Chromium is an open-source browser project that aims to build a safer, +faster, and more stable way for all users to experience the web. + +Google Chrome is one, fast, simple, and secure browser for all your +devices. +
+Multiple vulnerabilities have been discovered in Chromium and Google +Chrome. Please review the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-98.0.4758.102"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-98.0.4758.102"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-91.6.0:esr"
+
+
+ All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.6.0:esr"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-97.0:rapid"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-97.0:rapid"
+
+ HashiCorp Vault is a tool for managing secrets.
+Multiple vulnerabilities have been discovered in HashiCorp Vault. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All HashiCorp Vault users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/vault-1.10.3"
+
+ lib3mf is an implementation of the 3D Manufacturing Format file standard.
+Incorrect memory handling within lib3mf could result in a use-after-free.
+An attacker that can provide malicious input to an application using 3MF Consortium's lib3mf could achieve remote code execution.
+There is no known workaround at this time.
+All 3MF Consortium lib3mf users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/lib3mf-2.1.1"
+
+ Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
+Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Go users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/go-1.18.5"
+
+
+ In addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:
+ +
+ # emerge --ask --oneshot --verbose @golang-rebuild
+
+ Babel is a collection of tools for internationalizing Python applications.
+Babel does not properly restrict which sources a locale can be loaded from. If Babel loads an attacker-controlled .dat file, arbitrary code execution can be achieved via unsafe Pickle deserialization.
+An attacker with filesystem access and control over the locales Babel loads can achieve code execution.
+There is no known workaround at this time.
+All Babel users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/Babel-2.9.1"
+
+ libmcpp is a portable C/C++ preprocessor.
+A buffer overflow and an out-of-bounds read vulnerability have been discovered in libmcpp, which could be exploited for denial of service.
+An attacker that can provide crafted input to libmcpp could achieve denial of service.
+There is no known workaround at this time.
+All libmcpp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-cpp/libmcpp-2.7.2_p5"
+
+ Icinga Web 2 is a frontend for icinga2.
+Multiple vulnerabilities have been discovered in Icinga Web 2. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Icinga Web 2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/icingaweb2-2.9.6"
+
+ lxml is a Pythonic binding for the libxml2 and libxslt libraries.
+Multiple vulnerabilities have been discovered in lxml. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All lxml users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/lxml-4.9.1"
+
+ LibRaw is a library for reading RAW files obtained from digital photo cameras.
+LibRaw incorrectly handles parsing DNG fields in some cases, potentially resulting in a buffer overread leading to denial of service.
+An attacker capable of providing crafted input to LibRaw could trigger denial of service.
+There is no known workaround at this time.
+All LibRaw users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.20.2"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-91.12.0:esr"
+
+
+ All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.12.0:esr"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-103.0:rapid"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-103.0:rapid"
+
+ HashiCorp Consul is a tool for service discovery, monitoring and configuration.
+Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All HashiCorp Consul users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/consul-1.9.17"
+
+ Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications.
+Multiple vulnerabilities have been discovered in Spice Server, please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Spice Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/spice-0.15.0"
+
+ Yubico pam-u2f is a PAM module for FIDO2 and U2F keys.
+A logic issue in Yubico pam-u2f could result in the bypass of a PIN entry requirement when authenticating with FIDO2.
+An attacker with local access to certain applications using pam-u2f for authentication could incorrectly successfully authenticate without entering the authentication PIN.
+There is no known workaround at this time.
+All Yubico pam-u2f users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_u2f-1.1.1"
+
+ mdbtools is a set of libraries and utilities for reading Microsoft Access database (MDB) files.
+Multiple vulnerabilities have been discovered in mdbtools. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All mdbtools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/mdbtools-0.9.3"
+
+ libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) subtitle format.
+A one-byte buffer overwrite in ASS font decoding could trigger an assertion failure resulting in denial of service.
+An attacker with control over the ASS track input to libass via an application using it could trigger a denial of service.
+There is no known workaround at this time.
+All libass users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libass-0.15.1"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-91.12.0"
+
+
+ All Mozilla Thunderbird binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-91.12.0"
+
+ isync is an IMAP and MailDir mailbox synchronizer.
+Multiple vulnerabilities have been discovered in isync. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All isync users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/isync-1.4.4"
+
+ faac contains free MPEG-4 audio codecs by AudioCoding.com.
