GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +
+It was discovered that there was a header injection vulnerability in GNU + Wget which allowed remote attackers to inject arbitrary HTTP headers via + CRLF sequences in the host subcomponent of a URL. +
+A remote attacker could inject arbitrary HTTP headers in requests by + tricking a user running GNU Wget into processing crafted URLs. +
+There is no known workaround at this time.
+All GNU Wget users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wget-1.19.1-r1"
+
+
+ Kodi (formerly XBMC) is a free and open-source media player software + application. +
+Multiple vulnerabilities have been discovered in Kodi. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted image + file using Kodi, possibly resulting in a Denial of Service condition. +
+ +Furthermore, a remote attacker could entice a user process a specially + crafted ZIP file containing subtitles using Kodi, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Kodi users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-tv/kodi-17.2"
+
+
+ mbed TLS (previously PolarSSL) is an “easy to understand, use, + integrate and expand” implementation of the TLS and SSL protocols and + the respective cryptographic algorithms and support code required. +
+Multiple vulnerabilities have been discovered in mbed TLS. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All mbed TLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/mbedtls-2.4.2"
+
+
+ The GNU C library is the standard C library used by Gentoo Linux + systems. +
+Multiple vulnerabilities have been discovered in the GNU C Library. + Please review the CVE identifiers and Qualys’ security advisory + referenced below for details. +
+An attacker could possibly execute arbitrary code with the privileges of + the process, escalate privileges or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All GNU C Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.23-r4"
+
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, bypass security restrictions or spoof content. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-59.0.3071.104"
+
+
+