Linux News Today: Numerous Kerberos Vulnerabilities Have Been Fixed in All Ubuntu OSes
Canonical has published details in a security notice about a number of Kerberos vulnerabilities that have been found and fixed in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.
The Ubuntu maintainers for this utility have released a new update for the Kerberos package (MIT Kerberos Network Authentication Protocol), and users should really take the opportunity and upgrade the system.
According to the security notice, “It was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04.”
This is just one of the problems that have been fixed. For a more detailed description of the vulnerabilities, you can see Canonical’s security notification. Users should upgrade their Linux distribution in order to correct this issue.
The flaw can be fixed if you upgrade your system(s) to the latest Kerberos-related package and their dependencies, specific to each distribution. To apply the patch, users can simply run the Update Manager application.
If you don’t want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):
sudo apt-get update
sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes, and rebooting the system is not required to complete the process.