MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +
+Multiple vulnerabilities have been discovered in MariaDB and MySQL. + Please review the CVE identifiers referenced below for details. +
+Attackers could execute arbitrary code, escalate privileges, and impact + availability via unspecified vectors. +
+There is no known workaround at this time.
+All MariaDB users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.28"
+
+
+ All MySQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.34"
+
+ Bash is the standard GNU Bourne Again SHell.
+Multiple vulnerabilities have been discovered in Bash. Please review the + CVE identifiers referenced below for details. +
+A local attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Bash users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/bash-4.3_p48-r1"
+
+ libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +
+Multiple vulnerabilities have been discovered in libarchive. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted + archive file possibly resulting in the execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +
+ +There is no known workaround at this time.
+All libarchive users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.2.2"
+
+ Mutt is a small but very powerful text-based mail client.
+A heap-based buffer overflow was discovered in Mutt’s mutt_substrdup + function. +
+A remote attacker could cause a Denial of Service condition.
+There is no known workaround at this time.
+All Mutt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/mutt-1.5.23-r5"
+
+ BusyBox is a set of tools for embedded systems and is a replacement for + GNU Coreutils. +
+The recv_and_process_client_pkt function in networking/ntpd.c in BusyBox + allows remote attackers to cause a Denial of Service (CPU and bandwidth + consumption) via a forged NTP packet, which triggers a communication + loop. +
+A remote attacker might send a specially crafted package to a machine + running BusyBox ntpd, possibly resulting in a Denial of Service + condition. +
+There is no known workaround at this time.
+All BusyBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.25.1"
+
+ e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 + file systems. +
+A heap-based buffer overflow was discovered in openfs.c in the libext2fs + library in e2fsprogs. +
+A remote attacker could entice a user to use ext2fs library (for + example, fsck) on a specially crafted Ext2/3/4 file system possibly + resulting in the execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All e2fsprogs users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/e2fsprogs-1.42.12"
+
+ Open vSwitch is a production quality multilayer virtual switch.
+A buffer overflow was discovered in lib/flow.c in ovs-vswitchd.
+A remote attacker, using a specially crafted MPLS packet, could execute + arbitrary code. +
+There is no known workaround at this time.
+All Open vSwitch users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.5.0"
+
+ w3m is a text based WWW browser.
+Multiple vulnerabilities have been discovered in w3m. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code with the privileges of + the process or cause a Denial of Service condition via a maliciously + crafted HTML file. +
+There is no known workaround at this time.
+All w3m users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/w3m-0.5.3-r9"
+
+ Xdg-Utils is a set of tools allowing all applications to easily + integrate with the Free Desktop configuration. +
+An eval injection vulnerability was discovered in Xdg-Utils.
+A context-dependent attacker could execute arbitrary code via the URL + argument to xdg-open. +
+There is no known workaround at this time.
+All Xdg-Utils users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-misc/xdg-utils-1.1.1"
+
+