Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #918444, #920508, #924845  
       ID: 202402-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 115.7.0     >= 115.7.0  
mail-client/thunderbird-bin  < 115.7.0     >= 115.7.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.7.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.7.0"

References  
==========

[ 1 ] CVE-2023-3417  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3417  
[ 2 ] CVE-2023-3600  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3600  
[ 3 ] CVE-2023-4045  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4045  
[ 4 ] CVE-2023-4046  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4046  
[ 5 ] CVE-2023-4047  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4047  
[ 6 ] CVE-2023-4048  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4048  
[ 7 ] CVE-2023-4049  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4049  
[ 8 ] CVE-2023-4050  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4050  
[ 9 ] CVE-2023-4051  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4051  
[ 10 ] CVE-2023-4052  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4052  
[ 11 ] CVE-2023-4053  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4053  
[ 12 ] CVE-2023-4054  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4054  
[ 13 ] CVE-2023-4055  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4055  
[ 14 ] CVE-2023-4056  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4056  
[ 15 ] CVE-2023-4057  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4057  
[ 16 ] CVE-2023-4573  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4573  
[ 17 ] CVE-2023-4574  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4574  
[ 18 ] CVE-2023-4575  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4575  
[ 19 ] CVE-2023-4576  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4576  
[ 20 ] CVE-2023-4577  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4577  
[ 21 ] CVE-2023-4578  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4578  
[ 22 ] CVE-2023-4580  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4580  
[ 23 ] CVE-2023-4581  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4581  
[ 24 ] CVE-2023-4582  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4582  
[ 25 ] CVE-2023-4583  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4583  
[ 26 ] CVE-2023-4584  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4584  
[ 27 ] CVE-2023-4585  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4585  
[ 28 ] CVE-2023-5168  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5168  
[ 29 ] CVE-2023-5169  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5169  
[ 30 ] CVE-2023-5171  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5171  
[ 31 ] CVE-2023-5174  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5174  
[ 32 ] CVE-2023-5176  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5176  
[ 33 ] CVE-2023-5721  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5721  
[ 34 ] CVE-2023-5724  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5724  
[ 35 ] CVE-2023-5725  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5725  
[ 36 ] CVE-2023-5726  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5726  
[ 37 ] CVE-2023-5727  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5727  
[ 38 ] CVE-2023-5728  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5728  
[ 39 ] CVE-2023-5730  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5730  
[ 40 ] CVE-2023-5732  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5732  
[ 41 ] CVE-2023-6204  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6204  
[ 42 ] CVE-2023-6205  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6205  
[ 43 ] CVE-2023-6206  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6206  
[ 44 ] CVE-2023-6207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6207  
[ 45 ] CVE-2023-6208  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6208  
[ 46 ] CVE-2023-6209  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6209  
[ 47 ] CVE-2023-6212  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6212  
[ 48 ] CVE-2023-6856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6856  
[ 49 ] CVE-2023-6857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6857  
[ 50 ] CVE-2023-6858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6858  
[ 51 ] CVE-2023-6859  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6859  
[ 52 ] CVE-2023-6860  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6860  
[ 53 ] CVE-2023-6861  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6861  
[ 54 ] CVE-2023-6862  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6862  
[ 55 ] CVE-2023-6863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6863  
[ 56 ] CVE-2023-6864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6864  
[ 57 ] CVE-2023-37201  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37201  
[ 58 ] CVE-2023-37202  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37202  
[ 59 ] CVE-2023-37207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37207  
[ 60 ] CVE-2023-37208  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37208  
[ 61 ] CVE-2023-37211  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37211  
[ 62 ] CVE-2023-50761  
      https://nvd.nist.gov/vuln/detail/CVE-2023-50761  
[ 63 ] CVE-2023-50762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-50762  
[ 64 ] CVE-2024-0741  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0741  
[ 65 ] CVE-2024-0742  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0742  
[ 66 ] CVE-2024-0746  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0746  
[ 67 ] CVE-2024-0747  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0747  
[ 68 ] CVE-2024-0749  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0749  
[ 69 ] CVE-2024-0750  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0750  
[ 70 ] CVE-2024-0751  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0751  
[ 71 ] CVE-2024-0753  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0753  
[ 72 ] CVE-2024-0755  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0755  
[ 73 ] MFSA-2024-01  
[ 74 ] MFSA-2024-02  
[ 75 ] MFSA-2024-04

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-25

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-25

Gentoo Linux Security Advisory 202402-21 - Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: QtNetwork: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #907120, #921292  
       ID: 202402-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in QtNetwork, the worst of  
which could lead to execution of arbitrary code.

