Today surf to :
www.osnews.com and read the topic about ubuntu.
This is the post :
A major, critical bug and possible security threat has been discovered in Ubuntu Breezy. Apparently, the 'root' password (not actually the root password because Ubuntu uses sudo) gets written into the installer's log files in clear text, and can be read by any account on the Ubuntu machine. The bug was first discovered and reproduced on the Ubuntu forums. The bug does not seem to affect Dapper, however, users upgrading from Breezy to Dapper might still be at risk because the log files are not modified. Update: Bug is fixed. Please upgrade.
Links :
https://launchpad.net/distros/ubuntu/+bug/34606http://www.ubuntuforums.org/showthread.php?t=143334http://www.ubuntu.com/usn/usn-262-1Or as slashdot.org says it :
BBitmaster writes "An extremely critical bug and security threat was discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file. Apparently the installer fails to clean its log files and leaves them readable to all users. The bug has been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu users, be sure to get the patch right away."
Lieven
PS : this is information I provide for your safety, do NOT start to discuss this or start a distro war !!!
