A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system.

This particularly affects the use of encryption keys in OpenSSH. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.

We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems. The following Ubuntu releases are affected: Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

ISOs available already on ubuntu.com and mirrors will not be updated with the new packages, but using the Update Manager to get security updates will replace the impacted packages. Users should then regenerate new keys.

ShipIt has stopped mailing CDs.

The 8.04.1 point release, expected in July, will include the updated packages.

Please see usn-612-2 for the latest information regarding updating your system and taking appropriate protective measures.

Here on The Fridge, we’ve covered some of the exciting work going on with the Ubuntu port to Sun’s new UltraSPARC T1 (Niagara) architecture, but now the cat is out of the bag — Canonical will be supporting Ubuntu 6.06 LTS on SPARC, with particular focus on the Sun Fire T1000 and T2000 servers. Wow! A few quotes to tell the story…

John Fowler in the Sun press release:

“Ubuntu is arguably one of the most important - if not the most important - GNU/Linux distribution on the planet and will soon blaze new trails in support for SPARC-based servers.”

Mark Shuttleworth:

I would credit the Linux/SPARC community (and David Miller in particular), and the OpenSPARC community, with the speed of this port moving from “first code” to production supportable. When I first saw David speaking about Niagara support at LCA in Dunedin in January, we all thought that Dapper could support traditional SPARC at release but then get Niagara support some months later in an update.

But the fervour with which the community at large under David’s leadership attacked the problem has meant that Linux on Niagara has progressed far faster than we expected - so much so that the first SPARC CD release of Dapper (which will be uploaded a little after the other architectures when we make the Dapper release) will support most UltraSPARC T1 machines out of the box.

Simon Phipps:

Why Ubuntu? Well, it’s by far my favourite GNU/Linux (and I’m not alone - it was the system NexentaOS GNU/OpenSolaris was built from too), it’s based on the rock that is Debian and best of all the company behind it has a very Software 3.0 approach to business. As Cote is quoted as saying on TechTarget, the possibilities with Ubuntu are fascinating.

So look forward to running a fully-supported Dapper Drake on some seriously sexy hardware!

[Discuss]

Colm MacCárthaigh gobsmacked himself — and us! — with some impressive stats that show Ubuntu tidily outperforming Solaris Express on Sun’s Niagara-powered T2000. Given that Niagara is optimised more for throughput and thread-count than raw number-crunching, Colm benchmarked Apache web requests. He reports that “the result is stunning. Ubuntu is now outperforming even Solaris express, and we’re sustaining 22,183.43 requests per second - using out of the box Apache 2.2.0.” Way to go!

[Discuss]

Fabio Massimo Di Nitto, leader of the Ubuntu Server Team and community SPARC port, has announced that Ubuntu is now available for testing on Sun’s new Niagara machines. Fabio thanked kernel hacker David S. Miller for his work on Linux support for Niagara, and a number of Ubuntu developers for their expert help and assistance with integration. A netboot image is available, with a complete CD installer coming soon. If you’re lucky enough to have one of these beauties, please test the netboot installer, and send your feedback to the Server Team!

What is Niagara? A massively multi-core, multi-threaded CPU design. While x86 compatible CPUs are only just starting to have dual cores, Niagara CPUs can have up to eight cores, with four threads per core - that’s 32 simultaneous running threads. It’s a very different kind of beast, so porting it to Linux was a bit of an adventure. Check out Dave’s blog for some great war stories.

[Discuss]

Here’s a great interview with Fabio Massimo Di Nitto, leader of the Ubuntu Server team. When Fabio’s not cooking up a hearty spaghetti bolognese - with sauce in the shape of the Ubuntu logo! - he’s ploughing fixes and love into Ubuntu, and making it rock for server administrators world-wide. (Please note that the interview was conducted in Italian and translated to English.)

After the first release of the Ubuntu Server CD with breezy, we had a strong demand for extending the scope of the project and we decided to concentrate on the quality of the server-specific packages and on adding features that we think can be more useful for an administrator.

[Discuss]

Ubuntu happens to be the distribution of choice in the Strategic Penguin Command Center of the Ars Orbiting HQ, so many of us are eager to try out the new server release. For a glimpse at the robust feature set, take a look at the ServerCandy specification at the Ubuntu Wiki. The server team has some interesting plans for the future, including potential inclusion of the Xen virtualization system.

September 2004:

Ubuntu 4.10 Preview launched to rave reviews. By all accounts, it was a smashing desktop… But deep underneath lay the foundations of a server powerhouse, waiting to be unleashed.

April 2005:

Ubuntu 5.04 ships with an minimal server profile option on the installation CD. A growing number of server administrators are realising the unique combination of benefits provided by the Ubuntu commitment and community - 6 month release cycles, 18 month support cycles, timely and reliable security updates, a rock solid server platform and mountains of systems administration experience in the Ubuntu and Debian communities.

October 2005:

Ubuntu 5.10 ships with a dedicated server installation CD, containing the minimal default server profile, and a ready-to-go selection of the popular Open Source server applications supported by the Ubuntu team. Already popular for edge services such as web, mail, database and firewalls, Ubuntu picks up interest in the High Performance Computing community. IBM’s DB2 is certified on Ubuntu, signifying its entry into the enterprise database platform market.

December 2005:

The Ubuntu Server Team is established to pursue short term, high impact goals for the Ubuntu 6.04 release, such as server hardware testing and kernel quality assurance. Plans are laid for future developments in “Just Works” server setup and operation.

Join the Ubuntu Server Team today, and bring the spirit of Ubuntu to the server world!

• Ubuntu 5.10 Server Downloads
• Team page
• Specifications
• Mailing list
• #ubuntu-server on irc.freenode.net

[Discuss]