Gentoo Linux security advisories

Gentoo Linux security advisories https://security.gentoo.org/glsa This feed contains new Gentoo Linux security advisories. Contact security@gentoo.org with questions. Fri, 17 Apr 2026 00:00:00 +0000 GLSA 202604-04: DTrace: Arbitrary file creation via dtprobed https://security.gentoo.org/glsa/202604-04 A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. Fri, 17 Apr 2026 00:00:00 +0000 2026-04-17T00:00:00+00:00 GLSA 202604-03: FUSE: Multiple Vulnerabilities https://security.gentoo.org/glsa/202604-03 Multiple vulnerabilities have been found in FUSE, the worst of which can lead to code execution. Fri, 17 Apr 2026 00:00:00 +0000 2026-04-17T00:00:00+00:00 GLSA 202603-01: Exiv2: Multiple Vulnerabilities https://security.gentoo.org/glsa/202603-01 Multiple vulnerabilities have been found in Exiv2, the worst of which can lead to a crash via Denial of Service. Mon, 09 Mar 2026 00:00:00 +0000 2026-03-09T00:00:00+00:00 GLSA 202601-05: Commons-BeanUtils: Arbitary Code Execution https://security.gentoo.org/glsa/202601-05 A vulnerability has been discovered in Commons-BeanUtils, which can lead to execution of arbitrary code. Mon, 26 Jan 2026 00:00:00 +0000 2026-01-26T00:00:00+00:00 GLSA 202601-04: Asterisk: Multiple Vulnerabilities https://security.gentoo.org/glsa/202601-04 Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. Mon, 26 Jan 2026 00:00:00 +0000 2026-01-26T00:00:00+00:00 GLSA 202601-03: GIMP: Arbitrary Code Execution https://security.gentoo.org/glsa/202601-03 A vulnerability has been discovered in GIMP, which can lead to execution of arbitrary code. Mon, 26 Jan 2026 00:00:00 +0000 2026-01-26T00:00:00+00:00 GLSA 202601-02: Vim, gVim: Multiple Vulnerabilities https://security.gentoo.org/glsa/202601-02 Multiple vulnerabilities have been discovered in Vim and gVim, the worst of which could lead to execution of arbitrary code. Mon, 26 Jan 2026 00:00:00 +0000 2026-01-26T00:00:00+00:00 GLSA 202601-01: inetutils: Remote Code Execution https://security.gentoo.org/glsa/202601-01 A vulnerability has been discovered in the telnetd module of inetutils, which allows remote code execution as root. Mon, 26 Jan 2026 00:00:00 +0000 2026-01-26T00:00:00+00:00 GLSA 202512-01: GnuPG: Arbitrary Code Execution https://security.gentoo.org/glsa/202512-01 A vulnerability has been discovered in GnuPG, which can lead to arbitrary code execution. Sat, 27 Dec 2025 00:00:00 +0000 2025-12-27T00:00:00+00:00 GLSA 202511-07: librnp: Weak random number generation https://security.gentoo.org/glsa/202511-07 librnp uses weak random number generation such that generated keys can be easily cracked. Wed, 26 Nov 2025 00:00:00 +0000 2025-11-26T00:00:00+00:00 GLSA 202511-06: libpng: Multiple vulnerabilities https://security.gentoo.org/glsa/202511-06 Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code. Wed, 26 Nov 2025 00:00:00 +0000 2025-11-26T00:00:00+00:00 GLSA 202511-05: redict, redis: Multiple Vulnerabilities https://security.gentoo.org/glsa/202511-05 Multiple vulnerabilities have been discovered in redis and redict, the worst of which could lead to execution of arbitrary code. Mon, 24 Nov 2025 00:00:00 +0000 2025-11-24T00:00:00+00:00 GLSA 202511-04: Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities https://security.gentoo.org/glsa/202511-04 Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Mon, 24 Nov 2025 00:00:00 +0000 2025-11-24T00:00:00+00:00 GLSA 202511-03: qtsvg: Multiple Vulnerabilities https://security.gentoo.org/glsa/202511-03 Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to execution of arbitrary code. Mon, 24 Nov 2025 00:00:00 +0000 2025-11-24T00:00:00+00:00 GLSA 202511-02: WebKitGTK+: Multiple Vulnerabilities https://security.gentoo.org/glsa/202511-02 Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which can lead to execution of arbitary code. Mon, 24 Nov 2025 00:00:00 +0000 2025-11-24T00:00:00+00:00 GLSA 202511-01: UDisks: Multiple Vulnerabilities https://security.gentoo.org/glsa/202511-01 Multiple vulnerabilities have been discovered in UDisks, the worst of which can lead to execution of arbitrary code. Mon, 24 Nov 2025 00:00:00 +0000 2025-11-24T00:00:00+00:00 GLSA 