R is a language and environment for statistical computing and graphics.
+Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.
+Arbitrary code may be run when deserializing untrusted data.
+There is no known workaround at this time.
+All R users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/R-4.4.1"
+
+ Cacti is a web-based network graphing and reporting tool.
+Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Cacti users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.26"
+
+ Asterisk is an open source telephony engine and toolkit.
+Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Asterisk users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-18.24.3"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version in their release channel:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-131.0.2:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.3.1:esr"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-131.0.2:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-128.3.1:esr"
+
+ Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Opera is a fast and secure web browser.
+Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-124.0.6367.155"
+
+
+ All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-124.0.6367.155 "
+
+
+ All Microsoft Edge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-124.0.2478.97"
+
+
+ All Oprea users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-110.0.5130.35"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.4.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.4.0"
+
+ OpenJDK is an open source implementation of the Java programming language.
+Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenJDK users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.422_p05:8"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.24_p8:11"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.12_p7:17"
+
+
+ All OpenJDK users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.442_p05:8"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.24_p8:11"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.12_p7:17"
+
+
+ All OpenJDK users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.442_p05:8"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.24_p8:11"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.12_p7:17"
+
+ Icinga2 is a distributed, general purpose, network monitoring engine.
+Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Icinga2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/icinga2-2.14.3"
+
+ Salt is a fast, intelligent and scalable automation engine.
+Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Salt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/salt-3006.6"
+
+ Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server.
+Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Dnsmasq users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.90"
+
+ OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key data. OATH stands for Open AuTHentication, which is the organization that specify the algorithms.
+A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All OATH Toolkit users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/oath-toolkit-2.6.12"
+
+ PostgreSQL is an open source object-relational database management system.
+Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PostgreSQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.21:12"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.17:13"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-14.14:14"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-15.9:15"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-16.5:16"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-17.1:17"
+
+ SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell.
+Multiple vulnerabilities have been discovered in Spidermonkey. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Spidermonkey users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/spidermonkey-115.15.0:115"
+
+ HashiCorp Consul is a tool for service discovery, monitoring and configuration.
+Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All HashiCorp Consul users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/consul-1.15.10"
+
+ OpenSC contains tools and libraries for smart cards.
+Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenSC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.24.0"
+
+ libvirt is a C toolkit for manipulating virtual machines.
+Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libvirt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-10.2.0"
+
+ Internationalized Domain Names for Python (IDNA 2008 and UTS #46)
+A vulnerability has been discovered in idna. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All idna users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/idna-3.7"
+
+ Use any Linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Distrobox uses podman, docker or lilipod to create containers using the Linux distribution of your choice. The created container will be tightly integrated with the host, allowing sharing of the HOME directory of the user, external storage, external USB devices and graphical apps (X11/Wayland), and audio.
+A vulnerability has been discovered in Distrobox. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All Distrobox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-containers/distrobox-1.7.0.1"
+
+ eza is a modern, maintained replacement for ls, written in rust.
+A vulnerability has been discovered in eza. Please review the CVE identifier referenced below for details.
+A buffer overflow vulnerability in eza allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.
+There is no known workaround at this time.
+All eza users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/eza-0.18.6"
+
+ NVIDIA Drivers are NVIDIA's accelerated graphics driver.
+A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifier for details.
+There is no known workaround at this time.
+All NVIDIA Drivers 535 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.216.01:0/535"
+
+
+ All NVIDIA Drivers 550 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-550.127.05:0/550"
+
+