Gentoo Project

Base System

Security Bug Reports

• sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory

  638434 - Assigned to Gentoo Security
• <sys-apps/man-db-2.8.5: root privilege escalation through setuid executable and cron job

  662438 - Assigned to Gentoo Security
• app-arch/cpio: improper input validation when writing tar header fields leads to unexpected tar generation (CVE-2016-2037, CVE-2019-14866)

  699456 - Assigned to Gentoo Security
• sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)

  714750 - Assigned to Gentoo Security
• sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)

  717714 - Assigned to Gentoo Security
• net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)

  786957 - Assigned to Gentoo Security
• <net-misc/rsync-3.2.3-r5: improper TLS validation in rsync-ssl script (CVE-2020-14387)

  792576 - Assigned to Gentoo Security
• <sys-apps/util-linux-2.37.1-r1: buffer overflow (CVE-2021-37600)

  806070 - Assigned to Gentoo Security
• <dev-libs/nettle-3.7.3: denial of service (CVE-2021-3580)

  806839 - Assigned to Gentoo Security
• <app-backup/btrbk-0.31.2: remote execution in ssh_filter_btrbk.sh (CVE-2021-38173)

  806962 - Assigned to Gentoo Security
• <app-arch/cpio-2.13-r1: code execution via crafted pattern file (CVE-2021-38185)

  807088 - Assigned to Gentoo Security
• <net-dns/c-ares-1.17.2: missing validation on hostnames returned by DNS servers (CVE-2021-3672)

  807604 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.34-r2: Use-after-free (CVE-2021-30560)

  820722 - Assigned to Gentoo Security
• sys-devel/patch: invalid free vulnerability

  829835 - Assigned to Gentoo Security
• <app-arch/unzip-6.0_p27: multiple vulnerabilities

  831190 - Assigned to Gentoo Security
• <net-libs/gnutls-3.7.3: Memory corruption in gnutls_x509_trust_list_verify_crt2()

  831573 - Assigned to Gentoo Security
• <sys-apps/util-linux-2.37.3: multiple vulnerabilities

  831978 - Assigned to Gentoo Security
• <sys-firmware/intel-microcode-20220207_p20220207: Multiple vulnerabilities

  832985 - Assigned to Gentoo Security
• <sys-apps/util-linux-2.37.4: Partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

  833365 - Assigned to Gentoo Security
• dev-db/sqlite: record leakage

  833451 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.35: use-after-free in xsltApplyTemplates

  833508 - Assigned to Gentoo Security
• <sys-apps/usbredir-0.12.0: use-after-free

  834010 - Assigned to Gentoo Security
• <sys-block/nbd-3.24: multiple vulnerabilities

  834678 - Assigned to Gentoo Security
• sys-fs/e2fsprogs: code execution via specially crafted filesystem

  838388 - Assigned to Gentoo Security
• <net-misc/rsync-3.2.4: Vulnerability in bundled zlib

  838724 - Assigned to Gentoo Security
• <sys-libs/ncurses-6.3_p20220423: segfaulting OOB read

  839351 - Assigned to Gentoo Security
• <sys-fs/fuse-exfat-1.4.0: deleted file information leak

  842213 - Assigned to Gentoo Security
• <dev-libs/libpcre2-10.40: multiple vulnerabilities

  845195 - Assigned to Gentoo Security
• <app-admin/logrotate-3.20.0: Unprivileged DoS via state file

  847382 - Assigned to Gentoo Security
• app-crypt/gnupg: denial of service issue (resource consumption) using compressed packets

  861446 - Assigned to Gentoo Security
• <net-libs/gnutls-3.7.7: Double free in PKCS7 signature verification

  861803 - Assigned to Gentoo Security
• dev-lang/yasm: multiple vulnerabilities

  862112 - Assigned to Gentoo Security
• <net-misc/rsync-3.2.5_pre1: Insufficient file list verification

  862876 - Assigned to Gentoo Security
• app-arch/unzip: null pointer dereference

  866386 - Assigned to Gentoo Security
• sys-apps/man2html: multiple vulnerabilities

  869413 - Assigned to Gentoo Security
• <sys-fs/multipath-tools-0.9.3: multiple vulnerabilities

  878763 - Assigned to Gentoo Security
• <sys-boot/grub-2.06-r4: multiple vulnerabilities

