glibc is a package that contains the GNU C library.
+Multiple vulnerabilities have been discovered in glibc. Please review + the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All glibc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.28-r4"
+
+ Provides an advanced configuration system.
+A vulnerability was discovered in KDE KConfig’s handling of .desktop + and .directory files. +
+An attacker could entice a user to execute a specially crafted .desktop + or .directory file possibly resulting in execution of arbitrary code with + the privileges of the process. +
+There is no known workaround at this time.
+All KConfig users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=kde-frameworks/kconfig-5.60.0-r1"
+
+ CUPS, the Common Unix Printing System, is a full-featured print server.
+Multiple vulnerabilities have been discovered in CUPS. Please review the + CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All CUPS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-2.2.8"
+
+ SQLite is a C library that implements an SQL database engine.
+Multiple vulnerabilities have been discovered in SQLite. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could, by executing arbitrary SQL statements against a + vulnerable host, execute arbitrary code. +
+There is no known workaround at this time.
+All SQLite users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.28.0"
+
+ Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +
+Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE + software suites. Please review the CVE identifiers referenced below for + details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Oracle JDK bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jdk-bin-1.8.0.202:1.8"
+
+
+ All Oracle JRE bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-java/oracle-jre-bin-1.8.0.202:1.8"
+
+ libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +
+Multiple vulnerabilities have been discovered in libarchive. Please + review the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libarchive users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.3.3"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-60.8.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.8.0"
+
+ LibreOffice is a powerful office suite; its clean interface and powerful + tools let you unleash your creativity and grow your productivity. +
+Multiple vulnerabilities have been discovered in LibreOffice. Please + review the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All LibreOffice users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/libreoffice-6.2.5.2"
+
+
+ All LibreOffice binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-office/libreoffice-bin-6.2.5.2"
+
+
+ polkit is a toolkit for managing policies relating to unprivileged + processes communicating with privileged processes. +
+Multiple vulnerabilities have been discovered in polkit. Please review + the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All polkit users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.115-r2"
+
+ ZNC is an advanced IRC bouncer.
+It was discovered that ZNC’s “Modules.cpp” allows remote + authenticated non-admin users to escalate privileges. +
+A remote authenticated attacker could escalate privileges and + subsequently execute arbitrary code or conduct a Denial of Service + attack. +
+There is no known workaround at this time.
+All ZNC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/znc-1.7.4_rc1"
+
+ ProFTPD is an advanced and very configurable FTP server.
+It was discovered that ProFTPD’s “mod_copy” module does not + properly restrict privileges for anonymous users. +
+A remote attacker, by anonymously uploading a malicious file, could + possibly execute arbitrary code with the privileges of the process, cause + a Denial of Service condition or disclose information. +
+There is no known workaround at this time.
+All ProFTPD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.6-r5"
+
+ Looks like an embeddable networking library but acts like a concurrency + framework. +
+A buffer overflow was discovered in ZeroMQ.
+An attacker could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All ZeroMQ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/zeromq-4.3.2"
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+ +Google Chrome is one fast, simple, and secure browser for all your + devices. +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-76.0.3809.100"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/google-chrome-76.0.3809.100"
+
+ GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +
+A buffer overflow was discovered in GNU’s Wget.
+An attacker could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All GNU Wget users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/wget-1.20.3"
+
+