CVE-2023-2640 and CVE-2023-32629 if you don’t fancy spending an age clicking Object to all the ‘legitimate interest’ cookie shit.
Tip: “I still don’t care about cookies” for desktop browsers + deleting all cookies at the end of the browser session works flawlessly for me.
CVE-2023-2640
Needs a user account on the system (even unprivledged accounts) via overlayfs
Overlayfs allows one, usually read-write, directory tree to be overlaid onto another, read-only directory tree. All modifications go to the upper, writable layer. This type of mechanism is most often used for live CDs but there is a wide variety of other uses.
Or a docker container.
Is this an Ubuntu specialty, or other distros are also affected?
They are specific to the kernels delivered with Ubuntu because of changes introduced by Canonical in OverlayFS:
Source: Ubuntu Website
@leo what’s the solution, is it just the normal
apt update/upgrade
or something more complicated? And is it possible to know if a machine has suffered such attack at all?According to the Ubuntu bulletin, a simple update is sufficient.
The Wiz announcement didn’t really go into specifics, so not sure other than normal user auditing.