Canonical has published details in a security notice about a serf vulnerability in Ubuntu 14.04 LTS and Ubuntu 12.04 LTS operating systems that has been found and fixed.
The Ubuntu developers have closed a small vulnerability with the serf package because fraudulent security certificates could have allowed sensitive information to be exposed when accessing the Internet.
According to the security notice, “Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.”
For a more detailed description of the problems, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct this issue.
The flaw can be fixed if you upgrade your system(s) to the latest libserf-1-1 packages specific to each distribution. To apply the patch, you can simply run the Update Manager application.
If you don't want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):
sudo apt-get dist-upgrade