[ GLSA 202506-11 ] YAML-LibYAML: Shell injection
[ GLSA 202506-10 ] File-Find-Rule: Shell Injection
[ GLSA 202506-09 ] OpenImageIO: Multiple Vulnerabilities
[ GLSA 202506-08 ] Node.js: Multiple Vulnerabilities
[ GLSA 202506-07 ] Python, PyPy: Multiple Vulnerabilities
[ GLSA 202506-06 ] Qt: Multiple Vulnerabilities
[ GLSA 202506-05 ] GTK+ 3: Search path vulnerability
[ GLSA 202506-04 ] X.Org X server, XWayland: Multiple Vulnerabilities
[ GLSA 202506-03 ] LibreOffice: Multiple Vulnerabilities
[ GLSA 202506-02 ] GStreamer, GStreamer Plugins: Multiple Vulnerabilities
[ GLSA 202506-01 ] Emacs: Multiple Vulnerabilities
[ GLSA 202506-11 ] YAML-LibYAML: Shell injection
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: YAML-LibYAML: Shell injection
Date: June 12, 2025
Bugs: #949498
ID: 202506-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in YAML-LibYAML, which can lead to
shell injection.
Background
==========
YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl.
Affected packages
=================
Package Vulnerable Unaffected
--------------------- ------------ ------------
dev-perl/YAML-LibYAML < 0.903.0 >= 0.903.0
Description
===========
YAML-LibYAML uses the legacy '2-arg' open() call which is susceptible to
shell injection via malicious filenames.
Impact
======
Shell injection may be used to execute arbitrary code using a malicious
filename.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All YAML-LibYAML users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/YAML-LibYAML-0.903.0"
References
==========
[ 1 ] CVE-2025-40908
https://nvd.nist.gov/vuln/detail/CVE-2025-40908
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-11
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-10 ] File-Find-Rule: Shell Injection
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: File-Find-Rule: Shell Injection
Date: June 12, 2025
Bugs: #957182
ID: 202506-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in File-Find-Rule, which can lead to
shell injection.
Background
==========
File-Find-Rule is an alternative interface to File::Find.
Affected packages
=================
Package Vulnerable Unaffected
----------------------- ------------ ------------
dev-perl/File-Find-Rule < 0.350.0 >= 0.350.0
Description
===========
File-Find-Rule uses the legacy '2-arg' open() call which is susceptible
to shell injection via malicious filenames.
Impact
======
Shell injection may be used to execute arbitrary code using a malicious
filename.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All File-Find-Rule users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/File-Find-Rule-0.350.0"
References
==========
[ 1 ] CVE-2011-10007
https://nvd.nist.gov/vuln/detail/CVE-2011-10007
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-09 ] OpenImageIO: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenImageIO: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #903807, #917679
ID: 202506-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in OpenImageIO, the worst
of which can lead to execution of arbitrary code.
Background
==========
OpenImageIO is a library for reading and writing images.
Affected packages
=================
Package Vulnerable Unaffected
---------------------- ------------ ------------
media-libs/openimageio < 2.5.4.0 >= 2.5.4.0
Description
===========
Multiple vulnerabilities have been discovered in OpenImageIO. Please
review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenImageIO users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/openimageio-2.5.4.0"
References
==========
[ 1 ] CVE-2023-22845
https://nvd.nist.gov/vuln/detail/CVE-2023-22845
[ 2 ] CVE-2023-24472
https://nvd.nist.gov/vuln/detail/CVE-2023-24472
[ 3 ] CVE-2023-24473
https://nvd.nist.gov/vuln/detail/CVE-2023-24473
[ 4 ] CVE-2023-36183
https://nvd.nist.gov/vuln/detail/CVE-2023-36183
[ 5 ] CVE-2023-42295
https://nvd.nist.gov/vuln/detail/CVE-2023-42295
[ 6 ] CVE-2023-42299
https://nvd.nist.gov/vuln/detail/CVE-2023-42299
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-08 ] Node.js: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Node.js: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #948514
ID: 202506-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Node.js, the worst of
which can lead to arbitrary code execution.
Background
==========
Node.js is a JavaScript runtime built on Chromeβs V8 JavaScript engine.
