Canonical is preparing to release new, emergency point releases of its long-term supported Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) operating system series due to the recently discovered APT security vulnerability.
Following on the footsteps of the Debian Project, which released the Debian GNU/Linux 9.7 point release for the stable Stretch series, which only contained a patched APT package manager, Canonical also wants to offer users a secure installation medium for deploying the Ubuntu 16.04 LTS and Ubuntu 14.04 LTS operating systems.
The Ubuntu 16.04.6 LTS (Xenial Xerus) and Ubuntu 14.04.6 LTS (Trusty Tahr) point releases are expected to be released sometime this week, and they will include a patched APT package manager to preventing remote attackers from performing man-in-the-middle attacks by installing malicious packages that pose as valid ones, according to CVE-2019-3462.
Canonical said that they’d prepare these emergency point releases only for Ubuntu and that official flavors like Kubuntu, Xubuntu, or Lubuntu aren’t required to participate. Release Candidate (RC) images of Ubuntu 16.04.6 LTS (Xenial Xerus) are already available for public testing, and Canonical urges the community to participate and report bugs or other issues on Launchpad.
Submitted by: Arnfried Walbrecht