202509-08: GnuTLS: Multiple Vulnerabilities https://security.gentoo.org/glsa/202509-08 Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to arbitrary code execution. Wed, 17 Sep 2025 00:00:00 +0000 2025-09-17T00:00:00+00:00 GLSA 202509-07: libvpx: Use after free https://security.gentoo.org/glsa/202509-07 A vulnerability has been discovered in libvpx, which could lead to execution of arbitrary code. Wed, 17 Sep 2025 00:00:00 +0000 2025-09-17T00:00:00+00:00 GLSA 202509-06: ProFTPd: SSH Terrapin vulnerability https://security.gentoo.org/glsa/202509-06 A vulnerability has been discovered in ProFTPd, which can lead to loss of confidentiality. Wed, 17 Sep 2025 00:00:00 +0000 2025-09-17T00:00:00+00:00 GLSA 202509-05: Plex Media Server: Incorrect resource transfer https://security.gentoo.org/glsa/202509-05 A vulnerability has been discovered in Plex Media Server. Wed, 17 Sep 2025 00:00:00 +0000 2025-09-17T00:00:00+00:00 GLSA 202509-04: glibc: Multiple Vulnerabilities https://security.gentoo.org/glsa/202509-04 Multiple vulnerabilities have been discovered in glibc, the worst of which could lead to execution of arbitrary code. Wed, 17 Sep 2025 00:00:00 +0000 2025-09-17T00:00:00+00:00 GLSA 202509-03: Django: Multiple Vulnerabilities https://security.gentoo.org/glsa/202509-03 Multiple vulnerabilities have been discovered in Django, the worst of which could lead to a denial of service. Wed, 17 Sep 2025 00:00:00 +0000 2025-09-17T00:00:00+00:00 GLSA 202509-02: Spidermonkey: Multiple Vulnerabilities https://security.gentoo.org/glsa/202509-02 Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to execution of arbitrary code. Wed, 17 Sep 2025 00:00:00 +0000 2025-09-17T00:00:00+00:00 GLSA 202509-01: Poppler: Multiple Vulnerabilities https://security.gentoo.org/glsa/202509-01 Multiple vulnerabilities have been discovered in Poppler, the worst of which could lead to execution of arbitrary code. Wed, 17 Sep 2025 00:00:00 +0000 2025-09-17T00:00:00+00:00 GLSA 202508-06: Composer: Multiple Vulnerabilities https://security.gentoo.org/glsa/202508-06 Multiple vulnerabilities have been discovered in Composer, the worst of which can lead to arbitrary code execution. Wed, 06 Aug 2025 00:00:00 +0000 2025-08-06T00:00:00+00:00 GLSA 202508-05: Spreadsheet-ParseExcel: Arbitrary Code Execution https://security.gentoo.org/glsa/202508-05 A vulnerability has been discovered in Spreadsheet-ParseExcel, which can lead to arbitrary code execution. Wed, 06 Aug 2025 00:00:00 +0000 2025-08-06T00:00:00+00:00 GLSA 202508-04: Mozilla Network Security Service (NSS): TLS RSA decryption timing attack https://security.gentoo.org/glsa/202508-04 A vulnerability has been discovered in NSS, which can lead to the recovery of private data. Wed, 06 Aug 2025 00:00:00 +0000 2025-08-06T00:00:00+00:00 GLSA 202508-03: FontForge: Arbitrary Code Execution https://security.gentoo.org/glsa/202508-03 A vulnerability has been discovered in FontForge, which can lead to arbitrary code execution. Wed, 06 Aug 2025 00:00:00 +0000 2025-08-06T00:00:00+00:00 GLSA 202508-02: GPL Ghostscript: Multiple Vulnerabilities https://security.gentoo.org/glsa/202508-02 Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which can lead to execution of arbitrary code. Wed, 06 Aug 2025 00:00:00 +0000 2025-08-06T00:00:00+00:00 GLSA 202508-01: PAM: Multiple Vulnerabilities https://security.gentoo.org/glsa/202508-01 Multiple vulnerabilities have been discovered in PAM, the worst of which could lead to privilege escalation. Wed, 06 Aug 2025 00:00:00 +0000 2025-08-06T00:00:00+00:00 GLSA 202507-10: Roundcube: Multiple Vulnerabilities https://security.gentoo.org/glsa/202507-10 Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code. Tue, 22 Jul 2025 00:00:00 +0000 2025-07-22T00:00:00+00:00 GLSA 202507-09: Git: Multiple Vulnerabilities https://security.gentoo.org/glsa/202507-09 Multiple vulnerabilities have been discovered in Git, the worst of which could lead to arbitrary code execution. Tue, 08 Jul 2025 00:00:00 +0000 2025-07-08T00:00:00+00:00 GLSA 202507-08: REXML: Multiple Vulnerabilities https://security.gentoo.org/glsa/202507-08 Multiple vulnerabilities have been discovered in REXML, the worst of which