By Deeba Ahmed
Chinese Espionage Group called Iron Tiger (aka LuckyMouse) is targeting Windows, Linux, and macOS Users with trojanized MiMi…
This is a post from HackRead.com Read the original post: Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

****Chinese Espionage Group called Iron Tiger (aka LuckyMouse) is targeting Windows, Linux, and macOS Users with trojanized MiMi Chat app installers.****

Cybersecurity firms Trend Micro and SEKOIA have identified a new malware campaign from Iron Tiger, a Chinese APT group also known as Emissary Panda, Goblin Panda Conimes, Cycldek, Bronze Union, LuckyMouse, APT27, and Threat Group 3390 (TG-3390).

The China-linked cyberespionage group is targeting Windows, Linux, macOS, and iOS users through trojanized versions of MiMi chat app installers. The primary targets of Iron Tiger in this campaign were located in Taiwan and the Philippines.

Trend Micro could identify one of the victims, a Taiwan-based gaming development firm, while overall, thirteen entities were targeted.

**Detailed Analysis of Iron Tiger Spying Campaign**

The group previously launched politically motivated, profiteering, and intelligence-gathering-driven cyberespionage campaigns. For instance, **in June 2018**, Iron Tiger APT was caught targeting a national data center of an unknown Central Asian country using a **watering hole attack**.

**In March 2018**, the same group was identified in a cyber attack against Pakistani government infrastructure. In April 2021, Iron Tiger APT was once again caught spying on Vietnam’s government and military organizations with FoundCore RAT.

Iron Tiger’s latest campaign was identified in June after Trend Micro researchers downloaded infected versions of MiMi’s iOS version.

In this campaign, Iron Tiger’s modus operandi involves compromising the MiMi Chat app servers to infect unsuspecting users’ devices. The app uses ElectronJS cross-platform framework for its desktop version.

**According to** Sekoia, The campaign has all elements of a supply chain attack since the app’s backend servers that host MiMi’s legit installers are controlled by the attackers. The modified MiMi installers download an in-memory, custom backdoor called **HyperBro** on the targeted device. 

**Attackers Constantly Modified Chat App Installers to Deliver Malware**

Researchers confirmed that Iron Tiger started accessing MiMi’s host server in November 2021. when the developers released new versions of the MiMi chat app, the malware operators further exploited their access to host servers to modify the installers quickly.

It only took one and a half hours for the malware operators to alter the legit installers, while for older versions, it took them a day only to perform the modification.

**Malware Capabilities**

According to their **blog post**, Trend Micro discovered various rshell samples, including one that targeted Linux. Researchers analyzed the iOS sample and identified that it fetched rshell backdoor for macOS and can collect system data and transmit it to a C2 server. It could also execute commands from the attackers and send results to the same C2 server.

Further probe revealed that the backdoor could open/close/execute commands in a shell, read, delete, or close files, list directories, and prepare files for uploading/downloading. As per the researchers, the oldest sample was uploaded in June 2021.

**Why the Backdoored App Didn’t Raise Suspicion**

Researchers pointed out that the MiMi chat app’s backdoored versions went unnoticed and didn’t raise any red flags because the legit installers weren’t signed. This means users would go through multiple system warnings when installing the app.

1.  **Old crypto malware makes come back, hits Windows, Linux devices**
2.  **CrossRAT keylogging malware targets Linux, macOS & Windows PCs**
3.  **Multi-platform SysJoker backdoor Hit Windows, macOS, Linux Devices**
4.  **ElectroRat crypto-stealing malware hits macOS, Windows, Linux devices**
5.  **Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool**

Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals.
The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations

Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals.

The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations aren't revoking credentials that are no longer needed, meaning passwords can go unattended and dormant like a sitting duck (similar to what happened with Colonial Pipeline). And Verizon's Data Breach Investigations Report cites that nearly 50% of all data breaches were caused by stolen credentials.

The stats don't lie. Cybercriminals are advancing, there's no doubt, but if there's an option to take the path of least resistance, they'll take it. Too often, that means compromising passwords and exploiting vulnerable access points.

