Gentoo Linux Security Advisory 202208-26 - Multiple vulnerabilities have been discovered in libarchive, the worst of which could result in arbitrary code execution. Versions less than 3.6.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libarchive: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #803128, #836352, #837266  
       ID: 202208-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in libarchive, the worst  
of which could result in arbitrary code execution.

Background  
=========  
libarchive is a library for manipulating different streaming archive  
formats, including certain tar variants, several cpio formats, and both  
BSD and GNU ar variants.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-arch/libarchive        < 3.6.1                      >= 3.6.1

Description  
==========  
Multiple vulnerabilities have been discovered in libarchive. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libarchive users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.6.1"

References  
=========  
[ 1 ] CVE-2021-31566  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31566  
[ 2 ] CVE-2021-36976  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36976  
[ 3 ] CVE-2022-26280  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26280  
[ 4 ] CVE-2022-28066  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28066

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-26

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-26

Gentoo Linux Security Advisory 202208-27 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202208-27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: QEMU: Multiple Vulnerabilities     Date: August 14, 2022     Bugs: #733448, #736605, #773220, #775713, #780816, #792624, #807055, #810544, #820743, #835607, #839762       ID: 202208-27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been discovered in QEMU, the worst ofwhich could result in remote code execution (guest sandbox escape).Background=========QEMU is a generic and open source machine emulator and virtualizer.Affected packages================    -------------------------------------------------------------------     Package              /     Vulnerable     /            Unaffected    -------------------------------------------------------------------  1  app-emulation/qemu         < 7.0.0                      >= 7.0.0Description==========Multiple vulnerabilities have been discovered in QEMU.Please review theCVE identifiers referenced below for details.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All QEMU users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=app-emulation/qemu-7.0.0"References=========[ 1 ] CVE-2020-15859      https://nvd.nist.gov/vuln/detail/CVE-2020-15859[ 2 ] CVE-2020-15863      https://nvd.nist.gov/vuln/detail/CVE-2020-15863[ 3 ] CVE-2020-16092      https://nvd.nist.gov/vuln/detail/CVE-2020-16092[ 4 ] CVE-2020-35504      https://nvd.nist.gov/vuln/detail/CVE-2020-35504[ 5 ] CVE-2020-35505      https://nvd.nist.gov/vuln/detail/CVE-2020-35505[ 6 ] CVE-2020-35506      https://nvd.nist.gov/vuln/detail/CVE-2020-35506[ 7 ] CVE-2020-35517      https://nvd.nist.gov/vuln/detail/CVE-2020-35517[ 8 ] CVE-2021-3409      https://nvd.nist.gov/vuln/detail/CVE-2021-3409[ 9 ] CVE-2021-3416      https://nvd.nist.gov/vuln/detail/CVE-2021-3416[ 10 ] CVE-2021-3527      https://nvd.nist.gov/vuln/detail/CVE-2021-3527[ 11 ] CVE-2021-3544      https://nvd.nist.gov/vuln/detail/CVE-2021-3544[ 12 ] CVE-2021-3545      https://nvd.nist.gov/vuln/detail/CVE-2021-3545[ 13 ] CVE-2021-3546      https://nvd.nist.gov/vuln/detail/CVE-2021-3546[ 14 ] CVE-2021-3582      https://nvd.nist.gov/vuln/detail/CVE-2021-3582[ 15 ] CVE-2021-3607      https://nvd.nist.gov/vuln/detail/CVE-2021-3607[ 16 ] CVE-2021-3608      https://nvd.nist.gov/vuln/detail/CVE-2021-3608[ 17 ] CVE-2021-3611      https://nvd.nist.gov/vuln/detail/CVE-2021-3611[ 18 ] CVE-2021-3682      https://nvd.nist.gov/vuln/detail/CVE-2021-3682[ 19 ] CVE-2021-3713      https://nvd.nist.gov/vuln/detail/CVE-2021-3713[ 20 ] CVE-2021-3748      https://nvd.nist.gov/vuln/detail/CVE-2021-3748[ 21 ] CVE-2021-3750      https://nvd.nist.gov/vuln/detail/CVE-2021-3750[ 22 ] CVE-2021-3929      https://nvd.nist.gov/vuln/detail/CVE-2021-3929[ 23 ] CVE-2021-3930      https://nvd.nist.gov/vuln/detail/CVE-2021-3930[ 24 ] CVE-2021-3947      https://nvd.nist.gov/vuln/detail/CVE-2021-3947[ 25 ] CVE-2021-4145      https://nvd.nist.gov/vuln/detail/CVE-2021-4145[ 26 ] CVE-2021-4158      https://nvd.nist.gov/vuln/detail/CVE-2021-4158[ 27 ] CVE-2021-4206      https://nvd.nist.gov/vuln/detail/CVE-2021-4206[ 28 ] CVE-2021-4207      https://nvd.nist.gov/vuln/detail/CVE-2021-4207[ 29 ] CVE-2021-20203      https://nvd.nist.gov/vuln/detail/CVE-2021-20203[ 30 ] CVE-2021-20257      https://nvd.nist.gov/vuln/detail/CVE-2021-20257[ 31 ] CVE-2021-20263      https://nvd.nist.gov/vuln/detail/CVE-2021-20263[ 32 ] CVE-2022-0358      https://nvd.nist.gov/vuln/detail/CVE-2022-0358[ 33 ] CVE-2022-26353      https://nvd.nist.gov/vuln/detail/CVE-2022-26353[ 34 ] CVE-2022-26354      https://nvd.nist.gov/vuln/detail/CVE-2022-26354Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202208-27Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2022 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-27

