USN-1061-1: iTALC vulnerability
11 February 2011
Private keys for iTALC shipped on Live DVD
Releases
Packages
- italc - Intelligent Teaching and Learning with Computers
Details
Stéphane Graber discovered that the iTALC private keys shipped with the
Edubuntu Live DVD were not correctly regenerated once Edubuntu was
installed. If an iTALC client was installed with the vulnerable keys, a
remote attacker could gain control of the system. Only systems using keys
from the Edubuntu Live DVD were affected.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 9.10
Ubuntu 10.10
Ubuntu 10.04
After a standard system update, if you had originally installed from
the Edubuntu Live DVD and the bad keys were found, you will need to
redistribute the newly generated public keys to your iTALC clients and
restart each session. For more details, see:
https://wiki.ubuntu.com/iTalc/Keys