Affected packages
=================
Package Vulnerable Unaffected
--------------- ------------ ------------
net-libs/nodejs < 22.13.1 >= 22.13.1
Description
===========
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Node.js users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.13.1"
References
==========
[ 1 ] CVE-2025-23083
https://nvd.nist.gov/vuln/detail/CVE-2025-23083
[ 2 ] CVE-2025-23085
https://nvd.nist.gov/vuln/detail/CVE-2025-23085
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-08
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-07 ] Python, PyPy: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Python, PyPy: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #929045, #937124, #938432, #939206, #945845, #953493, #956682, #957088
ID: 202506-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulberabilities have been discovered in Python and PyPy, the
worst of which can lead to privilege escalation.
Background
==========
Python is an interpreted, interactive, object-oriented, cross-platform
programming language.
Affected packages
=================
Package Vulnerable Unaffected
--------------- --------------------- ----------------------
dev-lang/pypy < 3.10.7.3.19_p4:3.10 >= 3.10.7.3.19_p4:3.10
< 3.11.7.3.19_p9:3.11 >= 3.11.7.3.19_p9:3.11
dev-lang/python < 3.10.17_p1:3.10 >= 3.10.17_p1:3.10
< 3.11.12_p1:3.11 >= 3.11.12_p1:3.11
< 3.12.10_p1:3.12 >= 3.12.10_p1:3.12
< 3.13.3_p1:3.13 >= 3.13.3_p1:3.13
< 3.14.0_beta2:3.14 >= 3.14.0_beta2:3.14
< 3.8.20_p7:3.8 >= 3.8.20_p7:3.8
< 3.9.22_p1:3.9 >= 3.9.22_p1:3.9
Description
===========
Multiple vulnerabilities have been discovered in Python, PyPy3. Please
review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Python, PyPy3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.14.0_beta2:3.14"
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.13.3_p1:3.13"
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.10_p1:3.12"
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.12_p1:3.11"
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.17_p1:3.10"
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.22_p1:3.9"
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.20_p7:3.8"
# emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.10.7.3.19_p4:3.10"
# emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.11.7.3.19_p9:3.11"
References
==========
[ 1 ] CVE-2024-6232
https://nvd.nist.gov/vuln/detail/CVE-2024-6232
[ 2 ] CVE-2024-6923
https://nvd.nist.gov/vuln/detail/CVE-2024-6923
[ 3 ] CVE-2024-7592
https://nvd.nist.gov/vuln/detail/CVE-2024-7592
[ 4 ] CVE-2024-8088
https://nvd.nist.gov/vuln/detail/CVE-2024-8088
[ 5 ] CVE-2024-12718
https://nvd.nist.gov/vuln/detail/CVE-2024-12718
[ 6 ] CVE-2025-4138
https://nvd.nist.gov/vuln/detail/CVE-2025-4138
[ 7 ] CVE-2025-4330
https://nvd.nist.gov/vuln/detail/CVE-2025-4330
[ 8 ] CVE-2025-4516
https://nvd.nist.gov/vuln/detail/CVE-2025-4516
[ 9 ] CVE-2025-4517
https://nvd.nist.gov/vuln/detail/CVE-2025-4517
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-07
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-06 ] Qt: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Qt: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #924647, #931096, #935869, #954261
ID: 202506-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Qt, the worst of which
can lead to arbitrary code execution.
Background
==========
Qt is a cross-platform application development framework.
Affected packages
=================
Package Vulnerable Unaffected
---------------- ------------ -------------
dev-qt/qtbase < 6.8.3-r1 >= 6.8.3-r1
dev-qt/qtgui < 5.15.12-r2 >= 5.15.12-r2
dev-qt/qtnetwork < 5.15.14-r1 >= 5.15.14-r1
Description
===========
Multiple vulnerabilities have been discovered in Qt. Please review the
CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Qt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.8.3-r1"
# emerge --ask --oneshot --verbose ">=dev-qt/qtnetwork-5.15.14-r1"
# emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.15.12-r2"
References
==========
[ 1 ] CVE-2024-25580
https://nvd.nist.gov/vuln/detail/CVE-2024-25580
[ 2 ] CVE-2024-33861
https://nvd.nist.gov/vuln/detail/CVE-2024-33861
[ 3 ] CVE-2024-39936
https://nvd.nist.gov/vuln/detail/CVE-2024-39936
[ 4 ] CVE-2025-3512
https://nvd.nist.gov/vuln/detail/CVE-2025-3512
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-06
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-05 ] GTK+ 3: Search path vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: GTK+ 3: Search path vulnerability
Date: June 12, 2025
Bugs: #949825
ID: 202506-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability has been discovered in Gtk+, which can lead to arbitrary
code execution.
