Ubuntu 16.04.6 LTS is now available to download.
No, I haven’t made a typo (for once): this is an unscheduled point release in the Ubuntu 16.04 LTS series.
New ISOs have been spun up to fix a major vulnerability in the APT package manager (a handful of other security updates are also included for good measure).
Ubuntu’s Łukasz Zemczak explains more in the formal release announcement, writing:
“Unlike previous point releases, 16.04.6 is a security-targeted release
for the purpose of providing updated installation media which protects
new installations from the recently discovered APT vulnerability
(USN-3863-1).”
The security flaw in question potentially gives a remote attacker performing a man-in-the-middle attack the ability to trick APT into installing altered packages.
Affected packages might not be what they say they are or behave in a way that’s expected.
These updated ISOs protect new installs from the get-go.
Read full news article on OMG! Ubuntu!