Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Base System
Packages
414
Stabilization
26
Outdated
21
Pull requests
42
Bugs
1093
Security
72
Changelog
Security Bug Reports
sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory
638434 - Assigned to Gentoo Security
<sys-apps/man-db-2.8.5: root privilege escalation through setuid executable and cron job
662438 - Assigned to Gentoo Security
app-arch/cpio: improper input validation when writing tar header fields leads to unexpected tar generation (CVE-2016-2037, CVE-2019-14866)
699456 - Assigned to Gentoo Security
sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)
714750 - Assigned to Gentoo Security
sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)
717714 - Assigned to Gentoo Security
net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)
786957 - Assigned to Gentoo Security
<net-misc/rsync-3.2.3-r5: improper TLS validation in rsync-ssl script (CVE-2020-14387)
792576 - Assigned to Gentoo Security
<sys-apps/util-linux-2.37.1-r1: buffer overflow (CVE-2021-37600)
806070 - Assigned to Gentoo Security
<dev-libs/nettle-3.7.3: denial of service (CVE-2021-3580)
806839 - Assigned to Gentoo Security
<app-backup/btrbk-0.31.2: remote execution in ssh_filter_btrbk.sh (CVE-2021-38173)
806962 - Assigned to Gentoo Security
<app-arch/cpio-2.13-r1: code execution via crafted pattern file (CVE-2021-38185)
807088 - Assigned to Gentoo Security
<net-dns/c-ares-1.17.2: missing validation on hostnames returned by DNS servers (CVE-2021-3672)
807604 - Assigned to Gentoo Security
<dev-libs/libxslt-1.1.34-r2: Use-after-free (CVE-2021-30560)
820722 - Assigned to Gentoo Security
sys-devel/patch: invalid free vulnerability
829835 - Assigned to Gentoo Security
<app-arch/unzip-6.0_p27: multiple vulnerabilities
831190 - Assigned to Gentoo Security
<net-libs/gnutls-3.7.3: Memory corruption in gnutls_x509_trust_list_verify_crt2()
831573 - Assigned to Gentoo Security
<sys-apps/util-linux-2.37.3: multiple vulnerabilities
831978 - Assigned to Gentoo Security
<sys-firmware/intel-microcode-20220207_p20220207: Multiple vulnerabilities
832985 - Assigned to Gentoo Security
<sys-apps/util-linux-2.37.4: Partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline
833365 - Assigned to Gentoo Security
dev-db/sqlite: record leakage
833451 - Assigned to Gentoo Security
<dev-libs/libxslt-1.1.35: use-after-free in xsltApplyTemplates
833508 - Assigned to Gentoo Security
<sys-apps/usbredir-0.12.0: use-after-free
834010 - Assigned to Gentoo Security
<sys-block/nbd-3.24: multiple vulnerabilities
834678 - Assigned to Gentoo Security
sys-fs/e2fsprogs: code execution via specially crafted filesystem
838388 - Assigned to Gentoo Security
<net-misc/rsync-3.2.4: Vulnerability in bundled zlib
838724 - Assigned to Gentoo Security
<sys-libs/ncurses-6.3_p20220423: segfaulting OOB read
839351 - Assigned to Gentoo Security
<sys-fs/fuse-exfat-1.4.0: deleted file information leak
842213 - Assigned to Gentoo Security
<dev-libs/libpcre2-10.40: multiple vulnerabilities
845195 - Assigned to Gentoo Security
<app-admin/logrotate-3.20.0: Unprivileged DoS via state file
847382 - Assigned to Gentoo Security
app-crypt/gnupg: denial of service issue (resource consumption) using compressed packets
861446 - Assigned to Gentoo Security
<net-libs/gnutls-3.7.7: Double free in PKCS7 signature verification
861803 - Assigned to Gentoo Security
dev-lang/yasm: multiple vulnerabilities
862112 - Assigned to Gentoo Security
<net-misc/rsync-3.2.5_pre1: Insufficient file list verification
862876 - Assigned to Gentoo Security
app-arch/unzip: null pointer dereference
866386 - Assigned to Gentoo Security
sys-apps/man2html: multiple vulnerabilities
