I’ve received my free Ubuntu Hardy Heron CD today, thanks Canonical and Ubuntu ! Thanks Pos Malaysia !
I’ve received Canonical Package today – Ubuntu Hardy CD
Ubuntu Release, Maintenance and Support Schedule
Mark Shuttleworth has written a good blog post detailing about future Ubuntu release schedule and the length of support for a particular release, whether its a standard release or an LTS (Long Term Support) release.
In his post, he also explains about the point release concept for the LTS, which each Long Term support installation will receive continuous updates up until the next release of LTS. Which is due to be released in two years time. This point release will allow fresh LTS installation to receives new patches and updates without going through the hassle downloading them through the internet.
Standard releases will continue to receive patches and updates for one and a half-year and Server LTS release will continue to receive updates for 5 years.
For more information read Mark Shuttleworth post, The Art of Release
ssh-vulkey : How to test weak SSH keys on your server
This might be stale news by most security alert people, but I felt compelled to write this post nevertheless. Byy this time most security alert people have realised that a serious security vulnerability has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems, and there are a lot of sites have published information about it. [1] [2] [3] [4] [5].
This vulnerability caused OpenSSL to generate “common” and predictable keys, which is easily crackable by using brute-force algorithm. In the extreme case, some of the keys are successfully cracked in 2 hours time. Longer keys 8192-bit RSA keyset might take as short as 129 days to generate as opposed to hundred of years if the keys were generated securely.
Which Ubuntu Linux system are affected ?
As Ubuntu linux operating system is based on Debian, it inherited Debian vulnerability problem. Users who has generated keys under (before updating to the new OpenSSL package via automatic updates, which is before May 13 2008) — Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS are all affected by this vulnerability
Other system which uses the keys generated by Debian and the above mentioned Ubuntu system is also affected as the keys might allow malicious 3rd party user to abuse the system. SSH login which uses these keys will not be considered secure anymore, and are advised to update their SSH keys immediately.
How to check against weak SSH keys ?
A system is as strong as its security measures (in this case, the key) to protect it. By using ssh-vulkey as detailed in Ubuntu Security Notice 612-2, you can detect weak keys in your system, and updates them accordingly.
Run “sudo ssh-vulnkey -a” command to check against weak keys :
ssh-vulnkey -a
ssh-vulnkey -a Not blacklisted: 2048 fa:2e:1d:a6:84:64:a1:80:c4:31:68:5a:b0:1a:cb:fe /etc/ssh/ssh_host_rsa_key.pub Not blacklisted: 1024 f4:34:04:85:58:a0:6b:0a:a1:b9:2d:3b:e6:19:5a:76 /etc/ssh/ssh_host_dsa_key.pub COMPROMISED: 2048 5c:10:8a:c0:55:8c:1f:d9:4b:05:f0:35:0a:0d:2f:5c /home/someuser/.ssh/authorized_keys Not blacklisted: 2048 a7:b4:3e:41:18:cb:f7:68:5e:4f:ae:30:14:d2:17:fd /home/someuser/.ssh/authorized_keys
More information about OpenSSL in Debian / Ubuntu security vulnerability :
Using lsb_release to get Ubuntu release information
Sometimes when you are about to ask questions or to get help about something related to your Linux computer, you might be asked which distro and the release of the distro you are using.
Same goes if you need to fix something or install binary packages on someone else’s computer. The first thing you should know, is the name of the distro and the release they are using. The simplest way is to use “lsb_release” command, which are included on most modern GNU Linux operating system.
Just run : lsb_release -a
And you will be given information you need to install binary packages, submit a bug report or to determine which solution best for the particular distro.
No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 7.10 Release: 7.10 Codename: gutsy
Ubuntu Hardy Python XML error bugfix – xml.dom.ext
This was brought to my attention when I’m working on a python code to parse xml documents. I found out that in Ubuntu Hardy, the python-xml package has moved xml.dom.ext.* package to /usr/lib/python2.5/site-packages/oldxml thus breaking python code which depended on python-xml.
One way to work around this bug is to append :
sys.path.append('/usr/lib/python%s/site-packages/oldxml' % sys.version[:3])
just before you import stuff from xml.dom.ext.*. Hope that would help you.
Get cool “Powered by Ubuntu” sticker locally in Malaysia
Are you one of Ubuntu users? Then you can proudly display it with one of the “Powered by Ubuntu” stickers stamped on your computers. The only problem was, it used to be difficult to get one of those stickers as they were not offered in Malaysia.
Fortunately, Kebayan IT now offers “Powered by Ubuntu” stickers with reasonable price in Malaysia. They offers RM3/piece (without shipping) for the stickers, with each piece contains 9 “Powered by Ubuntu” stickers in various color.
Now you can turn this
In to this
How cool was it? Please visit Kebayan IT Ubuntu Stickers website for more information.