Gentoo Linux Security Advisory 202208-23 - Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 4.15.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Xen: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #810341, #812485, #816882, #825354, #832039, #835401, #850802  
       ID: 202208-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Xen, the worst of which  
could result in remote code execution (guest sandbox escape).

Background  
=========  
Xen is a bare-metal hypervisor.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-emulation/xen          < 4.15.3                    >= 4.15.3  
  2  app-emulation/xen-tools    < 4.15.3                    >= 4.15.3

Description  
==========  
Multiple vulnerabilities have been discovered in Xen. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Xen users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.15.3"

All Xen tools users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.15.3"

References  
=========  
[ 1 ] CVE-2021-28694  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28694  
[ 2 ] CVE-2021-28695  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28695  
[ 3 ] CVE-2021-28696  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28696  
[ 4 ] CVE-2021-28697  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28697  
[ 5 ] CVE-2021-28698  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28698  
[ 6 ] CVE-2021-28699  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28699  
[ 7 ] CVE-2021-28700  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28700  
[ 8 ] CVE-2021-28701  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28701  
[ 9 ] CVE-2021-28702  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28702  
[ 10 ] CVE-2021-28710  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28710  
[ 11 ] CVE-2022-21123  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21123  
[ 12 ] CVE-2022-21125  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21125  
[ 13 ] CVE-2022-21166  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21166  
[ 14 ] CVE-2022-23033  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23033  
[ 15 ] CVE-2022-23034  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23034  
[ 16 ] CVE-2022-23035  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23035  
[ 17 ] CVE-2022-26362  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26362  
[ 18 ] CVE-2022-26363  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26363  
[ 19 ] CVE-2022-26364  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26364  
[ 20 ] XSA-378  
[ 21 ] XSA-379  
[ 22 ] XSA-380  
[ 23 ] XSA-382  
[ 24 ] XSA-383  
[ 25 ] XSA-384  
[ 26 ] XSA-386  
[ 27 ] XSA-390  
[ 28 ] XSA-401  
[ 29 ] XSA-402  
[ 30 ] XSA-404

