A crime syndicate based in Russia steals millions of dollars from credit card companies using fake dating and porn sites on hundreds of domains to rack up fraudulent charges.

A subscription service scam has garnered millions of dollars in credit card charges by creating fake dating and porn sites, staffing them with live customer support, and using stolen credit card accounts to pay for "services." 

Endpoint security firm ReasonLabs stated in a Sept. 23 advisory that a Russian-speaking cybercrime group has created hundreds of fraudulent websites since 2019, likely using third-party proxies, as well as dozens of business sites that act as both a generic name for credit card charges and as a hub for customer support calls. By using recurring charges that are small enough to escape many customers' notice, the fraudsters were able to keep chargeback requests low enough to avoid being shut down and continue profiting from the scam.

While the different components of the scheme are not original, the sum total managed to bypass credit card companies' fraud detection and garner millions of dollars in revenue, ReasonLabs' research team said in the advisory.

"Eventually, once — some of — these users find these charges, they will immediately approach the issuer for a dispute and replacement of the card number, which will cause chargebacks."

The three-year scam highlights the resurgence of credit-card fraud, especially for businesses that are dealing with a hybrid workforce. Two-thirds of companies have experienced fraud in the past year, according to a recent study from KPMG. Security experts have meanwhile warned that third-party scripts on websites — part of the software supply chain — could be at risk of being co-opted to steal credentials and credit-card information.

**Designed to Seem Legitimate**

In the latest credit card scam, the cybercriminals created the right mix of components to dodge anti-fraud defenses and to remain unnoticed by consumers who don't always check their credit card bills, researchers said. While unsurprising, the scope of the fraud is quite brazen, Timothy Morris, technology strategist for security management firm Tanium, said in a statement sent to Dark Reading.

"Real companies can run virtually, so it isn’t hard to imagine fake companies running virtually," he said. "Front-end user interfaces, back-end customer support, payment providers, \[and other components\] give this swindle all the ingredients of legitimacy."

The business sites that originated the charges and appeared to be legitimate all have similar structure, with the organization's name, a motto, and information on how to contact support. ReasonLabs found 75 support sites, all with the same HTML code, importing the same JavaScript files, and having identical comments, the company said.

The scheme was also given the veneer of credibility by these 200 fake sites — mainly adult- and dating-themed — that supposedly were the source of the charges. While adult sites are classified as high risk in the financial industry, the combination of live sites and active business hubs helped make the scheme seem legitimate.

The type of fake site that the fraudsters used also likely made the scheme more successful, Matt Mullins, senior security researcher at Cybrary, said in a statement sent to Dark Reading.

"Dating sites, adult sites, and other services have social stigmas associated with them that puts the victim in a questionable light," he said. "This questionable light also makes it more likely that a victim will try to resolve it themselves versus calling up a customer service representative and trying to resolve it."

Finally, the criminal group uses typical credit card spending patterns to make the transaction less suspicious. Rather than use test transactions followed by large transaction, the criminal group uses recurring payments of small dollar amounts to escape notice.  

Because most financial providers have strict agreements with high-risk businesses — such as adult sites — to limit the level of chargebacks, the cybercriminal group takes a variety of actions to avoid chargebacks. The fake businesses' names are fairly generic, they charge small dollar amounts, allow the user to cancel their "subscription," and have live customer support, ReasonLabs said.

"The fraudsters applied each individual customer service website for payment processing in order to distribute the chargebacks between many websites rather than just one," the company stated in its advisory. "This would ensure that their payment processing capabilities will not be revoked once one site reaches the agreed rate of chargebacks, or refunds, which is divided by the number of legit transactions."

The campaign is ongoing, but ReasonLabs has notified the companies affected by the fraud to help shut down the cybercriminal enterprise.

Fake Sites Siphon Millions of Dollars in 3-Year Scam

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system.
In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto.com.
The latest disclosure builds on previous

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system.

In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto.com.

The latest disclosure builds on previous findings from Slovak cybersecurity firm ESET in August, which delved into a similar phony job posting for the Coinbase cryptocurrency exchange platform.

Both these fake job advertisements are just the latest in a series of attacks dubbed Operation In(ter)ception, which, in turn, is a constituent of a broader campaign tracked under the name Operation Dream Job.

Although the exact distribution vector for the malware remains unknown, it's suspected that potential targets are singled out via direct messages on the business networking site LinkedIn.

The intrusions commence with the deployment of a Mach-O binary, a dropper that launches the decoy PDF document containing the job listings at Crypto.com, while, in the background, it deletes the Terminal's saved state ("com.apple.Terminal.savedState").

The downloader, also similar to the safarifontagent library employed in the Coinbase attack chain, subsequently acts as a conduit for a bare-bones second-stage bundle named "WifiAnalyticsServ.app," which is a copycat version of "FinderFontsUpdater.app."

"The main purpose of the second-stage is to extract and execute the third-stage binary, wifianalyticsagent," SentinelOne researchers Dinesh Devadoss and Phil Stokes said. "This functions as a downloader from a \[command-and-control\] server."

