The officially official Devuan Forum!

You are not logged in.

#1 2023-10-10 16:27:28

Altoid
Member
Registered: 2017-05-07
Posts: 1,570  

Gnome vulnerability found

Hello:

Just a heads-up.
Found this at The Register this morning:

Connor Jones at The Register wrote:

Researcher bags two-for-one deal on Linux bugs while probing GNOME component
One-click exploit could potentially affect most major distros.

Wouldn't ever use Gnome but some people do.
libcue2 is present in the Devuan repositories and in my box because of audacious-plugins.

~$ apt list | grep libcue
libcue-dev/oldoldstable 2.2.1-2 amd64
libcue-dev/oldoldstable 2.2.1-2 i386
libcue2/oldoldstable,now 2.2.1-2 amd64 [installed,automatic]
libcue2/oldoldstable 2.2.1-2 i386
~$ 

Should get fixed soon.
Best,

A.

Online

#2 2023-10-10 17:10:06

boughtonp
Member
From: UK
Registered: 2023-01-19
Posts: 212  
Website

Re: Gnome vulnerability found

Here's the article link and a bit of information...

//www.theregister.com/2023/10/10/linux_gnome_libcue_exploit

https://www.theregister.com/2023/10/10/linux_gnome_libcue_exploit/ wrote:

Researchers discovered a high-severity remote code execution (RCE) vulnerability in an inherent component of GNOME-based Linux distros, potentially impacting a huge number of users.

Tracked as CVE-2023-43641, exploiting the vulnerability in the relatively small libcue library takes advantage of the tracker-miners application to facilitate a one-click RCE attack.

The issue is thought to affect all GNOME-based distros, including RHEL, SUSE, and Debian, but has only been proven to work on the latest versions of Ubuntu and Fedora so far.

A user just has to download a file and have it stored in a commonly scanned directory, such as the downloads, music, or videos folders, and the attacker can achieve RCE on their machine.

Debian/Devuan security status: //security-tracker.debian.org/tracker/CVE-2023-43641


3.1415P265E589T932E846R64338

Offline

#3 2023-10-10 21:02:58

zapper
Member
Registered: 2017-05-29
Posts: 954  

Re: Gnome vulnerability found

Gnome makes me think of the idea of making a linux desktop environment look like a fisher price product.

Say it with me...

U-G-L-Y!

Actually, most desktop environments, but ones like KDE5 Gnome3 Cinnamon all are on the top of the no way in hell will I ever use even on devuan.

I don't like most desktop environments, even Lumina, which at least is a neutral one for me.

Too much eye candy = fisher price ugliness.

Last edited by zapper (2023-10-10 21:04:41)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#4 2023-10-10 21:41:59

Altoid
Member
Registered: 2017-05-07
Posts: 1,570  

Re: Gnome vulnerability found

Hello:

boughtonp wrote:

... article link and a bit of information...

Yes, sorry about that.
Posted in a hurry.

zapper wrote:

Too much eye candy = fisher price ugliness.

I'd say needless eye candy+associated bloat = lack of Linux sense.
There's plenty of MS stuff for that.

A.

Online

#5 2023-10-17 20:41:55

zapper
Member
Registered: 2017-05-29
Posts: 954  

Re: Gnome vulnerability found

Not to mention, even XFCE4 and MATE, LXQT, etc... all are bright and shiny enough as it is. Most DEs have too many linux framework dependencies that aren't reasonable. Even Lumina looks semi flashy, but I could see myself using it at least... tongue

CDE is a bit too dull for me, but I probably will mostly stick to the following:

JWM

Btw, I recently am now using startx to start some of my operating systems with. I have done so in Hyperbola, wondering if the same method works in devuan though.

Does this work for devuan:

        #!/bin/sh
        #
        # ~/.xinitrc
        #
        # Executed by startx (run your window manager from here)
        #
        # exec enlightenment_start
        # exec i3
        # exec awesome
        # exec bspwm
        # exec startfluxbox
        # exec openbox-session
        # exec pekwm
        # exec dwm
        # exec icewm-session
           exec jwm
        # exec notion
        # exec evilwm

And then when I press startx in a logged in user in terminal, it would start?

or adding startx to the bottom of  a .bash_profile  like this:

  GNU nano 5.2                      .bash_profile                      Modified 
#
# ~/.bash_profile
#

[[ -f ~/.bashrc ]] && . ~/.bashrc
startx && exit

Sorry if off topic, just curious.


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#6 2023-10-21 19:16:05

UnixMan1230
Member
Registered: 2023-10-21
Posts: 43  

Re: Gnome vulnerability found

Leave it to GNOME to break things (again). Bad enough that they broke extensions for the umpteenth time, now they're also getting ready to push wayland-only in the future.

Link to the article:
https://news.itsfoss.com/gnome-wayland-xorg/

Unless wayland gets it together with NVIDIA cards (Which is a startling number of PC's these days), I can see this ending badly for users of that brand. Then again, when was NVIDIA ever really kind towards Linux?....

Last edited by UnixMan1230 (2023-10-21 19:16:32)


"Less is only more when it's what you're looking for" -Unknown

Offline

#7 2023-10-26 23:39:48

zapper
Member
Registered: 2017-05-29
Posts: 954  

Re: Gnome vulnerability found

UnixMan1230 wrote:

Leave it to GNOME to break things (again). Bad enough that they broke extensions for the umpteenth time, now they're also getting ready to push wayland-only in the future.

Link to the article:
https://news.itsfoss.com/gnome-wayland-xorg/

Unless wayland gets it together with NVIDIA cards (Which is a startling number of PC's these days), I can see this ending badly for users of that brand. Then again, when was NVIDIA ever really kind towards Linux?....

Recently, they have been more kind, although that might not mean much.

Gnome on the other hand, those devs are poison and should be barred from adding their bloat to other communities. Just say no to bloat.


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

Board footer