# emerge --sync
- # emerge --ask --oneshot --verbose ">=sys-apps/man-db-2.7.6.1-r2"
+ # emerge --ask --oneshot --verbose ">=sys-apps/man-db-2.7.6.1-r2:0"
Gajim is a Jabber/XMPP client which uses GTK+.
+Gajim unconditionally implements the “XEP-0146: Remote Controlling + Clients” extension. +
+Remote attackers, by enticing a user to connect to a malicious XMPP + server, could extract plaintext from Off The Record (OTR) encrypted + sessions. +
+There is no known workaround at this time.
+All Gajim users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/gajim-0.16.6-r1"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-26.0.0.137"
+
+ BIND (Berkeley Internet Name Domain) is a Name Server.
+Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted DNS request to the BIND + resolver resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All BIND users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.11.1_p1"
+
+
+ TNEF is a program for unpacking MIME attachments of type + “application/ms-tnef”. +
+Multiple vulnerabilities have been discovered in TNEF. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could entice a user to process a specially crafted + MIME attachment of type “application/ms-tnef” using TNEF, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All TNEF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/tnef-1.4.15"
+
+
+ Helps to manage large numbers of passwords and related information and + simplifies the tasks of searching and entering password data. +
+A history file in ~/.kedpm/history is written in clear text. All of the + commands performed in the password manager are written there. This can + lead to the disclosure of the master password if the “password” + command is used with an argument. The names of the password entries + created and consulted are also accessible in clear text. +
+An attacker could obtain confidential information.
+There is no known workaround at this time.
+Gentoo Security recommends that users unmerge Ked Password Manager:
+ +
+ # emerge --unmerge "app-admin/kedpm"
+
+ RAR and UnRAR provide command line interfaces for compressing and + decompressing RAR files. +
+A VMSF_DELTA memory corruption was discovered in which an integer + overflow can be caused in DataSize+CurChannel. The result is a negative + value of the “DestPos” variable which allows writing out of bounds + when setting Mem[DestPos]. +
+A remote attacker, by enticing a user to open a specially crafted + archive, could execute arbitrary code with the privileges of the process. +
+There is no known workaround at this time.
+All RAR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-arch/rar-5.5.0_beta4_p20170628"
+
+
+ All UnRAR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unrar-5.5.5"
+
+ Ghostscript is an interpreter for the PostScript language and for PDF.
+Multiple vulnerabilities have been discovered in GPL Ghostscript. Please + review the CVE identifiers referenced below for additional information. +
+A context-dependent attacker could entice a user to open a specially + crafted PostScript file or PDF document using GPL Ghostscript possibly + resulting in the execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All GPL Ghostscript users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.21"
+
+ VTE based, highly customizable terminal emulator
+Steve Kemp of Debian identified a flaw in evilvte which does not + properly validate hypertext links. Please review the Debian bug report + referenced below. +
+Remote attackers could execute arbitrary code by enticing a user to + click a hyperlink in their terminal. +
+There is no known workaround at this time.
+Gentoo Security recommends that users unmerge evilvte:
+ +
+ # emerge --unmerge "x11-terms/evilvte"
+
+ bzip2 is a high-quality data compressor used extensively by Gentoo + Linux. +
+A use-after-free flaw was found in bzip2recover, leading to a null + pointer dereference, or a write to a closed file descriptor. Please + review the CVE identifier referenced below for details. +
+A remote attacker could entice a user to process a specially crafted + bzip2 archive using bzip2recover, possibly resulting in a Denial of + Service condition. +
+There is no known workaround at this time.
+All bzip2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/bzip2-1.0.6-r8"
+
+
+