Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Base System
Packages
433
Stabilization
0
Outdated
34
Pull requests
41
Bugs
1028
Security
65
Changelog
Security Bug Reports
sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory
638434 - Assigned to Gentoo Security
sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)
714750 - Assigned to Gentoo Security
sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)
717714 - Assigned to Gentoo Security
net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)
786957 - Assigned to Gentoo Security
sys-devel/patch: invalid free vulnerability
829835 - Assigned to Gentoo Security
dev-db/sqlite: record leakage
833451 - Assigned to Gentoo Security
<sys-apps/usbredir-0.12.0: use-after-free
834010 - Assigned to Gentoo Security
<sys-fs/fuse-exfat-1.4.0: deleted file information leak
842213 - Assigned to Gentoo Security
<dev-libs/libpcre2-10.40: multiple vulnerabilities
845195 - Assigned to Gentoo Security
<app-admin/logrotate-3.20.0: Unprivileged DoS via state file
847382 - Assigned to Gentoo Security
app-crypt/gnupg: denial of service issue (resource consumption) using compressed packets
861446 - Assigned to Gentoo Security
dev-lang/yasm: multiple vulnerabilities
862112 - Assigned to Gentoo Security
app-arch/unzip: null pointer dereference
866386 - Assigned to Gentoo Security
sys-apps/man2html: multiple vulnerabilities
869413 - Assigned to Gentoo Security
<app-misc/ca-certificates-20211016.3.86: TrustCor removal
884805 - Assigned to Gentoo Security
<app-shells/bash-5.2_p15-r2: heap buffer overflow yielding "memory problems"
889878 - Assigned to Gentoo Security
<dev-util/pkgconf-1.8.1: Billion Laughs vulnerability
891647 - Assigned to Gentoo Security
<sys-libs/ncurses-6.4_p20230408, <sys-libs/ncurses-compat-6.4_p20240330: Multiple vulnerabilities
904247 - Assigned to Gentoo Security
<sys-apps/shadow-4.13-r3: passwd file manipulation via chfn
904518 - Assigned to Gentoo Security
<sys-libs/libcap-2.69: Multiple vulnerabilities
906461 - Assigned to Gentoo Security
<sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change
908613 - Assigned to Gentoo Security
<sys-process/procps-4.0.4: ps buffer overflow
913408 - Assigned to Gentoo Security
<sys-boot/grub-2.06-r9: Multiple vulnerabilities
915131 - Assigned to Gentoo Security
<net-libs/libtirpc-1.3.4: Multiple vulnerabilities
915404 - Assigned to Gentoo Security
<sys-fs/exfatprogs-1.2.2: OOB read
916507 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.13, 3.1.5, 3.2.1}: multiple vulnerabilities
921684 - Assigned to Gentoo Security
<sys-apps/coreutils-9.4-r1: split heap buffer overflow vulnerability
922474 - Assigned to Gentoo Security
<sys-apps/util-linux-2.39.3-r6[tty-helpers]: wall escape sequence issues
927980 - Assigned to Gentoo Security
<sys-apps/coreutils-9.5: chmod -R TOCTOU vulnerability
928062 - Assigned to Gentoo Security
<sys-apps/less-643-r2: LESSOPEN handling is unsafe on untrusted names, arbitrary code execution
929210 - Assigned to Gentoo Security
<net-misc/wget-1.24.5: cookie leakage with HSTS and subdomains
930041 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.13-r1, 3.1.5-r2, 3.2.1-r2}: Unbounded memory growth with session handling in TLSv1.3
930047 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.14, 3.1.6, 3.2.2}: Checking excessively long DSA keys or parameters may be very slow
932317 - Assigned to Gentoo Security
<net-misc/curl-8.9.1: ASN.1 date parser overread
937125 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.15, 3.1.7, 3.2.3, 3.3.2}: denial of service
939110 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.15-r1, 3.1.7-r1, 3.2.3-r1, 3.3.2-r1}: Low-level invalid GF(2^m) parameters lead to OOB memory access
941643 - Assigned to Gentoo Security
<net-misc/curl-8.11.0: HSTS subdomain overwrites parent cache entry
942952 - Assigned to Gentoo Security
<net-misc/wget-1.25.0: Vulnerability with shorthand FTP URLs
943275 - Assigned to Gentoo Security
<net-misc/curl-8.11.1: netrc and redirect credential leak
946291 - Assigned to Gentoo Security
<dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: Timing side-channel in ECDSA signature computation
948515 - Assigned to Gentoo Security
<net-misc/curl-8.12.0: multiple vulnerabilities
949330 - Assigned to Gentoo Security
<net-misc/curl-8.13.0: Lack of validation with missing known_hosts for SCP and SFTP
949342 - Assigned to Gentoo Security
<dev-libs/libtasn1-4.20.0: Denial of service
949497 - Assigned to Gentoo Security
<dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: RFC7250 handshakes with unauthenticated servers don't abort as expected
949620 - Assigned to Gentoo Security
<net-misc/openssh-9.9_p2: Multiple vulnerabilities
949904 - Assigned to Gentoo Security
sys-boot/grub: Multiple vulnerabilities
950250 - Assigned to Gentoo Security
<dev-libs/libxslt-1.1.43: Multiple vulnerabilities
951265 - Assigned to Gentoo Security
<sys-libs/libcap-2.76: Possible privilege escalation with "@"-prefixed groups
951333 - Assigned to Gentoo Security
<sys-process/atop-2.11.1: heap corruption
952921 - Assigned to Gentoo Security
<net-misc/openssh-10.0_p1: DisableForwarding doesn't have documented effect
953746 - Assigned to Gentoo Security
<net-dns/c-ares-1.34.5: Use after free in read_answers()
953870 - Assigned to Gentoo Security
<dev-db/sqlite-3.49.2: Crash via malicious CREATE TABLE statements
955819 - Assigned to Gentoo Security
sys-apps/coreutils: Buffer overflow in sort
956995 - Assigned to Gentoo Security
<net-misc/iputils-20250605: Multiple vulnerabilities
957594 - Assigned to Gentoo Security
<sys-process/procps-4.0.5-r1: Vulnerability with legacy configuration files in top
958286 - Assigned to Gentoo Security
<sys-libs/pam-1.7.1: Multiple vulnerabilities
958320 - Assigned to Gentoo Security
<dev-libs/openssl-{3.4.2, 3.5.1}: x509 tool has buggy -addreject option
959654 - Assigned to Gentoo Security
<net-libs/gnutls-3.8.10: Multiple vulnerabilities
959840 - Assigned to Gentoo Security
<dev-db/sqlite-3.50.3: Possible memory safety issue
960691 - Assigned to Gentoo Security
<net-misc/curl-8.16.0: multiple vulnerabilities
962682 - Assigned to Gentoo Security
<dev-libs/libxml2-2.13.9: Multiple vulnerabilities
962684 - Assigned to Gentoo Security
<dev-libs/libpcre2-10.46: Out-of-bounds read with attacker-controlled regex pattern
962686 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.18, 3.2.6, 3.3.5, 3.4.3, 3.5.4}: Multiple vulnerabilities
963644 - Assigned to Gentoo Security
<net-misc/openssh-10.1_p1: Control characters allowed on command line / via configuration
963869 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.