The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.632"
+
+ GD is a graphic library for fast image creation.
+Multiple vulnerabilities have been discovered in GD. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All GD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gd-2.2.2"
+
+ Cacti is a complete frontend to rrdtool.
+Multiple vulnerabilities have been discovered in Cacti. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or remote authenticated users could bypass + intended access restrictions. +
+There is no known workaround at this time.
+All Cacti users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8h"
+
+ CUPS, the Common Unix Printing System, is a full-featured print server.
+A vulnerability has been discovered in CUPS concerning the handling of + compressed raster files. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All CUPS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-2.0.2-r1"
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-51.0.2704.103"
+
+ Dropbear is a relatively small SSH server and client.
+A CRLF injection vulnerability in Dropbear SSH allows remote + authenticated users to bypass intended shell-command restrictions via + crafted X11 forwarding data. +
+A remote authenticated user could execute arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All Dropbear users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dropbear-2016.73"
+
+ Commons-beanutils provides easy-to-use wrappers around Reflection and + Introspection APIs +
+Apache Commons BeanUtils does not suppress the class property, which + allows for the manipulation of the ClassLoader. +
+Remote attackers could potentially execute arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All Commons BeanUtils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/commons-beanutils-1.9.2"
+
+
+ Varnish is a web application accelerator.
+Varnish fails to properly validate input from HTTP headers, and does not + deny requests with multiple Content-Length headers. +
+Remote attackers could conduct an HTTP response splitting attack, which + may further enable them to conduct Cross-Site Scripting (XSS), Cache + Poisoning, Defacement, and Page Hijacking. +
+There is no known workaround at this time.
+All Varnish users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/varnish-3.0.7"
+
+ Bugzilla is the bug-tracking system from the Mozilla project.
+Multiple vulnerabilities have been discovered in Bugzilla. Please review + the CVE identifiers referenced below for details. +
+Privileged account holders could execute system level commands, and the + new user process could be exploited to allow for the escalation of + privileges. +
+There is no known workaround at this time.
+All Bugzilla 4.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-4.4.12"
+
+
+ All Bugzilla 5.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-5.0.3"
+
+ Exim is a message transfer agent (MTA) designed to be a a highly + configurable, drop-in replacement for sendmail. +
+Vulnerabilities have been discovered in Exim’s implementation of + set-uid root and when using ‘perl_startup’. These vulnerabilities + require a user account on the Exim server and a configuration that does + lookups against files to which the user has edit access. +
+A local attacker could possibly execute arbitrary code with the + privileges of the process, or escalate privileges. +
+There is no known workaround at this time.
+All Exim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.87"
+
+ This library provides useful functions commonly found on BSD systems, + and lacking on others like GNU systems, thus making it easier to port + projects with strong BSD origins, without needing to embed the same code + over and over again on each project. +
+libbsd contains a buffer overflow in the fgetwln() function. An if + statement, which is responsible for checking the necessity to reallocate + memory in the target buffer, is off by one therefore an out of bounds + write occurs. +
+Remote attackers could potentially execute arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All libbsd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=dev-libs/libbsd-0.8.2"
+
+ Ansible is a radically simple IT automation platform.
+The create_script function in the lxc_container module of Ansible uses + predictable temporary file names, making it vulnerable to a symlink + attack. +
+Local attackers could write arbitrary files or gain escalated privileges + within the container. +
+There is no known workaround at this time.
+All Ansible 1.9.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/ansible-1.9.6"
+
+
+ All Ansible 2.0.2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/ansible-2.0.2.0-r1"
+
+ NTP contains software for the Network Time Protocol.
+Multiple vulnerabilities have been discovered in NTP. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All NTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
+
+ The ethernet monitor program; for keeping track of ethernet/ip address + pairings. +
+Arpwatch does not properly drop supplementary groups.
+Attackers, if able to exploit arpwatch, could escalate privileges + outside of the running process. +
+There is no known workaround at this time.
+All arpwatch users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=net-analyzer/arpwatch-2.1.15-r8"
+
+ BeanShell is a small, free, embeddable Java source interpreter with + object scripting language features, written in Java. +
+An application that includes BeanShell on the classpath may be + vulnerable if another part of the application uses Java serialization or + XStream to deserialize data from an untrusted source. +
+Remote attackers could execute arbitrary code including shell commands.
+There is no known workaround at this time.
+All BeanShell users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=dev-java/bsh-2.0_beta6"
+
+ OptiPNG is a PNG optimizer that recompresses image files to a smaller + size, without losing any information. +
+Multiple vulnerabilities have been discovered in OptiPNG. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted image + file resulting in the execution of arbitrary code with the privileges of + the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All OptiPNG users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.7.6"
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+Local users within a guest QEMU environment can execute arbitrary code + within the host or a cause a Denial of Service condition of the QEMU + guest process. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.7.0-r3"
+
+ Bundler provides a consistent environment for Ruby projects by tracking + and installing the exact gems and versions that are needed. +
+Bundler, allows the installation of gems from different sources with the + same names, when multiple top-level gem sources are used. +
+Remote attackers could inject arbitrary code via the gem install + process. +
+There is no known workaround at this time.
+All Bundler users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/bundler-1.7.3"
+
+ A multi-faceted language for the Java platform
+Groovy’s MethodClosure class, in runtime/MethodClosure.java, is + vulnerable to a crafted serialized object. +
+Remote attackers could potentially execute arbitrary code, or cause + Denial of Service condition +
+A workaround exists by using a custom security policy file utilizing the + standard Java security manager, or do not rely on serialization to + communicate remotely. +
+All Groovy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/groovy-2.4.5"
+
+ Apache HTTP Server is one of the most popular web servers on the + Internet. +
+Multiple vulnerabilities have been discovered in Apache HTTP Server. + Please review the CVE identifiers referenced below for details. +
+Remote attackers could bypass intended access restrictions, conduct HTTP + request smuggling attacks, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Apache users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.23"
+
+ Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and + BGP. +
+A memcpy function in the VPNv4 NLRI parser of bgp_mplsvpn.c does not + properly check the upper-bound length of received Labeled-VPN SAFI routes + data, which may allow for arbitrary code execution on the stack. +
+A remote attacker could send a specially crafted packet, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Quagga users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.0.20160315"
+
+
+ libgcrypt is a general purpose cryptographic library derived out of + GnuPG. +
+Multiple vulnerabilities have been discovered in libgcrypt. Please + review the CVE identifiers referenced below for details. +
+Side-channel attacks can leak private key information. A separate + critical bug allows an attacker who obtains 4640 bits from the RNG to + trivially predict the next 160 bits of output. +
+ +There is no known workaround at this time.
+All libgcrypt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.7.3"
+
+
+