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-23

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-23

Gentoo Linux Security Advisory 202208-25 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20220618>= are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202208-25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities     Date: August 14, 2022     Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372       ID: 202208-25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been found in Chromium and itsderivatives, the worst of which could result in remote code execution.Background=========Chromium is an open-source browser project that aims to build a safer,faster, and more stable way for all users to experience the web.Google Chrome is one fast, simple, and secure browser for all yourdevices.Microsoft Edge is a browser that combines a minimal design withsophisticated technology to make the web faster, safer, and easier.Affected packages================    -------------------------------------------------------------------     Package              /     Vulnerable     /            Unaffected    -------------------------------------------------------------------  1  dev-qt/qtwebengine         < 5.15.5_p20220618>= 5.15.5_p20220618  2  www-client/chromium        < 103.0.5060.53      >= 103.0.5060.53  3  www-client/google-chrome   < 103.0.5060.53      >= 103.0.5060.53  4  www-client/microsoft-edge  < 101.0.1210.47      >= 101.0.1210.47Description==========Multiple vulnerabilities have been discovered in Chromium and itsderivatives. Please review the CVE identifiers referenced below fordetails.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All Chromium users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"All Chromium binary users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"All Google Chrome users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"All Microsoft Edge users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"All QtWebEngine users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.5_p20220618"References=========[ 1 ] CVE-2021-4052      https://nvd.nist.gov/vuln/detail/CVE-2021-4052[ 2 ] CVE-2021-4053      https://nvd.nist.gov/vuln/detail/CVE-2021-4053[ 3 ] CVE-2021-4054      https://nvd.nist.gov/vuln/detail/CVE-2021-4054[ 4 ] CVE-2021-4055      https://nvd.nist.gov/vuln/detail/CVE-2021-4055[ 5 ] CVE-2021-4056      https://nvd.nist.gov/vuln/detail/CVE-2021-4056[ 6 ] CVE-2021-4057      https://nvd.nist.gov/vuln/detail/CVE-2021-4057[ 7 ] CVE-2021-4058      https://nvd.nist.gov/vuln/detail/CVE-2021-4058[ 8 ] CVE-2021-4059      https://nvd.nist.gov/vuln/detail/CVE-2021-4059[ 9 ] CVE-2021-4061      https://nvd.nist.gov/vuln/detail/CVE-2021-4061[ 10 ] CVE-2021-4062      https://nvd.nist.gov/vuln/detail/CVE-2021-4062[ 11 ] CVE-2021-4063      https://nvd.nist.gov/vuln/detail/CVE-2021-4063[ 12 ] CVE-2021-4064      https://nvd.nist.gov/vuln/detail/CVE-2021-4064[ 13 ] CVE-2021-4065      https://nvd.nist.gov/vuln/detail/CVE-2021-4065[ 14 ] CVE-2021-4066      https://nvd.nist.gov/vuln/detail/CVE-2021-4066[ 15 ] CVE-2021-4067      https://nvd.nist.gov/vuln/detail/CVE-2021-4067[ 16 ] CVE-2021-4068      https://nvd.nist.gov/vuln/detail/CVE-2021-4068[ 17 ] CVE-2021-4078      https://nvd.nist.gov/vuln/detail/CVE-2021-4078[ 18 ] CVE-2021-4079      https://nvd.nist.gov/vuln/detail/CVE-2021-4079[ 19 ] CVE-2021-30551      https://nvd.nist.gov/vuln/detail/CVE-2021-30551[ 20 ] CVE-2022-0789      https://nvd.nist.gov/vuln/detail/CVE-2022-0789[ 21 ] CVE-2022-0790      https://nvd.nist.gov/vuln/detail/CVE-2022-0790[ 22 ] CVE-2022-0791      https://nvd.nist.gov/vuln/detail/CVE-2022-0791[ 23 ] CVE-2022-0792      https://nvd.nist.gov/vuln/detail/CVE-2022-0792[ 24 ] CVE-2022-0793      https://nvd.nist.gov/vuln/detail/CVE-2022-0793[ 25 ] CVE-2022-0794      https://nvd.nist.gov/vuln/detail/CVE-2022-0794[ 26 ] CVE-2022-0795      https://nvd.nist.gov/vuln/detail/CVE-2022-0795[ 27 ] CVE-2022-0796      https://nvd.nist.gov/vuln/detail/CVE-2022-0796[ 28 ] CVE-2022-0797      https://nvd.nist.gov/vuln/detail/CVE-2022-0797[ 29 ] CVE-2022-0798      https://nvd.nist.gov/vuln/detail/CVE-2022-0798[ 30 ] CVE-2022-0799      https://nvd.nist.gov/vuln/detail/CVE-2022-0799[ 31 ] CVE-2022-0800      https://nvd.nist.gov/vuln/detail/CVE-2022-0800[ 32 ] CVE-2022-0801      https://nvd.nist.gov/vuln/detail/CVE-2022-0801[ 33 ] CVE-2022-0802      https://nvd.nist.gov/vuln/detail/CVE-2022-0802[ 34 ] CVE-2022-0803      https://nvd.nist.gov/vuln/detail/CVE-2022-0803[ 35 ] CVE-2022-0804      https://nvd.nist.gov/vuln/detail/CVE-2022-0804[ 36 ] CVE-2022-0805      https://nvd.nist.gov/vuln/detail/CVE-2022-0805[ 37 ] CVE-2022-0806      https://nvd.nist.gov/vuln/detail/CVE-2022-0806[ 38 ] CVE-2022-0807      https://nvd.nist.gov/vuln/detail/CVE-2022-0807[ 39 ] CVE-2022-0808      https://nvd.nist.gov/vuln/detail/CVE-2022-0808[ 