Ubuntu Linux users are at risk of just that, according to cyber security firm Qualys, as reported in a company blog post written by their Director of Vulnerability and Threat Research. Qualys notes they have discovered two flaws within Ubuntu Linux that would allow for root access by nefarious software packages. The flaws reside in a widely used package manager for Ubuntu Linux called Snap, putting around 40 million users at risk, as the software ships by default on Ubuntu Linux and a wide range of other major Linux distributors. Snap, developed by Canonical, allows for the packaging and distribution of self-contained applications called “snaps” that run in restricted containers. Any security flaws that escape these containers are considered extremely serious. As such, both privilege escalation bugs are rated as high severity threats. These vulnerabilities allow a low-privileged user to execute malicious code as root, which is the highest administrative account on Linux. “Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu,” they wrote. “It is vital that vulnerabilities are responsibly reported and are patched and mitigated immediately.” Qualys also found six other vulnerabilities in the code, but these are all considered to be lower risk. So what should you do? Ubuntu has already issued patches for both vulnerabilities. Download a patch for CVE-2021-44731 here and CVE-2021-44730 here.
