Encfs is an implementation of encrypted filesystem in user-space using + FUSE. +
+Multiple vulnerabilities have been discovered in encfs. Please review + the CVE identifiers referenced below for details. +
+A local attacker can utilize a possible buffer overflow in the + encodeName method of StreamNameIO and BlockNameIO to execute arbitrary + code or cause a Denial of Service. Also multiple weak cryptographics + practices have been found in encfs. +
+There is no known workaround at this time.
+All encfs users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/encfs-1.7.5"
+
+
+ Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an + open-source email client, both from the Mozilla Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox and + Mozilla Thunderbird. Please review the CVE identifiers referenced below + for details. +
+A remote attacker could entice a user to view a specially crafted web + page or email, possibly resulting in execution of arbitrary code or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0"
+
+
+ All Firefox-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0"
+
+
+ All Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"
+
+
+ All Thunderbird-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-38.5.0"
+
+
+ Firebird is a multi-platform, open source relational database.
+The vulnerability is caused due to an error when processing requests + from remote clients. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Firebird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=dev-db/firebird-2.5.3.26780.0-r3"
+
+
+ NOTE: Firebird package was moved to the testing branch (unstable) of + Gentoo. There is currently no stable version of Firebird, and there will + be no further GLSAs for this package. +
+KDE workspace configuration module for setting the date and time has a + helper program + which runs as root for performing actions. +
+KDE Systemsettings fails to properly validate user input before passing + it as argument in context of higher privilege. +
+A local attacker could gain privileges via a crafted ntpUtility (ntp + utility name) argument. +
+Add a polkit rule to disable the org.kde.kcontrol.kcmclock.save action.
+All KDE Systemsettings users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=kde-base/systemsettings-4.11.13-r1"
+
+
+ InspIRCd is a modular Internet Relay Chat (IRC) server written in C++ + which was created from scratch to be stable, modern and lightweight. +
+Multiple vulnerabilities have been discovered in InspIRCd. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All InspIRCd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/inspircd-2.0.20"
+
+
+