FFmpeg is a complete, cross-platform solution to record, convert and + stream audio and video. +
+Multiple vulnerabilities have been discovered in FFmpeg. Please review + the CVE identifiers referenced below for details. +
+ +gst-plugins-libav is affected because this package is bundling a + vulnerable FFmpeg version. +
+A remote attacker could entice a user or automated system using FFmpeg + to process a specially crafted file, resulting in the execution of + arbitrary code or a Denial of Service. +
+There is no known workaround at this time.
+All FFmpeg users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-3.2.4"
+
+
+ All gst-plugins-libav users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-plugins/gst-plugins-libav-1.10.4"
+
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, bypass + access restriction, access otherwise protected information, or spoof + content via multiple vectors. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-45.8.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-45.8.0"
+
+
+ Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to open a specially crafted email + or web page, could possibly execute arbitrary code with the privileges of + the process, cause a Denial of Service condition, spoof content or obtain + sensitive information. +
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-45.8.0"
+
+
+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-45.8.0"
+
+
+ Libav is a complete solution to record, convert and stream audio and + video. +
+Multiple vulnerabilities have been discovered in libav. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted media + file in an application linked against libav, possibly resulting in + execution of arbitrary code with the privileges of the application, a + Denial of Service condition or access the content of arbitrary local + files. +
+There is no known workaround at this time.
+All libav users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/libav-11.8"
+
+
+ Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
+Multiple vulnerabilities have been discovered in Tomcat. Please review + the CVE identifiers referenced below for details. +
+A remote attacker may be able to cause a Denial of Service condition, + obtain sensitive information, bypass protection mechanisms and + authentication restrictions. +
+ +A local attacker, who is a tomcat’s system user or belongs to + tomcat’s group, could potentially escalate privileges. +
+There is no known workaround at this time.
+All Apache Tomcat users have to manually check their Tomcat runscripts + to make sure that they don’t use an old, vulnerable runscript. In + addition: +
+ +All Apache Tomcat 7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.70:7"
+
+
+ All Apache Tomcat 8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.0.36:8"
+
+
+ The GStreamer plug-ins provide decoders to the GStreamer open source + media framework. +
+Multiple vulnerabilities have been discovered in various GStreamer + plug-ins. Please review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user or automated system using a + GStreamer plug-in to process a specially crafted file, resulting in the + execution of arbitrary code or a Denial of Service. +
+There is no known workaround at this time.
+All gst-plugins-bad users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/gst-plugins-bad-1.10.3:1.0"
+
+
+ All gst-plugins-good users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/gst-plugins-good-1.10.3:1.0"
+
+
+ All gst-plugins-base users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/gst-plugins-base-1.10.3:1.0"
+
+
+ All gst-plugins-ugly users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/gst-plugins-ugly-1.10.3:1.0"
+
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers and Xen Security Advisory referenced below for details. +
+A local attacker could potentially execute arbitrary code with + privileges of Xen (QEMU) process on the host, gain privileges on the host + system, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.7.2-r1:0"
+
+
+ All Xen Tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.7.2:0"
+
+
+ All Xen pvgrub users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/xen-pvgrub-4.7.2:0"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+ +A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash Player users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-25.0.0.171 :22"
+
+
+ Teeworlds is an online multi-player platform 2D shooter.
+Teeworlds client contains a vulnerability allowing a malicious server to + execute arbitrary code, or write to arbitrary physical memory via the + CClient::ProcessServerPacket method. +
+A remote malicious server can write to arbitrary physical memory + locations and possibly execute arbitrary if a vulnerable client joins the + server. +
+There is no known workaround at this time.
+All Teeworlds users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=games-action/teeworlds-0.6.4:0"
+
+
+ Smb4K is a SMB/CIFS (Windows) share browser for KDE.
+Smb4k contains a logic flaw in which mount helper binary does not + properly verify the mount command it is being asked to run. +
+A local user can execute commands with the root privilege due to the + mount helper being installed as suid. +
+There is no known workaround at this time.
+All Smb4K users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/smb4k-1.2.3-r1:4"
+
+
+ sudo (su “do”) allows a system administrator to delegate authority + to give certain users (or groups of users) the ability to run some (or + all) commands as root or another user while providing an audit trail of + the commands and their arguments. +
+Qualys discovered a vulnerability in sudo’s get_process_ttyname() for + Linux, that via sudo_ttyname_scan() can be directed to use a + user-controlled, arbitrary tty device during its traversal of “/dev” + by utilizing the world-writable /dev/shm. +
+A local attacker can pretend that his tty is any character device on the + filesystem, and after two race conditions, an attacker can pretend that + the controlled tty is any file on the filesystem allowing for privilege + escalation +
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p1"
+
+
+