ClamAV: Multiple vulnerabilities

Background ClamAV is a GPL virus scanner. Description Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

Xen: Multiple Vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the referenced XSA security advisories. Impact Please review the referenced XSA security advisories for details. Workaround There is no known workaround at this time...

Mozilla Thunderbird and Firefox: Multiple vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird and Firefox. Please review the referenced...

Subversion: Denial of service

Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS’s :ext: method. In addition to supporting the features found in CVS,...

BURP: Root privilege escalation

Background A network backup and restore program. Description It was discovered that Gentoo’s BURP ebuild does not properly set permissions or place the pid file in a safe directory. Additionally, the first set of patches did not completely address this. As such, a revision has been made available...

Poppler: Multiple vulnerabilities

Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is...

Cairo: Denial of service

Background Cairo is a 2D vector graphics library with cross-device output support. Description Multiple vulnerabilities have been discovered in Cairo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

Unbound: Multiple vulnerabilities

Background Unbound is a validating, recursive, and caching DNS resolver. Description Multiple vulnerabilities have been discovered in Unbound. Please review the referenced bugs for details. Impact Please review the referenced bugs for details. Workaround There is no known workaround at this time...

GlusterFS: Multiple Vulnerabilities

Background A free and open source software scalable network filesystem. Description Multiple vulnerabilities have been discovered in GlusterFS. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Libical: Multiple vulnerabilities

Background An Open Source implementation of the iCalendar protocols and protocol data units. Description Multiple vulnerabilities have been discovered in Libical. Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround...

GD: Multiple vulnerabilities

Background GD is a graphic library for fast image creation. Description Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted image, possibly resulting in...

SDL2_Image: Multiple vulnerabilities

Background SDLimage is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV. Description Multiple vulnerabilities have been discovered in SDL2Image. Please review the CVE identifiers referenced...

Chromium: Multiple vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Description Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrom...

NASM: Multiple vulnerabilities

Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, etc, and has its own disassembler. Description Multiple vulnerabilities have been...

cabextract, libmspack: Multiple vulnerabilities

Background cabextract is free software for extracting Microsoft cabinet files. libmspack is a portable library for some loosely related Microsoft compression formats Description Multiple vulnerabilities have been discovered in cabextract and libmspack. Please review the CVE identifiers referenced...

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact A remote attacker can possibly cause a Denial of Service condition ...

ZeroMQ: Code execution

Background Looks like an embeddable networking library but acts like a concurrency framework Description Please reference the CVE for details. Impact Please reference the CVE for details. Workaround There is no known workaround at this time. Resolution All ZeroMQ users should upgrade to the lates...

OpenSSH: Multiple vulnerabilities

Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact A remote attacker could overwrite arbitrary files...

NTP: Multiple vulnerabilities

Background NTP contains software for the Network Time Protocol. Description Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition, escalate privileges, or remotely execute...

BIND: Multiple vulnerabilities

Background BIND Berkeley Internet Name Domain is a Name Server. Description Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact BIND can improperly permit recursive query service to unauthorized clients possibly resulting i...

GNU C Library: Arbitrary descriptor allocation

Background The GNU C library is the standard C library used by Gentoo Linux systems. Description A vulnerability was discovered in the GNU C Library functions xdrbytes and xdrstring. Impact A remote attacker, by sending a crafted UDP packet, could cause a Denial of Service condition. Workaround...

XRootD: Remote code execution

Background A project that aims at giving high performance, scalable, and fault tolerant access to data repositories of many kinds. Description A shell command injection was discovered in XRootD. Impact A remote attacker could execute arbitrary code. Workaround There is no known workaround at this...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

Oracle JDK/JRE: Multiple vulnerabilities

Background Java Platform, Standard Edition Java SE lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications...

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to view a specially...

Zsh: User-assisted execution of arbitrary code

Background A shell designed for interactive use, although it is also a powerful scripting language. Description Two input validation errors have been discovered in how Zsh parses scripts: Parsing a malformed shebang line could cause Zsh to call a program listed in the second line CVE-2018-0502...

cURL: Multiple vulnerabilities

Background A command line tool and library for transferring data with URLs. Description Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact Remote attackers could cause a Denial of Service condition. Workaround There is no...

rdesktop: Multiple vulnerabilities

Background rdesktop is a Remote Desktop Protocol RDP Client. Description Multiple vulnerabilities have been discovered in rdesktop. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition, obtain sensitive information, or...

