PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes.
+Multiple vulnerabilities have been discovered in PAM. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PAM users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.7.0_p20241230"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version in their release channel:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-137.0.1:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.9.0:esr"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-137.0.1:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-128.9.0:esr"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.9.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.9.0"
+
+ NVIDIA Drivers are NVIDIA's accelerated graphics driver.
+A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All NVIDIA Drivers 535 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.247.01:0/535"
+
+
+ All NVIDIA Drivers 550 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-550.163.01:0/550"
+
+
+ All NVIDIA Drivers 570 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-570.133.07:0/570"
+
+ Orc is a library and set of tools for compiling and executing +very simple programs that operate on arrays of data. The "language" +is a generic assembly language that represents many of the features +available in SIMD architectures, including saturated addition and +subtraction, and many arithmetic operations.
+Please review the CVE identifier referenced below for details.
+It is possible for a malicious third party to trigger a buffer overflow and effect code execution with the same privileges as the orc compiler is called with by feeding it with malformed orc source files. + +This only affects developers and CI environments using orcc, not users of liborc.
+There is no known workaround at this time.
+All Orc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/orc-0.4.40"
+
+ glibc is a package that contains the GNU C library.
+A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All glibc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.40-r8"
+
+ FreeType is a high-quality and portable font engine.
+Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.
+An out of bounds write exists in FreeType when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
+There is no known workaround at this time.
+All FreeType users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.13.1"
+
+ SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell.
+Multiple vulnerabilities have been discovered in Spidermonkey. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Spidermonkey users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/spidermonkey-128.8.0"
+
+ Atop is an ASCII full-screen performance monitor for Linux that is capable of reporting the activity of all processes (even if processes have finished during the interval), daily logging of system and process activity for long-term analysis, highlighting overloaded system resources by using colors, etc. At regular intervals, it shows system-level activity related to the CPU, memory, swap, disks (including LVM) and network layers, and for every process (and thread) it shows e.g. the CPU utilization, memory growth, disk utilization, priority, username, state, and exit code.
+A vulnerability has been discovered in Atop. Please review the CVE identifier referenced below for details.
+Atop allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
+There is no known workaround at this time.
+All Atop users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-process/atop-2.11.1"
+
+ The Tracker miners are a collection of data extractors for the GNOME Tracker.
+A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All Tracker miners users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/tracker-miners-3.5.3"
+
+ Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
+Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Node.js users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.4.1"
+
+ Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning.
+Multiple vulnerabilities have been discovered in Emacs, org-mode. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Emacs, org-mode users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-29.4-r2:29"
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-28.2-r16:28"
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-27.2-r20:27"
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-26.3-r22:26"
+
+ GStreamer is an open source multimedia framework.
+Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GStreamer, GStreamer Plugins users should upgrade to the latest versions:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.24.10" ">=media-libs/gst-plugins-bad-1.24.10"
+
+ LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity.
+Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All LibreOffice binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-24.8.4"
+
+
+ All LibreOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-24.2.7.2-r1"
+
+ The X Window System is a graphical windowing system based on a client/server model.
+Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All X.Org X server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.16"
+
+
+ All XWayland users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xwayland-24.1.6"
+
+ GTK+ (GIMP Toolkit +) is a toolkit for creating graphical user interfaces.
+A vulnerability has been discovered in GTK+ 3. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All GTK+ 3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-3.24.48:3"
+
+ Qt is a cross-platform application development framework.
+Multiple vulnerabilities have been discovered in Qt. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Qt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.8.3-r1"
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtnetwork-5.15.14-r1"
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.15.12-r2"
+
+ Python is an interpreted, interactive, object-oriented, cross-platform programming language.
+Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Python, PyPy3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.14.0_beta2:3.14"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.13.3_p1:3.13"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.10_p1:3.12"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.12_p1:3.11"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.17_p1:3.10"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.22_p1:3.9"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.20_p7:3.8"
+ # emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.10.7.3.19_p4:3.10"
+ # emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.11.7.3.19_p9:3.11"
+
+ Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
+Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Node.js users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.13.1"
+
+ OpenImageIO is a library for reading and writing images.
+Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenImageIO users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openimageio-2.5.4.0"
+
+ File-Find-Rule is an alternative interface to File::Find.
+File-Find-Rule uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.
+Shell injection may be used to execute arbitrary code using a malicious filename.
+There is no known workaround at this time.
+All File-Find-Rule users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/File-Find-Rule-0.350.0"
+
+ YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl.
+YAML-LibYAML uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.
+Shell injection may be used to execute arbitrary code using a malicious filename.
+There is no known workaround at this time.
+All YAML-LibYAML users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/YAML-LibYAML-0.903.0"
+
+ sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools.
+A vulnerability has been discovered in sysstat. Please review the CVE identifier referenced below for details. This CVE improves on an incomplete fix for CVE-2022-39377.
+On 32 bit systems, an integer overflow can be triggered when displaying activity data files.
+There is no known workaround at this time.
+All sysstat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.6.2-r1"
+
+ Konsole is KDE's terminal emulator.
+Konsole supports loading URLs from the scheme handlers such as telnet://URL. This can be executed regardless of whether the telnet binary is available. It would fallback to bash in that case and execute arbitrary code.
+Clicking a malicious URL in a browser may lead to arbitrary code execution. Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All Konsole users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-apps/konsole-24.12.3-r1"
+
+