**Credential Theft and Critical Access**

The Verizon report also states that stolen credentials are most often used to target some form of a web application. Web applications are one of the top attack vectors, according to the report, which is a problem considering organizations across industries are finding digital solutions and using internet-enabled technology to streamline operations. Take the manufacturing industry, for example: if a PLC malfunctioned, a contractor or vendor used to physically fix the issue at the manufacturing facility. Now, the repairs can be done remotely since PLCs can be connected to the internet, and third-party technicians can use remote access to connect to and fix the PLC.

The healthcare sector faces the same situation. Healthcare facilities use internet-enabled devices to quickly share data, access patient records, and grant access to remote vendors to connect to machines.

We're in an evolving, digital era where companies can become more efficient, productive, and profitable by automating tasks and introducing new technology to their workflow. But, since a lot of that involves connecting devices to the internet and granting remote access to third-party vendors as we've just seen, it also means introducing risk at each access point.

If you can use the internet to access an asset (whether that's a network, server, or data), so can a bad actor. And if you can use credentials to unlock it, guess what – so can a bad actor. Add third-party remote access into the mix and you have a nasty combination of vulnerabilities.

Organizations need to play catch-up when it comes to the security of their credentials, IoT, and third-party vendor connections. If they don't, they'll be playing a different kind of catch-up: remediating all the damage a bad actor has already done.

**Protect Credentials With Password Vaults**

It might seem like the problem is unavoidable. We're creating a potential gateway for a bad actor to exploit every time we create a password that leads to a critical resource, whether that password is meant for an internal or external user.

For those who have gone too long thinking, "I don't need to worry about password management," — it's time to worry. Or it's at least time to do something about it. Credentials are the keys to the kingdom, whether that means they can get you down the road to the entire kingdom via third-party remote access or they take you directly to the kingdom of mission critical assets and resources. Either way, protecting credentials by using password vaults is arguably the best way to manage passwords and ensure they stay out of the wrong hands.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Credential Theft Is (Still) A Top Attack Method

The BlueSky Win32.Ransom.BlueSky ransomware looks for and executes arbitrary DLLs in its current working directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our own process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/961fa85207cdc4ef86a076bbff07a409.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Win32.Ransom.BlueSkyVulnerability: Arbitrary Code ExecutionDescription: The BlueSky ransomware looks for and executes arbitrary DLLs in its current working directory. Therefore, we can hijack a vuln DLL, execute our own code, control and terminate the malware pre-encryption. The exploit dll checks if the current directory is "C:\Windows\System32", if not we grab our own process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.Family: BlueSkyType: PE32MD5: 961fa85207cdc4ef86a076bbff07a409Vuln ID: MVID-2022-0632Disclosure: 08/13/2022PoC Video URL: https://www.youtube.com/watch?v=osuS8GjdERMExploit/PoC:1) Compile the following C code as "CRYPTSP.dll" 32-bit2) Place the DLL in same directory as the vuln BlueSky ransomware3) Run malware#include "windows.h"//By malvuln - August 2022//Purpose: PWN BlueSky ransomware MD5: 961fa85207cdc4ef86a076bbff07a409//gcc -c CRYPTSP.c -m32//gcc -shared -o CRYPTSP.dll CRYPTSP.o -m32/** DISCLAIMER:Author is NOT responsible for any damages whatsoever by using this software or improper malwarehandling. By using this code you assume and accept all risk implied or otherwise.**/BOOL APIENTRY DllMain(HINSTANCE hInst, DWORD reason, LPVOID reserved){  switch (reason) {  case DLL_PROCESS_ATTACH:   MessageBox(NULL, "BlueSky Ransom\nPWNED!!! by Malvuln", "Code Exec PoC", MB_OK);   TCHAR buf[MAX_PATH];   if(GetCurrentDirectory(MAX_PATH, buf))   if(strcmp("C:\\Windows\\System32", buf) != 0){      HANDLE handle = OpenProcess(PROCESS_TERMINATE, FALSE, getpid());     if (NULL != handle) {           TerminateProcess(handle, 0);       CloseHandle(handle);     }   }    break;  }  return TRUE;}Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Win32.Ransom.BlueSky MVID-2022-0632 Code Execution

Gentoo Linux Security Advisory 202208-31 - Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution. Versions less than 1.16.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-31  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #766336, #785652, #785655, #785658, #785661, #835368, #843770, #765163  
       ID: 202208-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in GStreamer and its plugins,  
the worst of which could result in arbitrary code execution.

