Zero-day vulnerability Tekoo Ethereum 2.0 user requested to speed up update installation

币圈子 view 20412 2021-12-13 10:31
share to
Scan QR code with WeChat

零时差漏洞 以太坊2.0客户端Teku呼吁用户紧急安装更新版本

Teku is a fully Ethereum 2.0 user developed by blockchain software company ConsenSys. In a tweet posted to Twitter today (10th), Teku said the zero-day bug was reported in log4j (log for Java) used by Teku, who quickly released the update, and that all users should update it immediately. It turns out that the log4j security key update used by Teku had a zero day issue. I don't believe there is any insecurity in Teku, but I released version 21.12.1 for security. All users must change it immediately or change it manually.

What is the zero day problem?

So-called zero-day vulnerabilities, or zero-day vulnerabilities, mean that software and hardware are publicly exposed in design, but vulnerabilities and vulnerabilities are immediately misused after being patched by the manufacturer.

Interference and repair process

A Github article on Teku pointed out that log4j, Teku's commonly used log engine library, did not report any wrong dates.

The admin said that Teku has an impact on log4j, but at this point they don't think the way we use the log engine library is secure in Teku itself. However, with good intentions, we hastened to release the version 21.12.1 patch for security reasons.

The administrator also noted that malfunctions in log4j could allow remote firing of the source code, allowing an attacker to access the victim by signing a key through this witness.

An update and configuration of log4j will be included to ensure that this malfunction is no longer associated with the Teku21.12.1 patch. The maintainer also noted that after several confirmations, Apache Struts 2, Apache Druid, Apache Solr, Apache Flink and many more have been affected. Exchanges, Wallets, and DeFi Plans are encouraged to speed up and self-check for security issues and update as soon as possible.

零时差漏洞 以太坊2.0客户端Teku呼吁用户紧急安装更新版本

btcfans公众号

Scan QR code with WeChat

Disclaimer:

Previous: VISA survey: over 30% of Hong Kong people own or use cryptocurrencies, just behind the United States. Next: US e-commerce giant Newegg accepts SHIB payments! Robinhood is rumored to have placed Shiba Inu coins in the first quarter.

Related