GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols
+Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.8.5"
+
+ PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes.
+Multiple vulnerabilities have been discovered in PAM. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PAM users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.7.0_p20241230"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version in their release channel:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-137.0.1:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.9.0:esr"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-137.0.1:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-128.9.0:esr"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.9.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.9.0"
+
+ NVIDIA Drivers are NVIDIA's accelerated graphics driver.
+A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All NVIDIA Drivers 535 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.247.01:0/535"
+
+
+ All NVIDIA Drivers 550 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-550.163.01:0/550"
+
+
+ All NVIDIA Drivers 570 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-570.133.07:0/570"
+
+ Orc is a library and set of tools for compiling and executing +very simple programs that operate on arrays of data. The "language" +is a generic assembly language that represents many of the features +available in SIMD architectures, including saturated addition and +subtraction, and many arithmetic operations.
+Please review the CVE identifier referenced below for details.
+It is possible for a malicious third party to trigger a buffer overflow and effect code execution with the same privileges as the orc compiler is called with by feeding it with malformed orc source files. + +This only affects developers and CI environments using orcc, not users of liborc.
+There is no known workaround at this time.
+All Orc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/orc-0.4.40"
+
+ glibc is a package that contains the GNU C library.
+A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All glibc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.40-r8"
+
+ FreeType is a high-quality and portable font engine.
+Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.
+An out of bounds write exists in FreeType when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
+There is no known workaround at this time.
+All FreeType users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.13.1"
+
+ SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell.
+Multiple vulnerabilities have been discovered in Spidermonkey. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Spidermonkey users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/spidermonkey-128.8.0"
+
+ Atop is an ASCII full-screen performance monitor for Linux that is capable of reporting the activity of all processes (even if processes have finished during the interval), daily logging of system and process activity for long-term analysis, highlighting overloaded system resources by using colors, etc. At regular intervals, it shows system-level activity related to the CPU, memory, swap, disks (including LVM) and network layers, and for every process (and thread) it shows e.g. the CPU utilization, memory growth, disk utilization, priority, username, state, and exit code.
+A vulnerability has been discovered in Atop. Please review the CVE identifier referenced below for details.
+Atop allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
+There is no known workaround at this time.
+All Atop users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/atop-2.11.1"
+
+ The Tracker miners are a collection of data extractors for the GNOME Tracker.
+A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All Tracker miners users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/tracker-miners-3.5.3"
+
+ Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
+Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Node.js users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.4.1"
+
+ Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning.
+Multiple vulnerabilities have been discovered in Emacs, org-mode. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Emacs, org-mode users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-29.4-r2:29"
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-28.2-r16:28"
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-27.2-r20:27"
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-26.3-r22:26"
+
+ GStreamer is an open source multimedia framework.
+Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GStreamer, GStreamer Plugins users should upgrade to the latest versions:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.24.10" ">=media-libs/gst-plugins-bad-1.24.10"
+
+ LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity.
+Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All LibreOffice binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-24.8.4"
+
+
+ All LibreOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-24.2.7.2-r1"
+
+ The X Window System is a graphical windowing system based on a client/server model.
+Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All X.Org X server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.16"
+
+
+ All XWayland users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xwayland-24.1.6"
+
+ GTK+ (GIMP Toolkit +) is a toolkit for creating graphical user interfaces.
+A vulnerability has been discovered in GTK+ 3. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All GTK+ 3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-3.24.48:3"
+
+ Qt is a cross-platform application development framework.
+Multiple vulnerabilities have been discovered in Qt. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Qt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.8.3-r1"
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtnetwork-5.15.14-r1"
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.15.12-r2"
+
+ Python is an interpreted, interactive, object-oriented, cross-platform programming language.
+Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Python, PyPy3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.14.0_beta2:3.14"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.13.3_p1:3.13"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.10_p1:3.12"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.12_p1:3.11"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.17_p1:3.10"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.22_p1:3.9"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.20_p7:3.8"
+ # emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.10.7.3.19_p4:3.10"
+ # emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.11.7.3.19_p9:3.11"
+
+ Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
+Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Node.js users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.13.1"
+
+ OpenImageIO is a library for reading and writing images.
+Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenImageIO users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openimageio-2.5.4.0"
+
+ File-Find-Rule is an alternative interface to File::Find.
+File-Find-Rule uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.
+Shell injection may be used to execute arbitrary code using a malicious filename.
+There is no known workaround at this time.
+All File-Find-Rule users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/File-Find-Rule-0.350.0"
+
+ YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl.
+YAML-LibYAML uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.
+Shell injection may be used to execute arbitrary code using a malicious filename.
+There is no known workaround at this time.
+All YAML-LibYAML users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/YAML-LibYAML-0.903.0"
+
+ sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools.
+A vulnerability has been discovered in sysstat. Please review the CVE identifier referenced below for details. This CVE improves on an incomplete fix for CVE-2022-39377.
+On 32 bit systems, an integer overflow can be triggered when displaying activity data files.
+There is no known workaround at this time.
+All sysstat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.6.2-r1"
+
+ Konsole is KDE's terminal emulator.
+Konsole supports loading URLs from the scheme handlers such as telnet://URL. This can be executed regardless of whether the telnet binary is available. It would fallback to bash in that case and execute arbitrary code.
+Clicking a malicious URL in a browser may lead to arbitrary code execution. Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All Konsole users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-apps/konsole-24.12.3-r1"
+
+ sudo allows a system administrator to give users the ability to run commands as other users.
+Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details.
+An attacker can escalate privileges to root by providing a special argument to sudo's --chroot (which is used for chroot purposes). Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.17_p1"
+
+ UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. + +libblockdev is a library for manipulating block devices.
+Multiple vulnerabilities have been discovered in UDisks and libblockdev. Please review the CVE identifiers referenced below for details.
+A physical attacker with a local, unprivileged session can escalate privileges to root. Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All UDisks users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.10.1-r4"
+
+
+ All libblockdev users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/libblockdev-3.3.0"
+
+ ClamAV is a GPL virus scanner.
+Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All ClamAV users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-1.4.1"
+
+ strongSwan is an IPSec implementation for Linux.
+Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details.
+A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution.
+There is no known workaround at this time.
+All strongSwan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.9.13"
+
+ NTP contains software for the Network Time Protocol.
+Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
+The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. + +The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable to manipulated devices of that type, but not to remote attacks.
+There is no known workaround at this time.
+All NTP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p16"
+
+ OpenH264 is a codec library which supports H.264 encoding and decoding. It is suitable for use in real time applications such as WebRTC.
+A vulnerability has been discovered in openh264. Please review the CVE identifiers referenced below for details.
+A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. + +This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bitstream. An exploit could allow the attacker to cause an unexpected crash in the victim's user decoding client and, possibly, perform arbitrary commands on the victim's host by abusing the heap overflow.
+There is no known workaround at this time.
+All openh264 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openh264-2.6.0"
+
+ Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Opera is a fast and secure web browser.
+Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-134.0.6998.117"
+
+
+ All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-134.0.6998.117"
+
+
+ All Microsoft Edge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-134.0.3124.83"
+
+
+ All Oprea users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-119.0.5497.12"
+
+ REXML is an XML toolkit for Ruby.
+Multiple vulnerabilities have been discovered in REXML. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All REXML users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rexml-3.3.9"
+
+ Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
+Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Git users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.49.1"
+
+ Free and open source webmail software for the masses, written in PHP.
+Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Roundcube users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/roundcube-1.6.11"
+
+