Your submission was sent successfully! Close

USN-1061-1: iTALC vulnerability

11 February 2011

Private keys for iTALC shipped on Live DVD

Releases

Packages

  • italc - Intelligent Teaching and Learning with Computers

Details

St├ęphane Graber discovered that the iTALC private keys shipped with the
Edubuntu Live DVD were not correctly regenerated once Edubuntu was
installed. If an iTALC client was installed with the vulnerable keys, a
remote attacker could gain control of the system. Only systems using keys
from the Edubuntu Live DVD were affected.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 10.10
Ubuntu 10.04

After a standard system update, if you had originally installed from
the Edubuntu Live DVD and the bad keys were found, you will need to
redistribute the newly generated public keys to your iTALC clients and
restart each session. For more details, see:
https://wiki.ubuntu.com/iTalc/Keys

References