Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Base System
Packages
422
Stabilization
27
Outdated
52
Pull requests
53
Bugs
1095
Security
51
Changelog
Security Bug Reports
sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory
638434 - Assigned to Gentoo Security
sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)
714750 - Assigned to Gentoo Security
sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)
717714 - Assigned to Gentoo Security
net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)
786957 - Assigned to Gentoo Security
sys-devel/patch: invalid free vulnerability
829835 - Assigned to Gentoo Security
<net-libs/gnutls-3.7.3: Memory corruption in gnutls_x509_trust_list_verify_crt2()
831573 - Assigned to Gentoo Security
dev-db/sqlite: record leakage
833451 - Assigned to Gentoo Security
<sys-apps/usbredir-0.12.0: use-after-free
834010 - Assigned to Gentoo Security
<sys-fs/fuse-exfat-1.4.0: deleted file information leak
842213 - Assigned to Gentoo Security
<dev-libs/libpcre2-10.40: multiple vulnerabilities
845195 - Assigned to Gentoo Security
<app-admin/logrotate-3.20.0: Unprivileged DoS via state file
847382 - Assigned to Gentoo Security
app-crypt/gnupg: denial of service issue (resource consumption) using compressed packets
861446 - Assigned to Gentoo Security
<net-libs/gnutls-3.7.7: Double free in PKCS7 signature verification
861803 - Assigned to Gentoo Security
dev-lang/yasm: multiple vulnerabilities
862112 - Assigned to Gentoo Security
app-arch/unzip: null pointer dereference
866386 - Assigned to Gentoo Security
sys-apps/man2html: multiple vulnerabilities
869413 - Assigned to Gentoo Security
<app-misc/ca-certificates-20211016.3.86: TrustCor removal
884805 - Assigned to Gentoo Security
<net-dialup/ppp-2.5.0: out-of-bounds read
887017 - Assigned to Gentoo Security
<app-shells/bash-5.2_p15-r2: heap buffer overflow yielding "memory problems"
889878 - Assigned to Gentoo Security
<dev-util/pkgconf-1.8.1: Billion Laughs vulnerability
891647 - Assigned to Gentoo Security
<net-libs/gnutls-3.7.9: Bleichenbacher oracle in the TLS RSA key exchange
893880 - Assigned to Gentoo Security
<sys-libs/ncurses-6.4_p20230408, <sys-libs/ncurses-compat-6.4_p20240330: Multiple vulnerabilities
904247 - Assigned to Gentoo Security
<net-misc/ntp-4.2.8_p16: Multiple vulnerabilities
904337 - Assigned to Gentoo Security
<sys-apps/shadow-4.13-r3: passwd file manipulation via chfn
904518 - Assigned to Gentoo Security
<sys-libs/libcap-2.69: Multiple vulnerabilities
906461 - Assigned to Gentoo Security
<sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change
908613 - Assigned to Gentoo Security
<sys-process/procps-4.0.4: ps buffer overflow
913408 - Assigned to Gentoo Security
<sys-boot/grub-2.06-r9: Multiple vulnerabilities
915131 - Assigned to Gentoo Security
<net-libs/libtirpc-1.3.4: Multiple vulnerabilities
915404 - Assigned to Gentoo Security
<sys-fs/exfatprogs-1.2.2: OOB read
916507 - Assigned to Gentoo Security
<sys-libs/minizip-ng-4.0.3: Buffer Overflow vulnerability
917762 - Assigned to Gentoo Security
<net-libs/gnutls-3.8.2: timing sidechannel in RSA-PSK key exchange
918663 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.13, 3.1.5, 3.2.1}: multiple vulnerabilities
921684 - Assigned to Gentoo Security
<net-libs/gnutls-3.8.3: Multiple vulnerabilities
922262 - Assigned to Gentoo Security
<sys-libs/pam-1.6.1: local denial of service vulnerability in `pam_namespace.so`
922397 - Assigned to Gentoo Security
<sys-apps/coreutils-9.4-r1: split heap buffer overflow vulnerability
922474 - Assigned to Gentoo Security
<net-libs/gnutls-3.8.5: multiple vulnerabilities
927557 - Assigned to Gentoo Security
<sys-apps/util-linux-2.39.3-r6[tty-helpers]: wall escape sequence issues
927980 - Assigned to Gentoo Security
<sys-apps/coreutils-9.5: chmod -R TOCTOU vulnerability
928062 - Assigned to Gentoo Security
<sys-apps/less-643-r2: LESSOPEN handling is unsafe on untrusted names, arbitrary code execution
929210 - Assigned to Gentoo Security
<net-misc/wget-1.24.5: cookie leakage with HSTS and subdomains
930041 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.13-r1, 3.1.5-r2, 3.2.1-r2}: Unbounded memory growth with session handling in TLSv1.3
930047 - Assigned to Gentoo Security
<dev-libs/libxml2-{2.11.8, 2.12.7}: Buffer overread with xmllint --htmlout
931977 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.14, 3.1.6, 3.2.2}: Checking excessively long DSA keys or parameters may be very slow
932317 - Assigned to Gentoo Security
<net-misc/curl-8.9.1: ASN.1 date parser overread
937125 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.15, 3.1.7, 3.2.3, 3.3.2}: denial of service
939110 - Assigned to Gentoo Security
<dev-libs/openssl-{3.0.15-r1, 3.1.7-r1, 3.2.3-r1, 3.3.2-r1}: Low-level invalid GF(2^m) parameters lead to OOB memory access
941643 - Assigned to Gentoo Security
sys-libs/pam: password leakage via speculative ROP chain
942075 - Assigned to Gentoo Security
net-misc/curl: HSTS subdomain overwrites parent cache entry
942952 - Assigned to Gentoo Security
dev-libs/libxml2: Regression in consumer protection from CVE-2012-0037
943198 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.