The X Window System is a graphical windowing system based on a + client/server model. +
+Multiple vulnerabilities have been discovered in X.Org X Server. Please + review the CVE identifiers referenced below for details. +
+An authenticated attacker could possibly cause a Denial of Service + condition or read from or send information to arbitrary X11 clients. +
+There is no known workaround at this time.
+All X.Org X Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.18.4"
+
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +
+Multiple vulnerabilities have been discovered in in Oracle’s JRE and + JDK. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, gain access to information, or cause a Denial + of Service condition. +
+There is no known workaround at this time.
+All Oracle JRE users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.8.0.121"
+
+
+ All Oracle JDK users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.8.0.121"
+
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, bypass security restrictions, or perform + cross-site scripting (XSS). +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-56.0.2924.76"
+
+ a2ps is an Any to PostScript filter.
+a2ps’ fixps script does not invoke gs with the -dSAFER option.
+Remote attackers, by enticing a user to process a specially crafted + PostScript file, could delete arbitrary files or execute arbitrary code + with the privileges of the process. +
+There is no known workaround at this time.
+All a2ps users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/a2ps-4.14-r5"
+
+ FreeImage is an Open Source library project for developers who would + like to support popular graphics image formats like PNG, BMP, JPEG, TIFF + and others as needed by today’s multimedia applications. +
+Multiple vulnerabilities have been discovered in in FreeImage. Please + review the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to process a specially crafted + image file, could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All FreeImage users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freeimage-3.15.4-r1"
+
+ Ark is a graphical file compression/decompression utility with support + for multiple formats. +
+A vulnerability was discovered in how Ark handles executable files while + browsing a compressed archive. A user could unintentionally execute a + malicious script which has the executable bit set inside of the archive. + This is due to Ark not displaying what files are executable and running + the associated applications for the file type upon execution. +
+A remote attacker, by coercing a user to browse a malicious archive file + within Ark and execute certain files, could execute arbitrary code with + the privileges of the user. +
+There is no known workaround at this time.
+All Ark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-apps/ark-16.08.3-r1"
+
+ Firewalld provides a dynamically managed firewall with support for + network/firewall zones to define the trust level of network connections + or interfaces. +
+A flaw in Firewalld allows any locally logged in user to tamper with or + change firewall settings. This is due to how Firewalld handles + authentication via polkit which is not properly applied to 5 particular + functions to include: addPassthrough, removePassthrough, addEntry, + removeEntry, and setEntries. +
+A local attacker could tamper or change firewall settings leading to the + additional exposure of systems to include unauthorized remote access. +
+There is no known workaround at this time.
+All Firewalld users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-firewall/firewalld-0.4.3.3"
+
+ FFmpeg is a complete, cross-platform solution to record, convert and + stream audio and video. +
+Multiple vulnerabilities have been discovered in FFmpeg. Please review + the CVE identifiers referenced below for details. +
+Remote attackers could cause a Denial of Service condition via various + crafted media file types or have other unspecified impacts. +
+There is no known workaround at this time.
+All FFmpeg users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.8.10"
+
+ The X PixMap image format is an extension of the monochrome X BitMap + format specified in the X protocol, and is commonly used in traditional X + applications. +
+An integer overflow was discovered in libXpm’s src/CrDatFrI.c file. + On 64 bit systems, this allows an overflow to occur on 32 bit integers + while parsing XPM extensions in a file. +
+A remote attacker, by enticing a user to process a specially crafted XPM + file, could execute arbitrary code with the privileges of the process or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All libXpm users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libXpm-3.5.12"
+
+ Squashfs is a compressed read-only filesystem for Linux. Squashfs is + intended for general read-only filesystem use, for archival use (i.e. in + cases where a .tar.gz file may be used), and in constrained block + device/memory systems (e.g. embedded systems) where low overhead is + needed. +
+Multiple vulnerabilities have been discovered in SQUASHFS. Please review + the CVE identifiers referenced below for details. +
+Remote attackers, by enticing a user to process a specially crafted + SQUASHFS image, could execute arbitrary code with the privileges of the + process. +
+There is no known workaround at this time.
