PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes.
+Multiple vulnerabilities have been discovered in PAM. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PAM users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.7.0_p20241230"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version in their release channel:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-137.0.1:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.9.0:esr"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-137.0.1:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-128.9.0:esr"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.9.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.9.0"
+
+ NVIDIA Drivers are NVIDIA's accelerated graphics driver.
+A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All NVIDIA Drivers 535 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.247.01:0/535"
+
+
+ All NVIDIA Drivers 550 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-550.163.01:0/550"
+
+
+ All NVIDIA Drivers 570 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-570.133.07:0/570"
+
+ Orc is a library and set of tools for compiling and executing +very simple programs that operate on arrays of data. The "language" +is a generic assembly language that represents many of the features +available in SIMD architectures, including saturated addition and +subtraction, and many arithmetic operations.
+Please review the CVE identifier referenced below for details.
+It is possible for a malicious third party to trigger a buffer overflow and effect code execution with the same privileges as the orc compiler is called with by feeding it with malformed orc source files. + +This only affects developers and CI environments using orcc, not users of liborc.
+There is no known workaround at this time.
+All Orc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/orc-0.4.40"
+
+ glibc is a package that contains the GNU C library.
+A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All glibc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.40-r8"
+
+ FreeType is a high-quality and portable font engine.
+Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.
+An out of bounds write exists in FreeType when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
+There is no known workaround at this time.
+All FreeType users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.13.1"
+
+ SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell.
+Multiple vulnerabilities have been discovered in Spidermonkey. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Spidermonkey users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/spidermonkey-128.8.0"
+
+ Atop is an ASCII full-screen performance monitor for Linux that is capable of reporting the activity of all processes (even if processes have finished during the interval), daily logging of system and process activity for long-term analysis, highlighting overloaded system resources by using colors, etc. At regular intervals, it shows system-level activity related to the CPU, memory, swap, disks (including LVM) and network layers, and for every process (and thread) it shows e.g. the CPU utilization, memory growth, disk utilization, priority, username, state, and exit code.
+A vulnerability has been discovered in Atop. Please review the CVE identifier referenced below for details.
+Atop allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
+There is no known workaround at this time.
+All Atop users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/atop-2.11.1"
+
+ The Tracker miners are a collection of data extractors for the GNOME Tracker.
+A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All Tracker miners users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/tracker-miners-3.5.3"
+
+ Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
+Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Node.js users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.4.1"
+
+