Ubuntu Tutorials

===========================================================
Ubuntu Security Notice USN-885-1           January 14, 2010
transmission vulnerabilities
CVE-2009-1757, CVE-2010-0012
===========================================================

It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. This issue affected Ubuntu 9.04. (CVE-2009-1757)

Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal. (CVE-2010-0012)

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS:
transmission-cli                1.06-0ubuntu6.1
transmission-gtk                1.06-0ubuntu6.1

Ubuntu 8.10:
transmission-cli                1.34-0ubuntu2.3
transmission-gtk                1.34-0ubuntu2.3

Ubuntu 9.04:
transmission-cli                1.51-0ubuntu3.1
transmission-gtk                1.51-0ubuntu3.1

Ubuntu 9.10:
transmission-cli                1.75-0ubuntu2.2
transmission-gtk                1.75-0ubuntu2.2
transmission-qt                 1.75-0ubuntu2.2

After a standard system upgrade you need to restart Transmission to effect the necessary changes.

UPDATE: This article has been update for Ubuntu 10.04 LTS. Please see Install Adobe Reader 9.3.2 on Ubuntu 10.04 “Lucid Lynx”.

Adobe Reader 9 allows you to easily view, print, and collaborate on PDF files! Adobe Reader is the standard for electronic document sharing. It is the only PDF file viewer that can open and interact with all PDF documents. Use Adobe Reader 9 to view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. In this article I will outline how to install the latest Adobe Reader release on Ubuntu 9.10 “Karmic Koala”.

Requirements

Installation of Adobe Reader 9 requires the activation of the Canonical Partner repository. You can add the Partner repository by following the steps outlined below.

1. Navigate to System > Administration > Software Sources
2. Select “Third Party” or “Other Software”
3. Select “Add” and enter: deb http://archive.canonical.com/ karmic partner

Installation

Once the Partner repository is configured and active you are ready to install Adobe Reader 9. This can be done by running the following command within your terminal, or clicking the linked package name.

sudo aptitude install acroread

Use

You should now be able to launch Adobe Reader 9 from your Applications menu. You can find it in Applications > Office > Adobe Reader 9, or in KDE: Office > Adobe Reader 9. This installation also prompts to set Adobe Reader 9 as the default PDF reader.

Another exciting calendar item just arrived in my Inbox that I am sure many of you will be interested in. A new team has recently been formed to address the Ubuntu users that want to learn more, but aren’t quite ready for something as big as Ubuntu Developer week. These events are aimed at teaching the beginner and intermediate user how to improve their Ubuntu experience. From “Command Line Basics” to “Partitioning 101″, this event will teach you the skills you need to become a more proficient and more knowledgeable Ubuntu user!

From the announcement:

The Ubuntu User Days Team would like to announce the first Ubuntu User Day, on January 23, 2010. This will be a very informative one day session geared towards beginner and intermediate Ubuntu users, as well as people who are interested in using Ubuntu. We have 14 classes covering topics ranging from installing Ubuntu, finding help, equivalent programs, using IRC, getting involved in the Ubuntu Community and more. We have enlisted the help of many talented people to lead these classes throughout the day.

These classes will be taught in #ubuntu-classroom with questions being asked in #ubuntu-classroom-chat on irc.freenode.net. Please visit http://wiki.ubuntu.com/UserDays for a complete class list and schedule of classes.

There is also a Spanish version of Ubuntu User Days being offered on January, 23, 2010. Please visit Día Del Usuario Ubuntu at https://wiki.ubuntu.com/DiaDelUsuarioUbuntu for more information on the Spanish Ubuntu User Day!

I would invite anyone interested in improving their overall Ubuntu skill set to attend this event. Find out more by visiting the Ubuntu Wiki : UserDays. See you there!

===========================================================
Ubuntu Security Notice USN-884-1           January 14, 2010
openssl vulnerability
CVE-2009-4355
===========================================================

It was discovered that OpenSSL did not correctly free unused memory in certain situations.  A remote attacker could trigger this flaw in services that used SSL, causing the service to use all available system memory, leading to a denial of service.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libssl0.9.8                     0.9.8a-7ubuntu0.11

Ubuntu 8.04 LTS:
libssl0.9.8                     0.9.8g-4ubuntu3.9

Ubuntu 8.10:
libssl0.9.8                     0.9.8g-10.1ubuntu2.6

Ubuntu 9.04:
libssl0.9.8                     0.9.8g-15ubuntu3.4

Ubuntu 9.10:
libssl0.9.8                     0.9.8g-16ubuntu3.1

After a standard system upgrade you need to restart any applications using OpenSSL, especially Apache, to effect the necessary changes.

I posted about a week ago that I’d begun working on a new theme for the site. I felt like it was time for something new–something a little less plain. I tried out a number of WordPress themes and layouts, and finally found one that I like. I feel it better represents where the site (and its author!) are at this point. Can you believe the site has been around for nearly four years! It is amazing–I can’t believe it myself sometimes.

I’d like to invite you to click through and have a look at the new site. Leave a comment. Let me know your thoughts.

Here is to a new year, a new look and new content!

I wanted to pass on an announcement today that I think many of our readers will be interested in. If you want to get more involved in Ubuntu, or simply want a better understanding of how the participation and development process works, this is an event for you! I have participated in a number of these Ubuntu Developer Week events, and they are full of very good presentations. The only difficult thing is trying to keep up!

From the Fridge:

Welcome to the Ubuntu Developer Week! We will have one week of action-packed sessions from Jan 25^th 2010 to Jan 29^th2010!

Ubuntu Developer Week is a series of online workshops where you can:

• learn about different packaging techniques
• find out more about different development teams
• check out the efforts of the world-wide Development Community
• participate in open Q&A sessions with Ubuntu developers
• much more…

All sessions will happen on IRC, and the best way to join is to use Lernid. (There are other ways too. )

If you’re not comfortable yet asking all your questions in English, we will have a couple of people helping to translate your questions and translating back the answers. Have a look at the Ubuntu Developer Week page to see how it works.

Like the sound of it? DIGG IT!

Visit The Fridge for more information.

I’m going to be working on this site to give it a new look and better organization for 2010. Please forgive the downtime / oddities for the rest of the day.