40 ] CVE-2022-0809      https://nvd.nist.gov/vuln/detail/CVE-2022-0809[ 41 ] CVE-2022-0971      https://nvd.nist.gov/vuln/detail/CVE-2022-0971[ 42 ] CVE-2022-0972      https://nvd.nist.gov/vuln/detail/CVE-2022-0972[ 43 ] CVE-2022-0973      https://nvd.nist.gov/vuln/detail/CVE-2022-0973[ 44 ] CVE-2022-0974      https://nvd.nist.gov/vuln/detail/CVE-2022-0974[ 45 ] CVE-2022-0975      https://nvd.nist.gov/vuln/detail/CVE-2022-0975[ 46 ] CVE-2022-0976      https://nvd.nist.gov/vuln/detail/CVE-2022-0976[ 47 ] CVE-2022-0977      https://nvd.nist.gov/vuln/detail/CVE-2022-0977[ 48 ] CVE-2022-0978      https://nvd.nist.gov/vuln/detail/CVE-2022-0978[ 49 ] CVE-2022-0979      https://nvd.nist.gov/vuln/detail/CVE-2022-0979[ 50 ] CVE-2022-0980      https://nvd.nist.gov/vuln/detail/CVE-2022-0980[ 51 ] CVE-2022-1096      https://nvd.nist.gov/vuln/detail/CVE-2022-1096[ 52 ] CVE-2022-1125      https://nvd.nist.gov/vuln/detail/CVE-2022-1125[ 53 ] CVE-2022-1127      https://nvd.nist.gov/vuln/detail/CVE-2022-1127[ 54 ] CVE-2022-1128      https://nvd.nist.gov/vuln/detail/CVE-2022-1128[ 55 ] CVE-2022-1129      https://nvd.nist.gov/vuln/detail/CVE-2022-1129[ 56 ] CVE-2022-1130      https://nvd.nist.gov/vuln/detail/CVE-2022-1130[ 57 ] CVE-2022-1131      https://nvd.nist.gov/vuln/detail/CVE-2022-1131[ 58 ] CVE-2022-1132      https://nvd.nist.gov/vuln/detail/CVE-2022-1132[ 59 ] CVE-2022-1133      https://nvd.nist.gov/vuln/detail/CVE-2022-1133[ 60 ] CVE-2022-1134      https://nvd.nist.gov/vuln/detail/CVE-2022-1134[ 61 ] CVE-2022-1135      https://nvd.nist.gov/vuln/detail/CVE-2022-1135[ 62 ] CVE-2022-1136      https://nvd.nist.gov/vuln/detail/CVE-2022-1136[ 63 ] CVE-2022-1137      https://nvd.nist.gov/vuln/detail/CVE-2022-1137[ 64 ] CVE-2022-1138      https://nvd.nist.gov/vuln/detail/CVE-2022-1138[ 65 ] CVE-2022-1139      https://nvd.nist.gov/vuln/detail/CVE-2022-1139[ 66 ] CVE-2022-1141      https://nvd.nist.gov/vuln/detail/CVE-2022-1141[ 67 ] CVE-2022-1142      https://nvd.nist.gov/vuln/detail/CVE-2022-1142[ 68 ] CVE-2022-1143      https://nvd.nist.gov/vuln/detail/CVE-2022-1143[ 69 ] CVE-2022-1144      https://nvd.nist.gov/vuln/detail/CVE-2022-1144[ 70 ] CVE-2022-1145      https://nvd.nist.gov/vuln/detail/CVE-2022-1145[ 71 ] CVE-2022-1146      https://nvd.nist.gov/vuln/detail/CVE-2022-1146[ 72 ] CVE-2022-1232      https://nvd.nist.gov/vuln/detail/CVE-2022-1232[ 73 ] CVE-2022-1305      https://nvd.nist.gov/vuln/detail/CVE-2022-1305[ 74 ] CVE-2022-1306      https://nvd.nist.gov/vuln/detail/CVE-2022-1306[ 75 ] CVE-2022-1307      https://nvd.nist.gov/vuln/detail/CVE-2022-1307[ 76 ] CVE-2022-1308      https://nvd.nist.gov/vuln/detail/CVE-2022-1308[ 77 ] CVE-2022-1309      https://nvd.nist.gov/vuln/detail/CVE-2022-1309[ 78 ] CVE-2022-1310      https://nvd.nist.gov/vuln/detail/CVE-2022-1310[ 79 ] CVE-2022-1311      https://nvd.nist.gov/vuln/detail/CVE-2022-1311[ 80 ] CVE-2022-1312      https://nvd.nist.gov/vuln/detail/CVE-2022-1312[ 81 ] CVE-2022-1313      https://nvd.nist.gov/vuln/detail/CVE-2022-1313[ 82 ] CVE-2022-1314      https://nvd.nist.gov/vuln/detail/CVE-2022-1314[ 83 ] CVE-2022-1364      https://nvd.nist.gov/vuln/detail/CVE-2022-1364[ 84 ] CVE-2022-1477      https://nvd.nist.gov/vuln/detail/CVE-2022-1477[ 85 ] CVE-2022-1478      https://nvd.nist.gov/vuln/detail/CVE-2022-1478[ 86 ] CVE-2022-1479      https://nvd.nist.gov/vuln/detail/CVE-2022-1479[ 87 ] CVE-2022-1480      https://nvd.nist.gov/vuln/detail/CVE-2022-1480[ 88 ] CVE-2022-1481      https://nvd.nist.gov/vuln/detail/CVE-2022-1481[ 89 ] CVE-2022-1482      https://nvd.nist.gov/vuln/detail/CVE-2022-1482[ 90 ] CVE-2022-1483      https://nvd.nist.gov/vuln/detail/CVE-2022-1483[ 91 ] CVE-2022-1484      https://nvd.nist.gov/vuln/detail/CVE-2022-1484[ 92 ] CVE-2022-1485      https://nvd.nist.gov/vuln/detail/CVE-2022-1485[ 93 ] CVE-2022-1486      https://nvd.nist.gov/vuln/detail/CVE-2022-1486[ 94 ] CVE-2022-1487      https://nvd.nist.gov/vuln/detail/CVE-2022-1487[ 95 ] CVE-2022-1488      https://nvd.nist.gov/vuln/detail/CVE-2022-1488[ 96 ] CVE-2022-1489      https://nvd.nist.gov/vuln/detail/CVE-2022-1489[ 97 ] CVE-2022-1490      https://nvd.nist.gov/vuln/detail/CVE-2022-1490[ 98 ] CVE-2022-1491      https://nvd.nist.gov/vuln/detail/CVE-2022-1491[ 99 ] CVE-2022-1492      https://nvd.nist.gov/vuln/detail/CVE-2022-1492[ 100 ] CVE-2022-1493      https://nvd.nist.gov/vuln/detail/CVE-2022-1493[ 101 ] CVE-2022-1494      https://nvd.nist.gov/vuln/detail/CVE-2022-1494[ 102 ] CVE-2022-1495      https://nvd.nist.gov/vuln/detail/CVE-2022-1495[ 103 ] CVE-2022-1496      https://nvd.nist.gov/vuln/detail/CVE-2022-1496[ 104 ] CVE-2022-1497      https://nvd.nist.gov/vuln/detail/CVE-2022-1497[ 105 ] CVE-2022-1498      https://nvd.nist.gov/vuln/detail/CVE-2022-1498[ 106 ] CVE-2022-1499      https://nvd.nist.gov/vuln/detail/CVE-2022-1499[ 107 ] CVE-2022-1500      https://nvd.nist.gov/vuln/detail/CVE-2022-1500[ 