Gentoo 2508 Published by

The following updates has been released for Gentoo Linux:

[ GLSA 201603-03 ] Roundcube: Multiple Vulnerabilities
[ GLSA 201603-06 ] FFmpeg: Multiple vulnerabilities
[ GLSA 201603-07 ] Adobe Flash Player: Multiple vulnerabilities
[ GLSA 201603-08 ] VLC: Multiple vulnerabilities
[ GLSA 201603-09 ] Chromium: Multiple vulnerabilities
[ GLSA 201603-10 ] QtGui: Multiple vulnerabilities
[ GLSA 201603-11 ] Oracle JRE/JDK: Multiple vulnerabilities
[ GLSA 201603-12 ] FlightGear, SimGear: Multiple vulnerabilities
[ GLSA 201603-13 ] Libreswan: Multiple Vulnerabilities
[ GLSA 201603-14 ] IcedTea: Multiple vulnerabilities



[ GLSA 201603-03 ] Roundcube: Multiple Vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Roundcube: Multiple Vulnerabilities
Date: March 09, 2016
Bugs: #554866, #564476, #570336
ID: 201603-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Roundcube allowing remote
authenticated users to execute arbitrary code, inject arbitrary web
scripts, and perform cross-site scripting (XSS).

Background
==========

Free and open source webmail software for the masses, written in PHP.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-client/roundcube < 1.1.4 >= 1.1.4

Description
===========

Remote authenticated users with certain permissions can read arbitrary
files or possibly execute arbitrary code via .. in the _skin parameter
to index.php. Additionally, a cross-site scripting (XSS) vulnerability
in program/js/app.js allows remote authenticated users to inject
arbitrary web script or HTML via the file name in a drag-n-drop file
upload.

Impact
======

A remote authenticated user could possibly execute arbitrary code with
the privileges of the process, inject arbitrary web scripts or HTML,
read arbitrary files, or perform XSS.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Roundcube users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/roundcube-1.1.4”

References
==========

[ 1 ] CVE-2015-8105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8105
[ 2 ] CVE-2015-8770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8770

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-03

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-06 ] FFmpeg: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: FFmpeg: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #485228, #486692, #488052, #492742, #493452, #494038,
#515282, #520132, #536218, #537558, #548006, #553734
ID: 201603-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in FFmpeg, the worst of which
could lead to arbitrary code execution or Denial of Service condition.

Background
==========

FFmpeg is a complete, cross-platform solution to record, convert and
stream audio and video.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-video/ffmpeg < 2.6.3 >= 2.6.3

Description
===========

Multiple vulnerabilities have been discovered in FFmpeg. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could possibly execute arbitrary code or cause a
Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All FFmpeg users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.6.3"

References
==========

[ 1 ] CVE-2013-0860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0860
[ 2 ] CVE-2013-0861
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0861
[ 3 ] CVE-2013-0862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0862
[ 4 ] CVE-2013-0863
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0863
[ 5 ] CVE-2013-0864
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0864
[ 6 ] CVE-2013-0865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0865
[ 7 ] CVE-2013-0866
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0866
[ 8 ] CVE-2013-0867
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0867
[ 9 ] CVE-2013-0868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0868
[ 10 ] CVE-2013-0872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0872
[ 11 ] CVE-2013-0873
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0873
[ 12 ] CVE-2013-0874
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0874
[ 13 ] CVE-2013-0875
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0875
[ 14 ] CVE-2013-0876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0876
[ 15 ] CVE-2013-0877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0877
[ 16 ] CVE-2013-0878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0878
[ 17 ] CVE-2013-4263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4263
[ 18 ] CVE-2013-4264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4264
[ 19 ] CVE-2013-4265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4265
[ 20 ] CVE-2013-7008
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008
[ 21 ] CVE-2013-7009
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009
[ 22 ] CVE-2013-7010
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010
[ 23 ] CVE-2013-7011
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011
[ 24 ] CVE-2013-7012
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012
[ 25 ] CVE-2013-7013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013
[ 26 ] CVE-2013-7014
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014
[ 27 ] CVE-2013-7015
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015
[ 28 ] CVE-2013-7016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016
[ 29 ] CVE-2013-7017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017
[ 30 ] CVE-2013-7018
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018
[ 31 ] CVE-2013-7019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019
[ 32 ] CVE-2013-7020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020
[ 33 ] CVE-2013-7021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021
[ 34 ] CVE-2013-7022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022
[ 35 ] CVE-2013-7023
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023
[ 36 ] CVE-2013-7024
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024
[ 37 ] CVE-2014-2097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2097
[ 38 ] CVE-2014-2098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2098
[ 39 ] CVE-2014-2263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2263
[ 40 ] CVE-2014-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5271
[ 41 ] CVE-2014-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5272
[ 42 ] CVE-2014-7937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
[ 43 ] CVE-2014-8541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8541
[ 44 ] CVE-2014-8542
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8542
[ 45 ] CVE-2014-8543
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8543
[ 46 ] CVE-2014-8544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8544
[ 47 ] CVE-2014-8545
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8545
[ 48 ] CVE-2014-8546
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8546
[ 49 ] CVE-2014-8547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8547
[ 50 ] CVE-2014-8548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8548
[ 51 ] CVE-2014-8549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8549
[ 52 ] CVE-2014-9316
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9316
[ 53 ] CVE-2014-9317
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9317
[ 54 ] CVE-2014-9318
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9318
[ 55 ] CVE-2014-9319
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9319
[ 56 ] CVE-2014-9602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9602
[ 57 ] CVE-2014-9603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9603
[ 58 ] CVE-2014-9604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9604
[ 59 ] CVE-2015-3395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-06

