IcedTea’s aim is to provide OpenJDK in a form suitable for easy + configuration, compilation and distribution with the primary goal of + allowing inclusion in GNU/Linux distributions. +
+Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, + Libraries, and JAXP, exist which allows remote attackers to affect the + confidentiality, integrity, and availability of vulnerable systems. Many + of the vulnerabilities can only be exploited through sandboxed Java Web + Start applications and java applets. Please review the CVE identifiers + referenced below for details. +
+Remote attackers may execute arbitrary code, compromise information, or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All IcedTea-bin 7.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.8:7"
+
+
+ All IcedTea-bin 3.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.2.0:8"
+
+ CVS (Concurrent Versions System) is an open-source network-transparent + version control system. It contains both a client utility and a server. +
+A heap-based buffer overflow was discovered in the proxy_connect + function in src/client.c in CVS. +
+An attacker, utilizing a remote HTTP proxy server, could cause a Denial + of Service condition or possibly execute arbitrary code via a crafted + HTTP response. +
+There is no known workaround at this time.
+All CVS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/cvs-1.12.12-r11"
+
+ irssi is a modular textUI IRC client with IPv6 support.
+Multiple vulnerabilities have been discovered in irssi. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All irssi users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/irssi-0.8.21"
+
+ The Mozilla Network Security Service (NSS) is a library implementing + security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS + #12, S/MIME and X.509 certificates. +
+Multiple vulnerabilities have been discovered in NSS. Please review the + CVE identifiers and technical papers referenced below for details. +
+Remote attackers could conduct man-in-the-middle attacks, obtain access + to private key information, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All NSS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.28"
+
+ cURL is a tool and libcurl is a library for transferring data with URL + syntax. +
+Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers and bug reports referenced for details. +
+Remote attackers could conduct a Man-in-the-Middle attack to obtain + sensitive information, cause a Denial of Service condition, or execute + arbitrary code. +
+There is no known workaround at this time.
+All cURL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.52.1"
+
+ Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and + BGP. +
+Multiple vulnerabilities have been discovered in Quagga. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted packet possibly + resulting in the execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Quagga users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.1.0-r2"
+
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+A privileged user/process within a guest QEMU environment can cause a + Denial of Service condition against the QEMU guest process or the host. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.8.0"
+
+ PPP is a Unix implementation of the Point-to-Point Protocol
+A buffer overflow was discovered in the rc_mksid function in + plugins/radius/util.c in PPP when the PID for pppd is greater than 65535. +
+A remote attacker could cause a Denial of Service condition.
+There is no known workaround at this time.
+All PPP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.7-r3"
+
+ MySQL driver for the Perl5 Database Interface (DBI)
+Multiple vulnerabilities have been discovered in DBD::mysql. Please + review the CVE identifiers referenced below for details. +
+An attacker could cause a Denial of Service condition, execute arbitrary + code, or have other unspecified impacts. +
+There is no known workaround at this time.
+All DBD::mysql users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/DBD-mysql-4.41.0"
+
+ libupnp is a portable, open source, UPnP development kit.
+Multiple vulnerabilities have been discovered in libupnp. Please review + the CVE identifiers referenced below for details. +
+A remote attack could arbitrarily write files to a users file system, + cause a Denial of Service condition, or execute arbitrary code. +
+There is no known workaround at this time.
+All libupnp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libupnp-1.6.21"
+
+ Lua is a powerful, efficient, lightweight, embeddable scripting + language. It supports procedural programming, object-oriented + programming, functional programming, data-driven programming, and data + description. +
+A buffer overflow was discovered in the vararg functions in ldo.c in + Lua. +
+Context-dependent could cause a Denial of Service condition or execute + arbitrary code. +
+There is no known workaround at this time.
+All Lua users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.1.5-r4"
+
+
+ Command-line decoder for raw digital photos.
+An integer overflow was discovered in the ljpeg_start function in DCRaw.
