Gentoo 2508 Published by

The following security updates are available for Gentoo Linux:

[ GLSA 202402-28 ] Samba: Multiple Vulnerabilities
[ GLSA 202402-26 ] Mozilla Firefox: Multiple Vulnerabilities
[ GLSA 202402-27 ] Glade: Denial of Service
[ GLSA 202402-22 ] intel-microcode: Multiple Vulnerabilities
[ GLSA 202402-23 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
[ GLSA 202402-25 ] Mozilla Thunderbird: Multiple Vulnerabilities
[ GLSA 202402-24 ] Seamonkey: Multiple Vulnerabilities
[ GLSA 202402-21 ] QtNetwork: Multiple Vulnerabilities
[ GLSA 202402-20 ] Thunar: Arbitrary Code Execution
[ GLSA 202402-19 ] libcaca: Arbitary Code Execution
[ GLSA 202402-18 ] Exim: Multiple Vulnerabilities
[ GLSA 202402-17 ] CUPS: Multiple Vulnerabilities
[ GLSA 202402-16 ] Apache Log4j: Multiple Vulnerabilities
[ GLSA 202402-15 ] e2fsprogs: Arbitrary Code Execution
[ GLSA 202402-14 ] QtWebEngine: Multiple Vulnerabilities
[ GLSA 202402-13 ] TACACS+: Remote Code Execution
[ GLSA 202402-12 ] GNU Tar: Out of Bounds Read



[ GLSA 202402-28 ] Samba: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Samba: Multiple Vulnerabilities
Date: February 19, 2024
Bugs: #891267, #910606, #915556
ID: 202402-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Samba, the worst of
which can lead to remote code execution.

Background
==========

Samba is a suite of SMB and CIFS client/server programs.

Affected packages
=================

Package Vulnerable Unaffected
------------ ------------ ------------
net-fs/samba < 4.18.9 >= 4.18.9

Description
===========

Multiple vulnerabilities have been discovered in Samba. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Samba users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.9"

References
==========

[ 1 ] CVE-2018-14628
https://nvd.nist.gov/vuln/detail/CVE-2018-14628
[ 2 ] CVE-2022-2127
https://nvd.nist.gov/vuln/detail/CVE-2022-2127
[ 3 ] CVE-2023-3347
https://nvd.nist.gov/vuln/detail/CVE-2023-3347
[ 4 ] CVE-2023-3961
https://nvd.nist.gov/vuln/detail/CVE-2023-3961
[ 5 ] CVE-2023-4091
https://nvd.nist.gov/vuln/detail/CVE-2023-4091
[ 6 ] CVE-2023-4154
https://nvd.nist.gov/vuln/detail/CVE-2023-4154
[ 7 ] CVE-2023-34966
https://nvd.nist.gov/vuln/detail/CVE-2023-34966
[ 8 ] CVE-2023-34967
https://nvd.nist.gov/vuln/detail/CVE-2023-34967
[ 9 ] CVE-2023-34968
https://nvd.nist.gov/vuln/detail/CVE-2023-34968
[ 10 ] CVE-2023-42669
https://nvd.nist.gov/vuln/detail/CVE-2023-42669
[ 11 ] CVE-2023-42670
https://nvd.nist.gov/vuln/detail/CVE-2023-42670

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-28

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-26 ] Mozilla Firefox: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Mozilla Firefox: Multiple Vulnerabilities
Date: February 19, 2024
Bugs: #924844
ID: 202402-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Mozilla Firefox, the
worst of which could result in arbitrary code execution.

Background
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla
project.

Affected packages
=================

Package Vulnerable Unaffected
---------------------- ------------- --------------
www-client/firefox < 115.7.0:esr >= 115.7.0:esr
< 122.0:rapid >= 122.0:rapid
www-client/firefox-bin < 115.7.0:esr >= 115.7.0:esr
< 122.0:rapid >= 122.0:rapid

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Firefox ESR users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-115.7.0:esr"

All Mozilla Firefox ESR binary users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.7.0:esr"

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-122.0:rapid"

All Mozilla Firefox binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-122.0:rapid"

