Multiple vulnerabilities have been found in DirectFB, all of which could allow remote attackers to execute arbitrary code.
|Package||dev-libs/DirectFB on all architectures|
|Affected versions||< 1.7.5|
|Unaffected versions||>= 1.7.5|
DirectFB (Direct Frame Buffer) is a set of graphics APIs implemented on top of the Linux Frame Buffer (fbdev) abstraction layer.
Multiple vulnerabilities have been discovered in DirectFB. Please review the CVE identifiers referenced below for details.
Remote attackers could cause a Denial of Service condition or execute arbitrary code via the Voodoo interface.
There is no known workaround at this time.
All DirectFB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/DirectFB-1.7.5"
January 23, 2017
January 23, 2017: 1