Gentoo Linux Security Advisory 202409-30 - Multiple vulnerabilities have been found in yt-dlp, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2024.07.01 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-30  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: yt-dlp: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #909780, #917355, #935316  
       ID: 202409-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in yt-dlp, the worst of which  
could result in arbitrary code execution.

Background  
==========

yt-dlp is a youtube-dl fork with additional features and fixes.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  -------------  
net-misc/yt-dlp  < 2024.07.01  >= 2024.07.01

Description  
===========

Multiple vulnerabilities have been found in yt-dlp. Please review the  
referenced CVE identifiers for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All yt-dlp users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/yt-dlp-2024.07.01"

References  
==========

[ 1 ] CVE-2023-35934  
      https://nvd.nist.gov/vuln/detail/CVE-2023-35934  
[ 2 ] CVE-2023-46121  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46121  
[ 3 ] CVE-2024-38519  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38519

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-30

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-30

Gentoo Linux Security Advisory 202409-29 - Multiple vulnerabilities have been discovered in Docker, the worst of which could result in denial of service. Versions greater than or equal to 25.0.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-29  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Docker: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #816273, #869407, #877653, #886509, #903804, #905336, #925022  
       ID: 202409-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Docker, the worst of  
which could result in denial of service.

Background  
==========

Docker contains the the core functions you need to create Docker images  
and run Docker containers

Affected packages  
=================

Package                Vulnerable    Unaffected  
---------------------  ------------  ------------  
app-containers/docker  < 25.0.4      >= 25.0.4

Description  
===========

Multiple vulnerabilities have been discovered in Docker. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Docker users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-containers/docker-25.0.4"

References  
==========

[ 1 ] CVE-2021-41089  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41089  
[ 2 ] CVE-2021-41091  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41091  
[ 3 ] CVE-2022-36109  
      https://nvd.nist.gov/vuln/detail/CVE-2022-36109  
[ 4 ] CVE-2022-41717  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41717  
[ 5 ] CVE-2023-26054  
      https://nvd.nist.gov/vuln/detail/CVE-2023-26054  
[ 6 ] CVE-2023-28840  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28840  
[ 7 ] CVE-2023-28841  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28841  
[ 8 ] CVE-2023-28842  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28842  
[ 9 ] CVE-2024-23650  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23650  
[ 10 ] CVE-2024-23651  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23651  
[ 11 ] CVE-2024-23652  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23652  
[ 12 ] CVE-2024-23653  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23653  
[ 13 ] CVE-2024-24557  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24557

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-29

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-29

A single command line can show you about 20,000 instances of CWE-73 issues with Microsoft Windows.

    Hi @ll,<https://cwe.mitre.org/data/definitions/73.html>CWE-73: External Control of File Name or Pathis a well-known and well-documented weakness.<https://seclists.org/fulldisclosure/2020/Mar/48> as well as<https://skanthak.homepage.t-online.de/offender.html> demonstrate how to(ab)use just one instance of this weakness (introduced about 7 years agowith Microsoft Defender, so-called "security software") due to anenvironment variable in the (registered) path name of an executable fileto gain execution of arbitrary code.But that's of course not the only instance of this VERY EASY to exploitweakness present in ALL versions of Windows since more than 30 (in words:THIRTY) years -- start a command processor and run the following commandline to show about 20,000 instances of path names registered with (user-controlled) environment variables:    REG.exe QUERY HKEY_LOCAL_MACHINE /C /D /F "%*%\\" /Sstay tuned, and far away from the vulnerable crap made in RedmondStefan KanthakPS: just yesterday, Microsoft dared to publish    <https://www.microsoft.com/en-us/security/blog/2024/09/23/securing-our-future-september-2024-progress-update-on-microsofts-secure-future-initiative-sfi/>,    bragging "we've dedicated the equivalent of 34,000 full-time engineers    to SFI-making it the largest cybersecurity engineering effort in history"    What about dedicating the equivalent of just ONE full-time employee to    every instance of just ONE ow Windows weaknesses?