References
==========

[ 1 ] CVE-2024-0741
https://nvd.nist.gov/vuln/detail/CVE-2024-0741
[ 2 ] CVE-2024-0742
https://nvd.nist.gov/vuln/detail/CVE-2024-0742
[ 3 ] CVE-2024-0743
https://nvd.nist.gov/vuln/detail/CVE-2024-0743
[ 4 ] CVE-2024-0744
https://nvd.nist.gov/vuln/detail/CVE-2024-0744
[ 5 ] CVE-2024-0745
https://nvd.nist.gov/vuln/detail/CVE-2024-0745
[ 6 ] CVE-2024-0746
https://nvd.nist.gov/vuln/detail/CVE-2024-0746
[ 7 ] CVE-2024-0747
https://nvd.nist.gov/vuln/detail/CVE-2024-0747
[ 8 ] CVE-2024-0748
https://nvd.nist.gov/vuln/detail/CVE-2024-0748
[ 9 ] CVE-2024-0749
https://nvd.nist.gov/vuln/detail/CVE-2024-0749
[ 10 ] CVE-2024-0750
https://nvd.nist.gov/vuln/detail/CVE-2024-0750
[ 11 ] CVE-2024-0751
https://nvd.nist.gov/vuln/detail/CVE-2024-0751
[ 12 ] CVE-2024-0752
https://nvd.nist.gov/vuln/detail/CVE-2024-0752
[ 13 ] CVE-2024-0753
https://nvd.nist.gov/vuln/detail/CVE-2024-0753
[ 14 ] CVE-2024-0754
https://nvd.nist.gov/vuln/detail/CVE-2024-0754
[ 15 ] CVE-2024-0755
https://nvd.nist.gov/vuln/detail/CVE-2024-0755
[ 16 ] MFSA-2024-01
[ 17 ] MFSA-2024-02
[ 18 ] MFSA-2024-04

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-26

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-27 ] Glade: Denial of Service


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Glade: Denial of Service
Date: February 19, 2024
Bugs: #747451
ID: 202402-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been discovered in Glade which can lead to a denial
of service.

Background
==========

Glade is a RAD tool to enable quick & easy development of user
interfaces for the GTK+ toolkit (Version 3 only) and the GNOME desktop
environment.

Affected packages
=================

Package Vulnerable Unaffected
-------------- ------------ ------------
dev-util/glade < 3.38.2 >= 3.38.2

Description
===========

A vulnerability has been found in Glade which can lead to a denial of
service when working with specific glade files.

Impact
======

A crafted file may lead to crashes in Glade.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Glade users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/glade-3.38.2"

References
==========

[ 1 ] CVE-2020-36774
https://nvd.nist.gov/vuln/detail/CVE-2020-36774

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-27

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-22 ] intel-microcode: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: intel-microcode: Multiple Vulnerabilities
Date: February 19, 2024
Bugs: #832985, #894474
ID: 202402-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in intel-microcode, the
worst of which can lead to privilege escalation.

Background
==========

Intel IA32/IA64 microcode update data.

Affected packages
=================

Package Vulnerable Unaffected
---------------------------- -------------------- ---------------------
sys-firmware/intel-microcode < 20230214_p20230212 >= 20230214_p20230212

Description
===========

Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All intel-microcode users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-firmware/intel-microcode-20230214_p20230212"

References
==========

[ 1 ] CVE-2021-0127
https://nvd.nist.gov/vuln/detail/CVE-2021-0127
[ 2 ] CVE-2021-0146
https://nvd.nist.gov/vuln/detail/CVE-2021-0146

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-22

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-23 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: February 19, 2024
Bugs: #922062, #922340, #922903, #923370
ID: 202402-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives, the worst of which can lead to remote code execution.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web. Google
Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages
=================

Package Vulnerable Unaffected
------------------------- ---------------- -----------------
www-client/chromium < 121.0.6167.139 >= 121.0.6167.139
www-client/google-chrome < 121.0.6167.139 >= 121.0.6167.139
www-client/microsoft-edge < 121.0.2277.83 >= 121.0.2277.83

Description
===========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Google Chrome users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139"

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139"

All Microsoft Edge users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83"