+All SQUASHFS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/squashfs-tools-4.3-r1"
+
+ libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +
+A null pointer dereference was discovered in libpng in the + png_push_save_buffer function. In order to be vulnerable, an application + has to load a text chunk into the PNG structure, then delete all text, + then add another text chunk to the same PNG structure, which seems to be + an unlikely sequence, but it is possible. +
+A remote attacker, by enticing a user to process a specially crafted PNG + file, could execute arbitrary code with the privileges of the process. +
+There is no known workaround at this time.
+All libpng 1.6.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.27"
+
+
+ All libpng 1.5.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.28:1.5"
+
+
+ All libpng 1.2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.57:1.2"
+
+ Perl is a highly capable, feature-rich programming language.
+Multiple vulnerabilities have been discovered in Perl. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or + escalate privileges. +
+There is no known workaround at this time.
+All Perl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.22.3_rc4"
+
+ HarfBuzz is an OpenType text shaping engine.
+Multiple vulnerabilities have been discovered in HarfBuzz. Please review + the CVE identifiers referenced below for details. +
+Remote attackers, through the use of crafted data, could cause a Denial + of Service condition or have other unspecified impacts. +
+There is no known workaround at this time.
+All HarfBuzz users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-1.0.6"
+
+ Ansible is a radically simple IT automation platform.
+An input validation vulnerability was found in Ansible’s handling of + data sent from client systems. +
+An attacker with control over a client system being managed by Ansible + and the ability to send facts back to the Ansible server could execute + arbitrary code on the Ansible server using the Ansible-server privileges. +
+There is no known workaround at this time.
+All Ansible 2.1.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/ansible-2.1.4.0_rc3"
+
+
+ All Ansible 2.2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/ansible-2.2.1.0_rc5"
+
+
+ PCSC-Lite is a middleware to access a smart card using the SCard API + (PC/SC). +
+The SCardReleaseContext function normally releases resources associated + with the given handle (including “cardsList”) and clients should + cease using this handle. However, a malicious client can make the daemon + invoke SCardReleaseContext and continue issuing other commands that use + “cardsList”, resulting in a use-after-free. When SCardReleaseContext + is invoked multiple times it additionally results in a double-free of + “cardsList”. +
+A local attacker could use a malicious client to connect to pcscd’s + Unix socket, possibly resulting in a Denial of Service condition or + privilege escalation since the daemon is running as root. +
+There is no known workaround at this time.
+All PCSC-Lite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/pcsc-lite-1.8.20"
+
+
+ RTMPDump is an RTMP client intended to stream audio or video flash + content +
+Multiple vulnerabilities have been discovered in RTMPDump.
+ +The following is a list of vulnerabilities fixed:
+ +A remote attacker could entice a user to open a specially crafted media + flash file using RTMPDump. This could possibly result in the execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. +
+There is no known workaround at this time.
+All RTMPDump users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-video/rtmpdump-2.4_p20161210"
+
+ A SUID program that reduces the risk of security breaches by restricting + the running environment of untrusted applications using Linux namespaces + and seccomp-bpf. +
+The unaffected packages listed in GLSA 201612-48 had an incomplete fix + as reported by Sebastian Krahmer of SuSE. This has been properly patched + in the latest releases. +
+An attacker could possibly bypass sandbox protection, cause a Denial of + Service condition, or escalate privileges. +
+There is no known workaround at this time.
+All Firejail users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.44.8"
+
+
+ All Firejail-lts users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/firejail-lts-0.9.38.10"
+
+ GnuTLS is an Open Source implementation of the TLS and SSL protocols.
+Multiple heap and stack overflows and double free vulnerabilities have + been discovered in GnuTLS by the OSS-Fuzz project. Please review the CVE + identifiers referenced below for details. +
+A remote attacker could entice a user or automated system to process a + specially crafted certificate using an application linked against GnuTLS. + This could possibly result in the execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.3.26"
+
+ A daemon to synchronize local directories using rsync.
