• hygieia@feddit.nl
    link
    fedilink
    arrow-up
    84
    ·
    1 year ago

    CVE-2023-2640 and CVE-2023-32629 if you don’t fancy spending an age clicking Object to all the ‘legitimate interest’ cookie shit.

  • Yewb@kbin.social
    link
    fedilink
    arrow-up
    25
    ·
    1 year ago

    CVE-2023-2640

    Needs a user account on the system (even unprivledged accounts) via overlayfs

    Overlayfs allows one, usually read-write, directory tree to be overlaid onto another, read-only directory tree. All modifications go to the upper, writable layer. This type of mechanism is most often used for live CDs but there is a wide variety of other uses.

  • BadRS@lemmy.world
    link
    fedilink
    arrow-up
    17
    arrow-down
    1
    ·
    1 year ago

    Is the end of this headline “because they haven’t updated in 3 years”?

    • style99@kbin.social
      link
      fedilink
      arrow-up
      13
      ·
      1 year ago

      In this case, it’s more like the opposite. People testing the cutting edge versions of Ubuntu are the ones impacted.

  • astraeus@programming.dev
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    Couldn’t find whether this even impacts LTS builds. Either way, seems like patching should resolve the issue

  • Yewb@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    Needs a user account on the system (even unprivledged accounts) via overlayfs

    Overlayfs allows one, usually read-write, directory tree to be overlaid onto another, read-only directory tree. All modifications go to the upper, writable layer. This type of mechanism is most often used for live CDs but there is a wide variety of other uses.

  • Roq@noc.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    @leo what’s the solution, is it just the normal apt update/upgrade or something more complicated? And is it possible to know if a machine has suffered such attack at all?