Gentoo Linux has issued a series of security updates addressing significant vulnerabilities in several key components, including PAM, Mozilla Firefox, Mozilla Thunderbird, Orc, NVIDIA Drivers, and glibc. Each of these updates is categorized as high severity, indicating the potential for serious security breaches.
1. PAM (Pluggable Authentication Modules):
- Advisory ID: GLSA 202505-01
- Issue: Multiple vulnerabilities, with the most severe risking password leakage.
- Affected Version: < 1.7.0_p20241230
- Solution: Upgrade to version >= 1.7.0_p20241230.
2. Mozilla Firefox:
- Advisory ID: GLSA 202505-02
- Issue: Multiple vulnerabilities, including the potential for arbitrary code execution.
- Affected Versions: < 128.9.0:esr and < 137.0.1:stable
- Solution: Upgrade to >= 128.9.0:esr or >= 137.0.1:stable.
3. Mozilla Thunderbird:
- Advisory ID: GLSA 202505-03
- Issue: Multiple vulnerabilities, potentially leading to remote code execution.
- Affected Version: < 128.9.0
- Solution: Upgrade to >= 128.9.0.
4. Orc:
- Advisory ID: GLSA 202505-05
- Issue: A vulnerability that could lead to arbitrary code execution.
- Affected Version: < 0.4.40
- Solution: Upgrade to >= 0.4.40.
5. NVIDIA Drivers:
- Advisory ID: GLSA 202505-04
- Issue: Multiple vulnerabilities, with the risk for arbitrary code execution.
- Affected Version: < 535.247.01
- Solution: Upgrade to >= 535.247.01.
6. glibc (GNU C Library):
- Advisory ID: GLSA 202505-06
- Issue: Buffer overflow vulnerability that could allow arbitrary code execution.
- Affected Version: < 2.40-r8
- Solution: Upgrade to >= 2.40-r8.
For additional details and updates, users can visit the Gentoo Security website at [security.gentoo.org](https://security.gentoo.org)
Key Updates:
1. PAM (Pluggable Authentication Modules):
- Advisory ID: GLSA 202505-01
- Issue: Multiple vulnerabilities, with the most severe risking password leakage.
- Affected Version: < 1.7.0_p20241230
- Solution: Upgrade to version >= 1.7.0_p20241230.
2. Mozilla Firefox:
- Advisory ID: GLSA 202505-02
- Issue: Multiple vulnerabilities, including the potential for arbitrary code execution.
- Affected Versions: < 128.9.0:esr and < 137.0.1:stable
- Solution: Upgrade to >= 128.9.0:esr or >= 137.0.1:stable.
3. Mozilla Thunderbird:
- Advisory ID: GLSA 202505-03
- Issue: Multiple vulnerabilities, potentially leading to remote code execution.
- Affected Version: < 128.9.0
- Solution: Upgrade to >= 128.9.0.
4. Orc:
- Advisory ID: GLSA 202505-05
- Issue: A vulnerability that could lead to arbitrary code execution.
- Affected Version: < 0.4.40
- Solution: Upgrade to >= 0.4.40.
5. NVIDIA Drivers:
- Advisory ID: GLSA 202505-04
- Issue: Multiple vulnerabilities, with the risk for arbitrary code execution.
- Affected Version: < 535.247.01
- Solution: Upgrade to >= 535.247.01.
6. glibc (GNU C Library):
- Advisory ID: GLSA 202505-06
- Issue: Buffer overflow vulnerability that could allow arbitrary code execution.
- Affected Version: < 2.40-r8
- Solution: Upgrade to >= 2.40-r8.
Recommendations for Users:
Users are urged to perform an update immediately to mitigate any potential risks associated with these vulnerabilities. The command to update is the same across all advisories:bashemerge --sync
emerge --ask --oneshot --verbose "
"
Conclusion:
The Gentoo Linux team prioritizes the security of its users and encourages anyone with security concerns to reach out to the security team or report issues through the Gentoo bug tracker. Regular updates and vigilance are essential to maintain a secure operating environment.For additional details and updates, users can visit the Gentoo Security website at [security.gentoo.org](https://security.gentoo.org)
PAM, Firefox, Thunderbird, Orc, NVIDIA Drivers, Glibc updates for Gentoo
Gentoo Linux has received an update addressing various security vulnerabilities, including multiple issues found in PAM, Mozilla Firefox, Mozilla Thunderbird, Orc, NVIDIA Drivers, and glibc:
[ GLSA 202505-01 ] PAM: Multiple Vulnerabilities
[ GLSA 202505-02 ] Mozilla Firefox: Multiple Vulnerabilities
[ GLSA 202505-03 ] Mozilla Thunderbird: Multiple Vulnerabilities
[ GLSA 202505-05 ] Orc: Arbitrary Code Execution
[ GLSA 202505-04 ] NVIDIA Drivers: Multiple Vulnerabilities
[ GLSA 202505-06 ] glibc: Buffer OverflowPAM, Firefox, Thunderbird, Orc, NVIDIA Drivers, Glibc updates for Gentoo @ Linux Compatible
