Stay Vigilant with Timely Linux Security Advisories

security advisorydenial of serviceGentoo

Gentoo: GLSA-202402-09 Critical: OpenSSL Various Vulnerabilities Discovered

Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: February 04, 2024 Bugs: #876787, #893446, #902779, #903545, #907413, #910556, #911560 ID: 202402-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-libs/openssl < 3.0.10 > = 3.0.10 Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/openssl-3.0.10" References ========== [ 1 ] CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 [ 2 ] CVE-2022-4203 https://nvd.nist.gov/vuln/detail/CVE-2022-4203 [ 3 ] CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 [ 4 ] CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 [ 5 ] CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 [ 6 ] CVE-2023-0216 https://nvd.nist.gov/vuln/detail/CVE-2023-0216 [ 7 ] CVE-2023-0217 https://nvd.nist.gov/vuln/detail/CVE-2023-0217 [ 8 ] CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 [ 9 ] CVE-2023-0401 https://nvd.nist.gov/vuln/detail/CVE-2023-0401 [ 10 ] CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 [ 11 ] CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 [ 12 ] CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 [ 13 ] CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 [ 14 ] CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 [ 15 ] CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 [ 16 ] CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Critical multiple vulnerabilities detected in OpenSSL for Gentoo users. Update promptly to mitigate denial of service threats. Discover more details!. OpenSSL Vulnerabilities, Gentoo Security Advisory, Denial of Service Fix. . Severity: Critical. LinuxSecurity.com Team

Feb 04, 2024 •Critical Gentoo

security advisoryGentoocode execution

Gentoo: GLSA-202402-03 Normal: QtGui Remote Code Execution Risks

Multiple vulnerabilities have been discovered in QtGui which can lead to remote code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: QtGui: Multiple Vulnerabilities Date: February 03, 2024 Bugs: #808531, #907119 ID: 202402-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in QtGui which can lead to remote code execution. Background ========== QtGui is a module for the Qt toolkit. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ dev-qt/qtgui < 5.15.9-r1 > = 5.15.9-r1 Description =========== Multiple vulnerabilities have been discovered in QtGui. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All QtGui users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-qt/qtgui-5.15.9-r1" References ========== [ 1 ] CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 [ 2 ] CVE-2023-32763 https://nvd.nist.gov/vuln/detail/CVE-2023-32763 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively,you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Numerous flaws in QtGui might enable remote code execution. Update to the patched version to maintain security. Discover further details.. Gentoo Security Advisory, QtGui Risks, Remote Execution Threats. . LinuxSecurity.com Team

Feb 03, 2024 Gentoo

security advisoryhigh severitygentoo

Gentoo GLSA-202312-15 High: Git Remote Code Execution Risks

Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Git: Multiple Vulnerabilities Date: December 27, 2023 Bugs: #838127, #857831, #877565, #891221, #894472, #905088 ID: 202312-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Background ========== Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Affected packages ================= Package Vulnerable Unaffected ----------- ------------ ------------ dev-vcs/git < 2.39.3 > = 2.39.3 Description =========== Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-vcs/git-2.39.3" References ========== [ 1 ] CVE-2022-23521 https://nvd.nist.gov/vuln/detail/CVE-2022-23521 [ 2 ] CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 [ 3 ] CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 [ 4 ] CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 [ 5 ] CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 [ 6 ] CVE-2022-41903 https://nvd.nist.gov/vuln/detail/CVE-2022-41903 [ 7 ] CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 [ 8 ] CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 [ 9 ] CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 [ 10 ] CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 [ 11 ] CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202312-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Fortify Git within Gentoo to mitigate various significant security flaws, particularly focusing on the risk of remote attacks.. Git Vulnerabilities,Gentoo Security Advisory,Remote Code Execution,High Severity Issues. . LinuxSecurity.com Team