Background  
=========  
GStreamer is an open source multimedia framework.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/gst-plugins-bad < 1.16.3                    >= 1.16.3  
  2  media-libs/gst-plugins-base< 1.18.4                    >= 1.18.4  
  3  media-libs/gst-plugins-good< 1.18.4                    >= 1.18.4  
  4  media-libs/gst-plugins-ugly< 1.18.4                    >= 1.18.4  
  5  media-libs/gstreamer       < 1.20.2                    >= 1.20.2  
  6  media-plugins/gst-plugins-libav< 1.18.4                >= 1.18.4

Description  
==========  
Multiple vulnerabilities have been found in GStreamer and its plugins.  
Please review the CVE and GStreamer-SA identifiers referenced below for  
details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GStreamer users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.20.2"

All gst-plugins-bad users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-bad-1.20.2"

All gst-plugins-good users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-good-1.20.2"

All gst-plugins-ugly users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-ugly-1.20.2"

All gst-plugins-base users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-base-1.20.2"

All gst-plugins-libav users should update to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-libav-1.20.2"

References  
=========  
[ 1 ] CVE-2021-3185  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3185  
[ 2 ] CVE-2021-3497  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3497  
[ 3 ] CVE-2021-3498  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3498  
[ 4 ] CVE-2021-3522  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3522  
[ 5 ] GStreamer-SA-2021-0001  
[ 6 ] GStreamer-SA-2021-0002  
[ 7 ] GStreamer-SA-2021-0004  
[ 8 ] GStreamer-SA-2021-0005

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-31

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-31

Gentoo Linux Security Advisory 202208-30 - Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service. Versions less than 2.38 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-30  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: GNU Binutils: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #778545, #792342, #829304  
       ID: 202208-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Binutils, the worst of  
which could result in denial of service.

Background  
=========  
The GNU Binutils are a collection of tools to create, modify and analyse  
binary files. Many of the files use BFD, the Binary File Descriptor  
library, to do low-level manipulation.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  sys-devel/binutils         < 2.38                        >= 2.38  
  2  sys-libs/binutils-libs     < 2.38                        >= 2.38

Description  
==========  
Multiple vulnerabilities have been discovered in GNU Binutils. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Binutils users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.38"

All Binutils library users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-libs/binutils-libs-2.38"

References  
=========  
[ 1 ] CVE-2021-3487  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3487  
[ 2 ] CVE-2021-3530  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3530  
[ 3 ] CVE-2021-3549  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3549  
[ 4 ] CVE-2021-20197  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20197  
[ 5 ] CVE-2021-20284  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20284  
[ 6 ] CVE-2021-20294  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20294  
[ 7 ] CVE-2021-45078  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45078

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-30

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-30

Gentoo Linux Security Advisory 202208-29 - Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service. Versions less than 1.13.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-29  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Nokogiri: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #846623, #837902, #762685  
       ID: 202208-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Nokogiri, the worst of  
which could result in denial of service.

Background  
=========  
Nokogiri is an HTML, XML, SAX, and Reader parser.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-ruby/nokogiri          < 1.13.6                    >= 1.13.6

Description  
==========  
Multiple vulnerabilities have been discovered in Nokogiri. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Nokogiri users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-ruby/nokogiri-1.13.6"

References  
=========  
[ 1 ] CVE-2020-26247  
      https://nvd.nist.gov/vuln/detail/CVE-2020-26247  
[ 2 ] CVE-2022-24836  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24836  
[ 3 ] CVE-2022-29181  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29181

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-29

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-29

Gentoo Linux Security Advisory 202208-28 - Multiple vulnerabilities have been discovered in Puma, the worst of which could result in denial of service. Versions less than 5.6.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Puma: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #794034, #817893, #833155, #836431  
       ID: 202208-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Puma, the worst of  
which could result in denial of service.

