≡ Menu

Ubuntu Linux

Ubuntu Linux Critical OpenSSL and Ruby Vulnerabilities Fix Released

An unpatched security hole in Ubuntu Linux 8.04 LTS operating system could be used by attackers to send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL to take control of vulnerable servers. Also ruby package can be used to run a malicious script - an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. It is recommended that you immediately update your system. Affected systems:
OpenSSL Vulnerability - Ubuntu Linux LTS 8.04 and corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
Ruby Vulnerability - Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS and corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

How do I fix this issue

Simply type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade

After a standard system upgrade you need to reboot your computer to effect the necessary change:
$ sudo reboot

Security Alert: Ubuntu Linux kernel vulnerabilities

Ubuntu Linux today pushed out a new version of Linux kernel to fix serval local and remote security issues. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges. On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. This security issue affects the following Ubuntu, Kubuntu, Edubuntu, and Xubuntu. releases:

=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10

To fix this issue type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade

You need to reboot your computer to effect the necessary changes, enter:
$ sudo reboot

Windows Vista Failure: Pay Extra $50 To Get Aging Windows XP

From the computerworld:

Dell Inc. will charge customers up to $50 for factory-installed Windows XP on some PCs after Wednesday, according to the company's Web site. Vista Business and Vista Ultimate are the only generally-available editions that allow downgrades, and they can be downgraded only to Windows XP Professional. Under Microsoft's licensing terms, the less-expensive XP Home cannot be installed as a downgrade.

This is really funny, Microsoft spent over 6-8 years developing MS-Vista and now users are willing to pay not to use it. This clearly indicate that end users only pay when you have a better product, which is free from DRM crap, faster and less buggy as compare to Vista. As usual, I suggest you get Dell with Ubuntu Linux loaded for 100% peace of mind.

Security Update: Ubuntu Linux PCRE Vulnerability (libpcre3)

Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.

A security issue affects the following Ubuntu releases for CVE-2008-2371:

=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10
=> Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

How do I fix this issue?

Type the following two commands, enter:
$ sudo apt-get update
$ sudo apt-get upgrade

Ubuntu 8.10 Upgrade

I've just finished upgrading my desktop and laptop system without any problem. By default Ubuntu 8.04 LTS will not offer a upgrade to 8.10. This is because the 8.04 LTS version is a long term support release and 8.10 is a regular release. However, you can do network upgrade by configuring LTS release to normal release as follows:

Click on System > Administration > Software Sources

Next click on the "Updates" tab and change "Show new distribution release" to "Normal releases":

Fig.01: Ubuntu 8.10 Upgrade

Fig.01: Ubuntu 8.10 Upgrade

Click on Close to save the changes.

Ubuntu 8.10 Upgrade Over The Internet

Click on System > Administration > Update Manager:

Next click the Check button to check for new updates. If there are any updates to install, use the Install Updates button to install them, and press Check again after that is complete. Finally, a message will appear on screen, informing you of the availability of the new 8.10 release as follows:

Message Informing you of the availability of the new 8.10 release

Message Informing you of the availability of the new 8.10 release

Click on Upgrade button and just follow the on-screen instructions. The procedure may take some time.

A note about Ubuntu 8.10 server upgrade

Please see this article to perform network upgrade for Ubuntu servers.

Security buffer overflow: libtk-img packages arbitrary code execution

It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code. This is affected on all Linux / UNIX distributions.


Package : libtk-img
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0553

Debian / Ubuntu Linux Fix

Type the following command:
# apt-get update
# apt-get upgrade

Ubuntu Software Update How To

One of our regular reader asks:

How do I update and patch system under Ubuntu Linux? How do I update desktop and server edition software?

Updating software under Ubuntu Linux is pretty easy. There are two ways to update software as follows:

Method # 1: Ubuntu Linux Software update using command line tools

apt-get is the command-line tool for handling packages, updating package and installing patches under Ubuntu Linux. All you have to do is type the following two command to update all installed software to latest version.

Open terminal and type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade

Sample output:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  linux-headers-generic linux-image-generic openssh-client openssh-server ssl-cert
The following packages will be upgraded:
  ca-certificates cupsys cupsys-bsd cupsys-client cupsys-common evolution evolution-common evolution-plugins gstreamer0.10-esd gstreamer0.10-plugins-good
  kdelibs-data kdelibs4c2a libcupsimage2 libcupsys2 libgnutls13 libhsqldb-java libpq5 libsmbclient libsmbclient-dev libspeex-dev libspeex1 libssl0.9.8
  linux-image linux-libc-dev linux-restricted-modules-common linux-source-2.6.22 linux-ubuntu-modules-2.6.22-14-generic openoffice.org openoffice.org-base
  openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-draw openoffice.org-evolution openoffice.org-filter-mobiledev
  openoffice.org-gnome openoffice.org-gtk openoffice.org-impress openoffice.org-java-common openoffice.org-math openoffice.org-style-human
  openoffice.org-writer openssl python-uno samba-common smbclient ssh ssh-askpass-gnome ttf-opensymbol tzdata update-manager update-manager-core
  vorbis-tools xserver-xephyr xserver-xorg-core xserver-xorg-dev
56 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Need to get 183MB of archives.
After unpacking 119kB of additional disk space will be used.
Do you want to continue [Y/n]? y 

Method # 2: GUI tool - Ubuntu Update Manager

This is a GUI tool. It works like Microsoft / Red Hat / Fedora update manager i.e. you will see a little icon in the kicker bar/taskbar when there are updates available. It will only appear when new upgrades are available. All you have to do is click on it and follow the online instructions.

You can also star GUI tool by Clicking System > Administration > Update Manager > Select Install update
Ubuntu Linux Software Update manager
(Fig.01: Ubuntu Linux Software Update Manager in Action)