Poppler is a PDF rendering library based on the xpdf-3.0 code base.
+Multiple vulnerabilities have been discovered in Poppler. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted PDF + using Poppler, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Poppler users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.42.0"
+
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-54.0.2840.100"
+
+ The RPCBind utility is a server that converts RPC program numbers into + universal addresses. +
+A use-after-free vulnerability was discovered in RPCBind’s + svc_dodestroy function when trying to free a corrupted xprt->xp_netid + pointer. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All RPCBind users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nds/rpcbind-0.2.3-r1"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All Adobe Flash Player 23.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-23.0.0.207"
+
+
+ All Adobe Flash Player 11.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-11.2.202.644"
+
+ The Tar program provides the ability to create and manipulate tar + archives. +
+Tar attempts to avoid path traversal attacks by removing offending parts + of the element name at extract. This sanitizing leads to a vulnerability + where the attacker can bypass the path name(s) specified on the command + line. +
+The attacker can create a crafted tar archive that, if extracted by the + victim, replaces files and directories the victim has access to in the + target directory, regardless of the path name(s) specified on the command + line. +
+There is no known workaround at this time.
+All Tar users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/tar-1.29-r1"
+
+ TestDisk is powerful free data recovery software! It was primarily + designed to help recover lost partitions and/or make non-booting disks + bootable again when these symptoms are caused by faulty software: certain + types of viruses or human error (such as accidentally deleting a + Partition Table). Partition table recovery using TestDisk is really easy. +
+A buffer overflow can be triggered within TestDisk when a malicious disk + image is attempting to be recovered. +
+A remote attacker could coerce the victim to run TestDisk against their + malicious image. This may be leveraged by an attacker to crash TestDisk + and gain control of program execution. +
+There is no known workaround at this time.
+All TestDisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/testdisk-7.0-r2"
+
+
+