GLSA

Gentoo Linux Security Advisories (GLSA) are notifications generated by Gentoo's security team about vulnerable software available in the Gentoo ebuild repository. These reports contain information about the vulnerability itself, the possible impact on a Gentoo system, references towards external sources (like CVE information) as well as information on how to resolve the vulnerability (which, in most cases, is an update or upgrade of one or more software titles).

GLSA notifications are managed as XML files within the Gentoo repository (see ${portageq get_repo_path / gentoo}/metadata/glsa). A user can run the glsa-check application to have its system verified against these GLSA notifications and, optionally, update the necessary packages automatically to remediate the vulnerability.

GLSA availability[edit | edit source]

Gentoo Linux Security Advisories can be obtained through several sources:

• Chronological Index of GLSA notifications: https://security.gentoo.org/glsa/
• Subscribe to the gentoo-announce@gentoo.org mailing list: https://www.gentoo.org/get-involved/mailing-lists/
• GLSA RSS feed: https://security.gentoo.org/glsa/feed.rss

See also[edit | edit source]

• Security Handbook/Staying up-to-date
• Gentoo Linux Security Project
• GLSA Coordinator Guide

External resources[edit | edit source]

• Gentoo Linux Vulnerability Treatment Policy