Gentoo Linux Security Advisory 202010-5 - Multiple vulnerabilities have been found in LibRaw, the worst of which may allow attackers to execute arbitrary code. Versions less than 0.20.0 are affected. Continue reading...
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. The Security Project is tasked with providing timely information about security vulnerabilities in Gentoo Linux, along with patches to secure those vulnerabilities. We work directly with vendors, end users and other OSS projects to ensure all security incidents are responded to quickly and professionally. You can find a document describing the policy the security team follows to treat the vulnerabilities found in the Gentoo Linux distribution on the Vulnerability Treatment Policy page. Keeping Gentoo secure To stay up-to-date with the security fixes you should subscribe to receive GLSAs and apply GLSA instructions whenever you have an affected package installed. Alternatively, syncing your portage tree and upgrading every package should also keep you up-to-date security-wise. You can use glsa-check tool (part of the gentoolkit package) to: Check if a specific GLSA applies to your system (-p option) List all GLSAs with applied/affected/unaffected status (-l option) Apply a given GLSA to your system (-f option). Hope this information helps you.
