Private keys for iTALC shipped on Live DVD
Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the Edubuntu Live DVD were affected.
11 February 2011
A security issue affects these releases of Ubuntu and its derivatives:
Private keys for iTALC shipped on Live DVD
Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the Edubuntu Live DVD were affected.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update, if you had originally installed from the Edubuntu Live DVD and the bad keys were found, you will need to redistribute the newly generated public keys to your iTALC clients and restart each session. For more details, see: https://wiki.ubuntu.com/iTalc/Keys