TL;DR: update libcue to a version released after October 10. I read this last night: <https://arstechnica.com/information-technology/2023/10/one-click-remote-code-exploit-in-cd-cue-files-affects-most-gnome-based-linux-distros/> <https://nvd.nist.gov/vuln/detail/CVE-2023-43641>
Summary: - libcue has a bug that allows an attacker to execute arbitrary machine code - libcue handles CUE sheet files - GNOME (at least) uses libcue for file indexing when it finds a suitable file - a bad actor can give you a bad CUE file without you knowing it (eg. via browsing a web site) - GNOME's tracker will automatically run libcue on the CUE file -- kaboom. You can update your system to get a fixed libcue. The fix is in version 2.3.0. Fedora 37 and 38 have fixes in version 2.2.1-13. I checked this by using "rpm -q --changelog libcue | less". --- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