Microsoft CWE-73 Weakness

Debian Linux Security Advisory 5776-1 - Albert Cervera discovered two missing authorisation checks in the Tryton application platform.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5776-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 27, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : tryton-serverCVE ID         : not yet availableAlbert Cervera discovered two missing authorisation checks in the Trytonapplication platform.For the stable distribution (bookworm), this problem has been fixed inversion 6.0.29-2+deb12u3.We recommend that you upgrade your tryton-server packages.For the detailed security status of tryton-server please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tryton-serverFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmb22HYACgkQEMKTtsN8TjYf8xAAoc8InqgoBx9Bi6v5l6aDgE/H7d5AukdJFN3Z4Wurua9O/7G1uE7WlFsm6PdTOey1aeFy6EpGIWev98ehGYLJOHDyK270eEgQVAXVVsjnpXtq9L/6lW/5+yEUPJ1jhG21XcDpuuh8QMtBgdCO6NQ/tk7lTbc+4OLsfNayZ6+UBDQMZ0cWnn2YShEVeZlZBm8dMFJYbGyG9Vgqzw1xA4Z9QkYJRqkQfgx+0fdszVHnxmtKBmoSBUOPCIYYRXvn8HG+/qWWf5D9f4q+iYDOcX1gEyieTqayqaeni0Q4vf8XtEt5gqpnou2OIs9EAoRrnyKJt3ZT4hptXlv6jFaK1sIgiBL+myARN535L/BZFQav+QMT5jpClZWglfZF7J29IOkY3uy/eHv+Dd0XUbfqKDVfPVnOkDaHYcBUhyuUkYJ20J7C1Sk41VJGUK9rgL3YkIX9PxZFlx9LUh2NMO+NhqLAPN1E7V2CXLcS34a41NlsEpOGkJ3W+2tuLBvFVYbs9ArnNCAS324J++VPOnL7D3ZH3oa3bqh9VyTban75UgPkkOjY6A53412W3xh1Wig7ZJkYgzLr1LueSTQtzG7dHXPbGaiIZA+oIVhygYJAFkm3nHMOK8vIbL1qzKcdZfRRQGZRPiD9SRoz41IyBwL/55uNCNYQHVEBFaKjqHNp1L+yp/o==a8Sz-----END PGP SIGNATURE-----

Debian Security Advisory 5776-1

Gentoo Linux Security Advisory 202409-28 - Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions greater than or equal to 1.15.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: HashiCorp Consul: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #885997  
       ID: 202409-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in HashiCorp Consul, the  
worst of which could result in denial of service.

Background  
==========

HashiCorp Consul is a tool for service discovery, monitoring and  
configuration.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
app-admin/consul  < 1.15.10     >= 1.15.10

Description  
===========

Multiple vulnerabilities have been found in HashiCorp Consul. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the CVE identifiers referenced below for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All HashiCorp Consul users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-admin/consul-1.15.10"

References  
==========

[ 1 ] CVE-2022-41717  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41717

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-28

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-28

Gentoo Linux Security Advisory 202409-27 - A vulnerability has been found in tmux which could result in application crash. Versions greater than or equal to 3.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: tmux: Null Pointer Dereference  
     Date: September 28, 2024  
     Bugs: #891783  
       ID: 202409-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in tmux which could result in application  
crash.

Background  
==========

tmux is a terminal multiplexer.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
app-misc/tmux  < 3.4         >= 3.4

Description  
===========

A null pointer dereference issue was discovered in function  
window_pane_set_event in window.c in which allows attackers to cause  
denial of service or other unspecified impacts.

Impact  
======

Manipulating tmux window state could result in a null pointer  
dereference.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All tmux users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-misc/tmux-3.4"

References  
==========

[ 1 ] CVE-2022-47016  
      https://nvd.nist.gov/vuln/detail/CVE-2022-47016

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-27

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-27

Gentoo Linux Security Advisory 202409-26 - Multiple vulnerabilities have been found in IcedTea, the worst of which could result in arbitrary code execution. Versions less than or equal to 3.21.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: IcedTea: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #732628, #803608, #877599  
       ID: 202409-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in IcedTea, the worst of which  
could result in arbitrary code execution.