The final payload delivered to the compromised machine is unknown owing to the fact that the C2 server responsible for hosting the malware is currently offline.

These attacks are not isolated, for the Lazarus Group has a history of carrying out cyber-assaults on blockchain and cryptocurrency platforms as a sanctions-evading mechanism, enabling the adversaries to gain unauthorized access to enterprise networks and steal digital funds.

"The threat actors have made no effort to encrypt or obfuscate any of the binaries, possibly indicating short-term campaigns and/or little fear of detection by their targets," the researchers said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs

Gentoo Linux Security Advisory 202209-15 - Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code. Versions less than or equal to 11.0.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Oracle JDK/JRE: Multiple vulnerabilities  
     Date: September 25, 2022  
     Bugs: #732630, #717638  
       ID: 202209-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Oracle JDK and JRE, the  
worst of which could result in the arbitrary execution of code.

Background  
==========

Java Platform, Standard Edition (Java SE) lets you develop and deploy  
Java applications on desktops and servers, as well as in today's  
demanding embedded environments. Java offers the rich user interface,  
performance, versatility, portability, and security that today's  
applications require.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-java/oracle-jdk-bin    <= 11.0.2                 Vulnerable!  
  2  dev-java/oracle-jre-bin    <= 1.8.0.202              Vulnerable!

Description  
===========

Multiple vulnerabilities have been discovered in Oracle's JDK and JRE  
software suites. Please review the CVE identifiers referenced below for  
details.

Impact  
======

Certain uses of untrusted data by Oracle JDK and JRE could result in  
arbitrary code execution.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for the Oracle JDK and JRE. We recommend  
that users remove it, and use dev-java/openjdk, dev-java/openjdk-bin, or  
dev-java/openjdk-jre-bin instead:

  # emerge --ask --depclean "dev-java/oracle-jre-bin"  
  # emerge --ask --depclean "dev-java/oracle-jdk-bin"

References  
==========

[ 1 ] CVE-2020-2585  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2585  
[ 2 ] CVE-2020-2755  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2755  
[ 3 ] CVE-2020-2756  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2756  
[ 4 ] CVE-2020-2757  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2757  
[ 5 ] CVE-2020-2773  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2773  
[ 6 ] CVE-2020-2781  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2781  
[ 7 ] CVE-2020-2800  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2800  
[ 8 ] CVE-2020-2803  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2803  
[ 9 ] CVE-2020-2805  
      https://nvd.nist.gov/vuln/detail/CVE-2020-2805  
[ 10 ] CVE-2020-14556  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14556  
[ 11 ] CVE-2020-14562  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14562  
[ 12 ] CVE-2020-14573  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14573  
[ 13 ] CVE-2020-14577  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14577  
[ 14 ] CVE-2020-14578  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14578  
[ 15 ] CVE-2020-14579  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14579  
[ 16 ] CVE-2020-14581  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14581  
[ 17 ] CVE-2020-14583  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14583  
[ 18 ] CVE-2020-14593  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14593  
[ 19 ] CVE-2020-14621  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14621  
[ 20 ] CVE-2020-14664  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14664

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-15

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-15

Gentoo Linux Security Advisory 202209-14 - Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties. Versions less than 6.4.22 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-14  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Fetchmail: Multiple Vulnerabilities  
     Date: September 25, 2022  
     Bugs: #810676, #804921  
       ID: 202209-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Fetchmail, the worst of  
which could result in email disclosure to third parties.

Background  
==========

Fetchmail is a remote mail retrieval and forwarding utility.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-mail/fetchmail         < 6.4.22                    >= 6.4.22

Description  
===========

Multiple vulnerabilities have been discovered in Fetchmail. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Fetchmail users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.4.22"

References  
==========

[ 1 ] CVE-2021-36386  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36386  
[ 2 ] CVE-2021-39272  
      https://nvd.nist.gov/vuln/detail/CVE-2021-39272

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-14

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-14

Gentoo Linux Security Advisory 202209-13 - Multiple vulnerabilities have been discovered in libaacplus, the worst of which could result in denial of service. Versions less than or equal to 2.0.2-r3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-13  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libaacplus: Denial of Service  
     Date: September 25, 2022  
     Bugs: #618000  
       ID: 202209-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in libaacplus, the worst  
of which could result in denial of service.

Background  
==========

libaacplus is an HE-AAC+ v2 library, based on the reference  
implementation.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/libaacplus      <= 2.0.2-r3               Vulnerable!

Description  
===========

Multiple vulnerabilities have been discovered in libaacplus. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued suport for libaacplus. We recommend that users  
remove it:

  # emerge --ask --depclean "media-libs/libaacplus"

References  
==========

[ 1 ] CVE-2017-7603  
      https://nvd.nist.gov/vuln/detail/CVE-2017-7603  
[ 2 ] CVE-2017-7604  
      https://nvd.nist.gov/vuln/detail/CVE-2017-7604  
[ 3 ] CVE-2017-7605  
      https://nvd.nist.gov/vuln/detail/CVE-2017-7605

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-13

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-13

Gentoo Linux Security Advisory 202209-12 - Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass. Versions less than 2.06 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-12  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GRUB: Multiple Vulnerabilities  
     Date: September 25, 2022  
     Bugs: #850535, #835082  
       ID: 202209-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in GRUB, the worst of  
which may allow for secureboot bypass.

