firejail configuration file in /etc/firejail/firejail.config.
+Gentoo has discontinued support for sys-apps/firejail-lts. Users should unmerge it in favor of sys-apps/firejail:
+ +
+ # emerge --ask --depclean --verbose "sys-apps/firejail-lts"
+ # emerge --ask --verbose "sys-apps/firejail"
+
+
+ All Firejail users should upgrade to the latest version:
+ +
+ # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.70"
+
+ libapreq is a shared library with associated modules for manipulating client request data via the Apache API.
+A buffer overflow could occur when processing multipart form uploads.
+An attacker could submit a crafted multipart form to trigger the buffer overflow and cause a denial of service.
+There is no known workaround at this time.
+All libapreq2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.17"
+
+ Cairo is a 2D vector graphics library with cross-device output support.
+An attacker with the ability to provide input to Cairo's image-compositor can cause a buffer overwrite.
+Malicious input to Cairo's image-compositor can result in denial of service of the application using such Cairo functionality.
+There is no known workaround at this time.
+All Cairo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.17.6"
+
+ ISC DHCP is ISC's reference implementation of all aspects of the Dynamic Host Configuration Protocol.
+Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All ISC DHCP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.4.3_p1"
+
+ Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.
+Multiple vulnerabilities have been discovered in Lua. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Lua 5.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.1.5-r200"
+
+
+ All Lua 5.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.2.3"
+
+
+ All Lua 5.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.4.4-r103"
+
+ MediaWiki is a collaborative editing software, used by big projects like Wikipedia.
+Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All MediaWiki users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.38.5"
+
+ Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set.
+Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OWASP ModSecurity Core Rule Set users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/modsecurity-crs-3.3.4"
+
+ LibreCAD is a generic 2D CAD program.
+Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All LibreCAD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/librecad-2.1.3-r7"
+
+ Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems.
+Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages.
+Contents of the Tinyproxy server's memory could be disclosed via generated error pages.
+There is no known workaround at this time.
+All Tinyproxy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908"
+
+ snakeyaml is a YAML 1.1 parser and emitter for Java.
+Multiple vulnerabilities have been discovered in snakeyaml. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All snakeyaml users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/snakeyaml-1.33"
+
+ Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed.
+Multiple vulnerabilities have been discovered in squashfs-tools. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All squashfs-tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/squashfs-tools-4.5_p20210914"
+
+ The X Window System is a graphical windowing system based on a client/server model.
+Multiple vulnerabilities have been discovered in X.Org X server, XWayland. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All X.Org X server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.8"
+
+
+ All XWayland users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.1.1"
+
+ LibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.
+Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All LibTIFF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.5.0-r2"
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All WebKitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.40.1"
+
+ OpenImageIO is a library for reading and writing images.
+Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenImageIO users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openimageio-2.4.6.0"
+
+ CGAL is a C++ library for geometric algorithms and data structures.
+Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All CGAL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-mathematics/cgal-5.4.1"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.10.0:esr"
+
+
+ All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-102.10.0:esr"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-112.0:rapid"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-112.0:rapid"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.10.0"
+
+
+ All Mozilla Thunderbird binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.10.0"
+
+ Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
+Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Apache Tomcat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.1.8"
+
+