An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns.
While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group's .onion website displays a seizure banner containing the message "

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

LockBit's position as ransomware's biggest beast is suddenly in doubt.

For the last two years the absolute worst, most prolific, most globally significant “big game” ransomware gang has been LockBit.

This evening its position as ransomware’s biggest beast is suddenly in doubt, following some non-consensual website redecoration at the hands of the UK’s National Crime Agency (NCA).

The LockBit data leak site has a new look

The LockBit dark web site usually hosts the names and data of organisations that refused to pay ransoms. That’s been replaced by a message from the NCA, saying:

> This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’.

Repleat with the flags and badges of the countries and agencies involved, the new look site promises there is more to come. “We can confirm that Lockbit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation. Return here for more information at: 11:30 GMT on Tuesday 20th Feb.

Since the demise of Conti in 2022, LockBit has been unchallenged as the most prolific ransomware group in the world. In the last 12 months it has racked up more than two and half times as many known attacks as ALPHV, its closest rival.

Top 5 ransomware gangs by known attacks, February 2023 – January 2024

At this stage we have no idea how serious the damage to LockBit is, and law enforcement is only claiming that the group has been “disrupted”. However, even if that disruption isn’t fatal, it will doubtless raise serious questions among LockBit’s criminal associates.

LockBit sells ransomware-as-a-service (RaaS) to “affiliates”, criminal gangs who use the service to carry out ransomware attacks. Even if LockBit can rebuild its infrastructure elsewhere those affiliates now have every reason to question its credibility.

The takedown comes just two months after LockBit’s biggest rival, ALPHV, also suffered a serious mauling at the hands of international law enforcement, before staggering back to its feet.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

You can learn more about the threat of big game ransomware like LockBit and ALPHV in our 2024 State of Malware report.

 LockBit, the world&#8217;s worst ransomware, is down 

By Waqas
All known dark web domains operated by the notorious LockBit Ransomware Gang are displaying a law enforcement seizure notice.
This is a post from HackRead.com Read the original post: 8 LockBit Ransomware Gang Domains Seized in Global Operation

What happened to the LockBit Ransomware Gang? Has the group been disrupted? Have any arrests been made? Learn all about the breaking development regarding one of the most notorious ransomware gangs possibly facing law enforcement scrutiny.

Law enforcement authorities have apparently seized the official and all known dark web websites of the LockBit ransomware gang as part of “Operation Cronos.” The latest development appears to have occurred earlier today, although there has been no confirmation or press release issued by authorities at this time.

However, as observed by Hackread.com, eight .Onion domains owned by the group now display a seizure notice announcing its takeover by the United Kingdom’s National Cyber Crime Agency in cooperation with the US Department of Justice, the FBI, Europol, and other entities.

****“Operation Cronos – Come Back Tomorrow”****

It’s important to note that the notice itself contains details about the incident. Authorities have revealed that this is an ongoing and developing operation conducted under the banner of “Operation Cronos.”

Does this suggest that more ransomware gangs will face the wrath of law enforcement agencies? Have arrests been made, and has electronic and monetary infrastructure been seized? For answers, we must wait until tomorrow, as authorities have urged visitors to visit seized LockBit domains at 11:30 GMT on Tuesday, February 20th, for more information about the operation.

> _This site is now under the control of Law Enforcement – This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, “Operation Cronos.”_
> 
> _We can confirm that LockBit’s services have been disrupted as a result of International Law Enforcement action – this is an ongoing and developing operation. Return here for more information at: 11:30 GMT on Tuesday 20th Feb._
> 
> National Crime Agency (NCA)

Seizure notice on all 8 dark web domains operated by LockBit ransomware gang (Screenshot: Hackread.com)

Additionally, LockBit affiliates attempting to log into the affiliate panel have also encountered a surprising message, providing a glimpse of what has been accessed and seized by authorities.