108 ] CVE-2022-1501      https://nvd.nist.gov/vuln/detail/CVE-2022-1501[ 109 ] CVE-2022-1633      https://nvd.nist.gov/vuln/detail/CVE-2022-1633[ 110 ] CVE-2022-1634      https://nvd.nist.gov/vuln/detail/CVE-2022-1634[ 111 ] CVE-2022-1635      https://nvd.nist.gov/vuln/detail/CVE-2022-1635[ 112 ] CVE-2022-1636      https://nvd.nist.gov/vuln/detail/CVE-2022-1636[ 113 ] CVE-2022-1637      https://nvd.nist.gov/vuln/detail/CVE-2022-1637[ 114 ] CVE-2022-1639      https://nvd.nist.gov/vuln/detail/CVE-2022-1639[ 115 ] CVE-2022-1640      https://nvd.nist.gov/vuln/detail/CVE-2022-1640[ 116 ] CVE-2022-1641      https://nvd.nist.gov/vuln/detail/CVE-2022-1641[ 117 ] CVE-2022-1853      https://nvd.nist.gov/vuln/detail/CVE-2022-1853[ 118 ] CVE-2022-1854      https://nvd.nist.gov/vuln/detail/CVE-2022-1854[ 119 ] CVE-2022-1855      https://nvd.nist.gov/vuln/detail/CVE-2022-1855[ 120 ] CVE-2022-1856      https://nvd.nist.gov/vuln/detail/CVE-2022-1856[ 121 ] CVE-2022-1857      https://nvd.nist.gov/vuln/detail/CVE-2022-1857[ 122 ] CVE-2022-1858      https://nvd.nist.gov/vuln/detail/CVE-2022-1858[ 123 ] CVE-2022-1859      https://nvd.nist.gov/vuln/detail/CVE-2022-1859[ 124 ] CVE-2022-1860      https://nvd.nist.gov/vuln/detail/CVE-2022-1860[ 125 ] CVE-2022-1861      https://nvd.nist.gov/vuln/detail/CVE-2022-1861[ 126 ] CVE-2022-1862      https://nvd.nist.gov/vuln/detail/CVE-2022-1862[ 127 ] CVE-2022-1863      https://nvd.nist.gov/vuln/detail/CVE-2022-1863[ 128 ] CVE-2022-1864      https://nvd.nist.gov/vuln/detail/CVE-2022-1864[ 129 ] CVE-2022-1865      https://nvd.nist.gov/vuln/detail/CVE-2022-1865[ 130 ] CVE-2022-1866      https://nvd.nist.gov/vuln/detail/CVE-2022-1866[ 131 ] CVE-2022-1867      https://nvd.nist.gov/vuln/detail/CVE-2022-1867[ 132 ] CVE-2022-1868      https://nvd.nist.gov/vuln/detail/CVE-2022-1868[ 133 ] CVE-2022-1869      https://nvd.nist.gov/vuln/detail/CVE-2022-1869[ 134 ] CVE-2022-1870      https://nvd.nist.gov/vuln/detail/CVE-2022-1870[ 135 ] CVE-2022-1871      https://nvd.nist.gov/vuln/detail/CVE-2022-1871[ 136 ] CVE-2022-1872      https://nvd.nist.gov/vuln/detail/CVE-2022-1872[ 137 ] CVE-2022-1873      https://nvd.nist.gov/vuln/detail/CVE-2022-1873[ 138 ] CVE-2022-1874      https://nvd.nist.gov/vuln/detail/CVE-2022-1874[ 139 ] CVE-2022-1875      https://nvd.nist.gov/vuln/detail/CVE-2022-1875[ 140 ] CVE-2022-1876      https://nvd.nist.gov/vuln/detail/CVE-2022-1876[ 141 ] CVE-2022-2007      https://nvd.nist.gov/vuln/detail/CVE-2022-2007[ 142 ] CVE-2022-2010      https://nvd.nist.gov/vuln/detail/CVE-2022-2010[ 143 ] CVE-2022-2011      https://nvd.nist.gov/vuln/detail/CVE-2022-2011[ 144 ] CVE-2022-2156      https://nvd.nist.gov/vuln/detail/CVE-2022-2156[ 145 ] CVE-2022-2157      https://nvd.nist.gov/vuln/detail/CVE-2022-2157[ 146 ] CVE-2022-2158      https://nvd.nist.gov/vuln/detail/CVE-2022-2158[ 147 ] CVE-2022-2160      https://nvd.nist.gov/vuln/detail/CVE-2022-2160[ 148 ] CVE-2022-2161      https://nvd.nist.gov/vuln/detail/CVE-2022-2161[ 149 ] CVE-2022-2162      https://nvd.nist.gov/vuln/detail/CVE-2022-2162[ 150 ] CVE-2022-2163      https://nvd.nist.gov/vuln/detail/CVE-2022-2163[ 151 ] CVE-2022-2164      https://nvd.nist.gov/vuln/detail/CVE-2022-2164[ 152 ] CVE-2022-2165      https://nvd.nist.gov/vuln/detail/CVE-2022-2165[ 153 ] CVE-2022-22021      https://nvd.nist.gov/vuln/detail/CVE-2022-22021[ 154 ] CVE-2022-24475      https://nvd.nist.gov/vuln/detail/CVE-2022-24475[ 155 ] CVE-2022-24523      https://nvd.nist.gov/vuln/detail/CVE-2022-24523[ 156 ] CVE-2022-26891      https://nvd.nist.gov/vuln/detail/CVE-2022-26891[ 157 ] CVE-2022-26894      https://nvd.nist.gov/vuln/detail/CVE-2022-26894[ 158 ] CVE-2022-26895      https://nvd.nist.gov/vuln/detail/CVE-2022-26895[ 159 ] CVE-2022-26900      https://nvd.nist.gov/vuln/detail/CVE-2022-26900[ 160 ] CVE-2022-26905      https://nvd.nist.gov/vuln/detail/CVE-2022-26905[ 161 ] CVE-2022-26908      https://nvd.nist.gov/vuln/detail/CVE-2022-26908[ 162 ] CVE-2022-26909      https://nvd.nist.gov/vuln/detail/CVE-2022-26909[ 163 ] CVE-2022-26912      https://nvd.nist.gov/vuln/detail/CVE-2022-26912[ 164 ] CVE-2022-29144      https://nvd.nist.gov/vuln/detail/CVE-2022-29144[ 165 ] CVE-2022-29146      https://nvd.nist.gov/vuln/detail/CVE-2022-29146[ 166 ] CVE-2022-29147      https://nvd.nist.gov/vuln/detail/CVE-2022-29147[ 167 ] CVE-2022-30127      https://nvd.nist.gov/vuln/detail/CVE-2022-30127[ 168 ] CVE-2022-30128      https://nvd.nist.gov/vuln/detail/CVE-2022-30128[ 169 ] CVE-2022-30192      https://nvd.nist.gov/vuln/detail/CVE-2022-30192[ 170 ] CVE-2022-33638      https://nvd.nist.gov/vuln/detail/CVE-2022-33638[ 171 ] CVE-2022-33639      https://nvd.nist.gov/vuln/detail/CVE-2022-33639Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202208-25Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2022 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-25