869413 - Assigned to Gentoo Security
<sys-fs/multipath-tools-0.9.3: multiple vulnerabilities
878763 - Assigned to Gentoo Security
<sys-boot/grub-2.06-r4: multiple vulnerabilities
881413 - Assigned to Gentoo Security
<app-misc/ca-certificates-20211016.3.86: TrustCor removal
884805 - Assigned to Gentoo Security
<dev-db/sqlite-3.40.1: insufficient sandboxing of "safe" script execution
886029 - Assigned to Gentoo Security
<net-dialup/ppp-2.5.0: out-of-bounds read
887017 - Assigned to Gentoo Security
<net-misc/curl-7.87.0: multiple vulnerabilities
887745 - Assigned to Gentoo Security
<app-shells/bash-5.2_p15-r2: heap buffer overflow yielding "memory problems"
889878 - Assigned to Gentoo Security
<dev-util/pkgconf-1.8.1: Billion Laughs vulnerability
891647 - Assigned to Gentoo Security
<net-dns/c-ares-1.19.0: Stack overflow in ares_set_sortlist
892489 - Assigned to Gentoo Security
<sys-apps/less-608-r2: less -R filtering bypass
893530 - Assigned to Gentoo Security
<net-libs/gnutls-3.7.9: Bleichenbacher oracle in the TLS RSA key exchange
893880 - Assigned to Gentoo Security
<sys-firmware/intel-microcode-20230214_p20230212: Multiple vulnerabilities
894474 - Assigned to Gentoo Security
<net-misc/curl-7.88.0: Multiple vulnerabilities
894676 - Assigned to Gentoo Security
<app-arch/tar-1.34-r3: Heap buffer due to from_header() function performing an invalid read in list.c
898176 - Assigned to Gentoo Security
<app-admin/sudo-1.9.13_p2: double free with per-command chroot sudoers rules
898510 - Assigned to Gentoo Security
<net-misc/curl-8.0.1: Multiple vulnerabilities
902801 - Assigned to Gentoo Security
<dev-libs/libxml2-2.10.4: Multiple vulnerabilities
904202 - Assigned to Gentoo Security
<sys-libs/ncurses-6.4_p20230408: Multiple vulnerabilities
904247 - Assigned to Gentoo Security
<net-misc/ntp-4.2.8_p16: Multiple vulnerabilities
904337 - Assigned to Gentoo Security
<sys-apps/shadow-4.13-r3: passwd file manipulation via chfn
904518 - Assigned to Gentoo Security
<sys-apps/dmidecode-3.5: root privilege escalation via file overwrite
905093 - Assigned to Gentoo Security
<app-admin/sudo-1.9.13: multiple vulnerabilities
905322 - Assigned to Gentoo Security
<net-dns/c-ares-1.19.0: arbitrary length stack overflow
905341 - Assigned to Gentoo Security
<dev-libs/libxml2-2.11.1: Multiple vulnerabilities
905399 - Assigned to Gentoo Security
dev-db/sqlite: denial of service vulnerability
906114 - Assigned to Gentoo Security
<sys-libs/libcap-2.69: Multiple vulnerabilities
906461 - Assigned to Gentoo Security
<net-misc/curl-8.1.0: Multiple vulnerabilities
906590 - Assigned to Gentoo Security
<net-dns/c-ares-1.19.1: Multiple vulnerabilities
906964 - Assigned to Gentoo Security
<dev-libs/openssl-{1.1.1u, 3.0.9, 3.1.1}: Possible DoS translating ASN.1 object identifiers
907413 - Assigned to Gentoo Security
=dev-libs/nettle-3.9: Memory corruption in OCB handling
907673 - Assigned to Gentoo Security
<sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change
908613 - Assigned to Gentoo Security
<net-misc/openssh-9.3_p2: Remote code execution in ssh-agent PKCS#11 support
910553 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.9-r2, 3.1.1-r2}: Multiple vulnerabilities
910556 - Assigned to Gentoo Security
<net-misc/curl-8.2.0: fopen race condition (TOCTOU)
910564 - Assigned to Gentoo Security
<dev-libs/openssl-{1.1.1v, 3.0.10, 3.1.2}: Denial of service by excessive time spent checking DH keys and parameters
911560 - Assigned to Gentoo Security
<sys-process/procps-4.0.4: ps buffer overflow
913408 - Assigned to Gentoo Security
<net-misc/curl-8.3.0: denial of service via large memory consumption
914091 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.