Background
=========
GTK+ (GIMP Toolkit +) is a toolkit for creating graphical user
interfaces.
Affected packages
================
Package Vulnerable Unaffected
------------- ------------ ------------
x11-libs/gtk+ < 3.24.48 >= 3.24.48
Description
==========
A vulnerability has been discovered in GTK+ 3. Please review the CVE
identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifier for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All GTK+ 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/gtk+-3.24.48"
References
=========
[ 1 ] CVE-2024-6655
https://nvd.nist.gov/vuln/detail/CVE-2024-6655
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-05
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-04 ] X.Org X server, XWayland: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: X.Org X server, XWayland: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #950290
ID: 202506-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability has been discovered in the Xorg Server and XWayland, the
worst of which can result in privilege escalation.
Background
=========
The X Window System is a graphical windowing system based on a
client/server model.
Affected packages
================
Package Vulnerable Unaffected
-------------------- ------------ ------------
x11-base/xorg-server < 21.1.16 >= 21.1.16
x11-base/xwayland < 24.1.6 >= 24.1.6
Description
==========
Multiple vulnerabilities have been discovered in X.Org X server and
XWayland. Please review the CVE identifiers referenced below for
details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All X.Org X server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.16"
All XWayland users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xwayland-24.1.6"
References
=========
[ 1 ] CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
[ 2 ] CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
[ 3 ] CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
[ 4 ] CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
[ 5 ] CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
[ 6 ] CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
[ 7 ] CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
[ 8 ] CVE-2025-26601
https://nvd.nist.gov/vuln/detail/CVE-2025-26601
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-04
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-03 ] LibreOffice: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: LibreOffice: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #948825
ID: 202506-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in LibreOffice, the worst of
which could result in user-assisted code execution.
Background
==========
LibreOffice is a powerful office suite; its clean interface and powerful
tools let you unleash your creativity and grow your productivity.
Affected packages
=================
Package Vulnerable Unaffected
-------------------------- ------------- --------------
app-office/libreoffice < 24.2.7.2-r1 >= 24.2.7.2-r1
app-office/libreoffice-bin < 24.8.4 >= 24.8.4
Description
===========
Multiple vulnerabilities have been discovered in LibreOffice. Please
review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All LibreOffice binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-24.8.4"
All LibreOffice users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-24.2.7.2-r1"
References
==========
[ 1 ] CVE-2024-12425
https://nvd.nist.gov/vuln/detail/CVE-2024-12425
[ 2 ] CVE-2024-12426
https://nvd.nist.gov/vuln/detail/CVE-2024-12426
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-02 ] GStreamer, GStreamer Plugins: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #948198
ID: 202506-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in GStreamer and GStreamer
Plugins, the worst of which could lead to code execution.
Background
==========
GStreamer is an open source multimedia framework.
Affected packages
=================
Package Vulnerable Unaffected
--------------------------- ------------ ------------
media-libs/gst-plugins-base < 1.24.10 >= 1.24.10
media-libs/gstreamer < 1.24.10 >= 1.24.10
