Elfutils provides a library and utilities to access, modify and analyse + ELF objects. +
+An integer overflow, in the check_section function of dwarf_begin_elf.c, + in the libdw library can lead to a heap-based buffer overflow. +
+A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the execution of arbitrary code with the privileges + of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All elfutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/elfutils-0.159"
+
+ Ghostscript is an interpreter for the PostScript language and for PDF.
+An integer overflow flaw was discovered that leads to an out-of-bounds + read and write in gs_ttf.ps. +
+A remote attacker could entice a user to open a specially crafted file, + possibly resulting in the execution of arbitrary code with the privileges + of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All GPL Ghostscript users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.09"
+
+ A system and service manager.
+Multiple vulnerabilities have been discovered in systemd. Please review + the CVE identifiers referenced below for details. +
+An attacker could possibly execute arbitrary code with the privileges of + the process, cause a Denial of Service condition, or gain escalated + privileges. +
+There is no known workaround at this time.
+All systemd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/systemd-208"
+
+ XStream is a simple library to serialize objects to XML and back again.
+It was found that XStream would deserialize arbitrary user-supplied XML + content, thus representing objects of any type. +
+A remote attacker could pass a specially crafted XML document to + XStream, possibly resulting in the execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All XStream users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/xstream-1.4.8-r1"
+
+ TigerVNC is a high-performance VNC server/client.
+TigerVNC is impacted by the same vulnerability as found in + CVE-2014-6051. An integer overflow, leading to a heap-based buffer + overflow, was found in the way screen sizes were handled. +
+A remote attacker, utilizing a malicious VNC server, could execute + arbitrary code with the privileges of the user running the client, or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All TigerVNC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.4.2"
+
+ Pixman is a pixel manipulation library.
+In pixman-general, careless computations done with the ‘dest_buffer’ + pointer may overflow, failing the buffer upper limit check. +
+A remote attacker could possibly cause a Denial of Service condition, or + execute arbitrary code with the privileges of the process. +
+There is no known workaround at this time.
+All Pixman users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/pixman-0.32.8"
+
+ Botan (Japanese for peony) is a cryptography library written in C++11.
+Multiple vulnerabilities have been discovered in Botan. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Botan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/botan-1.10.12"
+
+ Bash is the standard GNU Bourne Again SHell.
+A vulnerability was found in the way Bash expands $HOSTNAME. Injecting + malicious code into $HOSTNAME could cause it to run each time Bash + expands \h in the prompt string. +
+A remote attacker controlling the system’s hostname (i.e. via DHCP) + could possibly execute arbitrary code with the privileges of the process, + or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All Bash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.3_p46-r1"
+
+ Squashfs is a compressed read-only filesystem for Linux. Squashfs is + intended for general read-only filesystem use, for archival use (i.e. in + cases where a .tar.gz file may be used), and in constrained block + device/memory systems (e.g. embedded systems) where low overhead is + needed. +
+Multiple vulnerabilities have been discovered in SQUASHFS. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted .sqsh + file using unsquashfs; possibly resulting in the execution of arbitrary + code with the privileges of the process, or a Denial of Service + condition. +
+There is no known workaround at this time.
+All squashfs-tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=squashfs-tools-4.3"
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. It offers WebKit’s + full functionality and is useful in a wide range of systems from desktop + computers to embedded systems like phones, tablets, and televisions. + WebKitGTK+ is made by a lively community of developers and designers, who + hope to bring the web platform to everyone. It’s the official web + engine of the GNOME platform and is used in browsers such as Epiphany and + Midori. +
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the CVE identifiers referenced below for details. +
+A remote attacker can use multiple vectors to execute arbitrary code or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All WebKitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.10-r200"
+
+ Zabbix is software for monitoring applications, networks, and servers.
+Multiple vulnerabilities have been discovered in Zabbix. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Zabbix users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-2.2.16"
+
+ Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript + engine. +
+Multiple vulnerabilities have been discovered in Node.js. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition, or + conduct man-in-the-middle attacks. +
+There is no known workaround at this time.
+All Node.js 0.12.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-0.12.17"
+
+
+ All Node.js 4.6.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-4.6.1"
+
+