360: Oh Snap! Command Not Found vulnerability found

Download as MP3

Sponsored by Kolide: If a device isn’t secure, it can’t access your apps. It’s device trust for Okta. Visit https://destinationlinux.net/kolide to learn more and watch a demo.
Sponsored by LINBIT: Visit destinationlinux.net/linbit to learn how LINBIT’s OSS, based on DRBD® and LINSTOR®, can be used for Kubernetes, CloudStack, OpenNebula, and more.
Support the show by becoming a patron at tuxdigital.com/membership or get some swag at tuxdigital.com/store

Hosted by:

Michael Tunnell = https://michaeltunnell.com
Ryan (DasGeek) = https://dasgeek.net
Jill Bryant = https://jilllinuxgirl.com


00:00:00 Intro
00:00:36 Community Feedback – [link]
00:09:07 Sponsored by Kolide – [link]
00:13:07 SNAP Security Flaw To Be Aware Of – [link]
00:31:07 Sponsored by LINBIT – [link]
00:32:25 Raspberry PI Turns Big Business – [link]
00:44:29 Signal adds usernames, Finally! – [link]
00:51:45 Gaming: JAILBREAKER – [link]
00:56:59 Software Spotlight: Stimulator – [link]
01:03:42 Tips and Tricks: Steam’s Guides
01:07:25 Events
01:10:03 Outro

Leave a Comment

Notable Replies

  1. When I read the aquasec article, it doesn’t sound like they are talking about either the apt command or apt-get and friends. To me it sounds like they are saying that within the command-not-found database that 26% of the apt packages listed don’t have a corresponding snap package that either exists or is claimed by someone.

    They are saying that for those cases, the door is open for someone to upload a malicious snap package, that has the same name as a deb package.

Continue the discussion at forum.tuxdigital.com


Avatar for MichaelTunnell Avatar for LinuxUser