Ubuntu ‘command-not-found’ tool can be abused to spread malware
February 14, 2024 at 11:00AM A logic flaw in Ubuntu’s ‘command-not-found’ package suggestion system allows attackers to promote malicious Snap packages, posing significant supply chain risks for Linux users. Attackers can exploit typos, unreserved snap names, and unclaimed aliases to trick the utility into suggesting harmful packages. Mitigation steps include package authenticity verification and developer … Read more