Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+ +Google Chrome is one fast, simple, and secure browser for all your + devices +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifier and Google Chrome + Releases for details. +
+A remote attack may be able to execute arbitrary code, cause a Denial of + Service condition, or have other unspecified impacts. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-62.0.3202.89"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/google-chrome-62.0.3202.89"
+
+ wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE + 802.11i / RSN). hostapd is a user space daemon for access point and + authentication servers. +
+WiFi Protected Access (WPA and WPA2) and it’s associated technologies + are all vulnerable to the KRACK attacks. Please review the referenced CVE + identifiers for details. +
+An attacker can carry out the KRACK attacks on a wireless network in + order to gain access to network clients. Once achieved, the attacker can + potentially harvest confidential information (e.g. HTTP/HTTPS), inject + malware, or perform a myriad of other attacks. +
+There is no known workaround at this time.
+All hostapd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.6-r1"
+
+
+ All wpa_supplicant users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-wireless/wpa_supplicant-2.6-r3"
+
+ MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +
+The Gentoo installation scripts before 2017-09-29 have chown calls for + user-writable directory trees, which allows local users to gain + privileges by leveraging access to the mysql account for creation of a + link. +
+A local attacker could escalate privileges to root.
+There is no known workaround at this time.
+All MariaDB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.30-r1"
+
+
+ All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.36-r1"
+
+ The X.Org project provides an open source implementation of the X Window + System. +
+Multiple vulnerabilities have been discovered in X.Org Server. Please + review the referenced CVE identifiers for details. +
+Attackers could execute arbitrary code or cause a Denial of Service + condition. +
+There is now know workaround at this time.
+All X.Org Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.19.5"
+
+ GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +
+ +Multiple vulnerabilities have been discovered in Wget. Please review the + referenced CVE identifiers for details. +
+A remote attacker, by enticing a user to connect to a malicious server, + could remotely execute arbitrary code or cause a Denial of Service + condition. +
+There is no known workaround at this time.
+All Wget users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wget-1.19.1-r2"
+
+ A collection of tools and libraries for many image formats.
+Multiple vulnerabilities have been discovered in ImageMagick. Please + review the referenced CVE identifiers for details. +
+Remote attackers, by enticing a user to process a specially crafted + file, could obtain sensitive information, cause a Denial of Service + condition, or have other unspecified impacts. +
+There is no known workaround at this time.
+All ImageMagick users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.9.20"
+
+ X.Org Xfont library
+Multiple vulnerabilities have been discovered in LibXfont and LibXfont2. + Please review the referenced CVE identifiers for details. +
+Local attackers could obtain sensitive information or possibly cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All LibXfont2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont2-2.0.2"
+
+
+ All LibXfont users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.5.3"
+
+ LinuX Containers userspace utilities
+Previous versions of lxc-attach ran a shell or the specified command + without allocating a pseudo terminal making it vulnerable to input faking + via a TIOCSTI ioctl call. +
+Remote attackers can escape the container and perform unauthorized + modifications. +
+There is no know workaround at this time.
+All LXC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/lxc-2.0.7"
+
+
+ Cacti is a complete frontend to rrdtool.
+Multiple vulnerabilities have been discovered in Cacti. Please review + the CVE identifiers referenced below for details. +
+Remote attackers could execute arbitrary code or bypass intended access + restrictions. +
+There is no known workaround at this time.
+All Cacti users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-analyzer/cacti-1.1.20:1.1.20"
+
+