Red Hat Security Advisory 2023-7886-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7886.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tigervnc security updateAdvisory ID:        RHSA-2023:7886-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7886Issue date:         2023-12-20Revision:           03CVE Names:          CVE-2023-6377====================================================================Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6377References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253291https://bugzilla.redhat.com/show_bug.cgi?id=2253298

Red Hat Security Advisory 2023-7886-03

Red Hat Security Advisory 2023-7885-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7885.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:15 security update  
Advisory ID:        RHSA-2023:7885-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7885  
Issue date:         2023-12-20  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

* postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2228112  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7885-03

Red Hat Security Advisory 2023-7884-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7884.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:15 security update  
Advisory ID:        RHSA-2023:7884-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7884  
Issue date:         2023-12-20  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

* postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2228112  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7884-03

Red Hat Security Advisory 2023-7883-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7883.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:15 security update  
Advisory ID:        RHSA-2023:7883-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7883  
Issue date:         2023-12-20  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

* postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2228112  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7883-03

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

OpenSSH 9.6p1

By Deeba Ahmed
The 8220 gang, believed to be of Chinese origins, was first identified in 2017 by Cisco Talos when they targeted Drupal, Hadoop YARN, and Apache Struts2 applications for propagating cryptojacking malware.
This is a post from HackRead.com Read the original post: 8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack

The 8220 Gang is exploiting multiple vulnerabilities, including the Oracle WebLogic Server vulnerability, to propagate cryptojacking malware in the Americas, Europe, and Africa.

Imperva Threat Research has discovered undocumented activity from a hacker group known as the 8220 gang. This group is known for mass malware deployment using an ever-evolving arsenal of TTPs. The 8220 gang mainly targets Windows and Linux web servers with cryptojacking malware.

The 8220 gang, believed to be of Chinese origins, was first identified in 2017 by Cisco Talos when it targeted Drupal, Hadoop YARN, and Apache Struts2 applications for propagating cryptojacking malware. the group exploited Confluence and Log4j vulnerabilities, and recently, Trend Micro found them leveraging Oracle WebLogic vulnerability (CVE-2017-3506) to infect systems.

According to Imperva’s blog post, the 8220 gang is also exploiting CVE-2020-14883, a Remote Code Execution vulnerability in the Oracle WebLogic Server, to spread malware. This vulnerability allows remote attackers to execute code using a gadget chain. It is often chained with CVE-2020-14882 (authentication bypass vulnerability) or leaked/weak/stolen credentials. The gang uses two gadget chains; one loads an XML file, and the other executes commands on the OS.

Credit: Imperva

Driven by financial motives, this gang uses simple exploits to target vulnerabilities and exploit easy targets. Despite their unsophisticated nature, they constantly evolve their tactics to evade detection. Attributing attacks to this group is straightforward due to their use of traceable IoCs and TTPs, frequently reusing the same IP addresses, web servers, payloads, and attack tools.

The 8220 gang uses various methods to target Linux hosts, including cURL, wget, lwp-download, python urllib, and a custom bash function. They also use a PowerShell WebClient command on Windows to execute a downloaded script.

In another variation, they use a gadget chain to run Java code without an externally hosted XML file. The injected Java code evaluates whether the OS is Windows or Linux and executes the appropriate command strings. The downloaded files are executed, infecting the exploited hosts with known AgentTesla, rhajk, and nasqa malware variants.

According to Imperva researchers, the 8220 gang appears to be an opportunistic group because of its target selection, which includes healthcare, telecommunications, and financial services.

It mainly targets organizations in the United States, South Africa, Spain, Columbia, and Mexico. Moreover, the gang prefers using custom tools written in Python in their attack campaigns, and the attacking IPs are associated with known hosting companies.

Imperva Cloud WAF and on-prem WAF have identified and mitigated web vulnerabilities used by the 8220 gang for malicious activities. These vulnerabilities include CVE-2017-3506, CVE-2019-2725, CVE-2020-14883, CVE-2021-26084, CVE-2021-44228, Apache Log4j JNDI, and CVE-2022-26134.

Imperva is urging organizations to maintain security. Enterprises should patch their applications and implement multiple security measures to protect against falling victim to such groups.

****_RELATED ARTICLE_****

1.  **Patched OpenSSH Exploited for IoT, Linux Cryptomining**
2.  **Hackers mining Monero on Microsoft SQL databases for last 2 years**
3.  **Malicious Chrome extensions stealing data with cryptomining malware**
4.  **Cryptomining, Malware Flourish on Misconfigured Kubernetes Clusters**
5.  **New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data**

8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild.
The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution.
Clément

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild.

The vulnerability, assigned the CVE identifier **CVE-2023-7024**, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution.

Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG) have been credited with discovering and reporting the flaw.

No other details about the security defect have been released to prevent further abuse, with Google acknowledging that "an exploit for CVE-2023-7024 exists in the wild."

The development marks the resolution of the eighth actively exploited zero-day in Chrome since the start of the year -

*   **CVE-2023-2033** (CVSS score: 8.8) - Type confusion in V8
*   **CVE-2023-2136** (CVSS score: 9.6) - Integer overflow in Skia
*   **CVE-2023-3079** (CVSS score: 8.8) - Type confusion in V8
*   **CVE-2023-4762** (CVSS score: 8.8) - Type confusion in V8
*   **CVE-2023-4863** (CVSS score: 8.8) - Heap buffer overflow in WebP
*   **CVE-2023-5217** (CVSS score: 8.8) - Heap buffer overflow in vp8 encoding in libvpx
*   **CVE-2023-6345** (CVSS score: 9.6) - Integer overflow in Skia

A total of 26,447 vulnerabilities have been disclosed so far in 2023, surpassing the previous year by over 1,500 CVEs, according to data compiled by Qualys, with 115 flaws exploited by threat actors and ransomware groups.