References
==========

[ 1 ] CVE-2024-0333
https://nvd.nist.gov/vuln/detail/CVE-2024-0333
[ 2 ] CVE-2024-0517
https://nvd.nist.gov/vuln/detail/CVE-2024-0517
[ 3 ] CVE-2024-0518
https://nvd.nist.gov/vuln/detail/CVE-2024-0518
[ 4 ] CVE-2024-0519
https://nvd.nist.gov/vuln/detail/CVE-2024-0519
[ 5 ] CVE-2024-0804
https://nvd.nist.gov/vuln/detail/CVE-2024-0804
[ 6 ] CVE-2024-0805
https://nvd.nist.gov/vuln/detail/CVE-2024-0805
[ 7 ] CVE-2024-0806
https://nvd.nist.gov/vuln/detail/CVE-2024-0806
[ 8 ] CVE-2024-0807
https://nvd.nist.gov/vuln/detail/CVE-2024-0807
[ 9 ] CVE-2024-0808
https://nvd.nist.gov/vuln/detail/CVE-2024-0808
[ 10 ] CVE-2024-0809
https://nvd.nist.gov/vuln/detail/CVE-2024-0809
[ 11 ] CVE-2024-0810
https://nvd.nist.gov/vuln/detail/CVE-2024-0810
[ 12 ] CVE-2024-0811
https://nvd.nist.gov/vuln/detail/CVE-2024-0811
[ 13 ] CVE-2024-0812
https://nvd.nist.gov/vuln/detail/CVE-2024-0812
[ 14 ] CVE-2024-0813
https://nvd.nist.gov/vuln/detail/CVE-2024-0813
[ 15 ] CVE-2024-0814
https://nvd.nist.gov/vuln/detail/CVE-2024-0814
[ 16 ] CVE-2024-1059
https://nvd.nist.gov/vuln/detail/CVE-2024-1059
[ 17 ] CVE-2024-1060
https://nvd.nist.gov/vuln/detail/CVE-2024-1060
[ 18 ] CVE-2024-1077
https://nvd.nist.gov/vuln/detail/CVE-2024-1077

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-23

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-25 ] Mozilla Thunderbird: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Mozilla Thunderbird: Multiple Vulnerabilities
Date: February 19, 2024
Bugs: #918444, #920508, #924845
ID: 202402-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,
the worst of which could lead to remote code execution.

Background
==========

Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.

Affected packages
=================

Package Vulnerable Unaffected
--------------------------- ------------ ------------
mail-client/thunderbird < 115.7.0 >= 115.7.0
mail-client/thunderbird-bin < 115.7.0 >= 115.7.0

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Thunderbird binary users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.7.0"

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.7.0"

