Users need to upgrade the OS in order to fix the problem

Jul 3, 2015 13:48 GMT  ·  By

Canonical has published details in a security notice about an unattended-upgrades vulnerability that has been identified and fixed in Ubuntu 15.04, Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS.

The unattended-upgrades function is a very important component because, as the name suggests, this takes care of the automatic installation of security upgrades. From the looks of it, an attacker could have tricked unattended-upgrades to installing altered packages, which is actually just as bad as it sounds.

"It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.," reads the security notice.

For a more detailed description of the problems, you can see Canonical's security notification. The problem can be corrected if you upgrade your system(s) to the latest unattended-upgrades package. Interestingly enough, all the supported Linux distros were affected.

To apply the patch, you can simply run the Update Manager application, but you can also use the terminal if you don't like the provided GUI interface. Open a terminal and enter the following commands (you will need to be root):

code
sudo apt-get update
sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes. The update requires a system reboot in order to be completed.