Background  
==========

QtNetwork provides a set of APIs for programming applications that use  
TCP/IP. It is part of the Qt framework.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  -------------  
dev-qt/qtbase     < 6.6.1-r2    >= 6.6.1-r2  
dev-qt/qtnetwork  < 5.15.12-r1  >= 5.15.12-r1

Description  
===========

Multiple vulnerabilities have been discovered in QtNetwork. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Qt 5 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-qt/qtnetwork-5.15.12-r1"

All Qt 6 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.6.1-r2"

References  
==========

[ 1 ] CVE-2023-32762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32762  
[ 2 ] CVE-2023-51714  
      https://nvd.nist.gov/vuln/detail/CVE-2023-51714

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-21

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-21

Gentoo Linux Security Advisory 202402-24 - Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution. Versions greater than or equal to 2.53.10.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Seamonkey: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #767400, #828479  
       ID: 202402-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Seamonkey, the worst of  
which can lead to remote code execution.

Background  
==========

The Seamonkey project is a community effort to deliver production-  
quality releases of code derived from the application formerly known as  
the ‘Mozilla Application Suite’.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
www-client/seamonkey  < 2.53.10.2   >= 2.53.10.2

Description  
===========

Multiple vulnerabilities have been discovered in Seamonkey. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Seamonkey users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.10.2"

References  
==========

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-24

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-24

Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #922062, #922340, #922903, #923370  
       ID: 202402-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Chromium and its  
derivatives, the worst of which can lead to remote code execution.

Background  
==========

Chromium is an open-source browser project that aims to build a safer,  
faster, and more stable way for all users to experience the web. Google  
Chrome is one fast, simple, and secure browser for all your devices.  
Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
=================

Package                    Vulnerable        Unaffected  
-------------------------  ----------------  -----------------  
www-client/chromium        < 121.0.6167.139  >= 121.0.6167.139  
www-client/google-chrome   < 121.0.6167.139  >= 121.0.6167.139  
www-client/microsoft-edge  < 121.0.2277.83   >= 121.0.2277.83

Description  
===========

Multiple vulnerabilities have been discovered in Chromium and its  
derivatives. Please review the CVE identifiers referenced below for  
details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Google Chrome users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139"

All Chromium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139"

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83"

References  
==========

[ 1 ] CVE-2024-0333  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0333  
[ 2 ] CVE-2024-0517  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0517  
[ 3 ] CVE-2024-0518  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0518  
[ 4 ] CVE-2024-0519  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0519  
[ 5 ] CVE-2024-0804  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0804  
[ 6 ] CVE-2024-0805  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0805  
[ 7 ] CVE-2024-0806  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0806  
[ 8 ] CVE-2024-0807  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0807  
[ 9 ] CVE-2024-0808  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0808  
[ 10 ] CVE-2024-0809  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0809  
[ 11 ] CVE-2024-0810  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0810  
[ 12 ] CVE-2024-0811  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0811  
[ 13 ] CVE-2024-0812  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0812  
[ 14 ] CVE-2024-0813  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0813  
[ 15 ] CVE-2024-0814  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0814  
[ 16 ] CVE-2024-1059  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1059  
[ 17 ] CVE-2024-1060  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1060  
[ 18 ] CVE-2024-1077  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1077

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-23

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-23

Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: intel-microcode: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #832985, #894474  
       ID: 202402-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in intel-microcode, the  
worst of which can lead to privilege escalation.