+Remote attackers, by enticing a user to open a specially crafted image, + could cause a Denial of Service condition. +
+There is no known workaround at this time.
+All DCRaw users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/dcraw-9.26.0"
+
+ DirectFB (Direct Frame Buffer) is a set of graphics APIs implemented on + top of the Linux Frame Buffer (fbdev) abstraction layer. +
+Multiple vulnerabilities have been discovered in DirectFB. Please review + the CVE identifiers referenced below for details. +
+Remote attackers could cause a Denial of Service condition or execute + arbitrary code via the Voodoo interface. +
+There is no known workaround at this time.
+All DirectFB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/DirectFB-1.7.5"
+
+ zlib is a widely used free and patent unencumbered data compression + library. +
+Multiple vulnerabilities have been discovered in zlib. Please review the + CVE identifiers referenced below for details. +
+An attacker could cause a Denial of Service condition.
+There is no known workaround at this time.
+All zlib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.9"
+
+ T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts.
+Multiple vulnerabilities have been discovered in T1Lib. Please review + the CVE identifiers referenced below for details. +
+Remote attackers, by coercing users to process specially crafted AFM + font or PDF file, could cause a Denial of Service condition or execute + arbitrary code. +
+There is no known workaround at this time.
+All T1Lib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/t1lib-5.1.2-r1"
+
+ ICU is a mature, widely used set of C/C++ and Java libraries providing + Unicode and Globalization support for software applications. +
+Multiple vulnerabilities have been discovered in ICU. Please review the + CVE identifiers referenced below for details. +
+Remote attackers could cause a Denial of Service condition or possibly + have other unspecified impacts via a long locale string or + httpAcceptLanguage argument. Additionally, A remote attacker, via a + specially crafted file, could cause an application using ICU to parse + untrusted font files resulting in a Denial of Service condition. + Finally, remote attackers could affect confidentiality via unknown + vectors related to 2D. +
+There is no known workaround at this time.
+All ICU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/icu-58.1"
+
+ ADOdb is an abstraction library for PHP creating a common API for a wide + range of database backends. +
+Multiple vulnerabilities have been discovered in ADOdb. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, through the use of SQL injection or Cross Site + Scripting (XSS) attacks, could execute arbitrary code. +
+There is no known workaround at this time.
+All ADOdb users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-php/adodb-5.20.9"
+
+ LibRaw is a library for reading RAW files obtained from digital photo + cameras. +
+Multiple vulnerabilities have been discovered in LibRaw. Please review + the CVE identifiers referenced below for details. +
+An attacker could execute arbitrary code, cause a Denial of Service + condition, or have other unspecified impacts. +
+There is no known workaround at this time.
+All LibRaw users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.17.1"
+
+ WebP is an image format employing both lossy and lossless compression.
+Multiple vulnerabilities have been discovered in WebP’s gif2webp tool. + Please review the CVE identifier and bug reference for details. +
+A remote attacker, by enticing a user to process a specially crafted + file using WebP’s gif2webp tool, could possibly cause a Denial of + Service condition or other unspecified impacts. +
+There is no known workaround at this time.
+All WebP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libwebp-0.5.2"
+
+ A SUID program that reduces the risk of security breaches by restricting + the running environment of untrusted applications using Linux namespaces + and seccomp-bpf. +
+Multiple vulnerabilities have been discovered in Firejail. Please review + the CVE identifiers referenced below for details. +
+An attacker could possibly bypass sandbox protection, cause a Denial of + Service condition, or escalate privileges. +
+There is no known workaround at this time.
+All Firejail users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.44.4"
+
+
+ All Firejail-lts users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/firejail-lts-0.9.38.8"
+
+ Graphite is a “smart font” system developed specifically to handle + the complexities of lesser-known languages of the world. +
+Multiple vulnerabilities have been discovered in Graphite. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or obtain + sensitive information. +
+There is no known workaround at this time.
+All Graphite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphite2-1.3.7"
+
+