Due to the recently discovered APT security vulnerability

Feb 25, 2019 13:53 GMT  ·  By

Canonical is preparing to release new, emergency point releases of its long-term supported Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) operating system series due to the recently discovered APT security vulnerability.

Following on the footsteps of the Debian Project, which released the Debian GNU/Linux 9.7 point release for the stable Stretch series, which only contained a patched APT package manager, Canonical also wants to offer users a secure installation medium for deploying the Ubuntu 16.04 LTS and Ubuntu 14.04 LTS operating systems.

"In the light of the recently discovered and fixed APT vulnerability, we have decided to re-build all our supported ISOs that could be potentially affected," said Lukasz Zemczak in a mailing list announcement on Friday. "We did not plan for another Xenial point-release but oh well, what can you do. Security is important."

Ubuntu 16.04.6 LTS and Ubuntu 14.04.6 LTS coming soon

The Ubuntu 16.04.6 LTS (Xenial Xerus) and Ubuntu 14.04.6 LTS (Trusty Tahr) point releases are expected to be released sometime this week, and they will include a patched APT package manager to preventing remote attackers from performing man-in-the-middle attacks by installing malicious packages that pose as valid ones, according to CVE-2019-3462.

Canonical said that they'd prepare these emergency point releases only for Ubuntu and that official flavors like Kubuntu, Xubuntu, or Lubuntu aren't required to participate. Release Candidate (RC) images of Ubuntu 16.04.6 LTS (Xenial Xerus) are already available for public testing, and Canonical urges the community to participate and report bugs or other issues on Launchpad.

Of course, the Ubuntu 16.04.6 LTS and Ubuntu 14.04.6 LTS point releases are intended only for new installations as existing users need not download any ISO images to update their machines. To ensure your Ubuntu Linux systems are always up-to-date, run the "sudo apt-get update && sudo apt-get dist-upgrade" commands in a terminal emulator regularly.