Ubuntu launches an unexpected security update for v.16.04

Ubuntu plugs code exec, DoS Linux kernel holes

The launch has been designed to correct a critical vulnerability

Ubuntu has just announced an unscheduled launch: updating its version 16.04 LTS, for its server and desktop products. According to network security specialists from the International Institute of Cyber Security, the Ubuntu 16.04.6 version has been developed as an update patch to correct a critical vulnerability found in the popular Debian-based operating system.

The reported vulnerability would have allowed malicious hackers to deceive the Advavced Packaging Tool (APT) of operating systems to install specially designed packages. According to Max Justicz, network security expert responsible for reporting the vulnerability, hundreds of parameters have been handled inappropriately by the APT. This could have allowed attackers to install altered packets during a Man-in-the-Middle (MiTM) attack.

One way to mitigate the risk of exploitation is to update the operating system to the latest patched version, which includes new security features for vulnerabilities considered critical, and has tried to maintain compatibility with Ubuntu 16.04.

In the update report, Ubuntu mentions that “unlike previous releases, 16.04.6 is an update designed for security. Its main purpose is to provide adequate means of installation to protect the following installations from newly discovered vulnerabilities”.

The Ubuntu 16.04.6 packages affected by this vulnerability could behave unexpectedly. According to experts in network security, the update ensures that new installations are not vulnerable to this error, so the user will remain protected.

Ubuntu 16.04 is not the only version affected by this critical vulnerability. Versions 18.10, 18.04 and 14.04 LTS are also impacted by this modification of packages made by malicious hackers.