+An invalid pointer can be dereferenced in the huffcode function of libfaac/huff2.c, leading to a crash.
+An attacker with the ability to provide crafted input to faac could cause a denial of service.
+There is no known workaround at this time.
+All faac users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/faac-1.30"
+
+ Nextcloud is a personal cloud that runs on your own server.
+Multiple vulnerabilities have been discovered in Nextcloud. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Nextcloud users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/nextcloud-23.0.4"
+
+ Motion is a program that monitors the video signal from one or more cameras and is able to detect motions.
+The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a flaw in parsing results in an infinite loop trying to parse the rest of the character, which eventually results in a denial of service condition when reading out-of-bounds.
+A remote attacker can trigger a denial of service condition in Motion.
+There is no known workaround at this time.
+All Motion users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/motion-4.3.2"
+
+ aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
+A bug in aiohttp.web_middlewares.normalize_path_middleware creates an open redirect vulnerability.
+An attacker use this vulnerability to craft a link that, while appearing to be a link to an aiohttp-based website, redirects users to an arbitrary attacker-controlled URL.
+There is no known workaround at this time.
+All aiohttp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/aiohttp-3.7.4"
+
+ The Apache HTTP server is one of the most popular web servers on the Internet.
+Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Apache HTTPD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
+
+
+ All Apache HTTPD tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
+
+ libebml is a C++ library to parse EBML files.
+On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow.
+An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution.
+There is no known workaround at this time.
+Users of libebml on 32 bit architectures should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libebml-1.4.2"
+
+ xterm is a terminal emulator for the X Window system.
+Multiple vulnerabilities have been discovered in xterm. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All xterm users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/xterm-371"
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.15.3"
+
+
+ All Xen tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.15.3"
+
+ The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related functions.
+Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GNU C Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.34-r7"
+
+ Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. + +Google Chrome is one fast, simple, and secure browser for all your devices. + +Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
+Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
+
+
+ All Chromium binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"
+
+
+ All Microsoft Edge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
+
+
+ All QtWebEngine users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.5_p20220618"
+
+ libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants.
+Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libarchive users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.6.1"
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU.Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-7.0.0"
+
+ Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack.
+Multiple vulnerabilities have been discovered in Puma. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Puma users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/puma-5.6.4"
+
+ Nokogiri is an HTML, XML, SAX, and Reader parser.
+Multiple vulnerabilities have been discovered in Nokogiri. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Nokogiri users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/nokogiri-1.13.6"
+
+ The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.
+Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Binutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.38"
+
+
+ All Binutils library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/binutils-libs-2.38"
+
+ GStreamer is an open source multimedia framework.
+Multiple vulnerabilities have been found in GStreamer and its plugins. Please review the CVE and GStreamer-SA identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GStreamer users should update to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.20.2"
+
+
+ All gst-plugins-bad users should update to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-bad-1.20.2"
+
+
+ All gst-plugins-good users should update to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-good-1.20.2"
+
+
+ All gst-plugins-ugly users should update to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-ugly-1.20.2"
+
+
+ All gst-plugins-base users should update to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-base-1.20.2"
+
+
+ All gst-plugins-libav users should update to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-libav-1.20.2"
+
+ Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
+Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Vim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
+
+
+ All gVim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
+
+
+ All vim-core users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
+
+ GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications. + +gettext contains the GNU locale utilities. + +libcroco is a standalone CSS2 parsing and manipulation library.
+The cr_parser_parse_any_core function in libcroco's cr-parser.c does not limit recursion, leading to a denial of service via a stack overflow when trying to parse crafted CSS. + +Gnome Shell and gettext bundle libcroco in their own sources and thus are potentially vulnerable as well.
+An attacker with control over the input to the library can cause a denial of service.
+There is no known workaround at this time.
+All gettext users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.21"
+
+
+ All Gnome Shell users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-base/gnome-shell-3.36.7"
+
+
+ All libcroco users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libcroco-0.6.13"
+
+ Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
+Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Apache Tomcat 10.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10"
+
+
+ All Apache Tomcat 9.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9"
+
+
+ All Apache Tomcat 8.5.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5"
+
+ Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. + +Google Chrome is one fast, simple, and secure browser for all your devices. + +Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
+Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
+
+
+ All Chromium binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
+
+
+ All Google Chrome users should upgrade to tha latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
+
+
+ All Microsoft Edge users should upgrade to tha latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
+
+ VirtualBox is a powerful virtualization product from Oracle.
+Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All VirtualBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.36"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-91.13.0"
+
+
+ All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.13.0"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-104.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-104.0"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.2.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.2.0"
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All WebKitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7"
+
+ GNU Gzip is a popular data compression program. + +XZ Utils is free general-purpose data compression software with a high compression ratio.
+GNU Gzip and XZ Utils' grep helpers do not sufficiently validate certain multi-line file names.
+In some cases, writing to arbitrary files such as shell initialization files can be escalation to remote code execution.
+Ensuring only trusted input is passed to GNU Gzip and XZ Utils' grep helpers minimizes the potential impact.
+All GNU Gzip users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.12"
+
+
+ All XZ Utils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/xz-utils-5.2.5"
+
+ TSM provides the client and the API for IBM Spectrum Protect (formerly known as Tivoli Storage Manager), a backup and archival client/server solution targetting large tape libraries.
+Multiple vulnerabilities have been discovered in IBM Spectrum Protect. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All IBM Spectrum Protect users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-backup/tsm-8.1.13.3"
+
+ OpenSC contains tools and libraries for smart cards.
+Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenSC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.22.0"
+
+ OpenJPEG is an open-source JPEG 2000 library.
+Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenJPEG 2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openjpeg-2.5.0"
+
+ OpenJDK is an open source implementation of the Java programming language.
+Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenJDK 8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.322_p06:8"
+
+
+ All OpenJDK 8 JRE binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.322_p06:8"
+
+
+ All OpenJDK 8 binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.322_p06:8"
+
+
+ All OpenJDK 11 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.14_p9:11"
+
+
+ All OpenJDK 11 JRE binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.14_p9:11"
+
+
+ All OpenJDK 11 binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.14_p9:11"
+
+
+ All OpenJDK 17 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.2_p8:17"
+
+
+ All OpenJDK 17 JRE binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.2_p8:17"
+
+
+ All OpenJDK 17 binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.2_p8:17"
+
+ Rizin is a reverse engineering framework for binary analysis.
+Multiple vulnerabilities have been discovered in Rizin. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Rizin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/rizin-0.4.1"
+
+ Mrxvt is a multi-tabbed rxvt clone with XFT, transparent background and CJK support.
+Mrxvt mishandles certain escape sequences, some of which allow for shell command execution.
+An attacker with sufficient access to write arbitrary text to the Mrxvt terminal could execute arbitrary code.
+There is no known workaround at this time.
+Gentoo has discontinued support for Mrxvt. We recommend that users remove it:
+ +
+ # emerge --ask --depclean "x11-terms/mrxvt"
+
+ Smokeping is a powerful latency measurement tool
+Multiple vulnerabilities have been discovered in Smokeping. Please review the CVE identifiers referenced below for details.
+A local attacker which gains access to the smokeping user could gain root privileges.
+There is no known workaround at this time.
+Gentoo has discontinued support for Smokeping. We recommend that users remove it:
+ +
+ # emerge --ask --depclean "net-analyzer/smokeping"
+
+ Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates.
+Multiple vulnerabilities have been discovered in Smarty. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Smarty users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/smarty-4.2.1"
+
+ Logcheck mails anomalies in the system logfiles to the administrator.
+The pkg_postinst phase of the Logcheck ebuilds recursively chown the /etc/logcheck and /var/lib/logcheck directories. If the logcheck adds hardlinks to other files in these directories, the chown call will follow the link and transfer ownership of any file to the logcheck user.
+A local attacker with access to the logcheck user could escalate to root privileges.
+There is no known workaround at this time.
+Gentoo has discontinued support for Logcheck. We recommend that users remove it:
+ +
+ # emerge --ask --depclean "app-admin/logcheck"
+
+ HarfBuzz is an OpenType text shaping engine.
+Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All HarfBuzz users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-4.4.0"
+
+ GNU GRUB is a multiboot boot loader used by most Linux systems.
+Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GRUB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06-r3"
+
+
+ After upgrading, make sure to run the grub-install command with options appropriate for your system. See the GRUB2 Gentoo Wiki page for directions. Your system will be vulnerable until this action is performed.
+libaacplus is an HE-AAC+ v2 library, based on the reference implementation.
+Multiple vulnerabilities have been discovered in libaacplus. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+Gentoo has discontinued suport for libaacplus. We recommend that users remove it:
+ +
+ # emerge --ask --depclean "media-libs/libaacplus"
+
+ Fetchmail is a remote mail retrieval and forwarding utility.
+Multiple vulnerabilities have been discovered in Fetchmail. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Fetchmail users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.4.22"
+
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications require.
+Multiple vulnerabilities have been discovered in Oracle's JDK and JRE software suites. Please review the CVE identifiers referenced below for details.
+Certain uses of untrusted data by Oracle JDK and JRE could result in arbitrary code execution.
+There is no known workaround at this time.
+Gentoo has discontinued support for the Oracle JDK and JRE. We recommend that users remove it, and use dev-java/openjdk, dev-java/openjdk-bin, or dev-java/openjdk-jre-bin instead:
+ +
+ # emerge --ask --depclean "dev-java/oracle-jre-bin"
+ # emerge --ask --depclean "dev-java/oracle-jdk-bin"
+
+ BlueZ is the canonical bluetooth tools and system daemons package for Linux.
+Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All BlueZ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.63"
+
+ Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.
+Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Redis users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/redis-7.0.5"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.3.0"
+
+
+ All Mozilla Thunderbird binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.3.0"
+
+ GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats.
+Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GraphicsMagick users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.38"
+
+ PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
+Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PHP 7.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.30:7.4"
+
+
+ All PHP 8.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-8.0.23:8.0"
+
+
+ All PHP 8.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-8.1.8:8.1"
+
+ Poppler is a PDF rendering library based on the xpdf-3.0 code base.
+Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details.
+Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code.
+Avoid opening untrusted PDFs.
+All Poppler users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-22.09.0"
+
+ Kitty is a fast, feature-rich, GPU-based terminal.
+Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands.
+Kitty can produce notifications that, when clicked, can execute arbitrary commands.
+Avoid clicking unexpected notifications.
+All Kitty users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/kitty-0.26.2"
+
+ Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. + +Google Chrome is one fast, simple, and secure browser for all your devices. + +Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
+Multiple vulnerabilities have been discovered in Chromium, Google Chrome, Microsoft Edge. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-105.0.5195.125"
+
+
+ All Chromium binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-105.0.5195.125"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-105.0.5195.125"
+
+
+ All Microsoft Edge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-105.0.1343.42"
+
+ Expat is a set of XML parsing libraries.
+Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Expat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.4.9"
+
+ Zutty is an X terminal emulator rendering through OpenGL ES Compute Shaders.
+Zutty does not correctly handle invalid DECRQSS commands, which can be exploited to run arbitrary commands in the terminal.
+Untrusted text written to the Zutty terminal can achieve arbitrary code execution.
+There is no known workaround at this time.
+All Zutty users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/zutty-0.13"
+
+ Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
+Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Go users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/go-1.18.6"
+
+
+ In addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:
+ +
+ # emerge --ask --oneshot --verbose @golang-rebuild
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-102.3.0"
+
+
+ All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.3.0"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-105.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-105.0"
+
+ Open Asset Import Library is a library to import and export various 3d-model-formats including scene-post-processing to generate missing render data.
+Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Open Asset Import Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/assimp-5.2.2"
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
+Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1q"
+
+ libxml2 is the XML C parser and toolkit developed for the GNOME project.
+Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.2"
+
+ Wireshark is a versatile network protocol analyzer.
+Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Wireshark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-3.6.8"
+
+ A virtual 3D GPU library, that allows the guest operating system to use the host GPU to accelerate 3D rendering.
+Multiple vulnerabilities have been discovered in virglrenderer. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All virglrenderer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/virglrenderer-0.10.1"
+
+ libvirt is a C toolkit for manipulating virtual machines.
+Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libvirt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-8.2.0"
+
+
+ All libvirt-python users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/libvirt-python-8.2.0"
+
+ Deluge is a BitTorrent client.
+Deluge does not sufficiently sanitize crafted torrent file data, leading to the application interpreting untrusted data as HTML.