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-07 ] Adobe Flash Player: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #574284, #576980
ID: 201603-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.

Background
==========

The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-plugins/adobe-flash < 11.2.202.577 >= 11.2.202.577

Description
===========

Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Adobe Flash Player users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"

References
==========

[ 1 ] CVE-2016-0960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960
[ 2 ] CVE-2016-0961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961
[ 3 ] CVE-2016-0962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962
[ 4 ] CVE-2016-0963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963
[ 5 ] CVE-2016-0964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964
[ 6 ] CVE-2016-0965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965
[ 7 ] CVE-2016-0966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966
[ 8 ] CVE-2016-0967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967
[ 9 ] CVE-2016-0968
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968
[ 10 ] CVE-2016-0969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969
[ 11 ] CVE-2016-0970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970
[ 12 ] CVE-2016-0971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971
[ 13 ] CVE-2016-0972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972
[ 14 ] CVE-2016-0973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973
[ 15 ] CVE-2016-0974
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974
[ 16 ] CVE-2016-0975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975
[ 17 ] CVE-2016-0976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976
[ 18 ] CVE-2016-0977
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977
[ 19 ] CVE-2016-0978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978
[ 20 ] CVE-2016-0979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979
[ 21 ] CVE-2016-0980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980
[ 22 ] CVE-2016-0981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981
[ 23 ] CVE-2016-0982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982
[ 24 ] CVE-2016-0983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983
[ 25 ] CVE-2016-0984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984
[ 26 ] CVE-2016-0985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985
[ 27 ] CVE-2016-0986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986
[ 28 ] CVE-2016-0987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987
[ 29 ] CVE-2016-0988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988
[ 30 ] CVE-2016-0989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989
[ 31 ] CVE-2016-0990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990
[ 32 ] CVE-2016-0991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991
[ 33 ] CVE-2016-0992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992
[ 34 ] CVE-2016-0993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993
[ 35 ] CVE-2016-0994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994
[ 36 ] CVE-2016-0995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995
[ 37 ] CVE-2016-0996
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996
[ 38 ] CVE-2016-0997
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997
[ 39 ] CVE-2016-0998
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998
[ 40 ] CVE-2016-0999
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999
[ 41 ] CVE-2016-1000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000
[ 42 ] CVE-2016-1001
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001
[ 43 ] CVE-2016-1002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002
[ 44 ] CVE-2016-1005
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005
[ 45 ] CVE-2016-1010
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-07

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-08 ] VLC: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: VLC: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #534532, #537154, #542222, #558418
ID: 201603-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in VLC allowing remote
attackers to execute arbitrary code or cause Denial of Service.

Background
==========

VLC is a cross-platform media player and streaming server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-video/vlc < 2.2.1-r1 >= 2.2.1-r1

Description
===========

Multiple vulnerabilities have been discovered in VLC. Please review the
CVE identifiers referenced below for details.

Impact
======

Remote attackers could possibly execute arbitrary code or cause Denial
of Service.

Workaround
==========

There is no known work around at this time.

