Linux News Today: Simple Streams Vulnerability Closed in Ubuntu 15.04 and Ubuntu 14.04 LTS
A new vulnerability that affected the Simple Streams packages has been found and corrected in Ubuntu 14.04 LTS and Ubuntu 15.04 by developers.
The issue that affected the simplestreams library has been corrected. From the looks of it, the applications that were using Simple Streams could have been made to crash or run programs if they received specially crafted network traffic. It’s not a huge problem, but as usual, it’s a good idea to upgrade.
“It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream,” is noted in the security notice.
More details about this issue can be found in the initial security notice. The problem can be easily solved if users upgrade to the latest lpython-simplestreams, simplestreams, python-simplestreams-openstack, and python3-simplestreams packages, specific to each distribution. Users can either use the automated process available in every Ubuntu version, or they can use the terminal. If they choose the terminal, they will need to enter the following commands (root is needed):
sudo apt-get update
sudo apt-get dist-upgrade
The updating process should be very fast, and rebooting the system is not necessary, but users will have to restart any services that make use of python-simplestreams or python3-simplestreams. Even if looks like a trivial problem, please keep in mind that upgrading the system once in while is a good idea.