+An attacker can achieve XSS via a crafted torrent file.
+There is no known workaround at this time.
+All Deluge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/deluge-2.1.1"
+
+ Tcpreplay is a suite of utilities for UNIX systems for editing and replaying network traffic which was previously captured by tools like tcpdump and ethereal/wireshark.
+Multiple vulnerabilities have been discovered in Tcpreplay. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Tcpreplay users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcpreplay-4.4.2"
+
+ A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.
+Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Rust users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/rust-1.63.0-r1"
+
+
+ All Rust binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.64.0"
+
+
+ In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set:
+ +
+ # emerge --ask --oneshot --verbose @rust-rebuild
+
+ LibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.
+Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All LibTIFF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.4.0"
+
+ schroot is a utility to execute commands in a chroot environment.
+schroot is unecessarily permissive in rules regarding chroot and session names.
+A crafted chroot or session name can break the internal state of the schroot service, leading to denial of service.
+There is no known workaround at this time.
+All schroot users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/schroot-1.6.13"
+
+ Lighttpd is a lightweight high-performance web server.
+Lighttpd's mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.
+An attacker can trigger a denial of service via making Lighttpd try to call an uninitialized function pointer.
+There is no known workaround at this time.
+All lighttpd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.67"
+
+ libgcrypt is a general purpose cryptographic library derived out of GnuPG.
+Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libgcrypt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.9.4"
+
+ Gitea is a painless self-hosted Git service.
+Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Gitea users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/gitea-1.17.3"
+
+ GDAL is a geospatial data abstraction library.
+GDAL does not sufficiently sanitize input when loading PCIDSK binary segments.
+Loading crafted PCIDSK data via GDAL could result in denial of service.
+There is no known workaround at this time.
+All GDAL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-libs/gdal-3.4.1"
+
+ Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. + +Google Chrome is one fast, simple, and secure browser for all your devices. + +Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
+Multiple vulnerabilities have been discovered in Chromium, Google Chrome, and Microsoft Edge. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-106.0.5249.119"
+
+
+ All Chromium binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-106.0.5249.119"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-106.0.5249.119"
+
+
+ All Microsoft Edge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-106.0.1370.37"
+
+ JHead is an EXIF JPEG header manipulation tool.
+Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All JHead users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/jhead-3.06.0.1"
+
+ Sofia-SIP is an RFC3261 compliant SIP User-Agent library.
+Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Sofia-SIP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/sofia-sip-1.13.8"
+
+ Apptainer is the container system for secure high-performance computing.
+The Go module "sif" version 2.8.0 and older, which is a statically linked dependency of Apptainer, does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.
+An image whose verification relies on a cryptographically insecure hash algorithm could be replaced, resulting in users using an image other than the one that was expected.
+There is no known workaround at this time.
+All Apptainer users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.2"
+
+ Nicotine+ is a fork of nicotine, a Soulseek client in Python.
+Nicotine+ does not sufficiently validate file path in download requests.
+A file path in a download request which contains a null character will cause a crash of Nicotine+.
+There is no known workaround at this time.
+All Nicotine+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/nicotine+-3.2.1"
+
+ FasterXML jackson-databind is a general data-binding package for Jackson (2.x) which works on streaming API (core) implementation(s).
+Multiple vulnerabilities have been discovered in FasterXML jackson-databind. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All FasterXML jackson-databind users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/jackson-databind-2.13.4.1"
+
+ The Red Hat Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages.
+Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All RPM users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/rpm-4.18.0"
+
+ Libksba is a X.509 and CMS (PKCS#7) library.
+An integer overflow in parsing ASN.1 objects could lead to a buffer overflow.
+Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution.
+There is no known workaround at this time.
+All libksba users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.6.2"
+
+ FreeRDP is a free implementation of the remote desktop protocol.
+Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All FreeRDP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/freerdp-2.8.1"
+
+ ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol.
+Multiple vulnerabilities have been discovered in ISC BIND. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All ISC BIND users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.16.33"
+
+
+ All ISC BIND-tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-tools-9.16.33"
+
+ Shadow contains utilities to deal with user accounts
+A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes usermod/userdel.
+An unauthorized user could potentially modify files which they do not have write permissions for.
+There is no known workaround at this time.