Dec 27, 2023 Gentoo

security advisoryhigh severityGentoo Linux

Gentoo: GLSA-202310-07 High Severity: Oracle VirtualBox Multiple Issues

Multiple vulnerabilities have been discovered in VirtualBox, leading to compomise of VirtualBox.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle VirtualBox: Multiple Vulnerabilities Date: October 08, 2023 Bugs: #891327 ID: 202310-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in VirtualBox, leading to compomise of VirtualBox. Background ========== VirtualBox is a powerful virtualization product from Oracle. Affected packages ================= Package Vulnerable Unaffected ------------------------ ------------ ------------ app-emulation/virtualbox < 7.0.6 > = 7.0.6 Description =========== Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which may lead to VirtualBox compromise by an attacker with network access. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle VirtualBox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-emulation/virtualbox-7.0.6" If you still need to use VirtualBox 6: # emerge --sync # emerge --ask --oneshot --verbose "> =app-emulation/virtualbox-6.1.46" "=app-emulation/virtualbox-6*" References ========== [ 1 ] CVE-2023-21884 https://nvd.nist.gov/vuln/detail/CVE-2023-21884 [ 2 ] CVE-2023-21885 https://nvd.nist.gov/vuln/detail/CVE-2023-21885 [ 3 ] CVE-2023-21886 https://nvd.nist.gov/vuln/detail/CVE-2023-21886 [ 4 ] CVE-2023-21889 https://nvd.nist.gov/vuln/detail/CVE-2023-21889 [ 5 ] CVE-2023-21898 https://nvd.nist.gov/vuln/detail/CVE-2023-21898 [ 6 ] CVE-2023-21899 https://nvd.nist.gov/vuln/detail/CVE-2023-21899 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Numerous security flaws in Oracle VirtualBox pose risks to systems; update to the most recent version for enhanced protection.. VirtualBox Security Risks, Gentoo Vulnerability Advisory, High Severity VirtualBox Issues. . LinuxSecurity.com Team

Oct 08, 2023 Gentoo

security advisorynetwork securityhigh severity

Gentoo GLSA-202212-05: High Severity Mozilla NSS Risks for Code Execution

Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Network Security Service (NSS): Multiple Vulnerabilities Date: December 19, 2022 Bugs: #827946, #836386, #848984, #877169 ID: 202212-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. Background ========= The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nss < 3.79.2 > = 3.79.2 Description ========== Multiple vulnerabilities have been discovered in Mozilla Network Security Service (NSS). Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Mozilla Network Security Service (NSS) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/nss-3.79.2" References ========= [ 1 ] CVE-2021-43527 https://nvd.nist.gov/vuln/detail/CVE-2021-43527 [ 2 ] CVE-2022-1097 https://nvd.nist.gov/vuln/detail/CVE-2022-1097 [ 3 ] CVE-2022-3479 https://nvd.nist.gov/vuln/detail/CVE-2022-3479 [ 4 ] MFSA-2021-51 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202212-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The recent Gentoo GLSA 202212-05 report highlights several critical vulnerabilities within NSS, which present significant threats such as the potential for arbitrary code execution.. Mozilla Security,NSS Issues,Gentoo Advisory,Code Execution Risks,Security Updates. . LinuxSecurity.com Team