Background  
=========  
Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server  
for Ruby/Rack.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-servers/puma           < 5.6.4                      >= 5.6.4

Description  
==========  
Multiple vulnerabilities have been discovered in Puma. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Puma users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/puma-5.6.4"

References  
=========  
[ 1 ] CVE-2021-29509  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29509  
[ 2 ] CVE-2021-41136  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41136  
[ 3 ] CVE-2022-23634  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23634  
[ 4 ] CVE-2022-24790  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24790

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-28

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-28

Gentoo Linux Security Advisory 202208-26 - Multiple vulnerabilities have been discovered in libarchive, the worst of which could result in arbitrary code execution. Versions less than 3.6.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libarchive: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #803128, #836352, #837266  
       ID: 202208-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in libarchive, the worst  
of which could result in arbitrary code execution.

Background  
=========  
libarchive is a library for manipulating different streaming archive  
formats, including certain tar variants, several cpio formats, and both  
BSD and GNU ar variants.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-arch/libarchive        < 3.6.1                      >= 3.6.1

Description  
==========  
Multiple vulnerabilities have been discovered in libarchive. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libarchive users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.6.1"

References  
=========  
[ 1 ] CVE-2021-31566  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31566  
[ 2 ] CVE-2021-36976  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36976  
[ 3 ] CVE-2022-26280  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26280  
[ 4 ] CVE-2022-28066  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28066

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-26

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-26

Gentoo Linux Security Advisory 202208-27 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202208-27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: QEMU: Multiple Vulnerabilities     Date: August 14, 2022     Bugs: #733448, #736605, #773220, #775713, #780816, #792624, #807055, #810544, #820743, #835607, #839762       ID: 202208-27- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been discovered in QEMU, the worst ofwhich could result in remote code execution (guest sandbox escape).Background=========QEMU is a generic and open source machine emulator and virtualizer.Affected packages================    -------------------------------------------------------------------     Package              /     Vulnerable     /            Unaffected    -------------------------------------------------------------------  1  app-emulation/qemu         < 7.0.0                      >= 7.0.0Description==========Multiple vulnerabilities have been discovered in QEMU.Please review theCVE identifiers referenced below for details.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All QEMU users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=app-emulation/qemu-7.0.0"References=========[ 1 ] CVE-2020-15859      https://nvd.nist.gov/vuln/detail/CVE-2020-15859[ 2 ] CVE-2020-15863      https://nvd.nist.gov/vuln/detail/CVE-2020-15863[ 3 ] CVE-2020-16092      https://nvd.nist.gov/vuln/detail/CVE-2020-16092[ 4 ] CVE-2020-35504      https://nvd.nist.gov/vuln/detail/CVE-2020-35504[ 5 ] CVE-2020-35505      https://nvd.nist.gov/vuln/detail/CVE-2020-35505[ 6 ] CVE-2020-35506      https://nvd.nist.gov/vuln/detail/CVE-2020-35506[ 7 ] CVE-2020-35517      https://nvd.nist.gov/vuln/detail/CVE-2020-35517[ 8 ] CVE-2021-3409      https://nvd.nist.gov/vuln/detail/CVE-2021-3409[ 9 ] CVE-2021-3416      https://nvd.nist.gov/vuln/detail/CVE-2021-3416[ 10 ] CVE-2021-3527      https://nvd.nist.gov/vuln/detail/CVE-2021-3527[ 11 ] CVE-2021-3544      https://nvd.nist.gov/vuln/detail/CVE-2021-3544[ 12 ] CVE-2021-3545      https://nvd.nist.gov/vuln/detail/CVE-2021-3545[ 13 ] CVE-2021-3546      https://nvd.nist.gov/vuln/detail/CVE-2021-3546[ 14 ] CVE-2021-3582      https://nvd.nist.gov/vuln/detail/CVE-2021-3582[ 15 ] CVE-2021-3607      https://nvd.nist.gov/vuln/detail/CVE-2021-3607[ 16 ] CVE-2021-3608      https://nvd.nist.gov/vuln/detail/CVE-2021-3608[ 17 ] CVE-2021-3611      https://nvd.nist.gov/vuln/detail/CVE-2021-3611[ 18 ] CVE-2021-3682      https://nvd.nist.gov/vuln/detail/CVE-2021-3682[ 19 ] CVE-2021-3713      https://nvd.nist.gov/vuln/detail/CVE-2021-3713[ 20 ] CVE-2021-3748      https://nvd.nist.gov/vuln/detail/CVE-2021-3748[ 21 ] CVE-2021-3750      https://nvd.nist.gov/vuln/detail/CVE-2021-3750[ 22 ] CVE-2021-3929      https://nvd.nist.gov/vuln/detail/CVE-2021-3929[ 23 ] CVE-2021-3930      https://nvd.nist.gov/vuln/detail/CVE-2021-3930[ 24 ] CVE-2021-3947      https://nvd.nist.gov/vuln/detail/CVE-2021-3947[ 25 ] CVE-2021-4145      https://nvd.nist.gov/vuln/detail/CVE-2021-4145[ 26 ] CVE-2021-4158      https://nvd.nist.gov/vuln/detail/CVE-2021-4158[ 27 ] CVE-2021-4206      https://nvd.nist.gov/vuln/detail/CVE-2021-4206[ 28 ] CVE-2021-4207      https://nvd.nist.gov/vuln/detail/CVE-2021-4207[ 29 ] CVE-2021-20203      https://nvd.nist.gov/vuln/detail/CVE-2021-20203[ 30 ] CVE-2021-20257      https://nvd.nist.gov/vuln/detail/CVE-2021-20257[ 31 ] CVE-2021-20263      https://nvd.nist.gov/vuln/detail/CVE-2021-20263[ 32 ] CVE-2022-0358      https://nvd.nist.gov/vuln/detail/CVE-2022-0358[ 33 ] CVE-2022-26353      https://nvd.nist.gov/vuln/detail/CVE-2022-26353[ 34 ] CVE-2022-26354      https://nvd.nist.gov/vuln/detail/CVE-2022-26354Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202208-27Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2022 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-27

