# emerge --sync
- # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p2"
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p1"
@@ -58,5 +58,5 @@
Elfutils provides a library and utilities to access, modify and analyse + ELF objects. +
+Multiple vulnerabilities have been discovered in elfutils. Please review + the referenced CVE identifiers for details. +
+A remote attacker could possibly cause a Denial of Service condition via + specially crafted ELF files. +
+There is no known workaround at this time.
+All elfutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/elfutils-0.169-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+A library that provides Abstract Syntax Notation One (ASN.1, as + specified by the X.680 ITU-T recommendation) parsing and structures + management, and Distinguished Encoding Rules (DER, as per X.690) encoding + and decoding functions. +
+Multiple vulnerabilities have been discovered in GNU Libtasn1. Please + review the referenced CVE identifiers for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or have + other unspecified impacts. +
+There is no known workaround at this time.
+All GNU Libtasn1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-4.12-r1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+Puppet Agent contains Puppet’s main code and all of the dependencies + needed to run it, including Facter, Hiera, and bundled versions of Ruby + and OpenSSL. +
+Multiple vulnerabilities have been discovered in Puppet Agent. Please + review the references for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or obtain sensitive information. +
+There is no known workaround at this time.
+All Puppet Agent users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/puppet-agent-1.7.1"
+
+ Graphite is a “smart font” system developed specifically to handle + the complexities of lesser-known languages of the world. +
+Multiple vulnerabilities have been discovered in Graphite. Please review + the referenced CVE identifiers for details. +
+ +A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or have + other unspecified impacts. +
+There is no known workaround at this time.
+All Graphite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphite2-1.3.10"
+
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, offers + Webkit’s full functionality and is used on a wide range of systems. +
+Multiple vulnerabilities have been discovered in WebkitGTK+. Please + review the references below for details. +
+A remote attacker could execute arbitrary code, cause a Denial of + Service condition, bypass intended memory-read restrictions, conduct a + timing side-channel attack to bypass the Same Origin Policy, obtain + sensitive information, or spoof the address bar. +
+ +There is no known workaround at this time.
+All WebKitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.6"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+GnuTLS is a secure communications library implementing the SSL, TLS and + DTLS protocols and technologies around them. +
+A null pointer dereference while decoding a status response TLS + extension with valid contents was discovered in GnuTLS. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.5.13"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+Shadow is a set of tools to deal with user accounts.
+Malformed input in the newusers tool may produce crashes and other + unspecified behaviors. +
+A remote attacker could possibly cause a Denial of Service condition or + bypass privilege boundaries in some web-hosting environments in which a + Control Panel allows an unprivileged user account to create subaccounts. +
+There is no known workaround at this time.
+All Shadow users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.5"
+
+