Resolution
==========

All VLC users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/vlc-2.2.1-r1"

References
==========

[ 1 ] CVE-2014-1684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1684
[ 2 ] CVE-2014-6440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6440
[ 3 ] CVE-2014-9597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9597
[ 4 ] CVE-2014-9598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9598
[ 5 ] CVE-2014-9625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9625
[ 6 ] CVE-2014-9626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626
[ 7 ] CVE-2014-9627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627
[ 8 ] CVE-2014-9628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628
[ 9 ] CVE-2014-9629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629
[ 10 ] CVE-2014-9630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630
[ 11 ] CVE-2015-1202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1202
[ 12 ] CVE-2015-1203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1203
[ 13 ] CVE-2015-5949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949
[ 14 ] CVE-2015-5949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-08

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-09 ] Chromium: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #555640, #559384, #561448, #563098, #565510, #567308,
#567870, #568396, #572542, #574416, #575434, #576354, #576858
ID: 201603-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 49.0.2623.87 >= 49.0.2623.87

Description
===========

Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-49.0.2623.87"

References
==========

[ 1 ] CVE-2015-1270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270
[ 2 ] CVE-2015-1271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271
[ 3 ] CVE-2015-1272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272
[ 4 ] CVE-2015-1273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273
[ 5 ] CVE-2015-1274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274
[ 6 ] CVE-2015-1275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275
[ 7 ] CVE-2015-1276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276
[ 8 ] CVE-2015-1277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277
[ 9 ] CVE-2015-1278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278
[ 10 ] CVE-2015-1279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279
[ 11 ] CVE-2015-1280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280
[ 12 ] CVE-2015-1281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281
[ 13 ] CVE-2015-1282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282
[ 14 ] CVE-2015-1283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283
[ 15 ] CVE-2015-1284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284
[ 16 ] CVE-2015-1285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285
[ 17 ] CVE-2015-1286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286
[ 18 ] CVE-2015-1287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287
[ 19 ] CVE-2015-1288
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288
[ 20 ] CVE-2015-1289
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289
[ 21 ] CVE-2015-1291
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291
[ 22 ] CVE-2015-1292
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292
[ 23 ] CVE-2015-1293
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293
[ 24 ] CVE-2015-1294
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294
[ 25 ] CVE-2015-1295
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295
[ 26 ] CVE-2015-1296
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296
[ 27 ] CVE-2015-1297
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297
[ 28 ] CVE-2015-1298
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298
[ 29 ] CVE-2015-1299
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299
[ 30 ] CVE-2015-1300
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300
[ 31 ] CVE-2015-1302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302
[ 32 ] CVE-2015-1303
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303
[ 33 ] CVE-2015-1304
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304
[ 34 ] CVE-2015-6755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755
[ 35 ] CVE-2015-6756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756
[ 36 ] CVE-2015-6757
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757
[ 37 ] CVE-2015-6758
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758
[ 38 ] CVE-2015-6759
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759
[ 39 ] CVE-2015-6760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760
[ 40 ] CVE-2015-6761
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761
[ 41 ] CVE-2015-6762
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762
[ 42 ] CVE-2015-6763
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763
[ 43 ] CVE-2015-6764
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764
[ 44 ] CVE-2015-6765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765
[ 45 ] CVE-2015-6766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766
[ 46 ] CVE-2015-6767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767
[ 47 ] CVE-2015-6768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768
[ 48 ] CVE-2015-6769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769
[ 49 ] CVE-2015-6770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770
[ 50 ] CVE-2015-6771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771
[ 51 ] CVE-2015-6772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772
[ 52 ] CVE-2015-6773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773
[ 53 ] CVE-2015-6774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774
[ 54 ] CVE-2015-6775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775
[ 55 ] CVE-2015-6776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776
[ 56 ] CVE-2015-6777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777
[ 57 ] CVE-2015-6778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778
[ 58 ] CVE-2015-6779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779
[ 59 ] CVE-2015-6780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780
[ 60 ] CVE-2015-6781
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781
[ 61 ] CVE-2015-6782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782
[ 62 ] CVE-2015-6783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783
[ 63 ] CVE-2015-6784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784
[ 64 ] CVE-2015-6785
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785
[ 65 ] CVE-2015-6786
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786
[ 66 ] CVE-2015-6787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787
[ 67 ] CVE-2015-6788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788
[ 68 ] CVE-2015-6789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789
[ 69 ] CVE-2015-6790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790
[ 70 ] CVE-2015-6791
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791
[ 71 ] CVE-2015-6792
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792
[ 72 ] CVE-2015-8126
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126
[ 73 ] CVE-2016-1612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612
[ 74 ] CVE-2016-1613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613
[ 75 ] CVE-2016-1614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614
[ 76 ] CVE-2016-1615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615
[ 77 ] CVE-2016-1616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616
[ 78 ] CVE-2016-1617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617
[ 79 ] CVE-2016-1618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618
[ 80 ] CVE-2016-1619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619
[ 81 ] CVE-2016-1620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620
[ 82 ] CVE-2016-1621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621
[ 83 ] CVE-2016-1622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622
[ 84 ] CVE-2016-1623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623
[ 85 ] CVE-2016-1624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624
[ 86 ] CVE-2016-1625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625
[ 87 ] CVE-2016-1626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626
[ 88 ] CVE-2016-1627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627
[ 89 ] CVE-2016-1628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628
[ 90 ] CVE-2016-1629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629
[ 91 ] CVE-2016-1630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630
[ 92 ] CVE-2016-1631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631
[ 93 ] CVE-2016-1632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632
[ 94 ] CVE-2016-1633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633
[ 95 ] CVE-2016-1634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634
[ 96 ] CVE-2016-1635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635
[ 97 ] CVE-2016-1636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636
[ 98 ] CVE-2016-1637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637
[ 99 ] CVE-2016-1638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638
[ 100 ] CVE-2016-1639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639
[ 101 ] CVE-2016-1640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640
[ 102 ] CVE-2016-1641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-09

