Author Topic: Linux Ubuntu users read this  (Read 2695 times)

Offline killerbot

  • Administrator
  • Lives here!
  • *****
  • Posts: 5193
Linux Ubuntu users read this
« on: March 13, 2006, 07:41:23 am »
Today surf to : www.osnews.com and read the topic about ubuntu.

This is the post :

A major, critical bug and possible security threat has been discovered in Ubuntu Breezy. Apparently, the 'root' password (not actually the root password because Ubuntu uses sudo) gets written into the installer's log files in clear text, and can be read by any account on the Ubuntu machine. The bug was first discovered and reproduced on the Ubuntu forums. The bug does not seem to affect Dapper, however, users upgrading from Breezy to Dapper might still be at risk because the log files are not modified. Update: Bug is fixed. Please upgrade.

Links :
https://launchpad.net/distros/ubuntu/+bug/34606
http://www.ubuntuforums.org/showthread.php?t=143334
http://www.ubuntu.com/usn/usn-262-1

Or as slashdot.org says it :
 BBitmaster writes "An extremely critical bug and security threat was discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file. Apparently the installer fails to clean its log files and leaves them readable to all users. The bug has been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu users, be sure to get the patch right away."



Lieven

PS : this is information I provide for your safety, do NOT start to discuss this or start a distro war !!!



Offline Michael

  • Lives here!
  • ****
  • Posts: 1608
Re: Linux Ubuntu users read this
« Reply #1 on: March 13, 2006, 12:34:29 pm »
Hello Lieven,

Thank you very much for this info. I should have missed it when checking the new posts of the ubuntu forum. Anyway, this explains the automatic updates of this morning :).

Best wishes,
Michael