+default-rsyncssh.lua in Lsyncd performed insufficient sanitising of + filenames. +
+An attacker, able to control files processed by Lsyncd, could possibly + execute arbitrary code with the privileges of the process or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All Lsyncd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/lsyncd-2.1.6"
+
+ Graphviz is an open source graph visualization software.
+Multiple vulnerabilities in Graphviz were discovered. Please review the + CVE identifiers referenced below for details. +
+A remote attacker, able to control input matched against a regular + expression or by enticing a user to process a specially crafted file, + could cause unspecified impacts. +
+There is no known workaround at this time.
+All Graphviz users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.36.0"
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +
+A remote attacker is able to crash applications linked against OpenSSL + or could obtain sensitive private-key information via an attack against + the Diffie-Hellman (DH) ciphersuite. +
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2k"
+
+ VirtualBox is a powerful virtualization product from Oracle.
+Multiple vulnerabilities have been discovered in VirtualBox. Please + review the CVE identifiers referenced below for details. +
+An attacker could cause a Denial of Service condition. Additionally, an + attacker could create, delete or modify critical or all accessible data. +
+There is no known workaround at this time.
+All VirtualBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-5.0.32"
+
+ ImageMagick is a collection of tools and libraries for many image + formats. +
+Multiple vulnerabilities have been discovered in ImageMagick. Please + review the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to process a specially crafted + image file, could execute arbitrary code with the privileges of the + process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All ImageMagick users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.7.4"
+
+ NTFS-3G is a stable, full-featured, read-write NTFS driver for various + operating systems. +
+The NTFS-3G driver does not properly clear environment variables before + invoking mount or umount. +
+ +This flaw is similar to the vulnerability described in + “GLSA-201701-19” and “GLSA-201603-04” referenced below but is now + implemented in the NTFS-3G driver itself. +
+A local user could gain root privileges.
+There is no known workaround at this time. However, on Gentoo when the + “suid” USE flag is not set (which is the default) an attacker cannot + exploit the flaw. +
+All NTFS-3G users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2016.2.22-r2"
+
+ The GNU C library is the standard C library used by Gentoo Linux + systems. +
+Multiple vulnerabilities have been discovered in the GNU C Library. + Please review the CVE identifiers referenced below for details. +
+A context-dependent attacker could possibly execute arbitrary code with + the privileges of the process, disclose sensitive information, or cause a + Denial of Service condition via multiple vectors. +
+There is no known workaround at this time.
+All GNU C Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.23-r3"
+
+ A lightweight PDF, XPS, and E-book viewer.
+Multiple vulnerabilities have been discovered in MuPDF. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted PDF + document using MuPDF possibly resulting in the execution of arbitrary + code, with the privileges of the process, or a Denial of Service + condition. +
+There is no known workaround at this time.
+All MuPDF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.10a-r1"
+
+ Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to open a specially crafted email + or web page, could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-45.7.0"
+
+
+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-45.7.0"
+
+ The Python Cryptography Toolkit (PyCrypto) is a collection of both + secure hash functions (such as SHA256 and RIPEMD160), and various + encryption algorithms (AES, DES, RSA, ElGamal, etc.). +
+A heap-based buffer overflow vulnerability has been discovered in + PyCrypto. Please review the CVE identifier referenced below for details. +
+A remote attacker, able to control the mode of operation in PyCrypto’s + AES module, could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All PyCrypto users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.6.1-r2"
+
+ OCaml is a high-level, strongly-typed, functional, and object-oriented + programming language from the ML family of languages. +
+It was discovered that OCaml was vulnerable to a runtime bug that, on + 64-bit platforms, causes size arguments to internal memmove calls to be + sign-extended from 32- to 64-bits before being passed to the memmove + function. This leads to arguments between 2GiB and 4GiB being interpreted + as larger than they are (specifically, a bit below 2^64), causing a + buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted + as 4GiB smaller than they should be causing a possible information leak. +
+A remote attacker, able to interact with an OCaml-based application, + could possibly obtain sensitive information or cause a Denial of Service + condition. +
+There is no known workaround at this time.