  881413 - Assigned to Gentoo Security
• <app-misc/ca-certificates-20211016.3.86: TrustCor removal

  884805 - Assigned to Gentoo Security
• <dev-db/sqlite-3.40.1: insufficient sandboxing of "safe" script execution

  886029 - Assigned to Gentoo Security
• <net-dialup/ppp-2.5.0: out-of-bounds read

  887017 - Assigned to Gentoo Security
• <net-misc/curl-7.87.0: multiple vulnerabilities

  887745 - Assigned to Gentoo Security
• <app-shells/bash-5.2_p15-r2: heap buffer overflow yielding "memory problems"

  889878 - Assigned to Gentoo Security
• <dev-util/pkgconf-1.8.1: Billion Laughs vulnerability

  891647 - Assigned to Gentoo Security
• <net-dns/c-ares-1.19.0: Stack overflow in ares_set_sortlist

  892489 - Assigned to Gentoo Security
• <sys-apps/less-608-r2: less -R filtering bypass

  893530 - Assigned to Gentoo Security
• <net-libs/gnutls-3.7.9: Bleichenbacher oracle in the TLS RSA key exchange

  893880 - Assigned to Gentoo Security
• <sys-firmware/intel-microcode-20230214_p20230212: Multiple vulnerabilities

  894474 - Assigned to Gentoo Security
• <net-misc/curl-7.88.0: Multiple vulnerabilities

  894676 - Assigned to Gentoo Security
• <app-arch/tar-1.34-r3: Heap buffer due to from_header() function performing an invalid read in list.c

  898176 - Assigned to Gentoo Security
• <app-admin/sudo-1.9.13_p2: double free with per-command chroot sudoers rules

  898510 - Assigned to Gentoo Security
• <net-misc/curl-8.0.1: Multiple vulnerabilities

  902801 - Assigned to Gentoo Security
• <dev-libs/libxml2-2.10.4: Multiple vulnerabilities

  904202 - Assigned to Gentoo Security
• <sys-libs/ncurses-6.4_p20230408: Multiple vulnerabilities

  904247 - Assigned to Gentoo Security
• <net-misc/ntp-4.2.8_p16: Multiple vulnerabilities

  904337 - Assigned to Gentoo Security
• <sys-apps/shadow-4.13-r3: passwd file manipulation via chfn

  904518 - Assigned to Gentoo Security
• <sys-apps/dmidecode-3.5: root privilege escalation via file overwrite

  905093 - Assigned to Gentoo Security
• <app-admin/sudo-1.9.13: multiple vulnerabilities

  905322 - Assigned to Gentoo Security
• <net-dns/c-ares-1.19.0: arbitrary length stack overflow

  905341 - Assigned to Gentoo Security
• <dev-libs/libxml2-2.11.1: Multiple vulnerabilities

  905399 - Assigned to Gentoo Security
• dev-db/sqlite: denial of service vulnerability

  906114 - Assigned to Gentoo Security
• <sys-libs/libcap-2.69: Multiple vulnerabilities

  906461 - Assigned to Gentoo Security
• <net-misc/curl-8.1.0: Multiple vulnerabilities

  906590 - Assigned to Gentoo Security
• <net-dns/c-ares-1.19.1: Multiple vulnerabilities

  906964 - Assigned to Gentoo Security
• <dev-libs/openssl-{1.1.1u, 3.0.9, 3.1.1}: Possible DoS translating ASN.1 object identifiers

  907413 - Assigned to Gentoo Security
• =dev-libs/nettle-3.9: Memory corruption in OCB handling

  907673 - Assigned to Gentoo Security
• <sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change

  908613 - Assigned to Gentoo Security
• <net-misc/openssh-9.3_p2: Remote code execution in ssh-agent PKCS#11 support

  910553 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.9-r2, 3.1.1-r2}: Multiple vulnerabilities

  910556 - Assigned to Gentoo Security
• <net-misc/curl-8.2.0: fopen race condition (TOCTOU)

  910564 - Assigned to Gentoo Security
• <dev-libs/openssl-{1.1.1v, 3.0.10, 3.1.2}: Denial of service by excessive time spent checking DH keys and parameters

  911560 - Assigned to Gentoo Security
• <sys-process/procps-4.0.4: ps buffer overflow

  913408 - Assigned to Gentoo Security
• <net-misc/curl-8.3.0: denial of service via large memory consumption

  914091 - Assigned to Gentoo Security