OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.
+A vulnerability has been discovered in OpenSSH. Please review the CVE identifier referenced below for details.
+A critical vulnerability in sshd(8) was present in Portable OpenSSH +versions that may allow arbitrary code execution with root privileges. + +Successful exploitation has been demonstrated on 32-bit Linux/glibc +systems with ASLR. Under lab conditions, the attack requires on +average 6-8 hours of continuous connections up to the maximum the +server will accept. Exploitation on 64-bit systems is believed to be +possible but has not been demonstrated at this time. It's likely that +these attacks will be improved upon.
+There is no known workaround at this time. + +Note that Gentoo has backported the fix to the following versions: + +net-misc/openssh-9.6_p1-r5 +net-misc/openssh-9.7_p1-r6
+All OpenSSH users should upgrade to the latest version and restart the sshd server (to ensure access for new sessions and no vulnerable code keeps running).
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.7_p1-r6"
+
+
+ With OpenRC:
+ +
+ # rc-service sshd restart
+
+
+ With systemd:
+ +
+ # systemctl try-restart sshd.service
+
+ Sofia-SIP is an RFC3261 compliant SIP User-Agent library.
+Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details.
+Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details.
+There is no known workaround at this time.
+Gentoo has discontinued support for the Sofia-SIP package. We recommend that users unmerge it:
+ +
+ # emerge --ask --depclean "net-libs/sofia-sip"
+
+ PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator.
+Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PuTTY users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/putty-0.81"
+
+
+ In addition, any keys generated with PuTTY versions 0.68 to 0.80 should be considered breached and should be regenerated.
+Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI.
+Please review the referenced CVE identifiers for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Podman users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-containers/podman-4.9.4"
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All WebKitGTK+ users should upgrade to the latest version (depending on the installed slots):
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:4"
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:4.1"
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:6"
+
+ TigerVNC is a high-performance VNC server/client.
+Multiple vulnerabilities have been discovered in TigerVNC. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All TigerVNC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.12.0-r2"
+
+ GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats.
+Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GraphicsMagick users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.40"
+
+ The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system.
+A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Coreutils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/coreutils-9.4-r1"
+
+ BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils.
+Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All BusyBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.34.0"
+
+ Stellarium is a free open source planetarium for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope.
+A vulnerability has been discovered in Stellarium. Please review the CVE identifier referenced below for details.
+Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.
+There is no known workaround at this time.
+All Stellarium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-astronomy/stellarium-23.1"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.11.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.11.0"
+
+ KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.
+Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details.
+KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE +based purely on the host, allowing all local connections. This allows +another user on the same machine to gain access to the session +manager. + +A well crafted client could use the session restore feature to execute +arbitrary code as the user on the next boot.
+There is no known workaround at this time.
+All KDE Plasma Workspaces users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1"
+
+ X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files.
+Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All X.Org X11 library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.8.7"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-124.0.1"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-124.0.1:rapid"
+
+
+ All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-115.9.1:esr"
+
+
+ All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.9.1:esr"
+
+ LIVE555 Media Server is a set of libraries for multimedia streaming.
+Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All LIVE555 Media Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-plugins/live-2021.08.24"
+
+ HarfBuzz is an OpenType text shaping engine.
+Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details.
+hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
+There is no known workaround at this time.
+All HarfBuzz users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-7.1.0"
+
+ Buildah is a tool that facilitates building Open Container Initiative (OCI) container images
+Please review the referenced CVE identifiers for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Buildah users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-containers/buildah-1.35.3"
+
+ Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).
+Dmidecode -dump-bin can overwrite a local file. This has security relevance because, for example, execution of Dmidecode via sudo is plausible.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All Dmidecode users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dmidecode-3.5"
+
+ ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.
+Multiple vulnerabilities have been discovered in ExifTool. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All ExifTool users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/exiftool-12.42"
+
+ Freenet is an encrypted network without censorship.
+This release fixes a severe vulnerability in path folding that allowed +to distinguish between downloaders and forwarders with an adapted +node that is directly connected via opennet.
+This release fixes a severe vulnerability in path folding that allowed +to distinguish between downloaders and forwarders with an adapted +node that is directly connected via opennet.
+There is no known workaround at this time.
+All Freenet users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/freenet-0.7.5_p1497"
+
+