Gentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #924844  
       ID: 202402-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Firefox, the  
worst of which could result in arbitrary code execution.

Background  
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
=================

Package                 Vulnerable     Unaffected  
----------------------  -------------  --------------  
www-client/firefox      < 115.7.0:esr  >= 115.7.0:esr  
                        < 122.0:rapid  >= 122.0:rapid  
www-client/firefox-bin  < 115.7.0:esr  >= 115.7.0:esr  
                        < 122.0:rapid  >= 122.0:rapid

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-115.7.0:esr"

All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.7.0:esr"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-122.0:rapid"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-122.0:rapid"

References  
==========

[ 1 ] CVE-2024-0741  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0741  
[ 2 ] CVE-2024-0742  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0742  
[ 3 ] CVE-2024-0743  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0743  
[ 4 ] CVE-2024-0744  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0744  
[ 5 ] CVE-2024-0745  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0745  
[ 6 ] CVE-2024-0746  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0746  
[ 7 ] CVE-2024-0747  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0747  
[ 8 ] CVE-2024-0748  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0748  
[ 9 ] CVE-2024-0749  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0749  
[ 10 ] CVE-2024-0750  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0750  
[ 11 ] CVE-2024-0751  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0751  
[ 12 ] CVE-2024-0752  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0752  
[ 13 ] CVE-2024-0753  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0753  
[ 14 ] CVE-2024-0754  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0754  
[ 15 ] CVE-2024-0755  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0755  
[ 16 ] MFSA-2024-01  
[ 17 ] MFSA-2024-02  
[ 18 ] MFSA-2024-04

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-26

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-26

Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #918444, #920508, #924845  
       ID: 202402-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 115.7.0     >= 115.7.0  
mail-client/thunderbird-bin  < 115.7.0     >= 115.7.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.7.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.7.0"

References  
==========

[ 1 ] CVE-2023-3417  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3417  
[ 2 ] CVE-2023-3600  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3600  
[ 3 ] CVE-2023-4045  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4045  
[ 4 ] CVE-2023-4046  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4046  
[ 5 ] CVE-2023-4047  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4047  
[ 6 ] CVE-2023-4048  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4048  
[ 7 ] CVE-2023-4049  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4049  
[ 8 ] CVE-2023-4050  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4050  
[ 9 ] CVE-2023-4051  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4051  
[ 10 ] CVE-2023-4052  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4052  
[ 11 ] CVE-2023-4053  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4053  
[ 12 ] CVE-2023-4054  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4054  
[ 13 ] CVE-2023-4055  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4055  
[ 14 ] CVE-2023-4056  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4056  
[ 15 ] CVE-2023-4057  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4057  
[ 16 ] CVE-2023-4573  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4573  
[ 17 ] CVE-2023-4574  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4574  
[ 18 ] CVE-2023-4575  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4575  
[ 19 ] CVE-2023-4576  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4576  
[ 20 ] CVE-2023-4577  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4577  
[ 21 ] CVE-2023-4578  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4578  
[ 22 ] CVE-2023-4580  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4580  
[ 23 ] CVE-2023-4581  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4581  
[ 24 ] CVE-2023-4582  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4582  
[ 25 ] CVE-2023-4583  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4583  
[ 26 ] CVE-2023-4584  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4584  
[ 27 ] CVE-2023-4585  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4585  
[ 28 ] CVE-2023-5168  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5168  
[ 29 ] CVE-2023-5169  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5169  
[ 30 ] CVE-2023-5171  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5171  
[ 31 ] CVE-2023-5174  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5174  
[ 32 ] CVE-2023-5176  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5176  
[ 33 ] CVE-2023-5721  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5721  
[ 34 ] CVE-2023-5724  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5724  
[ 35 ] CVE-2023-5725  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5725  
[ 36 ] CVE-2023-5726  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5726  
[ 37 ] CVE-2023-5727  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5727  
[ 38 ] CVE-2023-5728  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5728  
[ 39 ] CVE-2023-5730  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5730  
[ 40 ] CVE-2023-5732  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5732  
[ 41 ] CVE-2023-6204  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6204  
[ 42 ] CVE-2023-6205  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6205  
[ 43 ] CVE-2023-6206  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6206  
[ 44 ] CVE-2023-6207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6207  
[ 45 ] CVE-2023-6208  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6208  
[ 46 ] CVE-2023-6209  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6209  
[ 47 ] CVE-2023-6212  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6212  
[ 48 ] CVE-2023-6856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6856  
[ 49 ] CVE-2023-6857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6857  
[ 50 ] CVE-2023-6858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6858  
[ 51 ] CVE-2023-6859  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6859  
[ 52 ] CVE-2023-6860  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6860  
[ 53 ] CVE-2023-6861  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6861  
[ 54 ] CVE-2023-6862  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6862  
[ 55 ] CVE-2023-6863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6863  
[ 56 ] CVE-2023-6864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6864  
[ 57 ] CVE-2023-37201  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37201  
[ 58 ] CVE-2023-37202  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37202  
[ 59 ] CVE-2023-37207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37207  
[ 60 ] CVE-2023-37208  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37208  
[ 61 ] CVE-2023-37211  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37211  
[ 62 ] CVE-2023-50761  
      https://nvd.nist.gov/vuln/detail/CVE-2023-50761  
[ 63 ] CVE-2023-50762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-50762  
[ 64 ] CVE-2024-0741  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0741  
[ 65 ] CVE-2024-0742  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0742  
[ 66 ] CVE-2024-0746  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0746  
[ 67 ] CVE-2024-0747  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0747  
[ 68 ] CVE-2024-0749  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0749  
[ 69 ] CVE-2024-0750  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0750  
[ 70 ] CVE-2024-0751  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0751  
[ 71 ] CVE-2024-0753  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0753  
[ 72 ] CVE-2024-0755  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0755  
[ 73 ] MFSA-2024-01  
[ 74 ] MFSA-2024-02  
[ 75 ] MFSA-2024-04