Law Enforcement has taken control of Lockbit’s platform and obtained all the information held on there. This information relates to the Lockbit group and you, their affiliate. We have source code, details of the victims you have attacked, the amount of money extorted, the data stolen, chats, and much, much more. You can thank Lockbitsupp and their flawed infrastructure for this situation… we may be in touch with you very soon. If you would like to contact us directly, please get in touch: In the meantime, we would encourage you to visit the Lockbit leaksite. Have a nice day. Regards, The National Crime Agency of the UK, the FBI, Europol, and the Operation Cronos Law Enforcement Task Force 0 Screenshot: vx-underground

Here is the list of all dark web domains that display seizure notice:

*   lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion/
*   lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion/
*   lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion/
*   lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion/
*   lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion/
*   lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion/
*   lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion/
*   lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion/

It is worth noting that the exact origin of the group is unknown, but the US government believes the cybercrime syndicate operates from Russia. In June 2023, Ruslan Magomedovich Astamirov (20), a Russian national, was arrested and charged with conspiring to commit LockBit ransomware attacks against U.S. and foreign businesses.

****Is this the end of the LockBit ransomware gang?****

Probably not. While we await official confirmation from law enforcement agencies, it’s quite likely that no arrests have been made, allowing the group to potentially continue operating under its existing guise or rebrand itself with a new identity. Furthermore, it remains unclear if authorities have successfully seized the group’s cryptocurrency wallets, which likely contain significant sums gained from ransomware payments.

****Some Known and Alleged Victims****

LockBit ransomware emerged as a significant threat, targeting both large and mid-sized organizations across various sectors, including healthcare, education, government, and critical infrastructure. Some of the group’s notable claimed targets included the following:

*   Boeing (A)
*   Subway
*   Accenture
*   Bangkok Airways
*   PayBito crypto exchange
*   Darktrace Cybersecurity Firm
*   SpaceX Contractor Maximum Industries

The group utilizes multiple techniques to infiltrate victim networks, such as phishing emails, exploiting vulnerabilities, and purchasing stolen credentials on the dark web. Once inside, LockBit encrypts critical data, making it inaccessible to the victim, and demands a ransom payment in exchange for a decryption tool. If the ransom is not paid, they threaten to leak stolen data online through their dark web portal.

LockBit has released several versions of their ransomware, notably LockBit 2.0 and LockBit 3.0. The impact of LockBit attacks extends beyond financial losses, including disruption to operations, data recovery costs, reputational damage, and privacy concerns due to data leaks, which expose sensitive information and pose risks such as identity theft and fraud.

This is a developing story, with official confirmation from law enforcement authorities pending. We will continue to monitor the situation closely and update this article accordingly.

****RELATED ARTICLES****

1.  **Finnish Dark Web Marketplace PIILOPUOTI Seized**
2.  **NetWire Malware Site and Server Seized, Admin Arrested**
3.  **Hive Ransomware Disrupted; Servers and Dark Web Site Seized**
4.  **Ragnar Locker Ransomware Gang Dismantled, Suspect Arrested**
5.  **WT1SHOP Cybercrime Market Seized by US and Portuguese Police**

8 LockBit Ransomware Gang Domains Seized in Global Operation

By Deeba Ahmed
The aircraft was reportedly flying over an area inhabited by Iranian-backed Houthis.
This is a post from HackRead.com Read the original post: Israeli El Al Alleges Hackers Targeted Flights in Mid-Air Hijack Attempt

Israel’s national airline confirmed that “hostile elements” attempted to take over the communication network of an El Al plane from Phuket, Thailand to Ben-Gurion Airport.

In the past week, hackers targeted two El Al flights bound for Israel, attempting to hijack their communication networks and divert the aircraft, as reported by The Jerusalem Post. The flights were en route from Thailand to Israel’s Ben Gurion Airport. It is worth noting that no group has claimed responsibility for this hack.

In the most recent incident, Israel’s national airline confirmed that “hostile elements” attempted to take over the communication network of an El Al plane from Phuket, Thailand to Ben-Gurion Airport, causing it to divert from its destination. Hostile elements contacted pilots twice, once on a flight between Phuket and Ben-Gurion and once on a Bangkok flight.

The aircraft was reportedly flying over an area inhabited by Iranian-backed Houthis. Sources claim the hack may be the work of a Somaliland-based group. For your information, Somaliland is a state in the Horn of Africa.