+All OCaml users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/ocam-4.04.0"
+
+
+ Packages which depend on OCaml may need to be recompiled. Tools such as + qdepends (included in app-portage/portage-utils) may assist in + identifying these packages: +
+ +
+ # emerge --oneshot --ask --verbose $(qdepends -CQ dev-lang/ocaml | sed
+ 's/^/=/')
+
+ Redis is an open source (BSD licensed), in-memory data structure store, + used as a database, cache and message broker. +
+Multiple vulnerabilities have been discovered in Redis. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, able to connect to a Redis instance, could issue + malicious commands possibly resulting in the execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Redis 3.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/redis-3.0.7"
+
+
+ All Redis 3.2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/redis-3.2.5"
+
+ MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +
+Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. +
+An attacker could possibly escalate privileges, gain access to critical + data or complete access to all MySQL server accessible data, or cause a + Denial of Service condition via unspecified vectors. +
+There is no known workaround at this time.
+All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.35"
+
+ MariaDB is an enhanced, drop-in replacement for MySQL.
+Multiple vulnerabilities have been discovered in MariaDB. Please review + the CVE identifiers referenced below for details. +
+An attacker could possibly escalate privileges, gain access to critical + data or complete access to all MariaDB Server accessible data, or cause a + Denial of Service condition via unspecified vectors. +
+There is no known workaround at this time.
+All MariaDB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.29"
+
+ TigerVNC is a high-performance VNC server/client.
+A buffer overflow vulnerability in ModifiablePixelBuffer::fillRect in + vncviewer was found. +
+A remote attacker, utilizing a malicious VNC server, could execute + arbitrary code with the privileges of the user running the client or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All TigerVNC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.7.1"
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-24.0.0.221"
+
+ Opus is a totally open, royalty-free, highly versatile audio codec.
+A large NLSF values could cause the stabilization code in + silk/NLSF_stabilize.c to wrap-around and have the last value in + NLSF_Q15[] to be negative, close to -32768. +
+ +Under normal circumstances, the code will simply read from the wrong + table resulting in an unstable LPC filter. The filter would then go + through the LPC stabilization code at the end of silk_NLSF2A(). +
+ +Ultimately, the output audio would be garbage, but no worse than with + any other harmless bad packet. +
+ +Please see the referenced upstream patch and Debian bug report below for + a detailed analysis. +
+ +However, the original report was about a successful exploitation of + Android’s Mediaserver in conjunction with this vulnerability. +
+A remote attacker could entice a user to open a specially crafted media + stream, possibly resulting in execution of arbitrary code with the + privileges of the process, or a Denial of Service condition. +
+There is no known workaround at this time.
+All Opus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/opus-1.1.3-r1"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, bypass + access restriction, access otherwise protected information, or spoof + content via multiple vectors. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-45.7.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-45.7.0"
+
+ Dropbear is an SSH server and client designed with a small memory + footprint. +
+Multiple vulnerabilities have been discovered in Dropbear. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with root + privileges if usernames containing special characters can be created on a + system. Also, a dbclient user who can control username or host arguments + could potentially run arbitrary code with the privileges of the process. +
+ +In addition, a remote attacker could entice a user to process a + specially crafted SSH key using dropbearconvert, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Dropbear users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dropbear-2016.74"
+
+ LibVNCServer/LibVNCClient are cross-platform C libraries that allow you + to easily implement VNC server or client functionality in your program. +
+Multiple vulnerabilities have been discovered in LibVNCServer and + LibVNCClient. Please review the CVE identifiers referenced below for + details. +
+A remote attacker could entice a user to connect to a malicious VNC + server or leverage Man-in-the-Middle attacks to cause the execution of + arbitrary code with the privileges of the user running a VNC client + linked against LibVNCClient. +
+There is no known workaround at this time.
+All LibVNCServer/LibVNCClient users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.9.11"
+
+ libass is a portable subtitle renderer for the ASS/SSA (Advanced + Substation Alpha/Substation Alpha) subtitle format. +
+Multiple vulnerabilities have been discovered in libass. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service condition or other + unknown impacts via unknown attack vectors. +
+There is no known workaround at this time.
