Ubuntu Tutorials

The following security announcement applies to linux-image. If you have linux-image installed, please see below for details on the vulnerability and instructions on patching your system:

ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06)
the kernel updates have been given a new version number, which requires
you to recompile and reinstall all third party kernel modules you
might have installed. If you use linux-restricted-modules, you have to
update that package as well to get modules which work with the new kernel
version. Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-server, linux-powerpc), a standard system
upgrade will automatically perform this as well.

Details follow:

Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4
filesystems did not correctly check certain disk structures. If a user
were tricked into mounting a specially crafted filesystem, a remote
attacker could crash the system or gain root privileges. (CVE-2009-4020,
CVE-2009-4308)

It was discovered that FUSE did not correctly check certain requests.
A local attacker with access to FUSE mounts could exploit this to
crash the system or possibly gain root privileges.  Ubuntu 9.10 was not
affected. (CVE-2009-4021)

It was discovered that KVM did not correctly decode certain guest
instructions.  A local attacker in a guest could exploit this to
trigger high scheduling latency in the host, leading to a denial of
service.  Ubuntu 6.06 was not affected. (CVE-2009-4031)

It was discovered that the OHCI fireware driver did not correctly
handle certain ioctls.  A local attacker could exploit this to crash
the system, or possibly gain root privileges.  Ubuntu 6.06 was not
affected. (CVE-2009-4138)

Tavis Ormandy discovered that the kernel did not correctly handle
O_ASYNC on locked files.  A local attacker could exploit this to gain
root privileges.  Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141)

Neil Horman and Eugene Teo discovered that the e1000 and e1000e
network drivers did not correctly check the size of Ethernet frames.
An attacker on the local network could send specially crafted traffic
to bypass packet filters, crash the system, or possibly gain root
privileges. (CVE-2009-4536, CVE-2009-4538)

It was discovered that “print-fatal-signals” reporting could show
arbitrary kernel memory contents.  A local attacker could exploit
this, leading to a loss of privacy.  By default this is disabled in
Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003)

Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly
handle jumbo frames.  A remote attacker could exploit this to crash the
system, leading to a denial of service.  Only Ubuntu 9.04 and 9.10 were
affected. (CVE-2010-0006)

Florian Westphal discovered that bridging netfilter rules could be
modified by unprivileged users.  A local attacker could disrupt network
traffic, leading to a denial of service. (CVE-2010-0007)

Al Viro discovered that certain mremap operations could leak kernel
memory.  A local attacker could exploit this to consume all available
memory, leading to a denial of service. (CVE-2010-0291)

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

This article is part of a series entitled “Ubuntu Beginners”, which which walks new users through basic Desktop and Command Line usage. This article will detail how to change the default Firefox home page. As outlined in a previous post: Ubuntu 10.04 to Change Default Search Provider, the default search provider (and home page) in Ubuntu 10.04 will be changing from Google to Yahoo!. This article will outline how to revert that change, or define an alternate preferred search provider.

Change Firefox Home Page

In order to change the preferred home page in Firefox, you’ll need to navigate to the Preferences menu. This can be found, within Firefox, at Edit > Preferences. If you’re migrating from the Windows platform, you’ll notice a difference here. Instead of Tools > Preferences, it is found at Edit > Proferences. The screenshot below demonstrates this location:

Firefox > Edit > Preferences

This will open the Firefox Preferences utility, which allows you to customize a wide range of Firefox settings. The primary setting that we’re looking for is the Home Page. In the default installation in Ubuntu 9.10, the Home Page is set to: chrome://ubufox/content/startpage.html. In future versions the Home Page will be set to Yahoo!. To update your Home Page, simply change the URL defined. The second screenshot below demonstrates defining Google as the preferred Home Page.

Firefox Preferences

Firefox Preferences - Home Page : Google

The change is minor between the two screenshots, but it does make a big difference. A users Home Page is the launching point for all Internet activity. It can allow you to quickly access your favorites sites, or provide you with tools you need. The change from Google to Yahoo! has been a controversial one, but one of the main benefits of Open Source Software is the ability to choose and customize. Changing your default Home Page and Search Provider simple.

