A critical security issue in Linux in a core system library has come to light. Although exploits are considered improbable, there’s a risk that malicious people will be able to cause system processes to crash by making certain mail/web/etc. requests that trigger certain sorts of DNS queries.
(For advanced folks, there’s fun exploit proof-of-concept code.)
Ubuntu has posted an update. Since Mail-in-a-Box automatically installs security updates I believe that the update will be installed automatically tonight, but you will need to manually reboot the machine in any case.
To update your system manually, and to be sure the update was installed, log in with SSH and run:
sudo apt-get update && sudo apt-get upgrade
Then reboot by running:
To check if you have the new version of the system library (libc6) run (after logging back in with SSH):
dpkg -l libc6 | grep libc6
You should see in the third column the version
2.19-0ubuntu6.7. Any previous version such as
2.19-0ubuntu6.6 does not have the update.