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-10 ] QtGui: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: QtGui: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #546174
ID: 201603-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in QtGui allowing remote
attackers to execute arbitrary code or cause Denial of Service.

Background
==========

QtGui is the GUI module and platform plugins for the Qt framework

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-qt/qtgui < 5.4.1-r1 *>= 4.8.7
*>= 4.8.6-r4
>= 5.4.1-r1

Description
===========

Multiple buffer overflow vulnerabilities have been discovered in QtGui.
It is possible for remote attackers to construct specially crafted BMP,
ICO, or GIF images that lead to buffer overflows. After successfully
overflowing the buffer the remote attacker can then cause a Denial of
Service or execute arbitrary code.

Impact
======

A remote attacker could possibly execute arbitrary code or cause Denial
of Service.

Workaround
==========

There is no known work around at this time.

Resolution
==========

All QtGui 4.8 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.6-r4"

All QtGui 5.4 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.4.1-r1"

References
==========

[ 1 ] CVE-2015-1858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1858
[ 2 ] CVE-2015-1859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1859
[ 3 ] CVE-2015-1860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1860

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-10

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-11 ] Oracle JRE/JDK: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #525472, #540054, #546678, #554886, #563684, #572432
ID: 201603-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Oracle's JRE and JDK
software suites allowing remote attackers to remotely execute arbitrary
code, obtain information, and cause Denial of Service.

Background
==========

Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today's
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that today's
applications require.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/oracle-jre-bin < 1.8.0.72 >= 1.8.0.72
2 dev-java/oracle-jdk-bin < 1.8.0.72 >= 1.8.0.72
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple vulnerabilities exist in both Oracle's JRE and JDK. Please
review the referenced CVE's for additional information.

Impact
======

Remote attackers could gain access to information, remotely execute
arbitrary code, and cause Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Oracle JRE Users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.72"

All Oracle JDK Users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.72"