Gentoo Linux Security Advisory 202208-24 - Multiple vulnerabilities have been discovered in the GNU C Library, the worst of which could result in denial of service. Versions less than 2.34 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: GNU C Library: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #803437, #807935, #831096, #831212  
       ID: 202208-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in the GNU C Library, the  
worst of which could result in denial of service.

Background  
=========  
The GNU C library is the standard C library used by Gentoo Linux  
systems. It provides programs with basic facilities and interfaces to  
system calls. ld.so is the dynamic linker which prepares dynamically  
linked programs for execution by resolving runtime dependencies and  
related functions.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  sys-libs/glibc             < 2.34                        >= 2.34

Description  
==========  
Multiple vulnerabilities have been discovered in GNU C Library. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GNU C Library users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.34-r7"

References  
=========  
[ 1 ] CVE-2021-3998  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3998  
[ 2 ] CVE-2021-3999  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3999  
[ 3 ] CVE-2021-35942  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35942  
[ 4 ] CVE-2021-38604  
      https://nvd.nist.gov/vuln/detail/CVE-2021-38604  
[ 5 ] CVE-2022-23218  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23218  
[ 6 ] CVE-2022-23219  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23219

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-24

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-24

Gentoo Linux Security Advisory 202208-21 - A heap-based buffer overflow in libeml might allow attackers to execute arbitrary code. Versions less than 1.4.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libebml: Heap buffer overflow vulnerability  
     Date: August 14, 2022  
     Bugs: #772272  
       ID: 202208-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A heap-based buffer overflow in libeml might allow attackers to execute  
arbitrary code.

Background  
=========  
libebml is a C++ library to parse EBML files.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-libs/libebml           < 1.4.2                      >= 1.4.2

Description  
==========  
On 32bit builds of libebml, the length of a string is miscalculated,  
potentially leading to an exploitable heap overflow.