Description
===========
Multiple vulnerabilities have been discovered in GStreamer, GStreamer
Plugins. Please review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All GStreamer, GStreamer Plugins users should upgrade to the latest
versions:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.24.10" ">=media-libs/gst-plugins-bad-1.24.10"
References
==========
[ 1 ] CVE-2024-44331
https://nvd.nist.gov/vuln/detail/CVE-2024-44331
[ 2 ] CVE-2024-47537
https://nvd.nist.gov/vuln/detail/CVE-2024-47537
[ 3 ] CVE-2024-47538
https://nvd.nist.gov/vuln/detail/CVE-2024-47538
[ 4 ] CVE-2024-47539
https://nvd.nist.gov/vuln/detail/CVE-2024-47539
[ 5 ] CVE-2024-47540
https://nvd.nist.gov/vuln/detail/CVE-2024-47540
[ 6 ] CVE-2024-47541
https://nvd.nist.gov/vuln/detail/CVE-2024-47541
[ 7 ] CVE-2024-47542
https://nvd.nist.gov/vuln/detail/CVE-2024-47542
[ 8 ] CVE-2024-47543
https://nvd.nist.gov/vuln/detail/CVE-2024-47543
[ 9 ] CVE-2024-47544
https://nvd.nist.gov/vuln/detail/CVE-2024-47544
[ 10 ] CVE-2024-47545
https://nvd.nist.gov/vuln/detail/CVE-2024-47545
[ 11 ] CVE-2024-47546
https://nvd.nist.gov/vuln/detail/CVE-2024-47546
[ 12 ] CVE-2024-47596
https://nvd.nist.gov/vuln/detail/CVE-2024-47596
[ 13 ] CVE-2024-47597
https://nvd.nist.gov/vuln/detail/CVE-2024-47597
[ 14 ] CVE-2024-47598
https://nvd.nist.gov/vuln/detail/CVE-2024-47598
[ 15 ] CVE-2024-47599
https://nvd.nist.gov/vuln/detail/CVE-2024-47599
[ 16 ] CVE-2024-47600
https://nvd.nist.gov/vuln/detail/CVE-2024-47600
[ 17 ] CVE-2024-47601
https://nvd.nist.gov/vuln/detail/CVE-2024-47601
[ 18 ] CVE-2024-47602
https://nvd.nist.gov/vuln/detail/CVE-2024-47602
[ 19 ] CVE-2024-47603
https://nvd.nist.gov/vuln/detail/CVE-2024-47603
[ 20 ] CVE-2024-47606
https://nvd.nist.gov/vuln/detail/CVE-2024-47606
[ 21 ] CVE-2024-47607
https://nvd.nist.gov/vuln/detail/CVE-2024-47607
[ 22 ] CVE-2024-47613
https://nvd.nist.gov/vuln/detail/CVE-2024-47613
[ 23 ] CVE-2024-47615
https://nvd.nist.gov/vuln/detail/CVE-2024-47615
[ 24 ] CVE-2024-47774
https://nvd.nist.gov/vuln/detail/CVE-2024-47774
[ 25 ] CVE-2024-47775
https://nvd.nist.gov/vuln/detail/CVE-2024-47775
[ 26 ] CVE-2024-47776
https://nvd.nist.gov/vuln/detail/CVE-2024-47776
[ 27 ] CVE-2024-47777
https://nvd.nist.gov/vuln/detail/CVE-2024-47777
[ 28 ] CVE-2024-47778
https://nvd.nist.gov/vuln/detail/CVE-2024-47778
[ 29 ] CVE-2024-47834
https://nvd.nist.gov/vuln/detail/CVE-2024-47834
[ 30 ] CVE-2024-47835
https://nvd.nist.gov/vuln/detail/CVE-2024-47835
[ 31 ] GStreamer-SA-2024-0003
https://gstreamer.freedesktop.org/security/sa-2024-0003.html
[ 32 ] GStreamer-SA-2024-0004
https://gstreamer.freedesktop.org/security/sa-2024-0004.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
[ GLSA 202506-01 ] Emacs: Multiple Vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202506-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Emacs: Multiple Vulnerabilities
Date: June 12, 2025
Bugs: #945164, #950192
ID: 202506-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in Emacs, the worst of
which could lead to arbitrary code execution.
Background
==========
Emacs is the extensible, customizable, self-documenting real-time
display editor. org-mode is an Emacs mode for notes and project
planning.
Affected packages
=================
Package Vulnerable Unaffected
----------------- ------------- --------------
app-editors/emacs < 26.3-r22:26 >= 26.3-r22:26
< 27.2-r20:27 >= 27.2-r20:27
< 28.2-r16:28 >= 28.2-r16:28
< 29.4-r2:29 >= 29.4-r2:29
Description
===========
Multiple vulnerabilities have been discovered in Emacs, org-mode. Please
review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Emacs, org-mode users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/emacs-29.4-r2:29"
# emerge --ask --oneshot --verbose ">=app-editors/emacs-28.2-r16:28"
# emerge --ask --oneshot --verbose ">=app-editors/emacs-27.2-r20:27"
# emerge --ask --oneshot --verbose ">=app-editors/emacs-26.3-r22:26"
References
==========
[ 1 ] CVE-2024-53920
https://nvd.nist.gov/vuln/detail/CVE-2024-53920
[ 2 ] CVE-2025-1244
https://nvd.nist.gov/vuln/detail/CVE-2025-1244
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