References
==========

[ 1 ] CVE-2023-3417
https://nvd.nist.gov/vuln/detail/CVE-2023-3417
[ 2 ] CVE-2023-3600
https://nvd.nist.gov/vuln/detail/CVE-2023-3600
[ 3 ] CVE-2023-4045
https://nvd.nist.gov/vuln/detail/CVE-2023-4045
[ 4 ] CVE-2023-4046
https://nvd.nist.gov/vuln/detail/CVE-2023-4046
[ 5 ] CVE-2023-4047
https://nvd.nist.gov/vuln/detail/CVE-2023-4047
[ 6 ] CVE-2023-4048
https://nvd.nist.gov/vuln/detail/CVE-2023-4048
[ 7 ] CVE-2023-4049
https://nvd.nist.gov/vuln/detail/CVE-2023-4049
[ 8 ] CVE-2023-4050
https://nvd.nist.gov/vuln/detail/CVE-2023-4050
[ 9 ] CVE-2023-4051
https://nvd.nist.gov/vuln/detail/CVE-2023-4051
[ 10 ] CVE-2023-4052
https://nvd.nist.gov/vuln/detail/CVE-2023-4052
[ 11 ] CVE-2023-4053
https://nvd.nist.gov/vuln/detail/CVE-2023-4053
[ 12 ] CVE-2023-4054
https://nvd.nist.gov/vuln/detail/CVE-2023-4054
[ 13 ] CVE-2023-4055
https://nvd.nist.gov/vuln/detail/CVE-2023-4055
[ 14 ] CVE-2023-4056
https://nvd.nist.gov/vuln/detail/CVE-2023-4056
[ 15 ] CVE-2023-4057
https://nvd.nist.gov/vuln/detail/CVE-2023-4057
[ 16 ] CVE-2023-4573
https://nvd.nist.gov/vuln/detail/CVE-2023-4573
[ 17 ] CVE-2023-4574
https://nvd.nist.gov/vuln/detail/CVE-2023-4574
[ 18 ] CVE-2023-4575
https://nvd.nist.gov/vuln/detail/CVE-2023-4575
[ 19 ] CVE-2023-4576
https://nvd.nist.gov/vuln/detail/CVE-2023-4576
[ 20 ] CVE-2023-4577
https://nvd.nist.gov/vuln/detail/CVE-2023-4577
[ 21 ] CVE-2023-4578
https://nvd.nist.gov/vuln/detail/CVE-2023-4578
[ 22 ] CVE-2023-4580
https://nvd.nist.gov/vuln/detail/CVE-2023-4580
[ 23 ] CVE-2023-4581
https://nvd.nist.gov/vuln/detail/CVE-2023-4581
[ 24 ] CVE-2023-4582
https://nvd.nist.gov/vuln/detail/CVE-2023-4582
[ 25 ] CVE-2023-4583
https://nvd.nist.gov/vuln/detail/CVE-2023-4583
[ 26 ] CVE-2023-4584
https://nvd.nist.gov/vuln/detail/CVE-2023-4584
[ 27 ] CVE-2023-4585
https://nvd.nist.gov/vuln/detail/CVE-2023-4585
[ 28 ] CVE-2023-5168
https://nvd.nist.gov/vuln/detail/CVE-2023-5168
[ 29 ] CVE-2023-5169
https://nvd.nist.gov/vuln/detail/CVE-2023-5169
[ 30 ] CVE-2023-5171
https://nvd.nist.gov/vuln/detail/CVE-2023-5171
[ 31 ] CVE-2023-5174
https://nvd.nist.gov/vuln/detail/CVE-2023-5174
[ 32 ] CVE-2023-5176
https://nvd.nist.gov/vuln/detail/CVE-2023-5176
[ 33 ] CVE-2023-5721
https://nvd.nist.gov/vuln/detail/CVE-2023-5721
[ 34 ] CVE-2023-5724
https://nvd.nist.gov/vuln/detail/CVE-2023-5724
[ 35 ] CVE-2023-5725
https://nvd.nist.gov/vuln/detail/CVE-2023-5725
[ 36 ] CVE-2023-5726
https://nvd.nist.gov/vuln/detail/CVE-2023-5726
[ 37 ] CVE-2023-5727
https://nvd.nist.gov/vuln/detail/CVE-2023-5727
[ 38 ] CVE-2023-5728
https://nvd.nist.gov/vuln/detail/CVE-2023-5728
[ 39 ] CVE-2023-5730
https://nvd.nist.gov/vuln/detail/CVE-2023-5730
[ 40 ] CVE-2023-5732
https://nvd.nist.gov/vuln/detail/CVE-2023-5732
[ 41 ] CVE-2023-6204
https://nvd.nist.gov/vuln/detail/CVE-2023-6204
[ 42 ] CVE-2023-6205
https://nvd.nist.gov/vuln/detail/CVE-2023-6205
[ 43 ] CVE-2023-6206
https://nvd.nist.gov/vuln/detail/CVE-2023-6206
[ 44 ] CVE-2023-6207
https://nvd.nist.gov/vuln/detail/CVE-2023-6207
[ 45 ] CVE-2023-6208
https://nvd.nist.gov/vuln/detail/CVE-2023-6208
[ 46 ] CVE-2023-6209
https://nvd.nist.gov/vuln/detail/CVE-2023-6209
[ 47 ] CVE-2023-6212
https://nvd.nist.gov/vuln/detail/CVE-2023-6212
[ 48 ] CVE-2023-6856
https://nvd.nist.gov/vuln/detail/CVE-2023-6856
[ 49 ] CVE-2023-6857
https://nvd.nist.gov/vuln/detail/CVE-2023-6857
[ 50 ] CVE-2023-6858
https://nvd.nist.gov/vuln/detail/CVE-2023-6858
[ 51 ] CVE-2023-6859
https://nvd.nist.gov/vuln/detail/CVE-2023-6859
[ 52 ] CVE-2023-6860
https://nvd.nist.gov/vuln/detail/CVE-2023-6860
[ 53 ] CVE-2023-6861
https://nvd.nist.gov/vuln/detail/CVE-2023-6861
[ 54 ] CVE-2023-6862
https://nvd.nist.gov/vuln/detail/CVE-2023-6862
[ 55 ] CVE-2023-6863
https://nvd.nist.gov/vuln/detail/CVE-2023-6863
[ 56 ] CVE-2023-6864
https://nvd.nist.gov/vuln/detail/CVE-2023-6864
[ 57 ] CVE-2023-37201
https://nvd.nist.gov/vuln/detail/CVE-2023-37201
[ 58 ] CVE-2023-37202
https://nvd.nist.gov/vuln/detail/CVE-2023-37202
[ 59 ] CVE-2023-37207
https://nvd.nist.gov/vuln/detail/CVE-2023-37207
[ 60 ] CVE-2023-37208
https://nvd.nist.gov/vuln/detail/CVE-2023-37208
[ 61 ] CVE-2023-37211
https://nvd.nist.gov/vuln/detail/CVE-2023-37211
[ 62 ] CVE-2023-50761
https://nvd.nist.gov/vuln/detail/CVE-2023-50761
[ 63 ] CVE-2023-50762
https://nvd.nist.gov/vuln/detail/CVE-2023-50762
[ 64 ] CVE-2024-0741
https://nvd.nist.gov/vuln/detail/CVE-2024-0741
[ 65 ] CVE-2024-0742
https://nvd.nist.gov/vuln/detail/CVE-2024-0742
[ 66 ] CVE-2024-0746
https://nvd.nist.gov/vuln/detail/CVE-2024-0746
[ 67 ] CVE-2024-0747
https://nvd.nist.gov/vuln/detail/CVE-2024-0747
[ 68 ] CVE-2024-0749
https://nvd.nist.gov/vuln/detail/CVE-2024-0749
[ 69 ] CVE-2024-0750
https://nvd.nist.gov/vuln/detail/CVE-2024-0750
[ 70 ] CVE-2024-0751
https://nvd.nist.gov/vuln/detail/CVE-2024-0751
[ 71 ] CVE-2024-0753
https://nvd.nist.gov/vuln/detail/CVE-2024-0753
[ 72 ] CVE-2024-0755
https://nvd.nist.gov/vuln/detail/CVE-2024-0755
[ 73 ] MFSA-2024-01
[ 74 ] MFSA-2024-02
[ 75 ] MFSA-2024-04