El Al pilots became suspicious and decided to ignore the sudden change in instructions and switched to another communication channel to double-check their route with air traffic controllers. The airline confirmed that pilots are trained to spot and mitigate threats while in the air. According to the airline, the disruption did not affect the normal course of the flight due to the professionalism of the pilots. 

> Attempted attack on the communications network of an Israeli flight from Phuket, Thailand
> 
> Hostile elements tried "to manipulate the crew, the pilots, into changing the trajectory and diverting the flight to what would have been a hostile area," @guyaz explains
> 
> With @benitalevin pic.twitter.com/kJhedqzwbJ
> 
> — i24NEWS English (@i24NEWS\_EN) February 18, 2024

“The disruption did not affect the normal course of the flight thanks to the professionalism of the pilots who used the alternative means of communication and allowed the flight to continue on the planned route,” the airline’s statement **read**.

Aircraft safety should be a point of concern within the cybersecurity fraternity given the growing number of incidents targeting airlines. In September 2022, researchers at Necrum Security Labs **discovered** two critical vulnerabilities in Contec’s wireless LAN devices, specifically the Flexlan FXA3000 and FXA2000 series, which provide WiFi on airplanes.

The Japan-based Flexlan LAN devices in airplanes contained two critical vulnerabilities, CVE–2022–36158 and CVE–2022–36159, allowing hackers to hack the inflight entertainment system and other high-speed internet access points.

Then in January 2024, Pen Test Partners’ cybersecurity researchers **identified** a critical issue in Airbus’ Flysmart+ Manager suite, which was remediated 19 months after initial disclosure.

The app, according to Pen Test Partners, developed by Airbus-owned IT services company NAVBLUE, had a disabled security control, allowing insecure communication with servers, potentially allowing an attacker to modify aircraft performance data or adjust airport information.

EASA, the EU’s aviation safety agency, recently **released** the first **Easy Access Rules for Information Security** to enforce security best practices across various sectors, including suppliers, airlines, airports, communication infrastructure providers, and air towers.

****RELATED ARTICLES****

1.  **Homeland Security Hackers Remotely Hack Boeing 757**
2.  **This map shows free WiFi passwords from airports worldwide**
3.  **Palestinian Engineer Jailed for Hacking Israeli CCTVs & Drones**
4.  **Flight tracker Flightradar24 hacked; 230,000 accounts affected**
5.  **Hacker selling classified data on MQ-9 Reaper Drone on dark web**

Israeli El Al Alleges Hackers Targeted Flights in Mid-Air Hijack Attempt

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-25983

**Authorization Bypass in moodle**

Low severity GitHub Reviewed Published Feb 19, 2024 to the GitHub Advisory Database • Updated Feb 21, 2024

**Package**

composer moodle/moodle (Composer)

**Affected versions**

\>= 4.3.0, < 4.3.3

\>= 4.2.0, < 4.2.6

< 4.1.9

**Patched versions**

4.3.3

4.2.6

4.1.9

**Description**

Published to the GitHub Advisory Database

Feb 19, 2024

Last updated

Feb 21, 2024

GHSA-9r26-5w88-qhp9: Authorization Bypass in moodle

By Deeba Ahmed
Email servers compromised in 80 organizations as Russian-linked TAG-70 group targets European governments.
This is a post from HackRead.com Read the original post: Russian Hackers Hit Mail Servers in Europe for Political and Military Intel

A Russian-linked actor, TAG-70, has targeted mail servers in Ukraine, Georgia, and Poland, aiming to collect intelligence on European political and military activities, particularly related to Ukraine’s war efforts.

Recorded Future’s Insikt Group has identified TAG-70, a potential threat actor allegedly working for Belarus and Russia, targeting government, military, and infrastructure entities across Europe and Central Asia since December 2020. The latest round of attacks was observed between October and December 2023.

The group is also known as Winter Vivern, TA-473, and UAC-0114. According to Insikt Group’s report (PDF), Tag-70 was discovered exploiting cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers across Europe.

The group mainly targeted government, military, and national infrastructure in Georgia, Poland, and Ukraine whereas targets were also observed in Belgium, France, the Czech Republic, Germany, and the UK. 