Background  
==========

Intel IA32/IA64 microcode update data.

Affected packages  
=================

Package                       Vulnerable            Unaffected  
----------------------------  --------------------  ---------------------  
sys-firmware/intel-microcode  < 20230214_p20230212  >= 20230214_p20230212

Description  
===========

Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All intel-microcode users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-firmware/intel-microcode-20230214_p20230212"

References  
==========

[ 1 ] CVE-2021-0127  
      https://nvd.nist.gov/vuln/detail/CVE-2021-0127  
[ 2 ] CVE-2021-0146  
      https://nvd.nist.gov/vuln/detail/CVE-2021-0146

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-22

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-22

By Waqas
One in five children aged 10-16 in the UK have engaged in online activities that violate the Computer Misuse Act, NCA has revealed.
This is a post from HackRead.com Read the original post: 1 in 5 Youth Engage in Cybercrime, NCA Finds

A recent report by the National Crime Agency (NCA) has revealed a disturbing trend: one in five children aged 10-16 in the UK have engaged in online activities that violate the Computer Misuse Act. This raises serious concerns about the increasing prevalence of cybercrime among young people and stresses the urgent need for greater awareness and education.

The report, based on a comprehensive survey, highlights several concerning online behaviours, including:

*   **Unauthorized access to computer systems or data:** This encompasses hacking into someone else’s account, downloading illegal software, or accessing restricted information.
*   **Cyberbullying and harassment:** Online harassment and bullying can have severe consequences for both the victim and the perpetrator, inflicting emotional distress and potentially leading to real-world harm.
*   **Copyright infringement:** Downloading or sharing copyrighted material without permission, such as music, movies, or software, is illegal and can have legal repercussions.
*   **Online gaming offenses:** This encompasses activities like making in-game purchases without permission, using cheats or hacks to gain an unfair advantage, or engaging in distributed denial-of-service (DDoS) attacks that disrupt online services.

The NCA emphasizes that many children may unknowingly engage in these activities, unaware of the legal implications and potential consequences. This underlines the critical need for open communication between parents, educators, and children about online safety and responsible behaviour.

The report also stresses the importance of proactive education and awareness campaigns targeted at both children and adults. Educating young people about cybercrime, its various forms, and the legal ramifications associated with it can significantly deter them from engaging in risky online behaviour.

Furthermore, the NCA advocates for promoting positive alternatives to encourage children to engage in safe and productive online activities. This can involve fostering their interest in educational resources, creative pursuits, and responsible online communities.

While the report paints a concerning picture, it is crucial to remember that not all online activity by children is illegal. It is essential to distinguish between harmless exploration and deliberate malicious intent based on the specific details and context surrounding each case.

> _“Many young people are getting involved in cybercrime without realising that they are breaking the law. Our message to these teenagers is simple – don’t play games with your future. Whether you engage in this behaviour knowingly or without realising, you are committing an offence – and could face serious consequences for your actions.”_
> 
> _“We’d encourage any concerned parents and teachers to speak to young people with an interest in tech, help them understand the dangers, and highlight the many rewarding and varied careers available to them. Our Cyber Choices team are here to help children, teachers and parents with advice and guidance.”_
> 
> Paul Foster – NCA Deputy Director and Head of the National Cyber Crime Unit

The NCA’s report should be a wake-up call, urging parents, educators, and policymakers to work collaboratively to address the growing issue of cybercrime among young people. By fostering open communication, promoting education and awareness, and encouraging responsible online behaviour, we can create a safer and more positive digital environment for future generations.

