FOSS Force News Wire

February 21st, 2016

Linux Mint Hacked: ISO for 17.3 Cinnamon Edition Modified

An intrusion of the Linux Mint server on Saturday makes downloads performed on Saturday of version 17.3 Cinnamon potentially vulnerable.

Linux Mint project leader Clem Lefebvre revealed in a blog post today that the popular Linux distribution’s servers were hacked on Saturday. During the “brief” intrusion, the hackers modified the ISO of the Cinnamon edition of Linux Mint 17.3 (Rosa) and also gained access to the distro’s forum database. Only this particular ISO is affected; other editions or releases are considered safe. Only ISO’s downloaded Saturday are potentially vulnerable.

Linux Mint LogoThe modification installs a backdoor into the operating system and any installations made from the affected ISO will need to be replaced. This includes live versions on USB sticks or DVDs. However, not all copies of the ISO downloaded on Saturday are vulnerable. Users who downloaded are urged to check MD5 signatures to make certain the downloaded file is an unmodified version or to boot into the live version (or to the hard drive if the download has already been installed) while offline — Lefebvre suggests disabling the system’s router if in doubt — and look for the file /var/lib/man.cy. If this file is present, the download is infected.

To check the MD5 signatures on a saved copy of the ISO, open a terminal and run the following command using the file name of the downloaded ISO:

md5sum filename.iso

If the query returns the correct signature from the list below, the download is clean and not infected.

6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso

e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso

30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso

3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso

df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso

Any affected image burned to an external medium should not be used (i.e. DVDs should be thrown away and USB drives reformatted). If the affected download has already been installed on a computer, users will need to backup any personal data and reinstall the operating system from a clean download.

Lefebvre says that the Linux Mint forum database, which was also accessed during the intrusion, contained the following information:

  • Your forums username
  • An encrypted copy of your forums password
  • Your email address
  • Any personal information you might have put in your signature/profile/etc…
  • Any personal information you might written on the forums (including private topics and private messages)

Users of the forum are urged to change their passwords, as well as to change passwords on any website using the same password.

We’re currently in the midst of our 2016 Indiegogo fundraising drive. Your support is crucial. Won’t you please visit our fundraising page and make a contribution to support FOSS Force?

Comments are closed.