VirtualBox is a powerful virtualization product from Oracle.
+Multiple vulnerabilities have been discovered in VirtualBox. Please + review the CVE identifiers referenced below for details. +
+Local attackers could cause a Denial of Service condition, execute + arbitrary code, or escalate their privileges. +
+There is no known workaround at this time.
+All VirtualBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.3.28"
+
+
+ All VirtualBox-bin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/virtualbox-bin-4.3.28"
+
+ Docker is the world’s leading software containerization platform.
+Docker does not properly distinguish between numeric UIDs and string + usernames. +
+Local attackers could possibly escalate their privileges.
+There is no known workaround at this time.
+All Docker users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/docker-1.11.0"
+
+ libmms is a library for downloading (streaming) media files using the + mmst and mmsh protocols. +
+A heap-based buffer overflow was discovered in the get_answer function + within mmsh.c of libmms. +
+A remote attacker might send a specially crafted MMS over HTTP (MMSH) + response, possibly resulting in the remote execution of arbitrary code + with the privileges of the process. +
+There is no known workaround at this time.
+All libmms users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libmms-0.6.4"
+
+ SoX is a command line utility that can convert various formats of + computer audio files in to other formats. +
+A heap-based buffer overflow can be triggered when processing a + malicious NIST Sphere or WAV audio file. +
+A remote attacker could coerce the victim to run SoX against their + malicious file. This may be leveraged by an attacker to gain control of + program execution with the privileges of the user. +
+There is no known workaround at this time.
+All SoX users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-sound/sox-14.4.2"
+
+
+ A full-featured exFAT file system implementation for Unix-like systems.
+Two vulnerabilities were found in exFAT. A malformed input can cause a + write heap overflow or cause an endless loop. +
+Remote attackers could execute arbitrary code or cause Denial of + Service. +
+There is no known workaround at this time.
+All exFAT users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/exfat-utils-1.2.1"
+
+