• hygieia@feddit.nl
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    CVE-2023-2640 and CVE-2023-32629 if you don’t fancy spending an age clicking Object to all the ‘legitimate interest’ cookie shit.

    • maiskanzler@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Tip: “I still don’t care about cookies” for desktop browsers + deleting all cookies at the end of the browser session works flawlessly for me.

  • Yewb@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    CVE-2023-2640

    Needs a user account on the system (even unprivledged accounts) via overlayfs

    Overlayfs allows one, usually read-write, directory tree to be overlaid onto another, read-only directory tree. All modifications go to the upper, writable layer. This type of mechanism is most often used for live CDs but there is a wide variety of other uses.

  • Roq@noc.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    @leo what’s the solution, is it just the normal apt update/upgrade or something more complicated? And is it possible to know if a machine has suffered such attack at all?

  • astraeus@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Couldn’t find whether this even impacts LTS builds. Either way, seems like patching should resolve the issue

    • style99@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      In this case, it’s more like the opposite. People testing the cutting edge versions of Ubuntu are the ones impacted.