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-25

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-24 ] Seamonkey: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Seamonkey: Multiple Vulnerabilities
Date: February 19, 2024
Bugs: #767400, #828479
ID: 202402-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Seamonkey, the worst of
which can lead to remote code execution.

Background
==========

The Seamonkey project is a community effort to deliver production-
quality releases of code derived from the application formerly known as
the ā€˜Mozilla Application Suiteā€™.

Affected packages
=================

Package Vulnerable Unaffected
-------------------- ------------ ------------
www-client/seamonkey < 2.53.10.2 >= 2.53.10.2

Description
===========

Multiple vulnerabilities have been discovered in Seamonkey. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Seamonkey users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.10.2"

References
==========

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-24

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-21 ] QtNetwork: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: QtNetwork: Multiple Vulnerabilities
Date: February 18, 2024
Bugs: #907120, #921292
ID: 202402-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in QtNetwork, the worst of
which could lead to execution of arbitrary code.

Background
==========

QtNetwork provides a set of APIs for programming applications that use
TCP/IP. It is part of the Qt framework.

Affected packages
=================

Package Vulnerable Unaffected
---------------- ------------ -------------
dev-qt/qtbase < 6.6.1-r2 >= 6.6.1-r2
dev-qt/qtnetwork < 5.15.12-r1 >= 5.15.12-r1

Description
===========

Multiple vulnerabilities have been discovered in QtNetwork. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Qt 5 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtnetwork-5.15.12-r1"

All Qt 6 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.6.1-r2"

References
==========

[ 1 ] CVE-2023-32762
https://nvd.nist.gov/vuln/detail/CVE-2023-32762
[ 2 ] CVE-2023-51714
https://nvd.nist.gov/vuln/detail/CVE-2023-51714

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-21

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-20 ] Thunar: Arbitrary Code Execution


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Thunar: Arbitrary Code Execution
Date: February 18, 2024
Bugs: #789396
ID: 202402-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been discovered in Thunar which may lead to
arbitrary code execution

Background
==========

Thunar is a modern file manager for the Xfce Desktop Environment. Thunar
has been designed from the ground up to be fast and easy to use. Its
user interface is clean and intuitive and does not include any confusing
or useless options by default. Thunar starts up quickly and navigating
through files and folders is fast and responsive.