Background  
==========

GNU GRUB is a multiboot boot loader used by most Linux systems.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  sys-boot/grub              < 2.06                        >= 2.06

Description  
===========

Multiple vulnerabilities have been discovered in GRUB. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All GRUB users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06-r3"

After upgrading, make sure to run the grub-install command with options  
appropriate for your system. See the GRUB2 Gentoo Wiki page for  
directions. Your system will be vulnerable until this action is  
performed.

References  
==========

[ 1 ] CVE-2021-3695  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3695  
[ 2 ] CVE-2021-3696  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3696  
[ 3 ] CVE-2021-3697  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3697  
[ 4 ] CVE-2021-3981  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3981  
[ 5 ] CVE-2022-28733  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28733  
[ 6 ] CVE-2022-28734  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28734  
[ 7 ] CVE-2022-28735  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28735  
[ 8 ] CVE-2022-28736  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28736  
[ 9 ] CVE-2022-28737  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28737

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-12

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-12

Gentoo Linux Security Advisory 202209-11 - Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution. Versions less than 4.4.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: HarfBuzz: Multiple vulnerabilities  
     Date: September 25, 2022  
     Bugs: #830372, #856049  
       ID: 202209-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in HarfBuzz, the worst of  
which could result in arbitrary code execution.

Background  
==========

HarfBuzz is an OpenType text shaping engine.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/harfbuzz        < 4.4.0                      >= 4.4.0

Description  
===========

Multiple vulnerabilities have been discovered in HarfBuzz. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All HarfBuzz users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-4.4.0"

References  
==========

[ 1 ] CVE-2021-45931  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45931  
[ 2 ] CVE-2022-33068  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33068

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-11

Gentoo Linux Security Advisory 202209-10 - A vulnerability has been discovered in Logcheck's ebuilds which could allow for root privilege escalation. Versions less than or equal to 1.3.23 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Logcheck: Root privilege escalation  
     Date: September 25, 2022  
     Bugs: #630752  
       ID: 202209-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Logcheck's ebuilds which could  
allow for root privilege escalation.

Background  
==========

Logcheck mails anomalies in the system logfiles to the administrator.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-admin/logcheck         <= 1.3.23                 Vulnerable!

Description  
===========

The pkg_postinst phase of the Logcheck ebuilds recursively chown the  
/etc/logcheck and /var/lib/logcheck directories. If the logcheck adds  
hardlinks to other files in these directories, the chown call will  
follow the link and transfer ownership of any file to the logcheck user.

Impact  
======

A local attacker with access to the logcheck user could escalate to root  
privileges.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for Logcheck. We recommend that users  
remove it:

  # emerge --ask --depclean "app-admin/logcheck"

References  
==========

[ 1 ] CVE-2017-20148  
      https://nvd.nist.gov/vuln/detail/CVE-2017-20148

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-10

Gentoo Linux Security Advisory 202209-9 - Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution. Versions less than 4.2.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Smarty: Multiple vulnerabilities  
     Date: September 25, 2022  
     Bugs: #830980, #845180, #870100  
       ID: 202209-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Smarty, the worst of which  
could result in remote code execution

Background  
==========

Smarty is a template engine for PHP. The "template security" feature of  
Smarty is designed to help reduce the risk of a system compromise when  
you have untrusted parties editing templates.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-php/smarty             < 4.2.1                      >= 4.2.1

Description  
===========

Multiple vulnerabilities have been discovered in Smarty. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Smarty users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-php/smarty-4.2.1"

References  
==========

[ 1 ] CVE-2018-25047  
      https://nvd.nist.gov/vuln/detail/CVE-2018-25047  
[ 2 ] CVE-2021-21408  
      https://nvd.nist.gov/vuln/detail/CVE-2021-21408  
[ 3 ] CVE-2021-29454  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29454  
[ 4 ] CVE-2022-29221  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29221

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-09

Gentoo Linux Security Advisory 202209-8 - Multiple vulnerabilities have been discovered in Smokeping, the worst of which could result in root privilege escalation. Versions less than or equal to 2.7.3-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Smokeping: Multiple vulnerabilities  
     Date: September 25, 2022  
     Bugs: #631140, #602562  
       ID: 202209-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Smokeping, the worst of  
which could result in root privilege escalation.

Background  
==========

Smokeping is a powerful latency measurement tool

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-analyzer/smokeping     <= 2.7.3-r1               Vulnerable!

Description  
===========

Multiple vulnerabilities have been discovered in Smokeping. Please  
review the CVE identifiers referenced below for details.

Impact  
======

A local attacker which gains access to the smokeping user could gain  
root privileges.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for Smokeping. We recommend that users  
remove it:

  # emerge --ask --depclean "net-analyzer/smokeping"

References  
==========

[ 1 ] CVE-2017-20147  
      https://nvd.nist.gov/vuln/detail/CVE-2017-20147

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#mac