Ubuntu recently announced an unscheduled point release of its 16.04 LTS version.
The Ubuntu 16.04.6 version was developed as a patch for a major vulnerability that was found in its Linux-based OS. The patch is available for both its server and desktop products.
The security flaw allowed attackers to trick the operating systems Advanced Packaging Tool (APT) to install infected packages.
Discovered by researcher Max Justicz, certain parameters were handled falsely by the APT during redirects. This meant that in case of a MITM (Man-in-the-middle) attack, attackers could potentially install altered packages.
This problem can be resolved by updating the operating system with the latest patched version. The Ubuntu 16.04.6 includes a number of other security updates for vulnerabilities with high impact. The version has been released with a strong focus on maintaining stability and compatibility both.
Lukasz Zemczak of Ubuntu announced that unlike previous point releases, 16.04.6 is a security-targeted release for the purpose of providing updated installation media which protects new installations from the recently discovered APT vulnerability (USN-3863-1).
The update aims to ensure that new installs are no longer prone to the bug and the user security remain protected.
Ubuntu 16.04 is not the only version to get affected by this serious vulnerability. Versions 18.10, 18.04 and 14.04 LTS are also on the line and are vulnerable to altered packages being installed.