Subversion is a version control system intended to eventually replace + CVS. Like CVS, it has an optional client-server architecture (where the + server can be an Apache server running mod_svn, or an ssh program as in + CVS’s :ext: method). In addition to supporting the features found in + CVS, Subversion also provides support for moving and copying files and + directories. +
+ +The serf library is a high performance C-based HTTP client library built + upon the Apache Portable Runtime (APR) library. +
+Multiple vulnerabilities have been discovered in Subversion and Serf. + Please review the CVE identifiers referenced below for details +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, conduct a man-in-the-middle attack, obtain + sensitive information, or cause a Denial of Service Condition. +
+There is no known workaround at this time.
+All Subversion users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
+
+
+ All Serf users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
+
+ MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +
+Multiple vulnerabilities have been discovered in MySQL and MariaDB. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could exploit vulnerabilities, through multiple + vectors, that affect the confidentiality, integrity, and availability of + MySQL and MariaDB. +
+There is no known workaround at this time.
+All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.31"
+
+
+ All MariaDB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.27"
+
+ BIND (Berkeley Internet Name Domain) is a Name Server.
+Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service condition through + multiple attack vectors. +
+There is no known workaround at this time.
+All BIND users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.4_p3"
+
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +
+Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please + review the referenced CVE’s for additional information. +
+Remote attackers could gain access to information, remotely execute + arbitrary code, or cause Denial of Service. +
+There is no known workaround at this time.
+All Oracle JRE Users users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.101"
+
+
+ All Oracle JDK Users users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.101"
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-54.0.2840.59"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player 23.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-23.0.0.205"
+
+
+ All Adobe Flash Player 11.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.635"
+
+
+ GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +
+Multiple vulnerabilities have been discovered in Wget. Please review the + CVE identifier and bug reports referenced for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or obtain sensitive information. +
+There is no known workaround at this time.
+All GNU Wget users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wget-1.18"
+
+ Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP + compressed files. +
+Multiple vulnerabilities were found in UnZip. Please review the + referenced CVE’s for additional information. +
+Remote attackers could execute arbitrary code or cause Denial of + Service. +
+There is no known workaround at this time.
+All UnZip users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unzip-6.0_p20"
+
+ OpenVPN is a multi-platform, full-featured SSL VPN solution.
+Multiple vulnerabilities have been discovered in OpenVPN. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to recover plaintext from encrypted + communications. +
+There is no known workaround at this time.
+All OpenVPN users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.3.12"
+
+