Affected packages
=================

Package Vulnerable Unaffected
---------------- ------------ ------------
xfce-base/thunar < 4.17.3 >= 4.17.3

Description
===========

A vulnerability has been discovered in Thunar. Please review the CVE
identifier referenced below for details.

Impact
======

When called with a regular file as command line argument, Thunar
would delegate to some other program without user confirmation
based on the file type. This could be exploited to trigger code
execution in a chain of vulnerabilities.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Thunar users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=xfce-base/thunar-4.17.3"

References
==========

[ 1 ] CVE-2021-32563
https://nvd.nist.gov/vuln/detail/CVE-2021-32563

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-20

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-19 ] libcaca: Arbitary Code Execution


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: libcaca: Arbitary Code Execution
Date: February 18, 2024
Bugs: #772317
ID: 202402-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been discovered in libcaca which can lead to
arbitrary code execution.

Background
==========

libcaca is a library that creates colored ASCII-art graphics.

Affected packages
=================

Package Vulnerable Unaffected
------------------ ---------------- -----------------
media-libs/libcaca < 0.99_beta19-r4 >= 0.99_beta19-r4

Description
===========

A vulnerability has been discovered in libcaca. Please review the CVE
identifier referenced below for details.

Impact
======

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c
may lead to local execution of arbitrary code in the user context.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All libcaca users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libcaca-0.99_beta19-r4"

References
==========

[ 1 ] CVE-2021-3410
https://nvd.nist.gov/vuln/detail/CVE-2021-3410

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-19

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-18 ] Exim: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Exim: Multiple Vulnerabilities
Date: February 18, 2024
Bugs: #914923, #921520
ID: 202402-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Exim, the worst of
which can lead to remote code execution.

Background
==========

Exim is a message transfer agent (MTA) designed to be a a highly
configurable, drop-in replacement for sendmail.

Affected packages
=================

Package Vulnerable Unaffected
------------- ------------ ------------
mail-mta/exim < 4.97.1 >= 4.97.1

Description
===========

Multiple vulnerabilities have been discovered in Exim. Please review the
CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Exim users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-mta/exim-4.97.1"

References
==========

[ 1 ] CVE-2023-42114
https://nvd.nist.gov/vuln/detail/CVE-2023-42114
[ 2 ] CVE-2023-42115
https://nvd.nist.gov/vuln/detail/CVE-2023-42115
[ 3 ] CVE-2023-42116
https://nvd.nist.gov/vuln/detail/CVE-2023-42116
[ 4 ] CVE-2023-42117
https://nvd.nist.gov/vuln/detail/CVE-2023-42117
[ 5 ] CVE-2023-42119
https://nvd.nist.gov/vuln/detail/CVE-2023-42119
[ 6 ] CVE-2023-51766
https://nvd.nist.gov/vuln/detail/CVE-2023-51766
[ 7 ] ZDI-CAN-17433
[ 8 ] ZDI-CAN-17434
[ 9 ] ZDI-CAN-17515
[ 10 ] ZDI-CAN-17554
[ 11 ] ZDI-CAN-17643

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-18

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-17 ] CUPS: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: CUPS: Multiple Vulnerabilities
Date: February 18, 2024
Bugs: #847625, #907675, #909018, #914781
ID: 202402-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in CUPS, the worst of
which can lead to arbitrary code execution.

Background
==========

CUPS, the Common Unix Printing System, is a full-featured print server.

Affected packages
=================

Package Vulnerable Unaffected
-------------- ------------ ------------
net-print/cups < 2.4.7 >= 2.4.7

Description
===========

Multiple vulnerabilities have been discovered in CUPS. Please review the
CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All CUPS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-2.4.7"

References
==========

[ 1 ] CVE-2022-26691
https://nvd.nist.gov/vuln/detail/CVE-2022-26691
[ 2 ] CVE-2023-4504
https://nvd.nist.gov/vuln/detail/CVE-2023-4504
[ 3 ] CVE-2023-32324
https://nvd.nist.gov/vuln/detail/CVE-2023-32324
[ 4 ] CVE-2023-34241
https://nvd.nist.gov/vuln/detail/CVE-2023-34241

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-17

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-16 ] Apache Log4j: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Apache Log4j: Multiple Vulnerabilities
Date: February 18, 2024
Bugs: #719146
ID: 202402-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Apache Log4j, the worst
of which can lead to remote code execution.