Background  
==========

IcedTea’s aim is to provide OpenJDK in a form suitable for easy  
configuration, compilation and distribution with the primary goal of  
allowing inclusion in GNU/Linux distributions.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
dev-java/icedtea      <= 3.21.0     Vulnerable!  
dev-java/icedtea-bin  <= 3.16.0-r2  Vulnerable!

Description  
===========

Multiple vulnerabilities have been discovered in IcedTea. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for IcedTea. We recommend that users  
unmerge it:

  # emerge --sync  
  # emerge --ask --depclean "dev-java/icedtea" "dev-java/icedtea-bin"

References  
==========

[ 1 ] CVE-2020-14556  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14556  
[ 2 ] CVE-2020-14562  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14562  
[ 3 ] CVE-2020-14573  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14573  
[ 4 ] CVE-2020-14577  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14577  
[ 5 ] CVE-2020-14578  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14578  
[ 6 ] CVE-2020-14579  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14579  
[ 7 ] CVE-2020-14581  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14581  
[ 8 ] CVE-2020-14583  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14583  
[ 9 ] CVE-2020-14593  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14593  
[ 10 ] CVE-2020-14621  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14621  
[ 11 ] CVE-2020-14664  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14664  
[ 12 ] CVE-2020-14779  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14779  
[ 13 ] CVE-2020-14781  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14781  
[ 14 ] CVE-2020-14782  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14782  
[ 15 ] CVE-2020-14792  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14792  
[ 16 ] CVE-2020-14796  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14796  
[ 17 ] CVE-2020-14797  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14797  
[ 18 ] CVE-2020-14798  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14798  
[ 19 ] CVE-2020-14803  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14803  
[ 20 ] CVE-2021-2341  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2341  
[ 21 ] CVE-2021-2369  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2369  
[ 22 ] CVE-2021-2388  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2388  
[ 23 ] CVE-2021-2432  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2432  
[ 24 ] CVE-2021-35550  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35550  
[ 25 ] CVE-2021-35556  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35556  
[ 26 ] CVE-2021-35559  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35559  
[ 27 ] CVE-2021-35561  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35561  
[ 28 ] CVE-2021-35564  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35564  
[ 29 ] CVE-2021-35565  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35565  
[ 30 ] CVE-2021-35567  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35567  
[ 31 ] CVE-2021-35578  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35578  
[ 32 ] CVE-2021-35586  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35586  
[ 33 ] CVE-2021-35588  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35588  
[ 34 ] CVE-2021-35603  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35603  
[ 35 ] CVE-2022-21618  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21618  
[ 36 ] CVE-2022-21619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21619  
[ 37 ] CVE-2022-21624  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21624  
[ 38 ] CVE-2022-21626  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21626  
[ 39 ] CVE-2022-21628  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21628  
[ 40 ] CVE-2022-39399  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39399  
[ 41 ] CVE-2023-21830  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21830  
[ 42 ] CVE-2023-21835  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21835  
[ 43 ] CVE-2023-21843  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21843

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-26

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-26

Red Hat Security Advisory 2024-7346-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7346.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: cups-filters security updateAdvisory ID:        RHSA-2024:7346-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7346Issue date:         2024-09-27Revision:           03CVE Names:          CVE-2024-47076====================================================================Summary: An update for cups-filters is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es):* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)* cups: libppd: remote command injection via attacker controlled data in PPD file ()For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-47076References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2314252https://bugzilla.redhat.com/show_bug.cgi?id=2314253https://bugzilla.redhat.com/show_bug.cgi?id=2314256

Red Hat Security Advisory 2024-7346-03

The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.

Sen. Ben CardinSource: B Christopher via Alamy Stock Photo

Earlier this month, Senator Ben Cardin (D-Md.), who serves as the Democratic chair of the Senate Foreign Relations Committee, was targeted in an advanced deepfake operation that managed to in part succeed in duping the politician.