GNU Wget: Password and metadata leak

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s filemetadata in xattr.c. Impact A local attacker could obtain sensitive information to include...

systemd: Multiple vulnerabilities

Background A system and service manager. Description Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition or possibly execute arbitrary code. Workaround There is no...

Keepalived: Multiple vulnerabilities

Background Keepalived is a strong & robust keepalive facility to the Linux Virtual Server project. Description Multiple vulnerabilities have been discovered in keepalived. Please review the CVE identifiers referenced below for details. Impact A remote attacker could send a specially crafted reque...

Tar: Denial of service

Background The Tar program provides the ability to create and manipulate tar archives. Description The sparsedumpregion function in sparse.c file in Tar allows an infinite loop using the --sparse option. Impact A local attacker could cause a Denial of Service condition by modifying a file that is...

GKSu: Arbitrary command execution

Background A library that provides a Gtk+ frontend to su and sudo. Description A vulnerability was discovered in GKSu’s gksu-run-helper. Impact An attacker could execute arbitrary commands. Workaround There is no known workaround at this time. Resolution Gentoo has discontinued support for GKSu a...

Rust: Multiple vulnerabilities

Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact A remote attacker able to control the val...

Go: Multiple vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause arbitrar...

CouchDB: Multiple vulnerabilities

Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description Multiple vulnerabilities have been discovered in CouchDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code or...

Scala: Privilege escalation

Background Scala combines object-oriented and functional programming in one concise, high-level language. Description It was discovered that Scala’s compilation daemon does not properly manage permissions for private files. Impact A local attacker could escalate privileges. Workaround There is no...

SpamAssassin: Multiple vulnerabilities

Background SpamAssassin is an extensible email filter used to identify junk email. Description Multiple vulnerabilities have been discovered in SpamAssassin. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code, escalate privileges, or...

EDE: Privilege escalation

Background A package that simplifies the task of creating, building, and debugging large programs with Emacs. It provides some of the features of an IDE, or Integrated Development Environment, in Emacs. Description An untrusted search path vulnerability was discovered in EDE. Impact A local...

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

Nagios: Privilege escalation

Background Nagios is an open source host, service and network monitoring program. Description A vulnerability in Nagios was discovered due to the improper handling of configuration files which can be owned by a non-root user. Impact A local attacker can escalate privileges to root by leveraging...

ConnMan: Multiple vulnerabilities

Background ConnMan provides a daemon for managing Internet connections. Description Multiple vulnerabilities have been discovered in ConnMan. Please review the CVE identifiers referenced below for details. Impact A remote attacker, via a crafted DNS packet, could remotely execute code or cause a...

PHP: Multiple vulnerabilities

Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the referenced CVE identifiers for details. Impact An attacker could cause a Denial of Service conditi...

PostgreSQL: SQL injection

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability was discovered in PostgreSQL’s pgupgrade and pgdump. Impact An attacker, by enticing a user to process a specially crafted trigger definition, can execute arbitrary SQL statements wit...

libsndfile: Multiple vulnerabilities

Background libsndfile is a C library for reading and writing files containing sampled sound. Description Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by enticing a user to open a specially...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact A remote...

RPM: Multiple vulnerabilities

Background The Red Hat Package Manager RPM is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Description Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers...

Tablib: Arbitrary command execution

Background Tablib is an MIT Licensed format-agnostic tabular dataset library, written in Python. It allows you to import, export, and manipulate tabular data sets. Description A vulnerability was discovered in Tablib’s Databook loading functionality, due to improper input validation. Impact A...

spice-gtk: Remote code execution

Background spice-gtk is a set of GObject and Gtk objects for connecting to Spice servers and a client GUI. Description A vulnerability was found in spice-gtk client due to the incorrect use of integer types and missing overflow checks. Impact An attacker, by enticing the user to join a malicious...