Keeping a Gentoo System updated helps to minimize weak packages that might be in the focus of an attack.

Gentoo Linux Security Announcements (GLSA) have been introduced to remove such weak points. Typing glsa-check -t all checks if the computer is affected (part of emerge gentoolkit).

To fix everything glsa-check -f $(glsa-check -t all)

To see more about what is going on:

glsa-check -lv<glsa number> s

glsa-check -l | grep [[N]]

[A] means this GLSA was already applied,

[U] means the system is not affected and

[N] indicates that the system might be affected.

200709-17 [N] teTeX: Multiple buffer overflows ( app-text/tetex )

200711-07 [N] Python: User-assisted execution of arbitrary code ( dev-lang/python )

The critical are marked red with [N]. The glsa's are numbed as 200709-17.

glsa-check -p<glsa number> shows what will be done to fix it.

glsa-check -f<glsa number> is used to remove (or fix) the security problem a emerge --update --deep world will mostly do it as well, since since new package version should also have fixed older security issues.

The Glsa's are in /usr/portage/metadata/glsa