Free software emulation of curses in System V.
+Multiple vulnerabilities have been discovered in ncurses. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, by enticing the user to process untrusted terminfo or + other data, could execute arbitrary code or cause a Denial of Service + condition. +
+There is no known workaround at this time.
+All ncurses users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.1:0"
+
+ GDK-PixBuf is an image loading library for GTK+.
+Several integer overflows were discovered in GDK-PixBuf’s gif_get_lzw + function. +
+A remote attacker, by enticing a user to process a specially crafted + image file, could execute arbitrary code or cause a Denial of Service + condition. +
+There is no known workaround at this time.
+All GDK-PixBuf users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/gdk-pixbuf-2.36.11"
+
+ Evince is a document viewer for multiple document formats, including + PostScript. +
+A vulnerability was discovered in Evince’s handling of filenames while + printing PDF files. +
+A remote attacker, by enticing the user to process a specially crafted + file, could execute arbitrary commands. +
+There is no known workaround at this time.
+All Evince users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/evince-3.24.2-r1"
+
+ ClamAV is a GPL virus scanner.
+Multiple vulnerabilities have been discovered in ClamAV. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, through multiple vectors, could execute arbitrary + code, cause a Denial of Service condition, or have other unspecified + impacts. +
+There is no known workaround at this time.
+All ClamAV users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.99.4"
+
+ Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and + BGP. +
+Multiple vulnerabilities have been discovered in Quagga. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, by sending specially crafted packets, could execute + arbitrary code or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Quagga users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4"
+
+ A log monitoring program, designed to watch one or more log files for + lines matching user defined regular expressions and report on the + matches. +
+It was discovered that the tenshi ebuild creates a tenshi.pid file after + dropping privileges to a non-root account. +
+A local attacker could escalate privileges to root or kill arbitrary + processes. +
+There is no known workaround at this time.
+All tenshi users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/tenshi-0.17"
+
+ mbed TLS (previously PolarSSL) is an “easy to understand, use, + integrate and expand” implementation of the TLS and SSL protocols and + the respective cryptographic algorithms and support code required. +
+Multiple vulnerabilities have been discovered in mbed TLS. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, through multiple vectors, could possibly execute + arbitrary code with the privileges of the process or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All mbed TLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/mbedtls-2.7.2"
+
+ An unzip like for .ADF files.
+Multiple vulnerabilities were discovered in unADF that can lead to + remote code execution. Please review the CVE identifiers referenced below + for details. +
+A remote attacker, by enticing a user to process a specially crafted + file, could execute arbitrary code. +
+There is no known workaround at this time.
+All unADF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/unadf-0.7.12-r1"
+
+ A reliable logging program.
+A buffer overflow was discovered in librelp with the handling of x509 + certificates. +
+A remote attacker, by sending a specially crafted x509 certificate, + could execute arbitrary code. +
+There is no known workaround at this time.
+All librelp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/librelp-1.2.15"
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+ +Google Chrome is one fast, simple, and secure browser for all your + devices. +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, bypass + content security controls, or conduct URL spoofing. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-66.0.3359.117"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/google-chrome-66.0.3359.117"
+
+ DNS functionality to access to DB of information that changes + infrequently. +
+Multiple vulnerabilities have been discovered in hesiod that have + remained unaddressed. Please review the referenced CVE identifiers for + details. +
+A remote or local attacker may be able to escalate privileges to root.
+There is no known workaround at this time.
+Gentoo has discontinued support for hesiod and recommends that users + unmerge the package: +
+ +
+ # emerge --unmerge "net-dns/hesiod"
+
+ Python is an interpreted, interactive, object-oriented programming + language. +
+A buffer overflow was discovered in Python’s PyString_DecodeEscape + function in stringobject.c. +
+Remote attackers, by enticing a user to process a specially crafted + file, could execute arbitrary code. +
+There is no known workaround at this time.
+All Python 2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.14:2.7"
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+ +Google Chrome is one fast, simple, and secure browser for all your + devices. +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-66.0.3359.139"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/google-chrome-66.0.3359.139"
+
+
+ File transfer program to keep remote files into sync.
+A vulnerability was discovered in rsync’s parse_arguments function in + options.c. +
+Remote attackers could possibly execute arbitrary commands with the + privilege of the process. +
+There is no known workaround at this time.
+All rsync users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.1.3"
+
+ Video player based on MPlayer/mplayer2
+A vulnerability was discovered in mpv with the handling of HTML + documents containing VIDEO elements. Additionally, mpv accepts arbitrary + URLs in a src attribute without a protocol whitelist in + player/lua/ytdl_hook.lua. +
+A remote attacker, by enticing the user to visit a specially crafted web + site, could execute arbitrary code. +
+There is no known workaround at this time.
+All mpv users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mpv-0.27.2"
+
+