Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+ +Google Chrome is one fast, simple, and secure browser for all your + devices. +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +
+A remote attacker could escalate privileges, cause a heap buffer + overflow, obtain sensitive information or spoof a URL. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-68.0.3440.75"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/google-chrome-68.0.3440.75"
+
+
+ LinuX Containers user space utilities.
+lxc-user-nic when asked to delete a network interface will + unconditionally open a user provided path. This code path may be used by + an unprivileged user to check for the existence of a path which they + wouldn’t otherwise be able to reach. +
+A local unprivileged user could use this flaw to access arbitrary files, + including special device files. +
+There is no known workaround at this time.
+All LXC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/lxc-3.0.1-r1"
+
+
+ NetworkManager is an universal network configuration daemon for laptops, + desktops, servers and virtualization hosts. +
+ +The VPNC plugin provides easy access Cisco Concentrator based VPN’s + utilizing NetworkManager. +
+When initiating a VPNC connection, NetworkManager spawns a new vpnc + process and passes the configuration via STDIN. By injecting a special + character into a configuration parameter, an attacker can coerce + NetworkManager to set the Password helper option to an attacker + controlled executable file. +
+A local attacker is able to escalate privileges via a specially crafted + configuration file. +
+There is no known workaround at this time.
+All NetworkManager VPNC plugin users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-misc/networkmanager-vpnc-1.2.6"
+
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. +
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the referenced CVE identifiers for details. +
+A remote attacker could execute arbitrary commands or cause a denial of + service condition via a maliciously crafted web content. +
+There is no known workaround at this time.
+All WebkitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4"
+
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the referenced CVE identifiers for details. +
+A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process or a Denial of Service condition. Furthermore, + a remote attacker may be able to perform Man-in-the-Middle attacks, + obtain sensitive information, spoof the address bar, conduct clickjacking + attacks, bypass security restrictions and protection mechanisms, or have + other unspecified impact. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-60.2.2"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.2.2"
+
+
+ SoX is a command line utility that can convert various formats of + computer audio files in to other formats. +
+Multiple vulnerabilities have been discovered in SoX. Please review the + referenced CVE identifiers for details. +
+A remote attacker, by enticing a user to process a crafted WAV, HCOM, + SND, or AIFF file, could cause a Denial of Service condition. +
+There is no known workaround at this time.
+All SoX users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/sox-14.4.2-r1"
+
+ OpenSSH is a complete SSH protocol implementation that includes SFTP + client and server support. +
+It was discovered that OpenSSH was prone to a user enumeration + vulnerability. +
+A remote attacker could conduct user enumeration.
+There is no known workaround at this time.
+All OpenSSH users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.7_p1-r8"
+
+
+ ImageMagick is a collection of tools and libraries for many image + formats. +
+If you process an image with ImageMagick and don’t validate the file + before (e.g. check magic byte), ImageMagick will call any coders found in + the given file. So if ImageMagick will find Ghostscript for example, it + will call Ghostscript. +
+ +Due to multiple -dSAFER sandbox bypass vulnerabilities in Ghostscript, + this can lead to arbitrary code execution. +
+ +To mitigate this problem we install a policy.xml file by default which + will disable PS, EPS, PDF, and XPS coders. +
+A remote attacker, by enticing a user to process a specially crafted + image file, could execute arbitrary code with the privileges of the + process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All ImageMagick 6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-gfx/imagemagick-6.9.10.10-r1"
+
+
+ All ImageMagick 7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-gfx/imagemagick-7.0.8.10-r1"
+
+
+