Gentoo 2478 Published by

The following 8 security update has been released for Gentoo Linux:

GLSA 201709-15 : Chromium: Multiple vulnerabilities
GLSA 201709-16 : Adobe Flash Player: Multiple vulnerabilities
GLSA 201709-17 : CVS: Command injection
GLSA 201709-18 : Mercurial: Multiple vulnerabilities
GLSA 201709-19 : Exim: Local privilege escalation
GLSA 201709-20 : Postfix: Privilege escalation
GLSA 201709-21 : PHP: Multiple vulnerabilities
GLSA 201709-22 : Oracle JDK/JRE, IcedTea: Multiple vulnerabilities



GLSA 201709-15 : Chromium: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: September 24, 2017
Bugs: #626382, #630068
ID: 201709-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Chromium, the worst of
which could result in the execution of arbitrary code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 61.0.3163.79 >= 61.0.3163.79

Description
===========

Multiple vulnerabilities have been discovered in Chromium. Please
review the referenced CVE identifiers for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, bypass security restrictions, or spoof content.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-61.0.3163.79"

References
==========

[ 1 ] CVE-2017-5091
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5091
[ 2 ] CVE-2017-5092
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5092
[ 3 ] CVE-2017-5093
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5093
[ 4 ] CVE-2017-5094
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5094
[ 5 ] CVE-2017-5095
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5095
[ 6 ] CVE-2017-5096
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5096
[ 7 ] CVE-2017-5097
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5097
[ 8 ] CVE-2017-5098
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5098
[ 9 ] CVE-2017-5099
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5099
[ 10 ] CVE-2017-5100
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5100
[ 11 ] CVE-2017-5101
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5101
[ 12 ] CVE-2017-5102
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5102
[ 13 ] CVE-2017-5103
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5103
[ 14 ] CVE-2017-5104
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5104
[ 15 ] CVE-2017-5105
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5105
[ 16 ] CVE-2017-5106
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5106
[ 17 ] CVE-2017-5107
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5107
[ 18 ] CVE-2017-5108
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5108
[ 19 ] CVE-2017-5109
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5109
[ 20 ] CVE-2017-5110
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5110
[ 21 ] CVE-2017-5111
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5111
[ 22 ] CVE-2017-5112
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5112
[ 23 ] CVE-2017-5113
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5113
[ 24 ] CVE-2017-5114
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5114
[ 25 ] CVE-2017-5115
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5115
[ 26 ] CVE-2017-5116
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5116
[ 27 ] CVE-2017-5117
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5117
[ 28 ] CVE-2017-5118
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5118
[ 29 ] CVE-2017-5119
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5119
[ 30 ] CVE-2017-5120
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5120
[ 31 ] CVE-2017-7000
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7000

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-15

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


GLSA 201709-16 : Adobe Flash Player: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Adobe Flash Player: Multiple vulnerabilities
Date: September 24, 2017
Bugs: #627336, #630964
ID: 201709-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.

Background
==========

The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-plugins/adobe-flash < 27.0.0.130-r1 >= 27.0.0.130-r1

Description
===========

Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the referenced CVE identifiers for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process or bypass security restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Adobe Flash Player users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-26.0.0.151"

References
==========

[ 1 ] CVE-2017-11281
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11281
[ 2 ] CVE-2017-11282
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11282
[ 3 ] CVE-2017-3085
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3085
[ 4 ] CVE-2017-3106
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3106

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-16

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


GLSA 201709-17 : CVS: Command injection

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: CVS: Command injection
Date: September 24, 2017
Bugs: #627498
ID: 201709-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A command injection vulnerability in CVS may allow remote attackers to
execute arbitrary code.

Background
==========

CVS (Concurrent Versions System) is an open-source network-transparent
version control system. It contains both a client utility and a server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/cvs < 1.12.12-r12 >= 1.12.12-r12

Description
===========

It was discovered that when CVS is configured to use SSH for remote
repositories it allows remote attackers to execute arbitrary code
through a repository URL with a specially crafted hostname.

Impact
======

A remote attacker, by enticing a user to clone a specially crafted
repository, could possibly execute arbitrary code with the privileges
of the process.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All CVS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/cvs-1.12.12-r12"

References
==========

[ 1 ] CVE-2017-12836
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12836

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-17

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


GLSA 201709-18 : Mercurial: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mercurial: Multiple vulnerabilities
Date: September 24, 2017
Bugs: #621068, #627484
ID: 201709-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mercurial, the worst of
which could lead to the remote execution of arbitrary code.

Background
==========

Mercurial is a distributed source control management system.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/mercurial < 4.3 >= 4.3

Description
===========

Multiple vulnerabilities have been discovered in Mercurial. Please
review the referenced CVE identifiers for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mercurial users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/mercurial-4.3"

References
==========

[ 1 ] CVE-2017-1000115
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000115
[ 2 ] CVE-2017-1000116
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000116
[ 3 ] CVE-2017-9462
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9462

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-18

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


GLSA 201709-19 : Exim: Local privilege escalation

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Exim: Local privilege escalation
Date: September 24, 2017
Bugs: #622212
ID: 201709-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in Exim may allow local users to gain root privileges.

Background
==========

Exim is a message transfer agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/exim < 4.89-r1 >= 4.89-r1

Description
===========

Exim supports the use of multiple "-p" command line arguments causing a
memory leak. This could lead to a stack-clash in user-space and as
result the attacker can, "clash" or "smash" the stack or another memory
region, or "jump" over the stack guard-page.

Impact
======

A local attacker could obtain root privileges.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Exim users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-mta/exim-4.89-r1"

References
==========

[ 1 ] CVE-2017-1000369
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000369

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-19

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


GLSA 201709-20 : Postfix: Privilege escalation

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Postfix: Privilege escalation
Date: September 24, 2017
Bugs: #621882
ID: 201709-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in Postfix may allow local users to gain root
privileges.

Background
==========

Postfix is a mail server and an alternative to the widely-used Sendmail
program.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/postfix < 3.1.6 >= 3.1.6

Description
===========

By default, Berkeley DB reads a DB_CONFIG configuration file from the
current working directory. This is an undocumented behavior.

Impact
======

A local attacker, by using a specially crafted DG_CONFIG file, could
possibly escalate privileges to the root group.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Postfix users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-mta/postfix-3.1.6"

References
==========

[ 1 ] Postfix Official Announce
http://www.postfix.org/announcements/postfix-3.2.2.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-20

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


GLSA 201709-21 : PHP: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: PHP: Multiple vulnerabilities
Date: September 24, 2017
Bugs: #624054, #626460, #629452
ID: 201709-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in PHP, the worst of which
could result in the execution of arbitrary code.

Background
==========

PHP is an open source general-purpose scripting language that is
especially suited for web development.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/php < 5.6.31:5.6 *>= 5.6.31:5.6
< 7.0.23:7.0 *>= 7.0.23:7.0

Description
===========

Multiple vulnerabilities have been discovered in PHP. Please review the
referenced CVE identifiers for details.

Impact
======

A remote attacker could execute arbitrary code with the privileges of
the process or cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PHP 5.6.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.6.31"

All PHP 7.0.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.0.23"

References
==========

[ 1 ] CVE-2017-11362
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11362
[ 2 ] CVE-2017-11628
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11628
[ 3 ] CVE-2017-12932
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12932

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-21

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


GLSA 201709-22 : Oracle JDK/JRE, IcedTea: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Oracle JDK/JRE, IcedTea: Multiple vulnerabilities
Date: September 24, 2017
Bugs: #625602, #626088, #627682
ID: 201709-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Oracle's JRE and JDK
software suites, and IcedTea, the worst of which may allow execution of
arbitrary code.

Background
==========

Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today’s
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that today’s
applications require.

IcedTea’s aim is to provide OpenJDK in a form suitable for easy
configuration, compilation and distribution with the primary goal of
allowing inclusion in GNU/Linux distributions.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/oracle-jdk-bin < 1.8.0.141 >= 1.8.0.141
2 dev-java/oracle-jre-bin < 1.8.0.141 >= 1.8.0.141
3 dev-java/icedtea-bin < 3.5.0:8 *>= 3.5.0:8
< 7.2.6.11:7 *>= 7.2.6.11:7
-------------------------------------------------------------------
3 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and
IcedTea. Please review the referenced CVE identifiers for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or gain
access to information.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Oracle JDK binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.141"

All Oracle JRE binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.141"

All IcedTea binary 7.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.11"

All IcedTea binary 3.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.5.0"

References
==========

[ 1 ] CVE-2017-10053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10053
[ 2 ] CVE-2017-10067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10067
[ 3 ] CVE-2017-10074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10074
[ 4 ] CVE-2017-10078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10078
[ 5 ] CVE-2017-10081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10081
[ 6 ] CVE-2017-10086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10086
[ 7 ] CVE-2017-10087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10087
[ 8 ] CVE-2017-10089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10089
[ 9 ] CVE-2017-10090
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10090
[ 10 ] CVE-2017-10096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10096
[ 11 ] CVE-2017-10101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10101
[ 12 ] CVE-2017-10102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10102
[ 13 ] CVE-2017-10105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10105
[ 14 ] CVE-2017-10107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10107
[ 15 ] CVE-2017-10108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10108
[ 16 ] CVE-2017-10109
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10109
[ 17 ] CVE-2017-10110
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10110
[ 18 ] CVE-2017-10111
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10111
[ 19 ] CVE-2017-10114
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10114
[ 20 ] CVE-2017-10115
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10115
[ 21 ] CVE-2017-10116
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10116
[ 22 ] CVE-2017-10117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10117
[ 23 ] CVE-2017-10118
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10118
[ 24 ] CVE-2017-10121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10121
[ 25 ] CVE-2017-10125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10125
[ 26 ] CVE-2017-10135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10135
[ 27 ] CVE-2017-10176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10176
[ 28 ] CVE-2017-10193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10193
[ 29 ] CVE-2017-10198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10198
[ 30 ] CVE-2017-10243
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10243

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-22

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5