The operation was centered around Cardin's professional association with Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs. Cardin's office reportedly received an email from someone they believed to be Kuleba, who Cardin already knew from past meetings.

Kuleba and Cardin met via Zoom through what seemed to be a live audio-video connection "that was consistent in appearance and sound to past encounters," according to a notice issued by the Senator’s security office.

But it was here that things began to go awry for the threat actors. "Kuleba" began to ask Cardin questions such as, "do you support long-range missiles into Russian territory? I need to know your answer," and other "politically charged questions in relation to the upcoming election" according to the notice. 

At this point, Cardin and his staff knew something was wrong.

The malicious actor on the other side of the call continued on, attempting to bait the senator into commenting on a political candidate and other things.

"The Senator and their staff ended the call, and quickly reached out to the Department of State who verified it was not Kuleba," said Nicolette Llewellyn, the director of Senate Security, in the notice.

Related:Dark Reading Confidential: Meet the Ransomware Negotiators

**Deepfake Scams Are on the Rise**

On Sept. 25, Cardin commented on the encounter, describing the person on the other side of the screen as a malign actor that engaged in a deceptive attempt to try to have a conversation with him.

"After immediately becoming clear that the individual I was engaging with was not who they claimed to be, I ended the call and my office took swift action, alerting the relevant authorities," Sen. Cardin said. "This matter is now in the hands of law enforcement, and a comprehensive investigation is underway."

However, how far these threat actors managed to get was impressive — and concerning. Had they not revealed their scheme by acting out of character for the person they were impersonating, they may have gleaned sensitive or important information.

"On an individual level, \[deepfakes\] can lead to blackmail and extortion," says Eyal Benishti, CEO of Ironscales. "For businesses, deepfakes pose risks of significant financial loss, reputational damage, and corporate espionage. On a governmental level, they threaten national security and can undermine the democratic processes" — no doubt referencing a deepfake robocall that was created to impersonate President Joe Biden with the goal of getting Biden supporters to stay home for a lower voter turnout.

Related:Zimbra RCE Vuln Under Attack Needs Immediate Patching

It's clear that deepfake schemes are becoming a bigger threat and more widely used by malicious actors. In a July report that Trend Micro shared with Dark Reading, the researchers found that 80% of the consumers involved a survey had seen deepfake images, and 64% had seen deepfake videos. Roughly half of consumers surveyed had heard of deepfake audio clips. And concerningly, 35% of the respondents said they had experienced a deepfake scam themselves, with even more saying that they know someone who has.

These types of scams come in all kinds of varieties, such as the deepfake videos of UK Prime Minister Keir Starmer and Prince William that were circulating on Meta platforms earlier this year to promote a cryptocurrency platform called Immediate Edge. The platform was fraudulent and aimed to dupe potential victims by making it seem as though it was backed by reputable public figures. According to researchers who studied the disinformation campaign, the deepfake ads reached nearly 900,000 people who spent more than £20,000 on the platform.

Related:Retail & Hospitality ISAC Announces Pam Lindemoen As New CSO and VP

"The rise of deepfakes — be it through images, videos, or audio — is hard to deny," Benishti says. "These attacks are becoming increasingly sophisticated and often indistinguishable from reality, thanks to the accessibility of generative AI tools."

And that means that defenses need to shift, Benishti says. 

"Currently, there are no foolproof methods to easily detect deepfakes," he says. "Until technology catches up, we must prioritize awareness, education, and training to equip individuals and organizations with the skills and strategies needed to act on their suspicions, implement effective verification processes, and ultimately improve their ability to discern what is real and what is not."

These recommendations apply to anyone, not just high-ranking or high-profile individuals such as Cardin.

"Cybercriminals capitalize on opportunity, regardless of status, which means that anyone could be a target," Benishti adds. "It's crucial for everyone, not just prominent figures, to stay alert and skeptical of any urgent or unexpected requests. Vigilance and verification are key defenses against these evolving threats."

Elaborate Deepfake Operation Takes a Meeting With US Senator

By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.

