GLSA

Gentoo Linux Security Advisories (GLSA) are notifications generated by Gentoo's security team about vulnerable software available in the Gentoo ebuild repository. These reports contain information about the vulnerability itself, the possible impact on a Gentoo system, references towards external sources (like CVE information) as well as information on how to resolve the vulnerability (which, in most cases, is an update or upgrade of one or more software titles).

GLSA notifications are managed as XML files within the Gentoo repository (see ${portageq get_repo_path / gentoo}/metadata/glsa). System administrators can run the glsa-check application (distributed with Portage) to have their system verified against these GLSA notifications and, optionally, update the necessary packages automatically to remediate the vulnerability.

GLSA availability

Gentoo Linux Security Advisories can be obtained through several sources:

• Chronological Index of GLSA notifications: https://security.gentoo.org/glsa/
• Subscribe to the gentoo-announce@gentoo.org mailing list: https://www.gentoo.org/get-involved/mailing-lists/
• GLSA RSS feed: https://security.gentoo.org/glsa/feed.rss

See also

• Security Handbook/Staying up-to-date
• Gentoo Linux Security Project
• GLSA Coordinator Guide
• Portage — the official package manager and distribution system for Gentoo.

External resources

• Gentoo Linux Vulnerability Treatment Policy