============================================================================ Ubuntu Security Notice USN-2746-2 September 25, 2015 simplestreams regression ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS Summary: USN-2746-1 introduced a regression in Simple Streams. Software Description: - simplestreams: Library and tools for using Simple Streams data Details: USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: python-simplestreams 0.1.0~bzr354-0ubuntu1.15.04.2 python-simplestreams-openstack 0.1.0~bzr354-0ubuntu1.15.04.2 python3-simplestreams 0.1.0~bzr354-0ubuntu1.15.04.2 simplestreams 0.1.0~bzr354-0ubuntu1.15.04.2 Ubuntu 14.04 LTS: python-simplestreams 0.1.0~bzr341-0ubuntu2.3 python-simplestreams-openstack 0.1.0~bzr341-0ubuntu2.3 python3-simplestreams 0.1.0~bzr341-0ubuntu2.3 simplestreams 0.1.0~bzr341-0ubuntu2.3 After a standard system update you need to restart any services that make use of python-simplestreams or python3-simplestreams to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2746-2 http://www.ubuntu.com/usn/usn-2746-1 https://launchpad.net/bugs/1499749 Package Information: https://launchpad.net/ubuntu/+source/simplestreams/0.1.0~bzr354-0ubuntu1.15.04.2 https://launchpad.net/ubuntu/+source/simplestreams/0.1.0~bzr341-0ubuntu2.3