Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws

Leo@lemmy.linuxuserspace.show · 11 months ago

Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws

hygieia@feddit.nl · 11 months ago

CVE-2023-2640 and CVE-2023-32629 if you don’t fancy spending an age clicking Object to all the ‘legitimate interest’ cookie shit.

maiskanzler@feddit.de · 11 months ago

Tip: “I still don’t care about cookies” for desktop browsers + deleting all cookies at the end of the browser session works flawlessly for me.

dookie@kbin.cafe · 11 months ago

bro doesnt have an adblocker?

moreeni · 11 months ago

And a script blocker like NoScript

SALT@lemmy.my.id · 11 months ago

All disable script all together on foreign site using uBo

Yewb@kbin.social · 11 months ago

CVE-2023-2640

Needs a user account on the system (even unprivledged accounts) via overlayfs

Overlayfs allows one, usually read-write, directory tree to be overlaid onto another, read-only directory tree. All modifications go to the upper, writable layer. This type of mechanism is most often used for live CDs but there is a wide variety of other uses.

darkmugglet · 11 months ago

Or a docker container.

BadRS@lemmy.world · 11 months ago

Is the end of this headline “because they haven’t updated in 3 years”?

style99@kbin.social · 11 months ago

In this case, it’s more like the opposite. People testing the cutting edge versions of Ubuntu are the ones impacted.

astraeus@programming.dev · 11 months ago

Couldn’t find whether this even impacts LTS builds. Either way, seems like patching should resolve the issue

style99@kbin.social · 11 months ago

LTS uses the 5.15 Linux kernel (by default). This vulnerability impacts 6.2.

RoundSparrow@lemmy.ml · edit-2 11 months ago

If I understand correctnly… Ubuntu 22.04.2 LTS has 5.19 kernel by default: https://9to5linux.com/ubuntu-22-04-2-lts-released-with-linux-kernel-5-19-updated-components “the Ubuntu 22.04.2 LTS point release also comes with a newer kernel, namely Linux 5.19, from the Ubuntu 22.10 (Kinetic Kudu) release”

As you said, if it is only 6.2, still out of the window.

ReversalHatchery@beehaw.org · 11 months ago

Is this an Ubuntu specialty, or other distros are also affected?

schizosfera@feddit.de · 11 months ago

They are specific to the kernels delivered with Ubuntu because of changes introduced by Canonical in OverlayFS:

Source: Ubuntu Website

Roq@noc.social · 11 months ago

@leo what’s the solution, is it just the normal apt update/upgrade or something more complicated? And is it possible to know if a machine has suffered such attack at all?

Leo@lemmy.linuxuserspace.show · 11 months ago

According to the Ubuntu bulletin, a simple update is sufficient.

The Wiz announcement didn’t really go into specifics, so not sure other than normal user auditing.

Yewb@kbin.social · 11 months ago

Needs a user account on the system (even unprivledged accounts) via overlayfs

Overlayfs allows one, usually read-write, directory tree to be overlaid onto another, read-only directory tree. All modifications go to the upper, writable layer. This type of mechanism is most often used for live CDs but there is a wide variety of other uses.

djsaskdja@reddthat.com · 11 months ago

Typical lolbuntu move

prenatal_confusion@lemmy.one · 11 months ago

<°==<

GustavoM@lemmy.world · 11 months ago

Ubloatu*

ftfy