Using calibre safely?
Kevin O'Gorman
kogorman at gmail.com
Wed Nov 30 22:39:17 UTC 2011
On Tue, Nov 29, 2011 at 11:46 AM, Shaun ONeil <shaun at oneil.me.uk> wrote:
> Hi Kevin,
>
> On 29 Nov 2011, at 18:09, Kevin O'Gorman wrote:
>
>> For a few months now I've been using calibre to access the 100-or-so
>> ebooks that I have (mostly DRM-free PDFs).
>> I just became aware of a vulnerability built in to calibre.
>> I am not enormously worried because this is a one-user system, and the
>> vulnerability seems to involve privilege
>> escalation by authorized users.
>
> The escalation that made the rounds lately does *not* affect Ubuntu (since 10.10), or most other distros. The 'helper' was replaced by the packager by something which better integrated with the methods Ubuntu uses for mounting disks - see https://bugs.launchpad.net/calibre/+bug/885027/comments/30
>
>> On the other hand, it appears that my calibre is listening on a TCP
>> port. It's on a laptop behind a NAT router at
>> the moment, so I'm still safe, but because I'd like to migrate to
>> another system that is exposed to the net, I'd like
>> it to stop network access because I'm not networking any of these
>> books. Not intentionally, anyway.
>
> That one I wasn't expecting. Do you have Sharing enabled? (Preferences -> Sharing -> 'Sharing over the net') I believe that's the only place mine's listening.
AFAICT I'm not sharing. I've not activated it either through 'Sharing
over the net' nor the separate 'Connect/share' selections.
--
Kevin O'Gorman, PhD
More information about the ubuntu-users
mailing list