Using calibre safely?
Kevin O'Gorman
kogorman at gmail.com
Wed Nov 30 07:43:11 UTC 2011
On Tue, Nov 29, 2011 at 11:46 AM, Shaun ONeil <shaun at oneil.me.uk> wrote:
> Hi Kevin,
>
> On 29 Nov 2011, at 18:09, Kevin O'Gorman wrote:
>
>> For a few months now I've been using calibre to access the 100-or-so
>> ebooks that I have (mostly DRM-free PDFs).
>> I just became aware of a vulnerability built in to calibre.
>> I am not enormously worried because this is a one-user system, and the
>> vulnerability seems to involve privilege
>> escalation by authorized users.
>
> The escalation that made the rounds lately does *not* affect Ubuntu (since 10.10), or most other distros. The 'helper' was replaced by the packager by something which better integrated with the methods Ubuntu uses for mounting disks - see https://bugs.launchpad.net/calibre/+bug/885027/comments/30
I'm not using the Ubuntu version, but instead I use the calibre python
installer. I much prefer the modern version, and 10.04 LTS is just so
out of date. So I'm going to have to roll my own security. I'll have
a look at that launchpad bug.
--
Kevin O'Gorman, PhD
More information about the ubuntu-users
mailing list