Ubuntu Weekly Report: 11th - 17th May, 2008

A major security hole was discovered this week in the random number generator used by OpenSSL, OpenSSH and OpenVPN packages. So, if you are using Ubuntu (any version), Debian or any other distribution that's based on them, you are advised to update immediately! Because of this issue, some of the encryption keys are much simpler than they should be. An attacker could find the key through a brute-force attack. The encryption keys used in OpenSSH, OpenVPN and SSL certificates are the most affected by the weakness. Those generated with GnuPG or GnuTLS do not suffer from this vulnerability.

UbuntuME 8.04 was introduced this week and it is now compatible with Hardy Heron. UbuntuME, or Ubuntu Muslim Edition, is yet another free and open source operating system based on the popular Ubuntu Linux distribution. What makes this one special? Well... it is customized with Islamic software, like prayer times or an Arabic learning software. Find out more about UbuntuME 8.04 here.

In other news, the Launchpad logo contest winner was announced. He is Eugene Tretyak! Click here to see his wonderful logo for Launchpad. From now on, this will be the default Launchpad logo!

Now, let's move on to the security updates and fixes for all the Ubuntu releases. First, the common security updates:

• OpenSSL vulnerability
• OpenSSH vulnerabilities
• OpenVPN vulnerability
• SSL Cert vulnerabilities
• OpenSSH update
• OpenVPN regression

Let's start now with the updates for Ubuntu 7.04:

• OpenSSL 0.9.8c-4 ubuntu0.3
• OpenSSH 4.3p2-8 ubuntu1.3
• OpenSSH Blacklist 0.1-1 ubuntu0.7.04.1
• OpenVPN 2.0.9-5 ubuntu0.1
• OpenVPN Blacklist 0.1-0 ubuntu0.7.04.1
• OpenSSL Blacklist 0.1-0 ubuntu0.7.04.1
• SSL Cert 1.0.13-0 ubuntu0.7.04.1
• OpenSSH 4.3p2-8 ubuntu1.4
• OpenSSL Blacklist 0.1-0 ubuntu0.7.04.2
• OpenVPN 2.0.9-5 ubuntu0.2

The updates for Ubuntu 7.10 are:

• OpenSSL 0.9.8e-5 ubuntu3.2
• OpenSSH 4.6p1-5 ubuntu0.3
• OpenSSH Blacklist 0.1-1 ubuntu0.7.10.1
• OpenVPN 2.0.9-8 ubuntu0.1
• OpenVPN Blacklist 0.1-0 ubuntu0.7.10.1
• OpenSSH 4.6p1-5 ubuntu0.4
• OpenSSL Blacklist 0.1-0 ubuntu0.7.10.1
• SSL Cert 1.0.14-0 ubuntu0.7.10.1
• OpenSSH 4.6p1-5 ubuntu0.5
• OpenSSL Blacklist 0.1-0 ubuntu0.7.10.2
• OpenVPN 2.0.9-8 ubuntu0.2
• ia32-libs 2.1 ubuntu4

Finally, below are the updates for Ubuntu 8.04 LTS:

• GCC Defaults 1.62 ubuntu4
• Bash 3.2-0 ubuntu18
• Linux Restricted Modules Envy-2.6.24 2.6.24.500-500.29
• Trousers 0.3.1-4 ubuntu0.1
• Mplayerplug-in 3.50-1 ubuntu2.1
• libgphoto2 2.4.0-8 ubuntu7
• OpenSSL 0.9.8g-4 ubuntu3.1
• OpenSSH 4.7p1-8 ubuntu1.1
• Totem PL Parser 2.22.3-0 ubuntu1
• GDM 2.20.6-0 ubuntu1
• Nautilus 2.22.2-0 ubuntu6
• Fakechroot 2.6-1.3 ubuntu0.1
• OpenVPN 2.1 RC7-1 ubuntu3.1
• OpenVPN Blacklist 0.1-0 ubuntu0.8.04.1
• OpenSSL Blacklist 0.1-0 ubuntu0.8.04.1
• SSL Cert 1.0.14-0 ubuntu2.1
• Apache2 2.2.8-1 ubuntu0.1
• OpenSSH 4.7p1-8 ubuntu1.2
• OpenSSL Blacklist 0.1-0 ubuntu0.8.04.2
• OpenVPN 2.1 RC7-1 ubuntu3.2
• GCC Defaults 1.62 ubuntu5
• Sudo 1.6.9p10-1 ubuntu3.2
• Dbus 1.1.20-1 ubuntu2
• Xorg 7.3+10 ubuntu10.1
• Dovecot 1.0.10-1 ubuntu5.1
• EnvyNG Core 1.1.1 ubuntu16
• PAM 0.99.7.1-5 ubuntu6.1
• F-Spot 0.4.3.1-0 ubuntu1
• Gmail Notify 1.6.1-3 ubuntu2.1
• Python Aptsources 0.0.2
• IcedTea Gcjwebplugin 1.0-0 ubuntu6
• Totem PL Parser 2.22.3-0 ubuntu2
• Quagga 0.99.9-2 ubuntu1.1
• Glib2.0 2.16.3-1 ubuntu2
• KGraphViewer 2.0-0 ubuntu2.1
• KDE4 Libraries 4.0.3-0 ubuntu5.2
• ia32-libs 2.2 ubuntu11

Once again, make sure you update your Ubuntu machines right now! See you again next week for another Ubuntu Weekly Report.

Download Ubuntu 8.04 LTS Hardy Heron right now from Softpedia.

Download Kubuntu 8.04 Hardy Heron right now from Softpedia.

Download Xubuntu 8.04 Hardy Heron right now from Softpedia.

Download Edubuntu 8.04 LTS Hardy Heron right now from Softpedia.

Download Ubuntu Studio 8.04 Hardy Heron right now from Softpedia.

Download Ubuntu JeOS 8.04 Hardy Heron right now from Softpedia.

Download Mythbuntu 8.04 Hardy Heron right now from Softpedia.