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-25

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-25

Gentoo Linux Security Advisory 202402-21 - Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: QtNetwork: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #907120, #921292  
       ID: 202402-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in QtNetwork, the worst of  
which could lead to execution of arbitrary code.

Background  
==========

QtNetwork provides a set of APIs for programming applications that use  
TCP/IP. It is part of the Qt framework.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  -------------  
dev-qt/qtbase     < 6.6.1-r2    >= 6.6.1-r2  
dev-qt/qtnetwork  < 5.15.12-r1  >= 5.15.12-r1

Description  
===========

Multiple vulnerabilities have been discovered in QtNetwork. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Qt 5 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-qt/qtnetwork-5.15.12-r1"

All Qt 6 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.6.1-r2"

References  
==========

[ 1 ] CVE-2023-32762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32762  
[ 2 ] CVE-2023-51714  
      https://nvd.nist.gov/vuln/detail/CVE-2023-51714

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-21

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-21

Gentoo Linux Security Advisory 202402-24 - Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution. Versions greater than or equal to 2.53.10.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Seamonkey: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #767400, #828479  
       ID: 202402-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Seamonkey, the worst of  
which can lead to remote code execution.

Background  
==========

The Seamonkey project is a community effort to deliver production-  
quality releases of code derived from the application formerly known as  
the ‘Mozilla Application Suite’.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
www-client/seamonkey  < 2.53.10.2   >= 2.53.10.2

Description  
===========

Multiple vulnerabilities have been discovered in Seamonkey. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Seamonkey users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.10.2"

References  
==========

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-24

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-24

Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #922062, #922340, #922903, #923370  
       ID: 202402-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Chromium and its  
derivatives, the worst of which can lead to remote code execution.

Background  
==========

Chromium is an open-source browser project that aims to build a safer,  
faster, and more stable way for all users to experience the web. Google  
Chrome is one fast, simple, and secure browser for all your devices.  
Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
=================

Package                    Vulnerable        Unaffected  
-------------------------  ----------------  -----------------  
www-client/chromium        < 121.0.6167.139  >= 121.0.6167.139  
www-client/google-chrome   < 121.0.6167.139  >= 121.0.6167.139  
www-client/microsoft-edge  < 121.0.2277.83   >= 121.0.2277.83

Description  
===========

Multiple vulnerabilities have been discovered in Chromium and its  
derivatives. Please review the CVE identifiers referenced below for  
details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Google Chrome users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139"

All Chromium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139"

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83"

References  
==========

[ 1 ] CVE-2024-0333  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0333  
[ 2 ] CVE-2024-0517  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0517  
[ 3 ] CVE-2024-0518  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0518  
[ 4 ] CVE-2024-0519  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0519  
[ 5 ] CVE-2024-0804  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0804  
[ 6 ] CVE-2024-0805  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0805  
[ 7 ] CVE-2024-0806  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0806  
[ 8 ] CVE-2024-0807  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0807  
[ 9 ] CVE-2024-0808  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0808  
[ 10 ] CVE-2024-0809  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0809  
[ 11 ] CVE-2024-0810  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0810  
[ 12 ] CVE-2024-0811  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0811  
[ 13 ] CVE-2024-0812  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0812  
[ 14 ] CVE-2024-0813  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0813  
[ 15 ] CVE-2024-0814  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0814  
[ 16 ] CVE-2024-1059  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1059  
[ 17 ] CVE-2024-1060  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1060  
[ 18 ] CVE-2024-1077  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1077

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-23

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-23

Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: intel-microcode: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #832985, #894474  
       ID: 202402-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in intel-microcode, the  
worst of which can lead to privilege escalation.

