An intrusion of the Linux Mint server on Saturday makes downloads performed on Saturday of version 17.3 Cinnamon potentially vulnerable.
Linux Mint project leader Clem Lefebvre revealed in a blog post today that the popular Linux distribution’s servers were hacked on Saturday. During the “brief” intrusion, the hackers modified the ISO of the Cinnamon edition of Linux Mint 17.3 (Rosa) and also gained access to the distro’s forum database. Only this particular ISO is affected; other editions or releases are considered safe. Only ISO’s downloaded Saturday are potentially vulnerable.
The modification installs a backdoor into the operating system and any installations made from the affected ISO will need to be replaced. This includes live versions on USB sticks or DVDs. However, not all copies of the ISO downloaded on Saturday are vulnerable. Users who downloaded are urged to check MD5 signatures to make certain the downloaded file is an unmodified version or to boot into the live version (or to the hard drive if the download has already been installed) while offline — Lefebvre suggests disabling the system’s router if in doubt — and look for the file
/var/lib/man.cy. If this file is present, the download is infected.
To check the MD5 signatures on a saved copy of the ISO, open a terminal and run the following command using the file name of the downloaded ISO:
If the query returns the correct signature from the list below, the download is clean and not infected.
Any affected image burned to an external medium should not be used (i.e. DVDs should be thrown away and USB drives reformatted). If the affected download has already been installed on a computer, users will need to backup any personal data and reinstall the operating system from a clean download.
Lefebvre says that the Linux Mint forum database, which was also accessed during the intrusion, contained the following information:
- Your forums username
- An encrypted copy of your forums password
- Your email address
- Any personal information you might have put in your signature/profile/etc…
- Any personal information you might written on the forums (including private topics and private messages)
Users of the forum are urged to change their passwords, as well as to change passwords on any website using the same password.
We’re currently in the midst of our 2016 Indiegogo fundraising drive. Your support is crucial. Won’t you please visit our fundraising page and make a contribution to support FOSS Force?