Linux News Today: Canonical Patches Severe Glibc DNS Vulnerability in All Supported Ubuntu OSes
If you’ve been reading the news lately, you may know that Google Security Team and Red Hat have disclosed a severe Glibc (GNU C Library) vulnerability, which could affect a huge number of devices and computers.
Glibc is one of the core components of any Linux kernel-based operating system, so the bug must be fixed as soon as possible in all the distributions available on the market. Canonical, the company behind the world’s most popular free operating system, Ubuntu Linux, has released a patch earlier for all its supported Ubuntu OSes.
“It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code,” reads the Ubuntu Security Notice USN-2900-1 published on February 16, 2016.
The Glibc security flaw has been patched by Canonical for the Ubuntu 15.10 (Wily Werewolf), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin) operating systems, but also for the upcoming Ubuntu 16.04 LTS (Xenial Xerus) OS, which is currently in development, thus urging users to update as soon as possible.
The Glibc security patch is coming soon to other OSes
To update, Ubuntu users need to fire up the Software Updater utility from the Unity Dash, let the application reload the software repositories and find available updates, and then click the “Install” button to update their systems. Advanced users can do a distribution upgrade (apt dist-upgrade) from the command-line.
While Ubuntu users are now safe, it looks like many other GNU/Linux distributions need to release a patch for the major Glibc vulnerability as well in the coming days, so we recommend that you always keep your system up to date. CRUX users have already received the patch earlier, which looks like it will come to Arch Linux as well soon.