Linux Mint users should be very cautious when installing software from Universe and Multivers repositories and even consider a possibility not to enable those repositories by default. Ubuntu always stated that "neither universe nor multiverse contain officially-supported packages. In particular, there may not be security updates for these packages" and it's up to community to maintain more than 50000 packages. But in reality even if vulnerability is discovered and the libraries are patched by Ubuntu the update will not be provided for general users. Here is an example for Ubuntu 22.04 LTS supported till 2027:
USN-6008-1: Exo vulnerability 11 April 2023
libexo-common (4.16.3-1) last updated 14 Dec 2021
Not vulnerable version available with Ubuntu Pro :
libexo-common - 4.16.3-1ubuntu0.1~esm1
libexo-2-0 (4.16.3-1) last updated 14 Dec 2021
Not vulnerable version available with Ubuntu Pro :
libexo-2-0 - 4.16.3-1ubuntu0.1~esm1
USN-5620-1: OpenEXR vulnerabilities 20 September 2022
openexr 28 (2.5.7-1) last updated Aug 2021
Not vulnerable version available with Ubuntu Pro :
openexr - 2.5.7-1ubuntu0.1~esm1
libopenexr25 (2.5.7-1) last updated 28 Aug 2021
Not vulnerable version available with Ubuntu Pro :
libopenexr25 - 2.5.7-1ubuntu0.1~esm1
USN-5181-1: jQuery UI vulnerability 9 September 2022
node-jquery-ui (1.13.1+dfsg-1) last updated 18 Feb 2022
Not vulnerable version available with Ubuntu Pro :
node-jquery-ui - 1.13.1+dfsg-1ubuntu0.1~esm1
libjs-jquery-ui (1.13.1+dfsg-1) last updated 18 Feb 2022
Not vulnerable version available with Ubuntu Pro :
libjs-jquery-ui - 1.13.1+dfsg-1ubuntu0.1~esm1
USN-6621-1: ImageMagick vulnerability 1 February 2024
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3) last updated 30 Mar 2023
Not vulnerable version available with Ubuntu Pro :
imagemagick - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3
imagemagick-6.q16 (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3) last updated 30 Mar 2023
Not vulnerable version available with Ubuntu Pro :
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3
libmagickcore-6.q16-6 (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3) last updated 30 Mar 2023
Not vulnerable version available with Ubuntu Pro :
libmagickcore-6.q16-6 - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3
libmagickcore-6.q16-6-extra (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3) last updated 30 Mar 2023
Not vulnerable version available with Ubuntu Pro :
libmagickcore-6.q16-6-extra - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3
unsafe software for Linux Mint users coming from Universe repo
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
unsafe software for Linux Mint users coming from Universe repo
Last edited by xenopeek on Tue Mar 26, 2024 4:21 pm, edited 1 time in total.
Reason: added USN links
Reason: added USN links
-=t42=-
-
MikeNovember
- Level 7
- Posts: 1856
- Joined: Fri Feb 28, 2020 7:37 am
- Location: Nice, Paris, France
Re: unsafe software for Linux Mint users coming from Universe repo
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
-
Pjotr
- Level 24
- Posts: 20142
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: unsafe software for Linux Mint users coming from Universe repo
I don't think that Ubuntu Pro covers everything in Universe and Multiverse. In real life it'll only be a small selection of packages, I expect.
Universe and Multiverse, because they're in the hands of the community (the MOTUs), have always been problematic on the issue of security updates. Ever since the beginning of Ubuntu.
Although some security updates are being released for some packages in those repos from time to time, it's best to expect no security updates whatsoever for the packages you install from them. So: act as if those packages are insecure.
Still, those repos contain some very useful stuff. Which, by the way, can be considered as malware-free, because the MOTUs can be trusted to check for that.
Furthermore, the real-life risk of having unpatched versions of packages from them in your system, is usually rather small. A life without (some degree of) danger is impossible on our poor planet Earth.... C'est la vie.
Just don't install a web browser from Universe or Multiverse.
Universe and Multiverse, because they're in the hands of the community (the MOTUs), have always been problematic on the issue of security updates. Ever since the beginning of Ubuntu.
Although some security updates are being released for some packages in those repos from time to time, it's best to expect no security updates whatsoever for the packages you install from them. So: act as if those packages are insecure.
Still, those repos contain some very useful stuff. Which, by the way, can be considered as malware-free, because the MOTUs can be trusted to check for that.
Furthermore, the real-life risk of having unpatched versions of packages from them in your system, is usually rather small. A life without (some degree of) danger is impossible on our poor planet Earth.... C'est la vie.
Just don't install a web browser from Universe or Multiverse.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.