LibreOffice is a powerful office suite; its clean interface and powerful + tools let you unleash your creativity and grow your productivity. +
+ +Apache OpenOffice is the leading open-source office software suite for + word processing, spreadsheets, presentations, graphics, databases and + more. +
+Multiple vulnerabilities have been found in both LibreOffice and + OpenOffice. Please review the referenced CVE’s for specific + information regarding each. +
+Remote attackers could obtain sensitive information, cause a Denial of + Service condition, or execute arbitrary code. +
+There is no known work around at this time.
+All LibreOffice users should upgrade their respective packages to the + latest version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.1.4.2"
+ # emerge --ask --oneshot --verbose
+ ">=app-office/libreoffice-bin-debug-5.1.4.2"
+
+ All OpenOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.2"
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +
+Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please + review the referenced CVE’s for additional information. +
+Remote attackers could gain access to information, remotely execute + arbitrary code, or cause Denial of Service. +
+There is no known workaround at this time.
+All Oracle JRE Users users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.8.0.111"
+
+
+ All Oracle JDK Users users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.8.0.111"
+
+ tnftp is a NetBSD FTP client with several advanced features.
+The fetch_url function in usr.bin/ftp/fetch.c allows remote + attackers to execute arbitrary commands via a +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process. +
+There is no known workaround at this time.
+All tnftp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=net-ftp/tnftp-20141104"
+
+ xinetd is a secure replacement for inetd.
+Xinetd does not enforce the user and group configuration directives for + TCPMUX services, which causes these services to be run as root. +
+Attackers could escalate privileges outside of the running process.
+There is no known workaround at this time.
+All xinetd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=sys-apps/xinetd-2.3.15-r2"
+
+ polkit is a toolkit for managing policies relating to unprivileged + processes communicating with privileged processes. +
+A vulnerability was discovered in polkit’s + polkit_backend_action_pool_init function due to duplicate action IDs in + action descriptions. +
+Local attackers are able to gain unauthorized privileges on the system.
+There is no known workaround at this time.
+All polkit users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.113"
+
+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several other programs, including web + browsers and potentially server processes. +
+Multiple vulnerabilities were found in libpng. Please review the + referenced CVE’s for additional information. +
+Remote attackers could cause a Denial of Service condition or have other + unspecified impacts. +
+There is no known workaround at this time.
+All libpng 1.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.56"
+
+
+ All libpng 1.5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.26"
+
+
+ All libpng 1.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.21"
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +
+A malicious guest administrator could escalate their privileges on the + host system or cause a Denial of Service. Additionally, a malicious + unprivileged guest user may be able to obtain or corrupt sensitive + information (including cryptographic material) in other programs in the + same guest. +
+There is no known workaround at this time.
+All Xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.3-r3"
+
+
+ All Xen tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.6.3-r2
+
+ libuv is a multi-platform support library with a focus on asynchronous + I/O. +
+It was discovered that libuv does not call setgroups before calling + setuid/setgid. If this is not called, then even though the uid has been + dropped, there may still be groups associated that permit superuser + privileges. +
+Context-dependent attackers could escalate privileges via unspecified + vectors. +
+There is no known workaround at this time.
+All libuv users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --verbose --oneshot ">=dev-libs/libuv-1.4.2"
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+A privileged user /process within a guest QEMU environment can cause a + Denial of Service condition against the QEMU guest process or the host. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.7.0-r6"
+
+ imlib2 is an advanced replacement for image manipulation libraries such + as libXpm. It is utilized by numerous programs, including gkrellm and + several window managers, to display images. +
+Multiple vulnerabilities have been discovered in imlib2. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted image + file using an application linked against imlib2, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All imlib2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/imlib2-1.4.9"
+
+ MongoDB (from “humongous”) is a scalable, high-performance, open + source, schema-free, document-oriented database. +
+MongoDB’s ‘mongod’ server fails to validate some cases of + malformed BSON. +
+A remote attacker could send a specially crafted BSON request possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All MongoDB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mongodb-2.4.13"
+
+ MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. +
+Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All MIT Kerberos 5 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13.2-r2"
+
+