Impact  
=====  
An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
Users of libebml on 32 bit architectures should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/libebml-1.4.2"

References  
=========  
[ 1 ] CVE-2021-3405  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3405

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-21

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-21

Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Apache HTTPD: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #813429, #816399, #816864, #829722, #835131, #850622  
       ID: 202208-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Apache Webserver, the  
worst of which could result in remote code execution.

Background  
=========  
The Apache HTTP server is one of the most popular web servers on the  
Internet.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-admin/apache-tools     < 2.4.54                    >= 2.4.54  
  2  www-servers/apache         < 2.4.54                    >= 2.4.54

Description  
==========  
Multiple vulnerabilities have been discovered in Apache HTTPD. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Apache HTTPD users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"

All Apache HTTPD tools users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"

References  
=========  
[ 1 ] CVE-2021-33193  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33193  
[ 2 ] CVE-2021-34798  
      https://nvd.nist.gov/vuln/detail/CVE-2021-34798  
[ 3 ] CVE-2021-36160  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36160  
[ 4 ] CVE-2021-39275  
      https://nvd.nist.gov/vuln/detail/CVE-2021-39275  
[ 5 ] CVE-2021-40438  
      https://nvd.nist.gov/vuln/detail/CVE-2021-40438  
[ 6 ] CVE-2021-41524  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41524  
[ 7 ] CVE-2021-41773  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41773  
[ 8 ] CVE-2021-42013  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42013  
[ 9 ] CVE-2021-44224  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44224  
[ 10 ] CVE-2021-44790  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44790  
[ 11 ] CVE-2022-22719  
      https://nvd.nist.gov/vuln/detail/CVE-2022-22719  
[ 12 ] CVE-2022-22720  
      https://nvd.nist.gov/vuln/detail/CVE-2022-22720  
[ 13 ] CVE-2022-22721  
      https://nvd.nist.gov/vuln/detail/CVE-2022-22721  
[ 14 ] CVE-2022-23943  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23943  
[ 15 ] CVE-2022-26377  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26377  
[ 16 ] CVE-2022-28614  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28614  
[ 17 ] CVE-2022-28615  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28615  
[ 18 ] CVE-2022-29404  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29404  
[ 19 ] CVE-2022-30522  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30522  
[ 20 ] CVE-2022-30556  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30556  
[ 21 ] CVE-2022-31813  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31813

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-20

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-20

Gentoo Linux Security Advisory 202208-22 - Multiple vulnerabilities have been discovered in xterm, the worst of which could result in denial of service. Versions less than 371 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: xterm: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #769839, #832409  
       ID: 202208-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in xterm, the worst of  
which could result in denial of service.

Background  
=========  
xterm is a terminal emulator for the X Window system.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  x11-terms/xterm            < 371                          >= 371

Description  
==========  
Multiple vulnerabilities have been discovered in xterm. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All xterm users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-terms/xterm-371"

References  
=========  
[ 1 ] CVE-2021-27135  
      https://nvd.nist.gov/vuln/detail/CVE-2021-27135  
[ 2 ] CVE-2022-24130  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24130

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-22

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-22

Categories: Business
We’re excited to announce Malwarebytes Cloud Storage Scanning, a new service which extends Nebula malware scanning options to include files stored on cloud storage repositories that are part of your organization’s digital ecosystem.



(Read more...)




The post Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories appeared first on Malwarebytes Labs.

We’re excited to announce Malwarebytes Cloud Storage Scanning, a new service that extends Nebula malware scanning options to include files stored on cloud storage repositories that are part of your organization’s digital ecosystem.

Today, the service supports scanning of files under 100Mb in size that reside on Box.com or on Microsoft’s OneDrive, and will extend to other popular file storage solutions in the coming quarters.

Malwarebytes Cloud Storage Scanning uses multiple anti-malware engines, using a combination of signatures, heuristics and machine learning to increase detection rates, decrease detection times and provide a comprehensive view to monitor and protect the health of all your enterprise data. 

Let’s dive in on how to make a scan!

**Scanning for cloud malware**

In Nebula, go to “**Settings**” and click “**Cloud Storage Scans**”. Here you can see existing scans and the providers being checked. Click “Add a Scan” to create a new scan.

Under “**Settings**”, name the scan and then select your cloud data storage provider.

Enter the configuration details from the storage provider to select and validate your account.  To initially check all existing files for malware, do not check this box and configure a scheduled or on-demand scan. In order to connect to your provider, you will need to provide a Tenant ID, Client ID and Client Secret.

If you select “**Continuous scan**”, Malwarebytes will only check for new and updated files from this point forward.

Click “**Connect to provider**” to provide access to your cloud storage location.

Once you see a success message, go to “**Items to scan**” to select the users or folders to scan. You can scan folders and the sub-folders.

If you have not selected continuous scan, go to “**Scan frequency**” to determine the cadence. Note that with scheduled scans, you will be scanning the contents of the selected folder(s) each time versus a continuous scan that only scans the changes.

Scans can be scheduled daily, weekly or monthly. Select “**Scan now**” for a one-time scan to occur immediately. Save for the scan to take effect and begin running on the cadence you chose.