_**Editor’s Note:** We must have open and honest conversations with young people about their online activities. We need to educate them about the potential risks and consequences of their actions and equip them with the knowledge and skills to navigate the online world safely and responsibly._

1.  **Kids breach and bypass Linux Mint screensaver lock**
2.  **Snapchat Safety for Parents: How to Safeguard Your Child**
3.  **13-year-old student arrested for hacking school computers**
4.  **Utilizing Programmatic Advertising to Locate Abducted Children**
5.  **Gender Diversity in Cybercrime Forums: Women Users on the Rise**

1 in 5 Youth Engage in Cybercrime, NCA Finds

Gentoo Linux Security Advisory 202402-20 - A vulnerability has been discovered in Thunar which may lead to arbitrary code execution Versions greater than or equal to 4.17.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Thunar: Arbitrary Code Execution  
     Date: February 18, 2024  
     Bugs: #789396  
       ID: 202402-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Thunar which may lead to  
arbitrary code execution

Background  
==========

Thunar is a modern file manager for the Xfce Desktop Environment. Thunar  
has been designed from the ground up to be fast and easy to use. Its  
user interface is clean and intuitive and does not include any confusing  
or useless options by default. Thunar starts up quickly and navigating  
through files and folders is fast and responsive.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
xfce-base/thunar  < 4.17.3      >= 4.17.3

Description  
===========

A vulnerability has been discovered in Thunar. Please review the CVE  
identifier referenced below for details.

Impact  
======

When called with a regular file as command line argument, Thunar  
would delegate to some other program without user confirmation  
based on the file type. This could be exploited to trigger code  
execution in a chain of vulnerabilities.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Thunar users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=xfce-base/thunar-4.17.3"

References  
==========

[ 1 ] CVE-2021-32563  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32563

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-20

Gentoo Linux Security Advisory 202402-19 - A vulnerability has been discovered in libcaca which can lead to arbitrary code execution. Versions greater than or equal to 0.99_beta19-r4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libcaca: Arbitary Code Execution  
     Date: February 18, 2024  
     Bugs: #772317  
       ID: 202402-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in libcaca which can lead to  
arbitrary code execution.

Background  
==========

libcaca is a library that creates colored ASCII-art graphics.

Affected packages  
=================

Package             Vulnerable        Unaffected  
------------------  ----------------  -----------------  
media-libs/libcaca  < 0.99_beta19-r4  >= 0.99_beta19-r4

Description  
===========

A vulnerability has been discovered in libcaca. Please review the CVE  
identifier referenced below for details.

Impact  
======

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c  
may lead to local execution of arbitrary code in the user context.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libcaca users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libcaca-0.99_beta19-r4"

References  
==========

[ 1 ] CVE-2021-3410  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3410

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-19

Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Exim: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #914923, #921520  
       ID: 202402-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Exim, the worst of  
which can lead to remote code execution.

Background  
==========

Exim is a message transfer agent (MTA) designed to be a a highly  
configurable, drop-in replacement for sendmail.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
mail-mta/exim  < 4.97.1      >= 4.97.1

Description  
===========

Multiple vulnerabilities have been discovered in Exim. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Exim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.97.1"

References  
==========

[ 1 ] CVE-2023-42114  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42114  
[ 2 ] CVE-2023-42115  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42115  
[ 3 ] CVE-2023-42116  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42116  
[ 4 ] CVE-2023-42117  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42117  
[ 5 ] CVE-2023-42119  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42119  
[ 6 ] CVE-2023-51766  
      https://nvd.nist.gov/vuln/detail/CVE-2023-51766  
[ 7 ] ZDI-CAN-17433  
[ 8 ] ZDI-CAN-17434  
[ 9 ] ZDI-CAN-17515  
[ 10 ] ZDI-CAN-17554  
[ 11 ] ZDI-CAN-17643

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-18

Gentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: CUPS: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #847625, #907675, #909018, #914781  
       ID: 202402-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in CUPS, the worst of  
which can lead to arbitrary code execution.

Background  
==========

CUPS, the Common Unix Printing System, is a full-featured print server.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
net-print/cups  < 2.4.7       >= 2.4.7

Description  
===========

Multiple vulnerabilities have been discovered in CUPS. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All CUPS users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-print/cups-2.4.7"

References  
==========

[ 1 ] CVE-2022-26691  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26691  
[ 2 ] CVE-2023-4504  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4504  
[ 3 ] CVE-2023-32324  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32324  
[ 4 ] CVE-2023-34241  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34241

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#linux