can lead to a denial of service. Tue, 08 Jul 2025 00:00:00 +0000 2025-07-08T00:00:00+00:00 GLSA 202507-07: Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities https://security.gentoo.org/glsa/202507-07 Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Tue, 08 Jul 2025 00:00:00 +0000 2025-07-08T00:00:00+00:00 GLSA 202507-06: openh264: Heap Overflow https://security.gentoo.org/glsa/202507-06 A heap overflow has been discovered in openh264, which can lead to arbitrary code execution. Tue, 08 Jul 2025 00:00:00 +0000 2025-07-08T00:00:00+00:00 GLSA 202507-05: NTP: Multiple Vulnerabilities https://security.gentoo.org/glsa/202507-05 Multiple vulnerabilities have been discovered in NTP, the worst of which could lead to the execution of arbitrary code. Tue, 08 Jul 2025 00:00:00 +0000 2025-07-08T00:00:00+00:00 GLSA 202507-04: strongSwan: Buffer Overflow https://security.gentoo.org/glsa/202507-04 A buffer overflow has been discovered in strongSwan, which can lead to remote code execution. Tue, 08 Jul 2025 00:00:00 +0000 2025-07-08T00:00:00+00:00 GLSA 202507-03: ClamAV: Multiple Vulnerabilities https://security.gentoo.org/glsa/202507-03 Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. Tue, 08 Jul 2025 00:00:00 +0000 2025-07-08T00:00:00+00:00 GLSA 202507-02: UDisks, libblockdev: Privilege escalation https://security.gentoo.org/glsa/202507-02 Multiple vulnerabilities have been discovered in UDisks, libblockdev, the worst of which could result in privilege escalation. Tue, 01 Jul 2025 00:00:00 +0000 2025-07-01T00:00:00+00:00 GLSA 202507-01: sudo: Privilege escalation https://security.gentoo.org/glsa/202507-01 Multiple vulnerabilities have been discovered in sudo, the worst of which could result in privilege escalation. Tue, 01 Jul 2025 00:00:00 +0000 2025-07-01T00:00:00+00:00 GLSA 202506-13: Konsole: Code execution https://security.gentoo.org/glsa/202506-13 An input sanitization flaw in Konsole might allow remote attackers to execute commands via a malicious URL Sun, 15 Jun 2025 00:00:00 +0000 2025-06-15T00:00:00+00:00 GLSA 202506-12: sysstat: Arbitrary Code Execution https://security.gentoo.org/glsa/202506-12 An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution. Sun, 15 Jun 2025 00:00:00 +0000 2025-06-15T00:00:00+00:00 GLSA 202506-11: YAML-LibYAML: Shell injection https://security.gentoo.org/glsa/202506-11 A vulnerability has been discovered in YAML-LibYAML, which can lead to shell injection. Thu, 12 Jun 2025 00:00:00 +0000 2025-06-12T00:00:00+00:00 GLSA 202506-10: File-Find-Rule: Shell Injection https://security.gentoo.org/glsa/202506-10 A vulnerability has been discovered in File-Find-Rule, which can lead to shell injection. Thu, 12 Jun 2025 00:00:00 +0000 2025-06-12T00:00:00+00:00 GLSA 202506-09: OpenImageIO: Multiple Vulnerabilities https://security.gentoo.org/glsa/202506-09 Multiple vulnerabilities have been discovered in OpenImageIO, the worst of which can lead to execution of arbitrary code. Thu, 12 Jun 2025 00:00:00 +0000 2025-06-12T00:00:00+00:00 GLSA 202506-08: Node.js: Multiple Vulnerabilities https://security.gentoo.org/glsa/202506-08 Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution. Thu, 12 Jun 2025 00:00:00 +0000 2025-06-12T00:00:00+00:00 GLSA 202506-07: Python, PyPy: Multiple Vulnerabilities https://security.gentoo.org/glsa/202506-07 Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. Thu, 12 Jun 2025 00:00:00 +0000 2025-06-12T00:00:00+00:00 GLSA 202506-06: Qt: Multiple Vulnerabilities https://security.gentoo.org/glsa/202506-06 Multiple vulnerabilities have been discovered in Qt, the worst of which can lead to arbitrary code execution. Thu, 12 Jun 2025 00:00:00 +0000 2025-06-12T00:00:00+00:00 GLSA 202506-05: GTK+ 3: Search path vulnerability https://security.gentoo.org/glsa/202506-05 A vulnerability has been discovered in Gtk+, which can lead to arbitrary code execution. Thu, 12 Jun 2025 00:00:00 +0000 2025-06-12T00:00:00+00:00 GLSA 202506-04: X.Org X server, XWayland: Multiple Vulnerabilities https://security.gentoo.org/glsa/202506-04 A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Thu, 12 Jun 2025 00:00:00 +0000 2025-06-12T00:00:00+00:00 2026-04-17T00:00:00+00:00