Keepalived is a strong & robust keepalive facility to the Linux + Virtual Server project. +
+Multiple vulnerabilities have been discovered in keepalived. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted request possibly + resulting in a Denial of Service condition. A local attacker could + perform symlink attacks to overwrite arbitrary files with the privileges + of the user running the application. +
+There is no known workaround at this time.
+All Keepalived users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/keepalived-2.0.10"
+
+ A shell designed for interactive use, although it is also a powerful + scripting language. +
+Two input validation errors have been discovered in how Zsh parses + scripts: +
+ +An attacker could entice a user to execute a specially crafted script + using Zsh, possibly resulting in execution of arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All Zsh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.6"
+
+
+ A command line tool and library for transferring data with URLs.
+Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +
+Remote attackers could cause a Denial of Service condition.
+There is no known workaround at this time.
+All cURL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.64.0"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to view a specially crafted web + page possibly resulting in the execution of arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Mozilla FireFox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-60.5.1"
+
+
+ All Mozilla FireFox bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.5.1"
+
+ The Tar program provides the ability to create and manipulate tar + archives. +
+The sparse_dump_region function in sparse.c file in Tar allows an + infinite loop using the --sparse option. +
+A local attacker could cause a Denial of Service condition by modifying + a file that is supposed to be archived by a different user’s process + (e.g., a system backup running as root). +
+There is no known workaround at this time.
+All Tar users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/tar-1.30-r1"
+
+
+ rdesktop is a Remote Desktop Protocol (RDP) Client.
+Multiple vulnerabilities have been discovered in rdesktop. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service condition, obtain + sensitive information, or execute arbitrary code. +
+There is no known workaround at this time.
+All rdesktop users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rdesktop-1.8.4"
+
+ A system and service manager.
+Multiple vulnerabilities have been discovered in systemd. Please review + the CVE identifiers referenced below for details. +
+An attacker could cause a Denial of Service condition or possibly + execute arbitrary code. +
+There is no known workaround at this time.
+All systemd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/systemd-239-r4"
+
+ GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +
+A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c.
+A local attacker could obtain sensitive information to include + credentials. +
+There is no known workaround at this time.
+All GNU Wget users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wget-1.20.1"
+
+