References
==========

[ 1 ] CVE-2015-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437
[ 2 ] CVE-2015-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437
[ 3 ] CVE-2015-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458
[ 4 ] CVE-2015-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459
[ 5 ] CVE-2015-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460
[ 6 ] CVE-2015-0469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469
[ 7 ] CVE-2015-0470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470
[ 8 ] CVE-2015-0477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477
[ 9 ] CVE-2015-0478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478
[ 10 ] CVE-2015-0480
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480
[ 11 ] CVE-2015-0484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484
[ 12 ] CVE-2015-0486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486
[ 13 ] CVE-2015-0488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488
[ 14 ] CVE-2015-0491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491
[ 15 ] CVE-2015-0492
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492
[ 16 ] CVE-2015-2590
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590
[ 17 ] CVE-2015-2601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601
[ 18 ] CVE-2015-2613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613
[ 19 ] CVE-2015-2619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619
[ 20 ] CVE-2015-2621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621
[ 21 ] CVE-2015-2625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625
[ 22 ] CVE-2015-2627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627
[ 23 ] CVE-2015-2628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628
[ 24 ] CVE-2015-2632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632
[ 25 ] CVE-2015-2637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637
[ 26 ] CVE-2015-2638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638
[ 27 ] CVE-2015-2659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659
[ 28 ] CVE-2015-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664
[ 29 ] CVE-2015-4000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
[ 30 ] CVE-2015-4729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729
[ 31 ] CVE-2015-4731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731
[ 32 ] CVE-2015-4732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732
[ 33 ] CVE-2015-4733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733
[ 34 ] CVE-2015-4734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734
[ 35 ] CVE-2015-4734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734
[ 36 ] CVE-2015-4736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736
[ 37 ] CVE-2015-4748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748
[ 38 ] CVE-2015-4760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760
[ 39 ] CVE-2015-4803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803
[ 40 ] CVE-2015-4803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803
[ 41 ] CVE-2015-4805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805
[ 42 ] CVE-2015-4805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805
[ 43 ] CVE-2015-4806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806
[ 44 ] CVE-2015-4806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806
[ 45 ] CVE-2015-4810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810
[ 46 ] CVE-2015-4810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810
[ 47 ] CVE-2015-4835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835
[ 48 ] CVE-2015-4835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835
[ 49 ] CVE-2015-4840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840
[ 50 ] CVE-2015-4840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840
[ 51 ] CVE-2015-4842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842
[ 52 ] CVE-2015-4842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842
[ 53 ] CVE-2015-4843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843
[ 54 ] CVE-2015-4843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843
[ 55 ] CVE-2015-4844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844
[ 56 ] CVE-2015-4844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844
[ 57 ] CVE-2015-4860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860
[ 58 ] CVE-2015-4860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860
[ 59 ] CVE-2015-4868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868
[ 60 ] CVE-2015-4868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868
[ 61 ] CVE-2015-4871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871
[ 62 ] CVE-2015-4871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871
[ 63 ] CVE-2015-4872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872
[ 64 ] CVE-2015-4872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872
[ 65 ] CVE-2015-4881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881
[ 66 ] CVE-2015-4881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881
[ 67 ] CVE-2015-4882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882
[ 68 ] CVE-2015-4882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882
[ 69 ] CVE-2015-4883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883
[ 70 ] CVE-2015-4883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883
[ 71 ] CVE-2015-4893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893
[ 72 ] CVE-2015-4893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893
[ 73 ] CVE-2015-4901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901
[ 74 ] CVE-2015-4901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901
[ 75 ] CVE-2015-4902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902
[ 76 ] CVE-2015-4902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902
[ 77 ] CVE-2015-4903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903
[ 78 ] CVE-2015-4903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903
[ 79 ] CVE-2015-4906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906
[ 80 ] CVE-2015-4906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906
[ 81 ] CVE-2015-4908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908
[ 82 ] CVE-2015-4908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908
[ 83 ] CVE-2015-4911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911
[ 84 ] CVE-2015-4911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911
[ 85 ] CVE-2015-4916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916
[ 86 ] CVE-2015-4916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916
[ 87 ] CVE-2015-7840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840
[ 88 ] CVE-2015-7840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-11

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-12 ] FlightGear, SimGear: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: FlightGear, SimGear: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #426502, #468106
ID: 201603-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in FlightGear and SimGear
allowing remote attackers to cause Denial of Service and possibly
execute arbitrary code.

Background
==========

FlightGear is an open-source flight simulator. It supports a variety
of popular platforms (Windows, Mac, Linux, etc.) and is developed by
skilled volunteers from around the world. Source code for the entire
project is available and licensed under the GNU General Public License.

SimGear is a set of open-source libraries designed to be used as
building blocks for quickly assembling 3d simulations, games, and
visualization applications.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 games-simulation/flightgear
< 3.4.0 >= 3.4.0
2 games-simulation/simgear
< 3.4.0 >= 3.4.0
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple format string vulnerabilities in FlightGear and SimGear allow
user-assisted remote attackers to cause a denial of service and
possibly execute arbitrary code via format string specifiers in certain
data chunk values in an aircraft xml model.

Impact
======

Remote attackers could possibly execute arbitrary code or cause Denial
of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Flightgear users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=games-simulation/flightgear-3.4.0"

All Simgear users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=games-simulation/simgear-3.4.0"

References
==========

[ 1 ] CVE-2012-2090
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2090
[ 2 ] CVE-2012-2091
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2091

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-12

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-13 ] Libreswan: Multiple Vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Libreswan: Multiple Vulnerabilities
Date: March 12, 2016
Bugs: #550974, #558692
ID: 201603-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in libreSwan possibly
resulting in Denial of Service.

