Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages.

  • octopus_ink
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    9 months ago

    I suppose that sounds great, but every time I see a thread where folks complain about these various packaging formats, I’m just really happy I don’t use any of them on my system. All I see in these discussions are user-level problems that I don’t ever have due to avoiding them entirely. One day when I can’t run a distro that doesn’t use them I suppose I’ll have no choice, but until then… We clearly seem NOT to have settled on a single target, so I don’t know why I’d voluntarily wade into all that as a user while it’s still not settled.