Gnome vulnerability found

Altoid · 2023-10-10 16:27:28

Hello:

Just a heads-up.
Found this at The Register this morning:

Connor Jones at The Register wrote:

Researcher bags two-for-one deal on Linux bugs while probing GNOME component
One-click exploit could potentially affect most major distros.

Wouldn't ever use Gnome but some people do.
libcue2 is present in the Devuan repositories and in my box because of audacious-plugins.

~$ apt list | grep libcue
libcue-dev/oldoldstable 2.2.1-2 amd64
libcue-dev/oldoldstable 2.2.1-2 i386
libcue2/oldoldstable,now 2.2.1-2 amd64 [installed,automatic]
libcue2/oldoldstable 2.2.1-2 i386
~$

Should get fixed soon.
Best,

A.

boughtonp · 2023-10-10 17:10:06

Here's the article link and a bit of information...

//www.theregister.com/2023/10/10/linux_gnome_libcue_exploit

https://www.theregister.com/2023/10/10/linux_gnome_libcue_exploit/ wrote:

Researchers discovered a high-severity remote code execution (RCE) vulnerability in an inherent component of GNOME-based Linux distros, potentially impacting a huge number of users.
Tracked as CVE-2023-43641, exploiting the vulnerability in the relatively small libcue library takes advantage of the tracker-miners application to facilitate a one-click RCE attack.
The issue is thought to affect all GNOME-based distros, including RHEL, SUSE, and Debian, but has only been proven to work on the latest versions of Ubuntu and Fedora so far.
A user just has to download a file and have it stored in a commonly scanned directory, such as the downloads, music, or videos folders, and the attacker can achieve RCE on their machine.

Debian/Devuan security status: //security-tracker.debian.org/tracker/CVE-2023-43641

zapper · 2023-10-10 21:02:58

Gnome makes me think of the idea of making a linux desktop environment look like a fisher price product.

Say it with me...

U-G-L-Y!

Actually, most desktop environments, but ones like KDE5 Gnome3 Cinnamon all are on the top of the no way in hell will I ever use even on devuan.

I don't like most desktop environments, even Lumina, which at least is a neutral one for me.

Too much eye candy = fisher price ugliness.

Last edited by zapper (2023-10-10 21:04:41)

Altoid · 2023-10-10 21:41:59

Hello:

boughtonp wrote:

... article link and a bit of information...

Yes, sorry about that.
Posted in a hurry.

zapper wrote:

Too much eye candy = fisher price ugliness.

I'd say needless eye candy+associated bloat = lack of Linux sense.
There's plenty of MS stuff for that.

A.

zapper · 2023-10-17 20:41:55

Not to mention, even XFCE4 and MATE, LXQT, etc... all are bright and shiny enough as it is. Most DEs have too many linux framework dependencies that aren't reasonable. Even Lumina looks semi flashy, but I could see myself using it at least...

CDE is a bit too dull for me, but I probably will mostly stick to the following:

JWM

Btw, I recently am now using startx to start some of my operating systems with. I have done so in Hyperbola, wondering if the same method works in devuan though.

Does this work for devuan:

#!/bin/sh
#
# ~/.xinitrc
#
# Executed by startx (run your window manager from here)
#
# exec enlightenment_start
# exec i3
# exec awesome
# exec bspwm
# exec startfluxbox
# exec openbox-session
# exec pekwm
# exec dwm
# exec icewm-session
exec jwm
# exec notion
# exec evilwm

And then when I press startx in a logged in user in terminal, it would start?

or adding startx to the bottom of a .bash_profile like this:

GNU nano 5.2 .bash_profile Modified
#
# ~/.bash_profile
#

[[ -f ~/.bashrc ]] && . ~/.bashrc
startx && exit

Sorry if off topic, just curious.

UnixMan1230 · 2023-10-21 19:16:05

Leave it to GNOME to break things (again). Bad enough that they broke extensions for the umpteenth time, now they're also getting ready to push wayland-only in the future.

Link to the article:
https://news.itsfoss.com/gnome-wayland-xorg/

Unless wayland gets it together with NVIDIA cards (Which is a startling number of PC's these days), I can see this ending badly for users of that brand. Then again, when was NVIDIA ever really kind towards Linux?....

Last edited by UnixMan1230 (2023-10-21 19:16:32)

zapper · 2023-10-26 23:39:48

UnixMan1230 wrote:

Leave it to GNOME to break things (again). Bad enough that they broke extensions for the umpteenth time, now they're also getting ready to push wayland-only in the future.
Link to the article:
https://news.itsfoss.com/gnome-wayland-xorg/
Unless wayland gets it together with NVIDIA cards (Which is a startling number of PC's these days), I can see this ending badly for users of that brand. Then again, when was NVIDIA ever really kind towards Linux?....

Recently, they have been more kind, although that might not mean much.

Gnome on the other hand, those devs are poison and should be barred from adding their bloat to other communities. Just say no to bloat.

The officially official Devuan Forum!

#1 2023-10-10 16:27:28

Gnome vulnerability found

#2 2023-10-10 17:10:06

Re: Gnome vulnerability found

#3 2023-10-10 21:02:58

Re: Gnome vulnerability found

#4 2023-10-10 21:41:59

Re: Gnome vulnerability found

#5 2023-10-17 20:41:55

Re: Gnome vulnerability found

#6 2023-10-21 19:16:05

Re: Gnome vulnerability found

#7 2023-10-26 23:39:48

Re: Gnome vulnerability found

Board footer