14 DAY TRIAL // Ubuntu development team announced yesterday a security vulnerability in the Kerberos packages. The team discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. Therefore, an unauthenticated remote user had the ability to send a specially crafted request and execute an arbitrary code with root privileges. The security issue affects the following Ubuntu releases:
■ Ubuntu 6.06 LTS (Dapper Drake) ■ Ubuntu 6.10 (Edgy Eft) ■ Ubuntu 7.04 (Feisty Fawn)
And it also applies to the corresponding versions of Kubuntu, Edubuntu and Xubuntu distributions.
The best way to fix this security issue is to upgrade your system to the following package versions:
For Ubuntu 6.06 LTS:
■ libkadm55 1.4.3-5ubuntu0.5 ■ librpcsecgss1 0.7-0ubuntu1.1
For Ubuntu 6.10:
■ libkadm55 1.4.3-9ubuntu1.4 ■ librpcsecgss2 0.13-2ubuntu0.1
For Ubuntu 7.04:
■ libkadm55 1.4.4-5ubuntu3.2 ■ librpcsecgss3 0.14-2ubuntu1.1
About Ubuntu:
Ubuntu is a Linux distribution for your desktop or server, with a fast and easy install, regular releases, a tight selection of excellent packages installed by default, every other package you can imagine available from the network and professional technical support from Canonical Ltd and hundreds of other companies around the world.
About Canonical Ltd
Canonical, the commercial sponsor of Ubuntu, is a global organization headquartered in Europe committed to the development, distribution and support of open source software products and communities.
Canonical staff and software have deep roots in the open source community and a proven track record of success in the commercial software industry. Team members include leaders from the Gnome, Linux, Debian and Bazaar open source projects, helping Canonical to stay at the forefront of the rapidly changing open source software world.
You can now download Ubuntu 7.04 Feisty Fawn from Softpedia.
You can now download Kubuntu 7.04 Feisty Fawn from Softpedia.
You can now download Xubuntu 7.04 Feisty Fawn from Softpedia.
You can now download Edubuntu 7.04 Feisty Fawn from Softpedia.
You can download the actual Alpha version of Ubuntu 7.10 (for testing purposes only) now from Softpedia.