Source: Lucie Konecna via Alamy Stock Photo

COMMENTARY

The post-pandemic need for "anywhere connection" is fueling not only borderless business but also the rise of digital nomads. Surprisingly, the two face similar issues.

Consider that both international enterprises and location-independent workers must be prepared for travel, follow local rules, and carry only the essentials. For a digital nomad, this might mean a laptop, a handful of essential apps, and a reliable VPN. For an enterprise and its data, it's multicloud databases, robust encryption, and a zero-trust posture. In both cases, excess baggage only slows you down and increases vulnerability. And, in both cases, not following the rules can result in legal headaches.

Indeed, enterprises today walk a data tightrope. Their information ecosystems must be adaptable across diverse environments, navigating tightening regulations, heightened security requirements, and complex data rules.

Let's explore how enterprises can become data nomads by balancing compliance, security, and agility — all while seeing the world without getting in trouble.

**From Home Bases to Global Expeditions**

Mastering travel is crucial for digital and data nomads. Like savvy travelers navigating international borders, enterprises must maneuver a varied data landscape — especially with the likes of the European Union's General Data Protection Regulation (GDPR) acting as a stringent "passport control" for information. Therefore, understanding what's required is key to moving data from point A to B while abiding by the law.

Enterprises must first map their data — their digital luggage — to know what they have, how it's regulated, and where it's stored. Like nomads with a home base, many adopt a hybrid cloud approach. This home-and-away strategy blends on-premises infrastructure with public cloud services, offering flexibility, cost benefits, and resilience. It ensures data resides in jurisdictionally appropriate locations while enabling global reach. 

However, moving data between specific regions brings additional complications, especially between Europe and the US. For years, the "visa requirements" governing acceptable data transfers between these two superpowers have been in flux, with the EU-US Data Privacy Framework being the latest attempt to streamline cross-border data. Organizations still need to secure the right "travel permits" with a combination of approaches. This might involve keeping sensitive data in EU-based systems, using standard contractual clauses for US transfers, or applying new framework principles where relevant. However, given the turbulent history of previous agreements like Privacy Shield and Safe Harbour, enterprises should watch this space.

Another way to travel without falling afoul of the authorities is isolated connectivity. Google's Distributed Cloud latest configuration exemplifies this balance, with its air-gapped appliance allowing users to access cloud applications without jeopardizing data security — a blend of home comfort and travel flexibility for enterprise data.

**A Nomad's Security Toolkit**

But moving from place to place exposes both digital and data nomads to security risks. Just as globe-trotting workers must stay vigilant against pickpockets and scams, enterprises must be wary of bad actors — a growing concern with the rise of distributed workloads and global hackers.

The good news is that enterprises can and must fight back. End-to-end encryption acts like an unbreakable luggage lock, protecting information at every step. Multifactor authentication serves as a biometric passport, ensuring only authorized personnel gain access. Regular security audits flag potential risks, much like travel advisories. And, by embracing distributed storage, companies avoid keeping all their eggs in one basket, reducing the impact of any single breach.

Adopting a zero-trust architecture — comparable to a cautious security detail — further ensures verification regardless of origin. This "trust nothing, verify always" mindset treats every network as hostile and scrutinizes each access request, thereby reducing the risk of data breaches and unauthorized access.

**Lessons From the Road**

By now I've done this metaphor to death, but the parallels between digital nomads and enterprise data are too striking to ignore — and the challenges will only continue to evolve.

Emerging technologies like edge computing and AI will create new destinations for our data to explore. And don't expect regulations to slow down, further shaping digital travel requirements. This demands IT leaders have their finger on the pulse and think about their data journey from door to door.

The most successful enterprises will be those that can turn potential data pitfalls into opportunities for growth and innovation. By combining agility with compliance, and security with accessibility, they will treat their data as a well-prepared traveler, ready for any adventure.

The lesson from our digital nomad cousins is clear: Pack light, comply right.

**About the Author**

Founder & CEO, Hexnode

Apu Pavithran is the founder and CEO of Hexnode. Recognized in the IT management community as a consultant, speaker, and thought leader, Apu has been a strong advocate for IT governance and information security management.

Latest News