Dec 19, 2022 Gentoo

security advisoryhigh severitygentoo

Gentoo: GLSA-202209-18 High: Thunderbird Code Execution Risk

Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Thunderbird: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #872572 ID: 202209-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Background ========= Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/thunderbird < 102.3.0 > = 102.3.0 2 mail-client/thunderbird-bin < 102.3.0 > = 102.3.0 Description ========== Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/thunderbird-102.3.0" All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/thunderbird-bin-102.3.0" References ========= [ 1 ] CVE-2022-3155 https://nvd.nist.gov/vuln/detail/CVE-2022-3155 [ 2 ] CVE-2022-40956 https://nvd.nist.gov/vuln/detail/CVE-2022-40956 [ 3 ] CVE-2022-40957 https://nvd.nist.gov/vuln/detail/CVE-2022-40957 [ 4 ] CVE-2022-40958 https://nvd.nist.gov/vuln/detail/CVE-2022-40958 [ 5 ] CVE-2022-40959 https://nvd.nist.gov/vuln/detail/CVE-2022-40959 [ 6 ] CVE-2022-40960 https://nvd.nist.gov/vuln/detail/CVE-2022-40960 [ 7 ] CVE-2022-40962 https://nvd.nist.gov/vuln/detail/CVE-2022-40962 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Potential vulnerabilities in Mozilla Thunderbird may lead to arbitrary code execution as highlighted in Gentoo Advisory GLSA 202209-18. Immediate updates are recommended!. Mozilla Thunderbird,Gentoo Security Advisory,Code Execution Risk,Multiple Vulnerabilities,Email Client. . LinuxSecurity.com Team

Sep 29, 2022 Gentoo

security advisorygentoosoftware update

Gentoo: GLSA-202208-31 High: GStreamer Multiple Risks Detected Code Issue

Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #766336, #785652, #785655, #785658, #785661, #835368, #843770, #765163 ID: 202208-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution. Background ========= GStreamer is an open source multimedia framework. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/gst-plugins-bad < 1.16.3 > = 1.16.3 2 media-libs/gst-plugins-base< 1.18.4 > = 1.18.4 3 media-libs/gst-plugins-good< 1.18.4 > = 1.18.4 4 media-libs/gst-plugins-ugly< 1.18.4 > = 1.18.4 5 media-libs/gstreamer < 1.20.2 > = 1.20.2 6 media-plugins/gst-plugins-libav< 1.18.4 > = 1.18.4 Description ========== Multiple vulnerabilities have been found in GStreamer and its plugins. Please review the CVE and GStreamer-SA identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All GStreamer users shouldupdate to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/gstreamer-1.20.2" All gst-plugins-bad users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/gst-plugins-bad-1.20.2" All gst-plugins-good users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/gst-plugins-good-1.20.2" All gst-plugins-ugly users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/gst-plugins-ugly-1.20.2" All gst-plugins-base users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/gst-plugins-base-1.20.2" All gst-plugins-libav users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-plugins/gst-plugins-libav-1.20.2" References ========= [ 1 ] CVE-2021-3185 https://nvd.nist.gov/vuln/detail/CVE-2021-3185 [ 2 ] CVE-2021-3497 https://nvd.nist.gov/vuln/detail/CVE-2021-3497 [ 3 ] CVE-2021-3498 https://nvd.nist.gov/vuln/detail/CVE-2021-3498 [ 4 ] CVE-2021-3522 https://nvd.nist.gov/vuln/detail/CVE-2021-3522 [ 5 ] GStreamer-SA-2021-0001 [ 6 ] GStreamer-SA-2021-0002 [ 7 ] GStreamer-SA-2021-0004 [ 8 ] GStreamer-SA-2021-0005 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-31 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alikelicense. https://creativecommons.org/licenses/by-sa/2.5/ . Multiple GStreamer security flaws in Gentoo Linux could lead to arbitrary code execution; prompt updates are recommended for impacted users.. GStreamer Vulnerabilities, Gentoo Security, Multimedia Update, High Risk Advisory. . LinuxSecurity.com Team