TAG-70, reportedly, used social engineering techniques to gain unauthorized access to mail servers across 80 organizations, including the Iranian Embassies in Moscow and the Netherlands, and the Georgia Embassy in Sweden.

The campaign aimed to gather intelligence on European political and military affairs, potentially gaining strategic advantages or undermining European security and alliances. Servers were primarily affected in Ukraine (30.9%), Georgia (13.6%), and Poland (12.3%)

The geographical distribution of victims affected by the TAG-70s Roundcube exploit in October 2023, according to Recorded Future.

This espionage attack uses spearphishing emails to deliver JavaScript payloads, exploiting the Roundcube vulnerability tracked as CVE-2023-563. Malicious code logs users out of Roundcube, presenting a new sign-in window.

The zero-day exploit allowed unauthorized access to mail servers across 80 organizations, including transport, education, chemical, and biological research sectors. The activity is similar to previous campaigns by other Russian-aligned threat groups like BlueDelta and Sandworm, which also targeted email solutions like Roundcube.

The compromised email servers pose a significant risk to Ukraine’s war effort, diplomatic relations, and coalition partners. Researchers warn that cyber-espionage groups targeting webmail software platforms, including Roundcube, may expose sensitive information about Ukraine’s defence efforts, partner countries, and third-party cooperation. They predict that these groups will continue targeting these platforms as Ukraine’s conflict continues and tensions with the EU and NATO rise.

Organizations must patch Roundcube installations, detect indicators of compromise (IoCs), and implement robust cybersecurity measures to mitigate the threat. Other effective security measures include strengthening email security, preferring encryption, secure email gateways, regular audits, employee awareness training, and network segmentation. The sophisticated attack methods and potential national security impact highlight the need for vigilance and awareness.

****RELATED ARTICLES****

1.  **Microsoft Executives’ Emails Breached by Russia Hackers**
2.  **Russian Hackers Employ Telekopye Toolkit in Phishing Attacks**
3.  **Russian APT29 Hacked US Biomedical Giant in TeamCity Breach**
4.  **Microsoft Outlook Flaw Exploited by Russian Forest Blizzard Group**
5.  **Russian Midnight Blizzard Hackers Hit MS Teams in Precision Attack**

Russian Hackers Hit Mail Servers in Europe for Political and Military Intel

CISA has issued an advisory after the discovery of documents containing information about a state government organization’s network environment on a dark web brokerage site.

CISA (the Cybersecurity & Infrastructure Security Agency) has issued a cybersecurity advisory after the discovery of documents containing host and user information of a state government organization’s network environment—including metadata—on a dark web brokerage site.

An attacker managed to compromise network administrator credentials through the account of a former employee of the organization. The attacker managed to authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.

CISA suspects that the account details fell in the hands of the attacker through a data breach. This would not have posed a problem if the account had been disabled when the employee left. But the account still had access with administrative privileges to two virtualized servers including SharePoint and the workstation.

The incident responders’ logs revealed the attacker first connected from an unknown virtual machine (VM) to the victim’s on-premises environment via internet protocol (IP) addresses within their internal VPN range.

On the SharePoint server, the attacker obtained global domain administrator credentials that were stored locally on the server. This account also provided the attacker with access to the on-premises Active Directory (AD) and Azure AD.

The attacker executed LDAP queries to collect user, host, and trust relationship information. The results of these queries are believed to have been among the information that was offered for sale.

**Mitigation advice**

When an employee leaves there may be several possible reasons not to immediately remove all their accounts. But you should at least remove their privileges as soon as possible and change the password.

The CISA advisory lists several points of advice about user accounts:

*   Review current administrator accounts and only maintain those that are essential for network management.
*   Restrict the use of multiple administrator accounts for one user.
*   Create separate administrator accounts for on-premises and Azure environments to segment access.
*   Implement the principle of least privilege and grant only access to what is necessary. It makes sense to revoke privileges after the task they were needed for is done.
*   Use phishing-resistant multifactor authentication (MFA). The only widely available phishing-resistant authentication is FIDO/WebAuthn authentication.