Remote code execution, security feature bypass, buffer manipulation, privilege escalation, and input validation and parsing flaws emerged as the top vulnerability types.

Users are recommended to upgrade to Chrome version 120.0.6099.129/130 for Windows and 120.0.6099.129 for macOS and Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

By Waqas
Another day, another cross-platform hits unsuspecting users!
This is a post from HackRead.com Read the original post: New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data

A recently discovered cross-platform malware, appropriately named JaskaGO, has surfaced, targeting both macOS and Windows systems.

Cybersecurity researchers at AT&T Alien Labs have discovered a sophisticated malware strain called JaskaGO, crafted in the Go (**Golang**) programming language and equipped with the ability to maintain persistence in infected systems. It can exfiltrate valuable information, including browser credentials and cryptocurrency wallet details.

JaskaGO was detected in July 2023, targeting Mac users. Since then, the threat has evolved its capabilities and developed in both macOS and Windows versions, with a low detection rate, as evidenced by recent anti-virus engine samples.

According to AT&T Alien Labs’ report, JaskaGO is a deceptive tool that presents a fake error message claiming a missing file to mislead users into believing the malicious code failed to run.

Further, it uses file names resembling well-known applications, such as “Capcut\_Installer\_Intel\_M1.dmg” and “Anyconnect.exe,” suggesting a common strategy of malware deployment under the guise of legitimate software in pirated application web pages.

The malware first scans the system to determine if it is operating within a virtual machine (VM), obtaining general machine information, such as the number of processors, system up-time, available system memory, and MAC addresses. The presence of MAC addresses associated with well-known VM software, such as VMware or VirtualBox, is a key indicator.

If not detected, it starts collecting information and continuously queries its C2 server, awaiting instructions for various commands. These commands include creating persistence, stealer functionalities, pinging the command and control, executing shell commands, alert messages, retrieving the running process list, executing files on disk or in memory, writing to the clipboard, performing random tasks, downloading and executing additional payloads, initiating the process to exit (self), and initiating the process to exit and delete itself.

JaskaGO is equipped with extensive data exfiltration capabilities, and stores acquired data in a specially created folder, zipping and sending it to the attacker. It can be configured to target additional browsers, collecting browser information such as credentials, history, cookies, password encryption keys, profile files, and login information.

Persistence mechanisms are established through two methods: Service Creation in Windows and Execution as Root in macOS. In Windows, the malware creates a Windows Terminal profile by generating the file: UserName\\AppData\\Local\\Packages\\Microsoft. WindowsTerminal\_\*\\LocalState\\settings.json.”

On macOS, the malware employs a multi-step process to establish persistence within the system: Execution as Root, Disabling Gatekeeper, and Duplicating itself. To ensure persistence, the malware creates either LaunchDaemon or LaunchAgent based on successful root access to get automatically launched during system startup and further embed itself into the macOS environment.

JaskaGO is still being investigated; but serves as a warning to Mac users who may have felt unaffected by cyber threats, emphasizing the importance of constant vigilance regardless of the chosen operating system.

****_RELATED ARTICLES_****

1.  **BlueNoroff APT Targeting macOS with ObjCShellz Malware**
2.  **Lazarus Group uses KandyKorn macOS malware for crypto theft**
3.  **Cracked macOS Software Laced with New Trojan Proxy Malware**
4.  **New Malware Turns Windows and macOS Devices into Proxy Nodes**
5.  **Researchers Leverage ChatGPT to Expose Notorious macOS Malware**
6.  **Windows, Linux, macOS Users Targeted by Chinese Iron Tiger APT Group**

New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data

Gentoo Linux Security Advisory 202312-3 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 102.12 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202312-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: December 20, 2023  
     Bugs: #908246  
       ID: 202312-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Mozilla Thunderbird, the  
worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 102.12      >= 102.12  
mail-client/thunderbird-bin  < 102.12      >= 102.12

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.12"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.12"

References  
==========

[ 1 ] CVE-2023-32205  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32205  
[ 2 ] CVE-2023-32206  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32206  
[ 3 ] CVE-2023-32207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32207  
[ 4 ] CVE-2023-32211  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32211  
[ 5 ] CVE-2023-32212  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32212  
[ 6 ] CVE-2023-32213  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32213  
[ 7 ] CVE-2023-32214  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32214  
[ 8 ] CVE-2023-32215  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32215  
[ 9 ] CVE-2023-34414  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34414  
[ 10 ] CVE-2023-34416  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34416

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202312-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202312-03

Gentoo Linux Security Advisory 202312-2 - A vulnerability has been found in Minecraft Server which leads to remote code execution. Versions greater than or equal to 1.18.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202312-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Minecraft Server: Remote Code Execution  
     Date: December 20, 2023  
     Bugs: #828936  
       ID: 202312-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in Minecraft Server which leads to remote  
code execution.

Background  
==========

Minecraft Server is the official server for the sandbox video game.

Affected packages  
=================

Package                        Vulnerable    Unaffected  
-----------------------------  ------------  ------------  
games-server/minecraft-server  < 1.18.1      >= 1.18.1

Description  
===========

A vulnerability has been discovered in Minecraft Server. Please review  
the CVE identifier referenced below for details.

Impact  
======

Vulnerable Minecraft Server versions include a bundled version of log4j  
which is vulnerable to remote code execution.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Minecraft Server users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=games-server/minecraft-server-1.18.1"

References  
==========

[ 1 ] CVE-2021-4104  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4104

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202312-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#linux