This article is part of a series entitled “Ubuntu Beginners” which walks new users through basic Desktop and Command Line usage. This article will detail how to change and customize your Ubuntu look by managing your themes. This article includes step-by-step instructions as well as screenshots, and is specific only to GNOME.

Changing The Theme

Ubuntu comes pre-installed with a number of Desktop themes. The default is called “Human”, and is what defines the characteristic Ubuntu earth-tone colors. Some users love the default theme and others don’t like it at all. The primary complaint that I’ve heard is that it is “too brown”. If you’d like to change your theme, follow the steps below.

To change your theme, you need to navigate to System > Preferences > Appearance, as outlined in the screenshot below:

System > Preferences > Appearance

This will launch the GNOME Appearance utility, which will default to a list of installed themes. You can easily change your theme in real-time by simply selecting a new theme from the list. The default installed themes are:

• Clearlooks
• Dark Room
• Dust
• Dust Sand
• High Contrast Inverse
• High Contrast Large Print Inverse
• Human
• Human-Clearlooks
• New Wave

Appearence :: Theme

On a default installation of Ubuntu 9.10, you should have nine default themes installed to choose from. The screenshot below displays more from the list above.

Appearance :: Theme (cont.)

You can instantly change your theme by selecting one of the listed themes within the window. The next two screenshots show the Dust and Dust Sand themes after being selected.

Appearance :: Dust Theme

Appearance : Dust Sand Theme

In a future article I will outline additional theme customizations, including Backgrounds, Fonts, Interface, and Visual Effects. Until then, why not try a few different themes and see how well you like them. Remember, if you want to put the theme back where it started, simply select “Human” from the list.

This article is part of a series entitled “Ubuntu Beginners”, which walks new users through basic Desktop and Command Line usage. This article will detail how to change the Ubuntu screensaver, using the graphical interface. Included below are GNOME, and KDE.

Change Screensaver – GNOME

Ubuntu’s default screensaver is a blank screen, activated after five minutes of inactivity. If you’d like to change the screensaver, the inactivity timeout, or other settings, you can find out how below. I’ve included screenshots for navigating to, managing and updating your screensaver in Ubuntu.

Launching Screensaver Preferences

You can now change your preferences in the Screensaver Preferences utility. This allows you to change the screensaver, update the idle timeout, lock or don’t lock the screen, etc.

Screensaver Preferences

Finally, update the settings to reflect your preferences. Select a different screensaver from the list on the left, update the idle time, or lock the screen when the screensaver is active.

Floating Ubuntu - Screensaver Preferences

Change Screensaver – KDE

The screensaver settings in KDE are contained within the System Settings utility. You can launch this tool by clicking the Kickoff menu (bottom-left, on your bottom taskbar) and selecting System Settings.

System Settings

From here you’ll want to select the ‘Desktop’ option. Screensaver preferences are held under the general Desktop settings.

Desktop Settings

The Desktop settings will then allow you to change the screensaver preferences. You’ll need to select ‘Screensaver’ from the list of options on the left side.

Screensaver

Conclusion

Updating the screensaver preferences in either of these major Desktop environments is a piece of cake. Simply navigate to the screensaver utility, select the screensaver of your choice and you’re set! Both of these environments also allow for security preferences, such as locking the screen when the screensaver is activated and requiring a password to unlock.

This article is part of a series entitled “Ubuntu Beginners”, which walks new users through basic Desktop and Command Line usage. This article will detail how to rename files, using both the graphical interface as well as the command line. Included below are GNOME, KDE and command line methods.

Rename Files – Nautilus (GNOME)

If you are using the standard Ubuntu, which uses the GNOME Desktop Environment, the file manager is called Nautilus. Anytime you are browsing files or folders graphically, you are using Nautilus. I’ve included screenshots below displaying the default Home folder, selecting a document, and renaming the document.

