Claws Mail is a GTK based e-mail client.
+Multiple vulnerabilities have been discovered in claws-mail. Please + review the CVE identifiers referenced below for details. +
+An attacker could possibly intercept communications due to the default + implementation of SSL 3.0. +
+There is no known workaround at this time.
+All claws-mail users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.13.2"
+
+ libssh is a mulitplatform C library implementing the SSHv2 and SSHv1 + protocol on client and server side. +
+libssh and libssh2 both have a bits/bytes confusion bug and generate an + abnormaly short ephemeral secret for the diffie-hellman-group1 and + diffie-hellman-group14 key exchange methods. The resulting secret is 128 + bits long, instead of the recommended sizes of 1024 and 2048 bits + respectively. +
+ +Additionally, a double free on dangling pointers in initial key exchange + packets within libssh could leave dangling pointers in the session crypto + structures. It is possible to send a malicious kexinit package to + eventually cause a server to do a double-free before this fix. This could + be used for a Denial of Service attack. +
+Remote attackers may gain access to confidential information due to the + short keysize generated by libssh and libssh2, or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All libssh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.7.3"
+
+
+ All libssh2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libssh2-1.7.0"
+
+ sudo (su “do”) allows a system administrator to delegate authority + to give certain users (or groups of users) the ability to run some (or + all) commands as root or another user while providing an audit trail of + the commands and their arguments. +
+sudoedit in sudo is vulnerable to the escalation of privileges by local + users via a symlink attack. This can be exploited by a file whose full + path is defined using multiple wildcards in /etc/sudoers, as demonstrated + by “/home///file.txt. +
+Local users are able to gain unauthorized privileges on the system.
+There is no known work around at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.15-r1"
+
+ Imagemagick is a collection of tools and libraries for many image + formats. +
+Multiple vulnerabilities have been discovered in ImageMagick including, + but not limited to, various overflows and potential Denials of Service. + Please visit the references and related bug reports for additional + information. +
+Remote attackers could potentially perform buffer overflows or conduct + Denials of Service. +
+There is no known workaround at this time.
+All ImageMagick users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.0.3"
+
+
+ FreeXL is an open source library to extract valid data from within an + Excel (.xls) spreadsheet. +
+FreeXL’s shared strings and workbook functions are vulnerable to the + remote execution of arbitrary code and Denial of Service. This can be + achieved through specially crafted workbooks from attackers. +
+Remote attackers could potentially execute arbitrary code or cause + Denial of Service. +
+There is no known workaround at this time.
+All FreeXL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "dev-libs/freexl-1.0.1"
+
+ PLIB includes sound effects, music, a complete 3D engine, font + rendering, a simple Windowing library, a game scripting language, a GUI, + networking, 3D math library and a collection of handy utility functions. +
+A buffer overflow in PLIB allows user-assisted remote attackers to + execute arbitrary code via vectors involving a long error message, as + demonstrated by a crafted acc file for TORCS. +
+Remote attackers could execute arbitrary code with the privileges of the + process. +
+There is no known workaround at this time.
+All PLIB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=media-libs/plib-1.8.5-r1"
+
+ wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE + 802.11i / RSN). hostapd is a user space daemon for access point and + authentication servers. +
+Multiple vulnerabilities exist in both hostapd and wpa_supplicant. + Please review the CVE identifiers for more information. +
+Remote attackers could execute arbitrary code with the privileges of the + process or cause Denial of Service. +
+There is no known workaround at this time.
+All hostapd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.5"
+
+
+ All wpa_supplicant users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=net-wireless/wpa_supplicant-2.5-r1"
+
+ IcedTea’s aim is to provide OpenJDK in a form suitable for easy + configuration, compilation and distribution with the primary goal of + allowing inclusion in GNU/Linux distributions. +
+Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, + Libraries, and JAXP, exist which allows remote attackers to affect the + confidentiality, integrity, and availability of vulnerable systems. Many + of the vulnerabilities can only be exploited through sandboxed Java Web + Start applications and java applets. Please review the CVE identifiers + referenced below for details. +
+Remote attackers may execute arbitrary code, compromise information, or + cause Denial of Service. +
+There is no known work around at this time.
+Gentoo Security is no longer supporting dev-java/icedtea, as it has been + officially dropped from the stable tree. +
+ +Users of the IcedTea 3.x binary package should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.0.1"
+
+
+ Users of the IcedTea 7.x binary package should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-7.2.6.6"
+
+ Kwalletd is is a credentials management application for KDE.
+Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when + encrypting the password store. +
+Local attackers, with access to the password store, could conduct a + codebook attack in order to obtain confidential passwords. +
+There is no known workaround at this time.
+All kwalletd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-apps/kwalletd-4.14.3-r1"
+
+
+ Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +
+Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. +
+An attacker can possibly execute arbitrary code or create a Denial of + Service condition. +
+There is no known workaround at this time.
+All Squid users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.5.19"
+
+ libpcre is a library providing functions for Perl-compatible regular + expressions. +
+Multiple vulnerabilities have been discovered in libpcre. Please review + the CVE identifiers referenced below for details. +
+An attacker can possibly execute arbitrary code or create a Denial of + Service condition. +
+There is no known workaround at this time.
+All libpcre users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-8.38-r1"
+
+