+All Shadow users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.12.2"
+
+ open-vm-tools contains tools for VMware guests.
+A pipe accessible to unprivileged users in the VMWare guest does not sufficiently sanitize input.
+An unprivileged guest user could achieve root privileges within the guest.
+There is no known workaround at this time.
+All open-vm-tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/open-vm-tools-12.1.0"
+
+ libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif.
+There is a bug in exif's XML output format which can result in a null pointer dereference when outputting crafted JPEG EXIF data.
+A crafted JPEG image can trigger a denial of service in the form of a null pointer dereference.
+There is no known workaround at this time.
+All exif users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/exif-0.6.22"
+
+ Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol.
+Multiple vulnerabilities have been discovered in Net-SNMP. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Net-SNMP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.9.2"
+
+ The X Window System is a graphical windowing system based on a client/server model.
+Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All X.Org X server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.4"
+
+
+ All XWayland users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xwayland-22.1.3"
+
+ OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications.
+Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenEXR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openexr-3.1.5"
+
+ hiredis is a minimalistic C client library for the Redis database. + +hiredis-py is a Python extension that wraps hiredis.
+Hiredis is vulnerable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow.
+Malicious Redis commands could result in remote code execution.
+There is no known workaround at this time.
+All hiredis users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/hiredis-1.0.1"
+
+
+ All hiredis-py users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/hiredis-2.0.0"
+
+ Libtirpc is a port of Sun's Transport-Independent RPC library to Linux.
+Currently svc_run does not handle poll timeout and rendezvous_request +does not handle EMFILE error returned from accept(2 as it used to. +These two missing functionality were removed by commit b2c9430f46c4. + +The effect of not handling poll timeout allows idle TCP conections +to remain ESTABLISHED indefinitely. When the number of connections +reaches the limit of the open file descriptors (ulimit -n) then +accept(2) fails with EMFILE. Since there is no handling of EMFILE +error this causes svc_run() to get in a tight loop calling accept(2). +This resulting in the RPC service of svc_run is being down, it's +no longer able to service any requests. + +Due to a lack of handling of certain error cases, connections to Libtirpc could remain ESTABLISHED indefinitely.
+Denial of service can be achieved via establishing enough connections to Libtirpc to reach the limit of open file descriptors for the process.
+There is no known workaround at this time.
+All Libtirpc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libtirpc-1.3.2"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-102.4.0"
+
+
+ All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.4.0"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-106.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-106.0"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.4.0"
+
+
+ All Mozilla Thunderbird binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.4.0"
+
+ libjxl is the JPEG XL image format reference implementation.
+libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init.
+An attacker can cause a denial of service of the libjxl process via a crafted input file.
+There is no known workaround at this time.
+All users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libjxl-0.7.0_pre20220825"
+
+ PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
+Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PJSIP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/pjproject-2.12.1"
+
+ Expat is a set of XML parsing libraries.
+In certain out-of-memory situations, Expat may free memory before it should, leading to a use-after-free.
+A use-after-free can result in denial of service.
+There is no known workaround at this time.
+All Expat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.5.0"
+
+ libxml2 is the XML C parser and toolkit developed for the GNOME project.
+Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.3"
+
+ SQLite is a C library that implements an SQL database engine.
+Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All SQLite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.39.2"
+
+ android-tools contains Android platform tools (adb, fastboot, and mkbootimg).
+Multiple vulnerabilities have been discovered in android-tools. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All android-tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/android-tools-33.0.3"
+
+ zlib is a widely used free and patent unencumbered data compression library.
+Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details.
+Maliciously crafted input handled by zlib may result in remote code execution.
+There is no known workaround at this time.
+All zlib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.12-r3"
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
+Multiple buffer overflows exist in OpenSSL's handling of TLS certificates for client authentication.
+It is believed that, while unlikely, code execution is possible in certain system configurations.
+Users operating TLS servers may consider disabling TLS client authentication, if it is being used, until fixes are applied.
+All OpenSSL 3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.7"
+
+ lesspipe is a preprocessor for less.
+lesspipe has support for parsing Perl storable ("PST") files,
+A crafted Perl storable file which is passed into lesspipe could result in arbitrary code execution.
+There is no known workaround at this time.
+All lesspipe users should update to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/lesspipe-2.06"
+
+