The GNU C library is the standard C library used by Gentoo Linux + systems. +
+Multiple vulnerabilities have been discovered in GNU C Library. Please + review the CVE identifiers referenced below for details. +
+A local attacker could trigger vulnerabilities in dynamic library + loader, making it possible to load attacker-controlled shared objects + during execution of setuid/setgid programs to escalate privileges. +
+ +A context-dependent attacker could trigger various vulnerabilities in + GNU C Library, including a buffer overflow, leading to execution of + arbitrary code or a Denial of Service. +
+There is no known workaround at this time.
+All GNU C Library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.15-r3"
+
+ BusyBox is set of tools for embedded systems and is a replacement for + GNU Coreutils. +
+Multiple vulnerabilities have been discovered in BusyBox. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could send a specially crafted DHCP request to + possibly execute arbitrary code or cause Denial of Service. +
+There is no known workaround at this time.
+All BusyBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.21.0"
+
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +
+Remote attackers can determine private keys, decrypt data, cause a + Denial of Service or possibly have other unspecified impact. +
+There is no known workaround at this time.
+All OpenSSL 1.0.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0j"
+
+
+ All OpenSSL 0.9.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8y"
+
+ libtheora is the reference implementation of Theora, a free and open + video compression format from the Xiph.org Foundation. +
+An integer overflow flaw has been discovered in libtheora.
+A remote attacker could execute arbitrary code or cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All libtheora users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libtheora-1.1.1"
+
+
+ Packages which depend on this library may need to be recompiled. Tools + such as revdep-rebuild may assist in identifying some of these packages. +
+