Explore top 10 tips to secure your open-source projects now. Read More
×
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: DTrace: Arbitrary file creation via dtprobed Date: April 17, 2026 Bugs: #971491 ID: 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. Background ========== DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-debug/dtrace < 2.0.6 > = 2.0.6 Description =========== A vulnerability has been found in dtprobed that allows for arbitrary file creation through specially crafted USDT provider names. Impact ====== The worst possible outcome is the ability for an attacker to run arbitrary code via the maliciously created file. Workaround ========== There is no known workaround at this time. Resolution ========== All DTrace users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-debug/dtrace-2.0.6" References ========== [ 1 ] CVE-2026-21991 https://nvd.nist.gov/vuln/detail/CVE-2026-21991 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202604-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Multiple vulnerabilities have been discovered in Composer, the worst of which can lead to arbitrary code execution. . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Composer: Multiple Vulnerabilities Date: August 06, 2025 Bugs: #838268 ID: 202508-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Composer, the worst of which can lead to arbitrary code execution. Background ========== Composer is a dependency manager for the PHP programming language. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-php/composer
A vulnerability has been discovered in Spreadsheet-ParseExcel, which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Spreadsheet-ParseExcel: Arbitrary Code Execution Date: August 06, 2025 Bugs: #920954 ID: 202508-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Spreadsheet-ParseExcel, which can lead to arbitrary code execution. Background ========== Spreadsheet::ParseExcel is a perl module to extract information from Excel files. Affected packages ================= Package Vulnerable Unaffected ------------------------------- ------------ ------------ dev-perl/Spreadsheet-ParseExcel < 0.660.0 > = 0.660.0 Description =========== A vulnerability has been discovered in Spreadsheet::ParseExcel. Please review the CVE identifier referenced below for details. Impact ====== Please review the referenced CVE identifier for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Spreadsheet::ParseExcel users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-perl/Spreadsheet-ParseExcel-0.660.0" References ========== [ 1 ] CVE-2023-7101 https://nvd.nist.gov/vuln/detail/CVE-2023-7101 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202508-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importanceto us. Any security concerns should be addressed to
A vulnerability has been discovered in NSS, which can lead to the recovery of private data.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Network Security Service (NSS): TLS RSA decryption timing attack Date: August 06, 2025 Bugs: #925027 ID: 202508-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in NSS, which can lead to the recovery of private data. Background ========== The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ dev-libs/nss < 3.98 > = 3.98 Description =========== A vulnerability has been discovered in Mozilla Network Security Service (NSS). Please review the CVE identifier referenced below for details. Impact ====== Please review the referenced CVE identifier for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Network Security Service (NSS) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/nss-3.98" References ========== [ 1 ] CVE-2023-5388 https://nvd.nist.gov/vuln/detail/CVE-2023-5388 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202508-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users'machines is of utmost importance to us. Any security concerns should be addressed to
A vulnerability has been discovered in FontForge, which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FontForge: Arbitrary Code Execution Date: August 06, 2025 Bugs: #926521 ID: 202508-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in FontForge, which can lead to arbitrary code execution. Background ========== FontForge is a PostScript font editor and converter. Affected packages ================= Package Vulnerable Unaffected ------------------- ------------- -------------- media-gfx/fontforge < 20230101-r1 > = 20230101-r1 Description =========== A vulnerabilitiy has been discovered in FontForge. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All FontForge users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/fontforge-20230101-r1" References ========== [ 1 ] CVE-2024-25081 https://nvd.nist.gov/vuln/detail/CVE-2024-25081 [ 2 ] CVE-2024-25082 https://nvd.nist.gov/vuln/detail/CVE-2024-25082 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202508-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressedto
Multiple vulnerabilities have been discovered in REXML, the worst of which can lead to a denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202507-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: REXML: Multiple Vulnerabilities Date: July 08, 2025 Bugs: #932013, #936133, #937114, #938298, #942432 ID: 202507-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in REXML, the worst of which can lead to a denial of service. Background ========== REXML is an XML toolkit for Ruby. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ dev-ruby/rexml < 3.3.9 > = 3.3.9 Description =========== Multiple vulnerabilities have been discovered in REXML. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All REXML users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-ruby/rexml-3.3.9" References ========== [ 1 ] CVE-2024-35176 https://nvd.nist.gov/vuln/detail/CVE-2024-35176 [ 2 ] CVE-2024-39908 https://nvd.nist.gov/vuln/detail/CVE-2024-39908 [ 3 ] CVE-2024-41123 https://nvd.nist.gov/vuln/detail/CVE-2024-41123 [ 4 ] CVE-2024-41946 https://nvd.nist.gov/vuln/detail/CVE-2024-41946 [ 5 ] CVE-2024-43398 https://nvd.nist.gov/vuln/detail/CVE-2024-43398 [ 6 ] CVE-2024-49761 https://nvd.nist.gov/vuln/detail/CVE-2024-49761 Availability ============ This GLSA and any updates to it areavailable for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202507-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Multiple vulnerabilities have been discovered in NTP, the worst of which could lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple Vulnerabilities Date: July 08, 2025 Bugs: #904337 ID: 202507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in NTP, the worst of which could lead to the execution of arbitrary code. Background ========== NTP contains software for the Network Time Protocol. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ net-misc/ntp < 4.2.8_p16 > = 4.2.8_p16 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact ====== The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable to manipulated devices of that type, but not to remote attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/ntp-4.2.8_p16" References ========== [ 1 ] CVE-2023-26551 https://nvd.nist.gov/vuln/detail/CVE-2023-26551 [ 2 ] CVE-2023-26552 https://nvd.nist.gov/vuln/detail/CVE-2023-26552 [ 3 ] CVE-2023-26553 https://nvd.nist.gov/vuln/detail/CVE-2023-26553 [ 4 ] CVE-2023-26554 https://nvd.nist.gov/vuln/detail/CVE-2023-26554 [ 5 ]CVE-2023-26555 https://nvd.nist.gov/vuln/detail/CVE-2023-26555 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202507-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
A buffer overflow has been discovered in strongSwan, which can lead to remote code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202507-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: strongSwan: Buffer Overflow Date: July 08, 2025 Bugs: #920105 ID: 202507-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow has been discovered in strongSwan, which can lead to remote code execution. Background ========== strongSwan is an IPSec implementation for Linux. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------ net-vpn/strongswan < 5.9.13 > = 5.9.13 Description =========== Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact ====== A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. Workaround ========== There is no known workaround at this time. Resolution ========== All strongSwan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-vpn/strongswan-5.9.13" References ========== [ 1 ] CVE-2023-41913 https://nvd.nist.gov/vuln/detail/CVE-2023-41913 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202507-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concernsshould be addressed to
Get the latest Linux and open source security news straight to your inbox.