Background
==========

Libreswan is a free software implementation of the most widely
supported and standarized VPN protocol based on ("IPsec") and the
Internet Key Exchange ("IKE").

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/libreswan < 3.15 >= 3.15

Description
===========

The pluto IKE daemon in Libreswan, when built with NSS, allows remote
attackers to cause a Denial of Service (assertion failure and daemon
restart) via a zero DH g^x value in a KE payload in a IKE packet.
Additionally, remote attackers could cause a Denial of Service (daemon
restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC
DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.

Impact
======

Remote attackers could possibly cause Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Libreswan users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/libreswan-3.15"

References
==========

[ 1 ] CVE-2015-3204
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3204
[ 2 ] CVE-2015-3240
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3240

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-13

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201603-14 ] IcedTea: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: IcedTea: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #537940, #559532, #565842, #567850, #572716
ID: 201603-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in IcedTea allowing remote
attackers to affect confidentiality, integrity, and availability
through various vectors.

Background
==========

IcedTea's aim is to provide OpenJDK in a form suitable for easy
configuration, compilation and distribution with the primary goal of
allowing inclusion in GNU/Linux distributions.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea < 7.2.6.4 *>= 6.1.13.9
>= 7.2.6.4
2 dev-java/icedtea-bin < 7.2.6.4 *>= 6.1.13.9
>= 7.2.6.4
-------------------------------------------------------------------
2 affected packages

Description
===========

Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot,
Libraries, and JAXP, exist which allows remote attackers to affect the
confidentiality, integrity, and availability of vulnerable systems.
This includes the possibility of remote execution of arbitrary code,
information disclosure, or Denial of Service. Many of the
vulnerabilities can only be exploited through sandboxed Java Web Start
applications and java applets. Please reference the CVEs listed for
specific details.

Impact
======

Remote attackers may remotely execute arbitrary code, compromise
information, or cause Denial of Service.

Workaround
==========

There is no known work around at this time.

Resolution
==========

IcedTea 7.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-7.2.6.4"

IcedTea bin 7.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.4"

IcedTea 6.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-6.1.13.9"

IcedTea bin 6.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.9"

References
==========

[ 1 ] CVE-2014-6585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6585
[ 2 ] CVE-2014-6587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6587
[ 3 ] CVE-2014-6591
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6591
[ 4 ] CVE-2014-6593
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6593
[ 5 ] CVE-2014-6601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6601
[ 6 ] CVE-2015-0383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0383
[ 7 ] CVE-2015-0395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0395
[ 8 ] CVE-2015-0400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0400
[ 9 ] CVE-2015-0407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0407
[ 10 ] CVE-2015-0408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0408
[ 11 ] CVE-2015-0412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0412
[ 12 ] CVE-2015-2590
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590
[ 13 ] CVE-2015-2601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601
[ 14 ] CVE-2015-2613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613
[ 15 ] CVE-2015-2621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621
[ 16 ] CVE-2015-2625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625
[ 17 ] CVE-2015-2628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628
[ 18 ] CVE-2015-2632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632
[ 19 ] CVE-2015-4731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731
[ 20 ] CVE-2015-4732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732
[ 21 ] CVE-2015-4733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733
[ 22 ] CVE-2015-4734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734
[ 23 ] CVE-2015-4748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748
[ 24 ] CVE-2015-4749
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4749
[ 25 ] CVE-2015-4760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760
[ 26 ] CVE-2015-4803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803
[ 27 ] CVE-2015-4805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805
[ 28 ] CVE-2015-4806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806
[ 29 ] CVE-2015-4835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835
[ 30 ] CVE-2015-4840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840
[ 31 ] CVE-2015-4842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842
[ 32 ] CVE-2015-4843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843
[ 33 ] CVE-2015-4844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844
[ 34 ] CVE-2015-4860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860
[ 35 ] CVE-2015-4871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871
[ 36 ] CVE-2015-4872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872
[ 37 ] CVE-2015-4881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881
[ 38 ] CVE-2015-4882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882
[ 39 ] CVE-2015-4883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883
[ 40 ] CVE-2015-4893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893
[ 41 ] CVE-2015-4903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903
[ 42 ] CVE-2015-4911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911
[ 43 ] CVE-2016-0402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0402
[ 44 ] CVE-2016-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0448
[ 45 ] CVE-2016-0466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0466
[ 46 ] CVE-2016-0483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0483
[ 47 ] CVE-2016-0494
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0494

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-14

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5