In this example, we have a one time scan for existing malware in the folder and a continuous scan for future changes.

Review the results of scans with “**Storage detections**” on the left-side navigation bar. 

Here you can see a list of all detections from any cloud storage location. You can sort by “**Threat name**”:

Filter by cloud provider:

And “**Add/Remove Columns**”:

A report is also available to send a list of detections via email. Navigate to the “**Reports**” section on the nav bar:

Click “**Cloud Storage Detections Summary**”. You’ll be prompted with a window to configure the report.

Click “**Save**”. 

As you can see, the report was delivered to our email below!

**An additional layer of security**

While integrated cloud malware detection solutions (e.g. BoxShield for Box.com; MS Defender for OneDrive) can be useful, many businesses use multiple different cloud storage repositories, and due to lack of integration options, are unable to get a centralized view of all of their scan results, across multiple repositories, in a single security-focused pane of glass.

Malwarebytes Cloud Storage Scanning is easy and quick to deploy, centrally managed, and is seamlessly integrated with other Malwarebytes products and services that provide cloud security best practices.

Interested in reading about real-life examples of cloud malware mitigation? Read the case study of how a business used Malwarebytes to help eliminate cloud-based threats.

Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. The week even included a rare Las Vegas flash flood (not a new DDoS technique) on Thursday creating chaos in one casinos.

The past week, while not ‘typical’, was a nod to normalcy for attendees. Attendance for events was up from the previous year, which in 2021 was muted by lower attendance and COVID fears. Here is a roundup of leading research, themes and buzz from this year’s shows.  

****Research of Note****

Video conferencing darling Zoom was highlighted at DEF CON by Patrick Wardle, founder of the Objective-See Foundation, for a hacking technique that allowed him, using the macOS version of Zoom, to elevated privileges and gain access to the entire macOS operating system.

Pen Test Partners revealed a flaw in the Electronic Flight Bag tablets used by some Boeing aircraft pilots that could have allowed an adversary to modify data “and cause pilots to make dangerous miscalculations,” according to a Reuters report.

Starlink, the satellite operated by SpaceX that provides internet access to over 36 countries, was shown vulnerable to a hack via a $25 modchip. Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal used to manage the satellite.

Researcher James Kettle debuted a new class of HTTP request smuggling attack that allowed him to compromise Amazon and Akamai, break TLS, and exploit Apache servers, according to reporting from Portswigger’s The Daily Swig.

Journalist Eduard Kovacs reported on a high-severity Realtek bug in the company’s eCos SDK. Found by Faraday Security and discussed at DEF CON, the eCos SDK is used in a variety of routers, access points and network repeaters, according to his report.

For fans of FUD, PC Magazine has a nice rundown of “The 14 Scariest Things We Saw at Black Hat 2022“. Things keeping them up are SMS codes flunk MFA, an “invisible finger to take control” of your touchscreen device and a Microsoft hiccup when launching its Early Launch Antimalware (ELAM).

****Topics of Discussion****

The main Black Hat keynote was from Chris Krebs, former Cybersecurity and Infrastructure Security Agency (CISA), who shared his optimism when it comes to the US approach to information security. However, he did express pessimism that US cyber-defenses were too focused on nation state attackers versus more mundane and pressing concerns, in his estimation, such as ransomware.

Ukraine war and Log4j also were major themes at each of the conferences. ESET provided Black Hat attendees with an update on cyberattacks against Ukraine. Firms such as CyCognito warned that we aren’t out of the Log4j woods. A report by SiliconAngle  quotes Robert Silvers, undersecretary for policy at the Department of Homeland Security, echoed those concerns telling attendees that “\[Log4j\] is most likely that organizations are going to deal with Log4j issues for at least a decade and maybe longer.”

Victor Zhora, deputy head of Ukraine’s State Special Communications Service, told Black Hat attendees that his country’s infrastructure has experienced a 300 percent uptick in cyber incidents since Russia’s invasion of the country. The visit was unannounced, according to a Voice of America report.

Meanwhile current White House Cyber Director Chris Inglis told journalist Kim Zetter, during a DEF CON session, that he was focused on “‘three waves of attacks’ that have progressed in recent years,” according a Nextgov report.

_The first wave “focused on adversaries holding data and systems at risk.” In the second, the attackers “still held data and systems at risk, but they then abstracted that into holding critical functions at risk.” The third is an attack on confidence, as exemplified by the attack on the Colonial Pipeline. –_ Nextgov.

For DEF CON, it was the event’s 30th anniversary, which events organizers billed as not a birthday but a Hacker Homecoming.

“This has been a crazy couple of years,” according to an official DEF CON forum post.

“A global pandemic turned DEF CON 28 into DEF CON Safe Mode. Some easing of the restrictions and some strict attendance rules gave us a hybrid con for DC29. An improvement, to be sure, but something short of a full DEF CON experience… We want DEF CON 30 to have the energy of a reunion… In honor of all that, we’re calling DEF CON 30 ‘Hacker Homecoming’.”

Tag

#mac