The GNU C library is the standard C library used by Gentoo Linux + systems. +
+A vulnerability was discovered in the GNU C Library functions xdr_bytes + and xdr_string. +
+A remote attacker, by sending a crafted UDP packet, could cause a Denial + of Service condition. +
+There is no known workaround at this time.
+All GNU C Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.26.0"
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +
+A remote attacker to obtain sensitive information, caused by the failure + to immediately close the TCP connection after the hosts encounter a + zero-length record with valid padding. +
+ +A local attacker could run a malicious process next to legitimate + processes using the architecture’s parallel thread running capabilities + to leak encrypted data from the CPU’s internal processes. +
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2r"
+
+ A project that aims at giving high performance, scalable, and fault + tolerant access to data repositories of many kinds. +
+A shell command injection was discovered in XRootD.
+ +A remote attacker could execute arbitrary code.
+There is no known workaround at this time.
+All XRootD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/xrootd-4.8.3"
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. +
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the referenced CVE identifiers for details. +
+An attacker could execute arbitrary code or conduct cross-site + scripting. +
+There is no known workaround at this time.
+All WebkitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6"
+
+ BIND (Berkeley Internet Name Domain) is a Name Server.
+Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +
+BIND can improperly permit recursive query service to unauthorized + clients possibly resulting in a Denial of Service condition or to be used + in DNS reflection attacks. +
+There is no known workaround at this time.
+All bind users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/bind-9.12.1_p2-r1"
+
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +
+Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE + software suites. Please review the CVE identifiers referenced below for + details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, gain access to information, or cause a Denial + of Service condition. +
+There is no known workaround at this time.
+All Oracle JDK bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.8.0.202"
+
+
+ All Oracle JRE bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.8.0.202"
+
+