ConnexionUbuntu ‘Command Not Found’ Open to Exploit with Snaps
Researchers at Aqua Security say they’ve discovered a significant security issue with Ubuntu’s “command not found” feature. When you run a command for a package not installed Ubuntu’s “command not found” feature kicks in to tell you a) command not found and b) proactively suggests the relevant package(s) you need to install to run the command you tried. Packages recommendations are drawn from DEB software available in the Ubuntu repos (queried against a local database that doesn’t change often), and for snap packages on the Snap Store (which involves connecting to the store’s online database). Using snaps, security researchers say […]
You're reading Ubuntu ‘Command Not Found’ Open to Exploit with Snaps, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.
Ubuntu is working on a new Desktop Security Center that aims to make it easier for users to access some of the distro’s underlying security features. An early version of the Flutter-based tool was made available to install from the Canonical Snap Store this week — but before anyone gets too excited I should stress it’s very much a WIP and not entirely functional (so set expectations accordingly)! Even so, there’s enough to pique interest. Read on for a more detail on what this tool is, the features Canonical plans to surface through, and how you can install the early […]
Ubuntu Core Desktop will not be released alongside Ubuntu 24.04 LTS in April, as originally hoped. For those of you think thinking “wait, what?!” — last year Canonical announced it was developing an all-snap, immutable version of Ubuntu for home users called Ubuntu Core Desktop (the existing Ubuntu Core release is for IoT/embedded use). Further, engineers working at the company said the aim was to make the first version of Ubuntu Core Desktop available to download in April, released alongside Ubuntu 24.04 LTS. To be clear: Ubuntu Core Desktop wasn’t going to be a default, recommended download at first (lest […]
If you’re an Ubuntu user who uses the Thunderbird e-mail client there are some interesting changes on the way you will want to know about. First up, Canonical’s Thunderbird snap package is now being built using source code rather than repacking upstream binaries. That subtle-sounding difference offers some decent-sounding opportunities. For one, the change will allow the Thunderbird snap to be built for architectures other than AMD64, thereby enabling the Thunderbird snap to (theoretically; it’s not currently) be installed in Ubuntu running on, say, the Raspberry Pi — which is neat. Secondly, by building the Thunderbird snap from source code […]