+All libass users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libass-0.13.4"
+
+ Nagios is an open source host, service and network monitoring program.
+Multiple vulnerabilities have been discovered in Nagios. Please review + the CVE identifiers referenced below for details. +
+A local attacker, who either is already Nagios’s system user or + belongs to Nagios’s group, could potentially escalate privileges. +
+ +In addition, a remote attacker could read or write to arbitrary files by + spoofing a crafted response from the Nagios RSS feed server. +
+There is no known workaround at this time.
+All Nagios users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-4.2.4"
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers and Xen Security Advisory referenced below for details. +
+A local attacker could potentially execute arbitrary code with + privileges of Xen (QEMU) process on the host, gain privileges on the host + system, cause a Denial of Service condition, or obtain sensitive + information. +
+There is no known workaround at this time.
+All Xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.7.1-r5"
+
+
+ All Xen Tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/xen-tools-4.7.1-r6"
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+A local attacker could potentially execute arbitrary code with + privileges of QEMU process on the host, gain privileges on the host + system, cause a Denial of Service condition, or obtain sensitive + information. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.8.0-r1"
+
+ PHP is a widely-used general-purpose scripting language that is + especially suited for Web development and can be embedded into HTML. +
+Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers referenced below for details. +
+An attacker could possibly execute arbitrary code or create a Denial of + Service condition. +
+There is no known workaround at this time.
+All PHP 5.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.6.30:5.6"
+
+ tcpdump is a tool for network monitoring and data acquisition.
+Multiple vulnerabilities have been discovered in tcpdump. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, by sending a specially crafted network package, could + possibly execute arbitrary code with the privileges of the process or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All tcpdump users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-4.9.0"
+
+ Ghostscript is an interpreter for the PostScript language and for PDF.
+Multiple vulnerabilities have been discovered in GPL Ghostscript and the + bundled OpenJPEG. Please review the CVE identifiers and GLSA-201612-26 + (OpenJPEG) referenced below for additional information. +
+ +Note: GPL Ghostscript in Gentoo since app-text/ghostscript-gpl-9.20-r1 + no longer bundles OpenJPEG. +
+A context-dependent attacker could entice a user to open a specially + crafted PostScript file or PDF using GPL Ghostscript possibly resulting + in the execution of arbitrary code with the privileges of the process or + a Denial of Service condition. +
+There is no known workaround at this time.
+All GPL Ghostscript users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-text/ghostscript-gpl-9.20-r1"
+
+ Archive::Tar::Minitar is a pure-Ruby library and command-line utility + that provides the ability to deal with POSIX tar(1) archive files. +
+Michal Marek discovered that Ruby Archive::Tar::Minitar is vulnerable to + a directory traversal vulnerability. +
+A remote attacker could entice a user or an automated system to process + a specially crafted archive using Ruby Archive::Tar::Minitar possibly + allowing the writing of arbitrary files with the privileges of the + process. +
+There is no known workaround at this time.
+All Ruby Archive::Tar::Minitar users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-ruby/archive-tar-minitar-0.6.1"
+
+ Apache OpenOffice is an open-source office software suite for word + processing, spreadsheets, presentations, graphics, databases and more. +
+An exploitable out-of-bounds vulnerability exists in OpenOffice Impress + when handling MetaActions. +
+A remote attacker could entice a user to open a specially crafted + OpenDocument Presentation .ODP or Presentation Template .OTP file using + OpenOffice Impress, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All OpenOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.3"
+
+
+ The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +
+Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +
+There is no known workaround at this time.
+All Adobe Flash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-plugins/adobe-flash-25.0.0.127"
+
+
+ PuTTY is a free implementation of Telnet and SSH for Windows and Unix + platforms, along with an xterm terminal emulator. +
+A heap-corrupting buffer overflow bug in the ssh_agent_channel_data + function of PuTTY was found. +
+A remote attacker, utilizing the SSH agent forwarding of an SSH server, + could execute arbitrary code with the privileges of the user running the + client or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All PuTTY users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/putty-0.68"
+
+
+