Background  
==========

Intel IA32/IA64 microcode update data.

Affected packages  
=================

Package                       Vulnerable            Unaffected  
----------------------------  --------------------  ---------------------  
sys-firmware/intel-microcode  < 20230214_p20230212  >= 20230214_p20230212

Description  
===========

Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All intel-microcode users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-firmware/intel-microcode-20230214_p20230212"

References  
==========

[ 1 ] CVE-2021-0127  
      https://nvd.nist.gov/vuln/detail/CVE-2021-0127  
[ 2 ] CVE-2021-0146  
      https://nvd.nist.gov/vuln/detail/CVE-2021-0146

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-22

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-22

Gentoo Linux Security Advisory 202402-20 - A vulnerability has been discovered in Thunar which may lead to arbitrary code execution Versions greater than or equal to 4.17.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Thunar: Arbitrary Code Execution  
     Date: February 18, 2024  
     Bugs: #789396  
       ID: 202402-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Thunar which may lead to  
arbitrary code execution

Background  
==========

Thunar is a modern file manager for the Xfce Desktop Environment. Thunar  
has been designed from the ground up to be fast and easy to use. Its  
user interface is clean and intuitive and does not include any confusing  
or useless options by default. Thunar starts up quickly and navigating  
through files and folders is fast and responsive.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
xfce-base/thunar  < 4.17.3      >= 4.17.3

Description  
===========

A vulnerability has been discovered in Thunar. Please review the CVE  
identifier referenced below for details.

Impact  
======

When called with a regular file as command line argument, Thunar  
would delegate to some other program without user confirmation  
based on the file type. This could be exploited to trigger code  
execution in a chain of vulnerabilities.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Thunar users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=xfce-base/thunar-4.17.3"

References  
==========

[ 1 ] CVE-2021-32563  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32563

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-20

Gentoo Linux Security Advisory 202402-19 - A vulnerability has been discovered in libcaca which can lead to arbitrary code execution. Versions greater than or equal to 0.99_beta19-r4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libcaca: Arbitary Code Execution  
     Date: February 18, 2024  
     Bugs: #772317  
       ID: 202402-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in libcaca which can lead to  
arbitrary code execution.

Background  
==========

libcaca is a library that creates colored ASCII-art graphics.

Affected packages  
=================

Package             Vulnerable        Unaffected  
------------------  ----------------  -----------------  
media-libs/libcaca  < 0.99_beta19-r4  >= 0.99_beta19-r4

Description  
===========

A vulnerability has been discovered in libcaca. Please review the CVE  
identifier referenced below for details.

Impact  
======

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c  
may lead to local execution of arbitrary code in the user context.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libcaca users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libcaca-0.99_beta19-r4"

References  
==========

[ 1 ] CVE-2021-3410  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3410

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-19

Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Exim: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #914923, #921520  
       ID: 202402-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Exim, the worst of  
which can lead to remote code execution.

Background  
==========

Exim is a message transfer agent (MTA) designed to be a a highly  
configurable, drop-in replacement for sendmail.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
mail-mta/exim  < 4.97.1      >= 4.97.1

Description  
===========

Multiple vulnerabilities have been discovered in Exim. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Exim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.97.1"

References  
==========

[ 1 ] CVE-2023-42114  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42114  
[ 2 ] CVE-2023-42115  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42115  
[ 3 ] CVE-2023-42116  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42116  
[ 4 ] CVE-2023-42117  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42117  
[ 5 ] CVE-2023-42119  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42119  
[ 6 ] CVE-2023-51766  
      https://nvd.nist.gov/vuln/detail/CVE-2023-51766  
[ 7 ] ZDI-CAN-17433  
[ 8 ] ZDI-CAN-17434  
[ 9 ] ZDI-CAN-17515  
[ 10 ] ZDI-CAN-17554  
[ 11 ] ZDI-CAN-17643

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-18

Gentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: CUPS: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #847625, #907675, #909018, #914781  
       ID: 202402-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in CUPS, the worst of  
which can lead to arbitrary code execution.

Background  
==========

CUPS, the Common Unix Printing System, is a full-featured print server.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
net-print/cups  < 2.4.7       >= 2.4.7

Description  
===========

Multiple vulnerabilities have been discovered in CUPS. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All CUPS users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-print/cups-2.4.7"

References  
==========

[ 1 ] CVE-2022-26691  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26691  
[ 2 ] CVE-2023-4504  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4504  
[ 3 ] CVE-2023-32324  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32324  
[ 4 ] CVE-2023-34241  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34241

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#mac