While it’s considered a safe operating system, there certainly are security vulnerabilities that can allow hackers to exploit GNU/Linux. Fortunately, there are several things you can do to keep yourself safe from a recently discovered critical security flaw. While some exploits affect only a single distribution, the most recent influences most modern ones equally.
A security researcher found that it’s possible to exploit Gstreamer, which is responsible for indexing thumbnails, by hosting a malicious audio file on the Web. When the user downloads the file, Gstreamer automatically indexes it on most distributions. The application wants to see if it’s a file that needs to have a thumbnail generated. This application includes an obscure library designed to playback Super Nintendo music by emulating the CPU and audio processor from the SNES. Compromised audio files exploit this fact.
Protecting Yourself Agaisnt Gstreamer Exploits
Chrome, especially on the Fedora desktop, will automatically download files without confirmation. Fedora’s tracker apps crawl downloaded files. Pay close attention if using Chrome in any environment, but especially in Fedora, for any message that reads something like “We’re sorry, it looks like the Tracker Metadata Extractor crashed.” This is especially problematic if you’ve done nothing other than visit a Web page, since it could indicate that a browser got compromised.
If you’re an Ubuntu user who never selected MP3 installation options when setting up your machine, then you’re safe. You might consider doing that if reinstalling, but it takes away a large amount of functionality. Firefox users in any version of Linux will be prompted before downloading attacker’s files, so care should be taken before agreeing to any prompts to ensure you know precisely what’s being downloaded.
Users of Chrome can protect themselves by heading to chrome://settings in the URL line, and then selecting “Show advanced settings…” at the bottom of the page.
Scroll down to downloads and then make sure that “Ask where to save each file before downloading” has a check next to it.