1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Multiple vulnerabilities put 40 million Ubuntu users at risk

    From TechnologyDaily@1337:1/100 to All on Fri Feb 18 14:15:04 2022
    Multiple vulnerabilities put 40 million Ubuntu users at risk

    Date:
    Fri, 18 Feb 2022 13:53:17 +0000

    Description:
    Ubuntu users advised to update their systems as soon as possible.

    FULL STORY ======================================================================

    Security researchers have recently found multiple vulnerabilities on Ubuntu systems, some of which would allow a threat actor to gain root privileges on the target endpoint.

    In a blog post, Bharat Jogi, Director of Vulnerability and Threat Research at Qualys, said the team found the flaws in the snap-confine function on Linux operating systems. Approximately 40 million users are at risk.

    Jogi describes Snap as a software packaging and deployment system that was built by Canonical for operating systems on the Linux kernel. These packages, or snaps, as well as the tool that uses them, snapd, work on a wide range of Linux distributions, allowing developers to ship applications directly to users. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you'll have the chance to enter a draw for a 100/$130 Amazon gift card . Thank you for taking part.

    Click here to start the survey in a new window << Gaining root access

    Snaps, Jogi further explains, are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine in s a program used internally by snapd to construct the execution environment for snap applications.

    By abusing the flaw, tracked as CVE-2021-44731, the attacker can elevate the privileges of a basic account all the way to root access. Researchers from Qualys claim to have independently verified the vulnerability, developed an exploit, and obtained full root privileges on default installations of
    Ubuntu.

    The team did not explain if the exploit comes in the form of malware , or if it took a different approach. Read more

    Ubuntu 21.04 is here, but don't get too excited


    Ubuntu has a pretty serious security flaw, so patch now


    Ubuntu 21.10 wants to make cloud-native app development easier for all

    As usual, by the time the news hits the press, a patch had already been issued, so Ubuntu users are advised to patch up to the latest version, immediately. Qualys customers can search the vulnerability knowledgebase for CVE-2021-44731 to identify all the QIDs and vulnerable assets, the company said.

    In a Log4Shell, SolarWinds, MSFT Exchange (and on and on) era, it is vital that vulnerabilities are responsibly reported and are patched and mitigated immediately, the research team warns. This disclosure continues to showcase that security is not a one and done this code had been reviewed several
    times and Snap has very defensive technologies. Check out our list of the
    best antivirus right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/multiple-vulnerabilities-put-40-million-ubuntu- users-at-risk/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)