Gentoo Linux Security Advisory 202208-23 - Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 4.15.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Xen: Multiple Vulnerabilities  
     Date: August 14, 2022  
     Bugs: #810341, #812485, #816882, #825354, #832039, #835401, #850802  
       ID: 202208-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Xen, the worst of which  
could result in remote code execution (guest sandbox escape).

Background  
=========  
Xen is a bare-metal hypervisor.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-emulation/xen          < 4.15.3                    >= 4.15.3  
  2  app-emulation/xen-tools    < 4.15.3                    >= 4.15.3

Description  
==========  
Multiple vulnerabilities have been discovered in Xen. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Xen users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.15.3"

All Xen tools users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.15.3"

References  
=========  
[ 1 ] CVE-2021-28694  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28694  
[ 2 ] CVE-2021-28695  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28695  
[ 3 ] CVE-2021-28696  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28696  
[ 4 ] CVE-2021-28697  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28697  
[ 5 ] CVE-2021-28698  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28698  
[ 6 ] CVE-2021-28699  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28699  
[ 7 ] CVE-2021-28700  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28700  
[ 8 ] CVE-2021-28701  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28701  
[ 9 ] CVE-2021-28702  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28702  
[ 10 ] CVE-2021-28710  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28710  
[ 11 ] CVE-2022-21123  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21123  
[ 12 ] CVE-2022-21125  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21125  
[ 13 ] CVE-2022-21166  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21166  
[ 14 ] CVE-2022-23033  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23033  
[ 15 ] CVE-2022-23034  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23034  
[ 16 ] CVE-2022-23035  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23035  
[ 17 ] CVE-2022-26362  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26362  
[ 18 ] CVE-2022-26363  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26363  
[ 19 ] CVE-2022-26364  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26364  
[ 20 ] XSA-378  
[ 21 ] XSA-379  
[ 22 ] XSA-380  
[ 23 ] XSA-382  
[ 24 ] XSA-383  
[ 25 ] XSA-384  
[ 26 ] XSA-386  
[ 27 ] XSA-390  
[ 28 ] XSA-401  
[ 29 ] XSA-402  
[ 30 ] XSA-404

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-23

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#mac