This is the default Nautilus view in Ubuntu 9.10, displaying the contents of the home folder. You’ll notice that there are pre-populated directories (folders) for Documents, Downloads, Music, Pictures, etc.

Nautilus - Home Folder

In this next screenshot I’ve selected a document in my Documents folder, and selected the ‘Rename…’ option. This is done by selecting the file, right-clicking the mouse and selecting the ‘Rename…’ option.

Nautilus - Rename File

After selecting the ‘Rename…’ option, the file name will become editable. You can update the text to your preference, and rename your file.

Nautilus - Rename

Once you’ve updated the file name simply hit the [ENTER] key on your keyboard, or click your mouse anywhere outside of the editable text area. The edit-field will disappear and your file will have been renamed.

Rename Files – Dolphin (KDE)

If you have installed Kubuntu, the KDE-based Ubuntu variant, your file manager is called Dolphin. I’ve included screenshots of Dolphin, as well as the process of renaming files in Dolphin.

This is the default Home folder as displayed by the Dolphin file manager.

Dolphin - Home

In order to rename a file, simply right-click on the file and select the ‘Rename…’ option. You’ll notice that Dolphin also provides a keyboard shortcut to rename using the F2 key. This means, instead of right-clicking and selecting ‘Rename…’ you can simply press F2 after the file has been selected.

Dolphin - Rename File

Lastly, enter the new name of the file into the dialog box and update your changes by hitting the [ENTER] key, or clicking the ‘Rename’ button.

Dolphin - Rename Item

Rename Files – Command Line (Linux)
The method of renaming a file on the command-line is generic to Linux. In other words, this method should apply to any Linux distribution, any version, and any variant.

In Linux, renaming a file is essentially the same as moving a file. Where moving a file is simply moving a file from one location to another, renaming a file is essentially moving the name of the file. The contents remain the same, we’ve simply moved the place where you’d find them–from one name to another.

To rename a file, using the following syntax:

mv welcome-to-ubuntu.doc renamed.doc

A few additional examples:

mv IMGOOO1.JPG release-party-pictures-1.jpg
mv IMGOOO2.JPG release-party-pictures-2.jpg

You get the idea. I understand it can be confusing to use the mv (move) command to rename a file, but you’ll find that you get used to it rather quickly and then not even think about it.

Conclusion
No matter the environment that you’re in, whether in be GNOME, KDE or the command-line, renaming files is simple. Right-click and select ‘Rename…’ is generally standard between graphical environments, and using mv on the command-line will work on all Linux distributions. I hope this beginner tip has been helpful.

On Jan 30, 2010 the Freenode IRC network finally activated SSL support. This is something that many have long been waiting for, and I’m glad to finally see it! I have been an IRC user for some years now, the majority of which has been specific to the Freenode network. Historically all data passed to the Freenode network, including username, password and chat messages have been done in the clear. This no longer has to be the case as SSL client support is now available.

In this article I will outline how to configure your IRC client to connect to the Freenode IRC network using SSL client encryption. This article includes instructions for Irssi, Empathy and Pidgin.

Access Freenode via SSL – Irssi

This section outlines how to configure irssi, the command-line IRC client, to connect to freenode via SSL secure connection.

First, you’ll need to ensure you have an updated list of CA root certificates. This can be done by verifying you have the following package installed:

sudo aptitude install ca-certificates

It is likely that this is already installed, but it won’t cause any problems to attempt installation just to make sure.

Once you’ve verified that you have the latest CA root certificates you can connect to Freenode via SSL using the following command:

/connect -ssl_verify -ssl_capath /etc/ssl/certs chat.freenode.net 7000

If you’d like to automatically connect to freenode each time you launch irssi, use the following:

/network add -nick <nick> -realname <realname> freenode

/server add -auto -ssl_verify -ssl_capath /etc/ssl/certs -network freenode chat.freenode.net 7000

/save

Access Freenode via SSL – Empathy (IDLE)

This section outlines how to configure Empathy, the default messaging client in Ubuntu 9.10+, to connect to freenode via SSL secure connection.

