Warning: When you are upgrading to a new major Perl version, the + commands above may not be sufficient. Please visit the Gentoo wiki + referenced below to learn how to upgrade to a new major Perl version. +
An authentication service for creating and validating credentials.
+It was discovered that Gentoo’s default MUNGE installation suffered + from a privilege escalation vulnerability (munge user to root) due to + improper permissions and a runscript which called chown() on a user + controlled file. +
+A local attacker, who either is already MUNGE’s system user or belongs + to MUNGE’s group, could potentially escalate privileges. +
+There is no known workaround at this time.
+All MUNGE users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/munge-0.5.10-r2"
+
+ Shadow is a set of tools to deal with user accounts.
+Multiple vulnerabilities have been discovered in Shadow. Please review + the CVE identifiers referenced below for details. +
+A local attacker could possibly cause a Denial of Service condition, + gain privileges via crafted input, or SIGKILL arbitrary processes. +
+There is no known workaround at this time.
+All Shadow users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.4-r2"
+
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+A remote attacker might cause a Denial of Service or gain escalated + privileges from a guest VM. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.9.0-r2"
+
+
+ Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +
+Timo Schmid discovered that the Git restricted shell incorrectly + filtered allowed commands. +
+A remote attacker could possibly bypass security restrictions and access + sensitive information. +
+There is no known workaround at this time.
+All Git users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.13.0"
+
+
+ D-Bus is a message bus system which processes can use to talk to each + other. +
+Multiple vulnerabilities have been discovered in D-Bus. Please review + the original report referenced below for details. +
+An attacker could possibly overwrite arbitrary files named “once” + with content not controlled by the attacker. +
+ +A local attacker could perform a symlink attack against D-Bus’ test + suite. +
+There is no known workaround at this time.
+All D-Bus users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.10.18"
+
+
+ ImageWorsener is a cross-platform command-line utility and library for + image scaling and other image processing. +
+Multiple vulnerabilities have been discovered in ImageWorsener. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to process a specially crafted + image file using ImageWorsener, possibly resulting in a Denial of Service + condition or have other unspecified impacts. +
+There is no known workaround at this time.
+All ImageWorsener users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imageworsener-1.3.1"
+
+
+ The RPCBind utility is a server that converts RPC program numbers into + universal addresses. +
+ +Libtirpc is a port of Suns Transport-Independent RPC library to Linux.
+It was found that due to the way RPCBind uses libtirpc (libntirpc), a + memory leak can occur when parsing specially crafted XDR messages. +
+A remote attacker could send thousands of messages to RPCBind, possibly + resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All RPCBind users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-nds/rpcbind-0.2.4-r1"
+
+
+ All Libtirpc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libtirpc-1.0.1-r1"
+
+
+ A lightweight PDF, XPS, and E-book viewer.
+Multiple vulnerabilities have been discovered in MuPDF. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to process a specially crafted PDF + document or image using MuPDF, possibly resulting in a Denial of Service + condition or have other unspecified impact. +
+There is no known workaround at this time.
+All MuPDF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.11-r1"
+
+
+ FileZilla is an open source FTP client.
+FileZilla is affected by the same vulnerability as reported in “GLSA + 201703-03” because the package included a vulnerable copy of PuTTY. + Please read the GLSA for PuTTY referenced below for details. +
+A remote attacker, utilizing the SSH agent forwarding of an SSH server, + could execute arbitrary code with the privileges of the user running + FileZilla or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All FileZilla users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/filezilla-3.25.2"
+
+
+ Pidgin is a GTK Instant Messenger client for a variety of instant + messaging protocols. +
+Joseph Bisch discovered that Pidgin incorrectly handled certain xml + messages. +
+A remote attacker could send a specially crafted instant message, + possibly resulting in execution of arbitrary code with the privileges of + the Pidgin process. +
+There is no known workaround at this time.
+All Pidgin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.12.0"
+
+
+ PCRE library is a set of functions that implement regular expression + pattern matching using the same syntax and semantics as Perl 5. +
+It was found that the compile_bracket_matchingpath function in + pcre_jit_compile.c in PCRE library is vulnerable to an out-of-bounds + read. +
+A remote attacker could possibly cause a Denial of Service condition via + a special crafted regular expression. +
+There is no known workaround at this time.
+All PCRE library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-8.40-r1"
+
+
+ Wireshark is a network protocol analyzer formerly known as ethereal.
+Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to process a specially crafted + network packet using Wireshark, possibly resulting a Denial of Service + condition. +
+There is no known workaround at this time.
+All Wireshark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-2.2.6"
+
+
+ Minicom is a text-based serial port communications program.
+In minicom before version 2.7.1, the escparms[] buffer in vt100.c is + vulnerable to an overflow. +
+A remote attacker, able to connect to a minicom port, could possibly + execute arbitrary code with the privileges of the process, or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All minicom users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dialup/minicom-2.7.1"
+
+
+ FreeType is a high-quality and portable font engine.
+Multiple vulnerabilities have been discovered in FreeType. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to use a specially crafted font + file using FreeType, possibly resulting in execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All FreeType users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.8"
+
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine.
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the CVE identifiers referenced below for details. +
+A remote attack can use multiple vectors to execute arbitrary code or + cause a denial of service condition. +
+There is no known workaround at this time.
+All WebKitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
+
+
+