Security News It's Been a Bad Week for Linux

[LASER_oneXM]

....some quotes from the article above:

Two security researchers published details this week about several security flaws that allow attackers to execute code on affected machines and take over devices.

These security flaws affect Linux distros such as Fedora and Ubuntu, and two of these exploits are zero-days, meaning there's no patch to prevent attacks.

Evans says that an attacker can host a malicious audio file online that when the user downloads on his computer, will automatically be indexed by Gstreamer.

The file, either a FLAC or MP3, would tell Gstreamer that it's a SNES music file. Because Gstreamer comes with support for playing these files, it will emulate a SNES (Super Nintendo Entertainment System) and attempt to index the file.

The libraries part of Gstreamer tasked with this operation include vulnerabilities that allow the attacker to execute code on the user's machine.

This occurs when the file contains malicious instructions telling Gstreamer to emulate a SNES with a Sony SPC700 audio processor. Additionally, Gstreamer isn't sandboxed, so any code executed via the framework has access to the OS, with the user's native privileges.

 

[jamescv7]

An operating system alone is not literally design to protect you from threats but for convenience.

Hence you need a security program in the other hand unless required for your dangerous task.

 

[jamescv7]

An operating system is design for convenience and not for bulletproof security, so expected those flaws when you do not have any security programs.