Background
==========

Log4j is a Java logging framework that supports various use cases with a
rich set of components, a separate API, and a performance-optimized
implementation.

Affected packages
=================

Package Vulnerable Unaffected
-------------- ------------ ------------
dev-java/log4j = 5.15.12_p20240122

Description
===========

Multiple vulnerabilities have been discovered in QtWebEngine. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All QtWebEngine users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.12_p20240122"

References
==========

[ 1 ] CVE-2023-5997
https://nvd.nist.gov/vuln/detail/CVE-2023-5997
[ 2 ] CVE-2023-6112
https://nvd.nist.gov/vuln/detail/CVE-2023-6112
[ 3 ] CVE-2023-6345
https://nvd.nist.gov/vuln/detail/CVE-2023-6345
[ 4 ] CVE-2023-6346
https://nvd.nist.gov/vuln/detail/CVE-2023-6346
[ 5 ] CVE-2023-6347
https://nvd.nist.gov/vuln/detail/CVE-2023-6347
[ 6 ] CVE-2023-6348
https://nvd.nist.gov/vuln/detail/CVE-2023-6348
[ 7 ] CVE-2023-6350
https://nvd.nist.gov/vuln/detail/CVE-2023-6350
[ 8 ] CVE-2023-6351
https://nvd.nist.gov/vuln/detail/CVE-2023-6351
[ 9 ] CVE-2023-6508
https://nvd.nist.gov/vuln/detail/CVE-2023-6508
[ 10 ] CVE-2023-6509
https://nvd.nist.gov/vuln/detail/CVE-2023-6509
[ 11 ] CVE-2023-6510
https://nvd.nist.gov/vuln/detail/CVE-2023-6510
[ 12 ] CVE-2023-6511
https://nvd.nist.gov/vuln/detail/CVE-2023-6511
[ 13 ] CVE-2023-6512
https://nvd.nist.gov/vuln/detail/CVE-2023-6512
[ 14 ] CVE-2023-6702
https://nvd.nist.gov/vuln/detail/CVE-2023-6702
[ 15 ] CVE-2023-6703
https://nvd.nist.gov/vuln/detail/CVE-2023-6703
[ 16 ] CVE-2023-6704
https://nvd.nist.gov/vuln/detail/CVE-2023-6704
[ 17 ] CVE-2023-6705
https://nvd.nist.gov/vuln/detail/CVE-2023-6705
[ 18 ] CVE-2023-6706
https://nvd.nist.gov/vuln/detail/CVE-2023-6706
[ 19 ] CVE-2023-6707
https://nvd.nist.gov/vuln/detail/CVE-2023-6707
[ 20 ] CVE-2023-7024
https://nvd.nist.gov/vuln/detail/CVE-2023-7024
[ 21 ] CVE-2024-0222
https://nvd.nist.gov/vuln/detail/CVE-2024-0222
[ 22 ] CVE-2024-0223
https://nvd.nist.gov/vuln/detail/CVE-2024-0223
[ 23 ] CVE-2024-0224
https://nvd.nist.gov/vuln/detail/CVE-2024-0224
[ 24 ] CVE-2024-0225
https://nvd.nist.gov/vuln/detail/CVE-2024-0225
[ 25 ] CVE-2024-0333
https://nvd.nist.gov/vuln/detail/CVE-2024-0333
[ 26 ] CVE-2024-0517
https://nvd.nist.gov/vuln/detail/CVE-2024-0517
[ 27 ] CVE-2024-0518
https://nvd.nist.gov/vuln/detail/CVE-2024-0518
[ 28 ] CVE-2024-0519
https://nvd.nist.gov/vuln/detail/CVE-2024-0519

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-14

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202402-13 ] TACACS+: Remote Code Execution


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: TACACS+: Remote Code Execution
Date: February 18, 2024
Bugs: #918536
ID: 202402-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been discovered in TACACS+ which could lead to
remote code execution.

Background
==========

An updated version of Cisco's TACACS+ server.

Affected packages
=================

Package Vulnerable Unaffected
---------------- --------------- ------------
net-nds/tac_plus