Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Base System
Packages
429
Stabilization
25
Outdated
47
Pull requests
8
Bugs
1108
Security
59
Changelog
Security Bug Reports
sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory
638434 - Assigned to Gentoo Security
sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)
714750 - Assigned to Gentoo Security
sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)
717714 - Assigned to Gentoo Security
net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)
786957 - Assigned to Gentoo Security
sys-devel/patch: invalid free vulnerability
829835 - Assigned to Gentoo Security
dev-db/sqlite: record leakage
833451 - Assigned to Gentoo Security
<sys-apps/usbredir-0.12.0: use-after-free
834010 - Assigned to Gentoo Security
<sys-fs/fuse-exfat-1.4.0: deleted file information leak
842213 - Assigned to Gentoo Security
<dev-libs/libpcre2-10.40: multiple vulnerabilities
845195 - Assigned to Gentoo Security
<app-admin/logrotate-3.20.0: Unprivileged DoS via state file
847382 - Assigned to Gentoo Security
app-crypt/gnupg: denial of service issue (resource consumption) using compressed packets
861446 - Assigned to Gentoo Security
dev-lang/yasm: multiple vulnerabilities
862112 - Assigned to Gentoo Security
app-arch/unzip: null pointer dereference
866386 - Assigned to Gentoo Security
sys-apps/man2html: multiple vulnerabilities
869413 - Assigned to Gentoo Security
<app-misc/ca-certificates-20211016.3.86: TrustCor removal
884805 - Assigned to Gentoo Security
<app-shells/bash-5.2_p15-r2: heap buffer overflow yielding "memory problems"
889878 - Assigned to Gentoo Security
<dev-util/pkgconf-1.8.1: Billion Laughs vulnerability
891647 - Assigned to Gentoo Security
<sys-libs/ncurses-6.4_p20230408, <sys-libs/ncurses-compat-6.4_p20240330: Multiple vulnerabilities
904247 - Assigned to Gentoo Security
<net-misc/ntp-4.2.8_p16: Multiple vulnerabilities
904337 - Assigned to Gentoo Security
<sys-apps/shadow-4.13-r3: passwd file manipulation via chfn
904518 - Assigned to Gentoo Security
<sys-libs/libcap-2.69: Multiple vulnerabilities
906461 - Assigned to Gentoo Security
<sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change
908613 - Assigned to Gentoo Security
<sys-process/procps-4.0.4: ps buffer overflow
913408 - Assigned to Gentoo Security
<sys-boot/grub-2.06-r9: Multiple vulnerabilities
915131 - Assigned to Gentoo Security
<net-libs/libtirpc-1.3.4: Multiple vulnerabilities
915404 - Assigned to Gentoo Security
<sys-fs/exfatprogs-1.2.2: OOB read
916507 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.13, 3.1.5, 3.2.1}: multiple vulnerabilities
921684 - Assigned to Gentoo Security
<sys-apps/coreutils-9.4-r1: split heap buffer overflow vulnerability
922474 - Assigned to Gentoo Security
<sys-apps/util-linux-2.39.3-r6[tty-helpers]: wall escape sequence issues
927980 - Assigned to Gentoo Security
<sys-apps/coreutils-9.5: chmod -R TOCTOU vulnerability
928062 - Assigned to Gentoo Security
<sys-apps/less-643-r2: LESSOPEN handling is unsafe on untrusted names, arbitrary code execution
929210 - Assigned to Gentoo Security
<net-misc/wget-1.24.5: cookie leakage with HSTS and subdomains
930041 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.13-r1, 3.1.5-r2, 3.2.1-r2}: Unbounded memory growth with session handling in TLSv1.3
930047 - Assigned to Gentoo Security
<dev-libs/libxml2-{2.11.8, 2.12.7}: Buffer overread with xmllint --htmlout
931977 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.14, 3.1.6, 3.2.2}: Checking excessively long DSA keys or parameters may be very slow
932317 - Assigned to Gentoo Security
<net-misc/curl-8.9.1: ASN.1 date parser overread
937125 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.15, 3.1.7, 3.2.3, 3.3.2}: denial of service
939110 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.15-r1, 3.1.7-r1, 3.2.3-r1, 3.3.2-r1}: Low-level invalid GF(2^m) parameters lead to OOB memory access
941643 - Assigned to Gentoo Security
<net-misc/curl-8.11.0: HSTS subdomain overwrites parent cache entry
942952 - Assigned to Gentoo Security
<dev-libs/libxml2-{2.11.9, 2.12.9}: Regression in consumer protection from CVE-2012-0037
943198 - Assigned to Gentoo Security
<net-misc/wget-1.25.0: Vulnerability with shorthand FTP URLs
943275 - Assigned to Gentoo Security
<net-misc/curl-8.11.1: netrc and redirect credential leak
946291 - Assigned to Gentoo Security
<dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: Timing side-channel in ECDSA signature computation
948515 - Assigned to Gentoo Security
<net-misc/curl-8.12.0: multiple vulnerabilities
949330 - Assigned to Gentoo Security
<net-misc/curl-8.0.13: Lack of validation with missing known_hosts for SCP and SFTP
949342 - Assigned to Gentoo Security
<net-libs/gnutls-3.8.9: Denial of service
949496 - Assigned to Gentoo Security
<dev-libs/libtasn1-4.20.0: Denial of service
949497 - Assigned to Gentoo Security
<dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: RFC7250 handshakes with unauthenticated servers don't abort as expected
949620 - Assigned to Gentoo Security
<net-misc/openssh-9.9_p2: Multiple vulnerabilities
949904 - Assigned to Gentoo Security
<dev-libs/libxml2-{2.12.10, 2.13.6}: Multiple vulnerabilities
949914 - Assigned to Gentoo Security
sys-boot/grub: Multiple vulnerabilities
950250 - Assigned to Gentoo Security
<dev-libs/libxslt-1.1.43: Multiple vulnerabilities
951265 - Assigned to Gentoo Security
sys-libs/libcap: Possible privilege escalation with "@"-prefixed groups
951333 - Assigned to Gentoo Security
<sys-process/atop-2.11.1: heap corruption
952921 - Assigned to Gentoo Security
<net-misc/openssh-10.0_p1: DisableForwarding doesn't have documented effect
953746 - Assigned to Gentoo Security
<net-dns/c-ares-1.34.5: Use after free in read_answers()
953870 - Assigned to Gentoo Security
<dev-libs/libxml2-2.13.8[python]: Multiple vulnerabilities
953961 - Assigned to Gentoo Security
<dev-db/sqlite-3.49.2: Crash via malicious CREATE TABLE statements
955819 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.