You’ll need to verify that you have an updated list of CA root certificates. This can be done by verifying you have the following package installed:

sudo aptitude install ca-certificates

Once you’ve verified that you have the latest CA root certificates, you’ll also need to verify your Empathy configuration. Below is a screenshot for the FreeNode configuration in Empathy. Ensure yours matches the port and SSL activation.

Empathy FreeNode configuration

Access Freenode via SSL – Pidgin

This section outlines how to configure Pidgin, the default messaging client in older Ubuntu releases, to connect to freenode via SSL secure connection.

You’ll need to verify that you have an updated list of CA root certificates. This can be done by verifying  you have the following package installed:

sudo aptitude install ca-certificates

Once you’ve verified that you have the latest CA root certificates you’ll also need to verify your Pidgin configuration. Below is a screenshot for the IRC configuration in Pidgin. Ensure yours matches by modifying your account.

On the “Basic” tab, the default Server: entry will likely be “irc.ubuntu.com”. Unless you change this to “chat.freenode.net”, you’ll get a warning about not being able to verify the certificate.

Pidgin Basic Configuration

Next, navigate to the Advanced tab. On this tab you’ll need to change the Port: to 7000 and activate the checkbox for “Use SSL”. When you are finished, save your changes

Pidgin Advanced Configuration

Conclusion

Encrypted connections via SSL are important for network security, particularly in the situation where usernames and passwords are being transfered. As end-users we should be aware of improved security options available to us, such as encrypted network connections. If you are an IRC user and haven’t yet made the switch to SSL enabled connections, I’d invite you to take a minute and do so now.

The following security announcement applies to fuse-utils. If you have fuse-utils installed, please see below for details on the vulnerability and instructions on patching your system:

Ronald Volgers discovered that FUSE did not correctly check mount
locations.  A local attacker, with access to use FUSE, could unmount
arbitrary locations, leading to a denial of service.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

The following security announcement applies to smbfs. If you have smbfs installed, please see below for details on the vulnerability and instructions on patching your system:

Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, suffered from a race condition when verifying user
permissions. A local attacker could trick samba into mounting over
arbitrary locations, leading to a root privilege escalation.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

The following security announcement applies to lintian. If you have lintian installed, please see below for details on the vulnerability and instructions on patching your system:

It was discovered that lintian did not correctly validate certain
filenames when processing input.  If a user or an automated system
were tricked into running lintian on a specially crafted set of files,
a remote attacker could execute arbitrary code with user privileges.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

Recently I published a short article outlining how to install the latest Firefox Web Browser manually, alongside your existing Firefox installation. In this article I will outline how to install the latest stable Firefox release by making use of the Mozilla Team PPA.

This Personal Package Archive (PPA) provides the latest stable releases for Firefox, unlike a previously available solution which was the Mozilla Daily PPA, which provided the latest daily builds. If you are looking for the latest stable release of Mozilla Firefox, this article will outline how to configure the PPA in order to install the required package(s).

Requirements

Installing the latest stable release of the Mozilla Firefox web browser requires the addition of a Personal Package Archive (PPA). Configuring and activating this PPA on your system can be done by simply pasting the following command into your Terminal (Applications > Accessories > Terminal):

sudo add-apt-repository ppa:mozillateam/firefox-stable

Installation

Once you have the Personal Package Archive (PPA) configured, you can install the latest stable release of Mozilla Firefox by pasting the following two commands into your Terminal (Applications > Accessories > Terminal):

sudo aptitude update
sudo aptitude install firefox firefox-3.6 firefox-3.6-branding firefox-gnome-support

Troubleshooting

If you have issues with the latest stable version of Firefox, feel free to drop by the Ubuntu Tutorials forum thread and discuss solutions.