More general tips are:

*   **Account and group policies**: Set up a robust and continuous user management process to ensure accounts of offboarded employees are removed and can no longer access the network.
*   **Awareness of your environment**: Maintain a robust asset management policy through comprehensive documentation of assets, tracking current version information to maintain awareness of outdated software, and mapping assets to business and critical functions.
*   **Patching procedures**: If you do not have a Vulnerability and Patch Management solution, establish a routine patching cycle for all operating systems, applications, and software.
*   **Monitoring and logging**: It’s essential to keep an eye on what is happening in your environment so you are aware of atypical events and logs that can help you figure out what happened exactly.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 Why keeping track of user accounts is important 

Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Samba: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #891267, #910606, #915556  
       ID: 202402-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Samba, the worst of  
which can lead to remote code execution.

Background  
==========

Samba is a suite of SMB and CIFS client/server programs.

Affected packages  
=================

Package       Vulnerable    Unaffected  
------------  ------------  ------------  
net-fs/samba  < 4.18.9      >= 4.18.9

Description  
===========

Multiple vulnerabilities have been discovered in Samba. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Samba users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.9"

References  
==========

[ 1 ] CVE-2018-14628  
      https://nvd.nist.gov/vuln/detail/CVE-2018-14628  
[ 2 ] CVE-2022-2127  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2127  
[ 3 ] CVE-2023-3347  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3347  
[ 4 ] CVE-2023-3961  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3961  
[ 5 ] CVE-2023-4091  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4091  
[ 6 ] CVE-2023-4154  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4154  
[ 7 ] CVE-2023-34966  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34966  
[ 8 ] CVE-2023-34967  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34967  
[ 9 ] CVE-2023-34968  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34968  
[ 10 ] CVE-2023-42669  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42669  
[ 11 ] CVE-2023-42670  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42670

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-28

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-28

Gentoo Linux Security Advisory 202402-27 - A vulnerability has been discovered in Glade which can lead to a denial of service. Versions greater than or equal to 3.38.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Glade: Denial of Service  
     Date: February 19, 2024  
     Bugs: #747451  
       ID: 202402-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Glade which can lead to a denial  
of service.

Background  
==========

Glade is a RAD tool to enable quick & easy development of user  
interfaces for the GTK+ toolkit (Version 3 only) and the GNOME desktop  
environment.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-util/glade  < 3.38.2      >= 3.38.2

Description  
===========

A vulnerability has been found in Glade which can lead to a denial of  
service when working with specific glade files.

Impact  
======

A crafted file may lead to crashes in Glade.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Glade users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-util/glade-3.38.2"

References  
==========

[ 1 ] CVE-2020-36774  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36774

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-27

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-27

Gentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #924844  
       ID: 202402-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Firefox, the  
worst of which could result in arbitrary code execution.

Background  
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
=================

Package                 Vulnerable     Unaffected  
----------------------  -------------  --------------  
www-client/firefox      < 115.7.0:esr  >= 115.7.0:esr  
                        < 122.0:rapid  >= 122.0:rapid  
www-client/firefox-bin  < 115.7.0:esr  >= 115.7.0:esr  
                        < 122.0:rapid  >= 122.0:rapid

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-115.7.0:esr"

All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.7.0:esr"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-122.0:rapid"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-122.0:rapid"

References  
==========

[ 1 ] CVE-2024-0741  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0741  
[ 2 ] CVE-2024-0742  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0742  
[ 3 ] CVE-2024-0743  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0743  
[ 4 ] CVE-2024-0744  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0744  
[ 5 ] CVE-2024-0745  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0745  
[ 6 ] CVE-2024-0746  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0746  
[ 7 ] CVE-2024-0747  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0747  
[ 8 ] CVE-2024-0748  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0748  
[ 9 ] CVE-2024-0749  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0749  
[ 10 ] CVE-2024-0750  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0750  
[ 11 ] CVE-2024-0751  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0751  
[ 12 ] CVE-2024-0752  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0752  
[ 13 ] CVE-2024-0753  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0753  
[ 14 ] CVE-2024-0754  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0754  
[ 15 ] CVE-2024-0755  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0755  
[ 16 ] MFSA-2024-01  
[ 17 ] MFSA-2024-02  
[ 18 ] MFSA-2024-04

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-26

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#web