sudoedit in sudo is vulnerable to the escalation of privileges by local users via a symlink attack. This can be exploited by a file whose full - path is defined using multiple wildcards in /etc/sudoers, as demonstrated - by “/home///file.txt. + path is defined using multiple wildcards in “/etc/sudoers”, as + demonstrated by “/home/*/*/file.txt”.
All OpenOffice users should upgrade to the latest version:
# emerge --sync
- # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.2"
The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-25.0.0.148"
+
+
+ libevent is a library to execute a function when a specific event occurs + on a file descriptor. +
+Multiple vulnerabilities have been discovered in libevent. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All libevent users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libevent-2.1.7_rc"
+
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, bypass security restrictions or spoof content. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-58.0.3029.81"
+
+
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +
+Multiple vulnerabilities have been discovered in in Oracle’s JRE and + JDK. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, gain access to information, or cause a Denial + of Service condition. +
+There is no known workaround at this time.
+All Oracle JRE users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.8.0.131"
+
+
+ All Oracle JDK users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.8.0.131"
+
+
+ The Mozilla Network Security Service (NSS) is a library implementing + security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS + #12, S/MIME and X.509 certificates. +
+Multiple vulnerabilities have been discovered in NSS. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or view + sensitive information. +
+There is no known workaround at this time.
+All NSS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.29.5"
+
+
+