Aug 14, 2022 Gentoo

security advisorydenial of servicegentoo

Gentoo: GLSA-202309-12 Moderate Severity Nextcloud Vulnerability Alert

Multiple vulnerabilities have been found in Nextcloud, the worst of which could result in denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Nextcloud: Multiple Vulnerabilities Date: August 10, 2022 Bugs: #848873, #835073, #834803, #820368, #812443, #802096, #797253 ID: 202208-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Nextcloud, the worst of which could result in denial of service. Background ========= Nextcloud is a personal cloud that runs on your own server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/nextcloud < 23.0.4 > = 23.0.4 Description ========== Multiple vulnerabilities have been discovered in Nextcloud. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Nextcloud users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/nextcloud-23.0.4" References ========= [ 1 ] CVE-2021-32653 https://nvd.nist.gov/vuln/detail/CVE-2021-32653 [ 2 ] CVE-2021-32654 https://nvd.nist.gov/vuln/detail/CVE-2021-32654 [ 3 ] CVE-2021-32655 https://nvd.nist.gov/vuln/detail/CVE-2021-32655 [ 4 ] CVE-2021-32656 https://nvd.nist.gov/vuln/detail/CVE-2021-32656 [ 5 ]CVE-2021-32657 https://nvd.nist.gov/vuln/detail/CVE-2021-32657 [ 6 ] CVE-2021-32678 https://nvd.nist.gov/vuln/detail/CVE-2021-32678 [ 7 ] CVE-2021-32679 https://nvd.nist.gov/vuln/detail/CVE-2021-32679 [ 8 ] CVE-2021-32680 https://nvd.nist.gov/vuln/detail/CVE-2021-32680 [ 9 ] CVE-2021-32688 https://nvd.nist.gov/vuln/detail/CVE-2021-32688 [ 10 ] CVE-2021-32703 https://nvd.nist.gov/vuln/detail/CVE-2021-32703 [ 11 ] CVE-2021-32705 https://nvd.nist.gov/vuln/detail/CVE-2021-32705 [ 12 ] CVE-2021-32725 https://nvd.nist.gov/vuln/detail/CVE-2021-32725 [ 13 ] CVE-2021-32726 https://nvd.nist.gov/vuln/detail/CVE-2021-32726 [ 14 ] CVE-2021-32734 https://nvd.nist.gov/vuln/detail/CVE-2021-32734 [ 15 ] CVE-2021-32800 https://nvd.nist.gov/vuln/detail/CVE-2021-32800 [ 16 ] CVE-2021-32801 https://nvd.nist.gov/vuln/detail/CVE-2021-32801 [ 17 ] CVE-2021-32802 https://nvd.nist.gov/vuln/detail/CVE-2021-32802 [ 18 ] CVE-2021-41177 https://nvd.nist.gov/vuln/detail/CVE-2021-41177 [ 19 ] CVE-2021-41178 https://nvd.nist.gov/vuln/detail/CVE-2021-41178 [ 20 ] CVE-2021-41239 https://nvd.nist.gov/vuln/detail/CVE-2021-41239 [ 21 ] CVE-2021-41241 https://nvd.nist.gov/vuln/detail/CVE-2021-41241 [ 22 ] CVE-2022-24741 https://nvd.nist.gov/vuln/detail/CVE-2022-24741 [ 23 ] CVE-2022-24888 https://nvd.nist.gov/vuln/detail/CVE-2022-24888 [ 24 ] CVE-2022-24889 https://nvd.nist.gov/vuln/detail/CVE-2022-24889 [ 25 ] CVE-2022-29243 https://nvd.nist.gov/vuln/detail/CVE-2022-29243 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-17 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bugat https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Several weaknesses detected in Nextcloud running on Gentoo may result in service outages; it is advisable to apply updates.. Gentoo Linux, Nextcloud Security, Denial of Service Risk, Software Vulnerabilities. . LinuxSecurity.com Team

Aug 10, 2022 Gentoo

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Gentoo: GLSA-202402-09 Critical: OpenSSL Various Vulnerabilities Discovered

Gentoo: GLSA-202402-03 Normal: QtGui Remote Code Execution Risks

Gentoo GLSA-202312-15 High: Git Remote Code Execution Risks

Gentoo: GLSA-202310-07 High Severity: Oracle VirtualBox Multiple Issues

Gentoo GLSA-202212-05: High Severity Mozilla NSS Risks for Code Execution

Gentoo: GLSA-202209-18 High: Thunderbird Code Execution Risk

Gentoo: GLSA-202208-31 High: GStreamer Multiple Risks Detected Code Issue

Gentoo: GLSA-202309-12 Moderate Severity Nextcloud Vulnerability Alert

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!