Subj : This software relic from the CD era could put your entire PC at r To : All From : TechnologyDaily Date : Sat Oct 14 2023 13:30:05 This software relic from the CD era could put your entire PC at risk Date: Sat, 14 Oct 2023 12:12:56 +0000 Description: The way Linux handles .cue files could spell trouble, a researcher found. FULL STORY ====================================================================== If, for whatever strange reason, you find yourself in need of running .cue files on a Linux environment with a GNOME desktop, be careful. The files could be marred with malicious code that allows threat actors to execute code on the target endpoint . The warning was issued by GitHub after the software development platform recently disclosed the existence of a memory corruption flaw in the libcue library which parses cue sheets. Its being tracked as CVE-2023-43641, and while not yet official, it comes with a severity score of 8.8 (High). Testing the flaw Cue files are metadata files used to describe tracks found in a CD, or a DVD. GNOME desktops, ArsTechnica explains, have a tracker miner that automatically updates when file locations in a users home directory change. Should a user download a cue sheet with malicious code, GNOMEs indexing tracker would run it and execute the code, essentially compromising the endpoint. Luckily, a patch is already available, so Linux users with GNOME-based distributions should apply it to secure their endpoints, as soon as possible. The earliest secure version is 2.3.0. GitHub Security Lab member, Kevin Backhouse, recorded a video to show how the bug works, but hasnt released a proof-of-concept (PoC) just yet, Ars Technica further explained. Users can test their systems for the vulnerability via a test cue sheet Backhouse developed which shouldnt cause too much trouble other than a benign crash. Backhouse is known for discovering vulnerabilities in Linux. Before finding CVE-2023-43641, he discovered flaws allowing standard users to become admins with just a few commands, and a Polkit flaw that grants attackers root access. Although making up but a tiny portion of the overall OS market, Linux is a loved and widely used operating system, especially among servers, IoT gear, and mobile devices. More from TechRadar Pro Major Linux distros targeted by hackers exploiting this significant flaw Here's a list of the best firewalls today These are the best malware removal tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-software-relic-from-the-cd-era-cou ld-put-your-entire-pc-at-risk --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .