The first time Ubuntu 18.04, Bionic Beaver, was released was back in 2018 as the numbers in the name suggest. Recently, however, Canonical, the company behind Ubuntu were forced to release another version of the operating system specifically version 18.04.6 This is just not any other update it’s actually a “new version” that was necessitated by unusual circumstances.
Unlike previous point releases, 18.04.6 is a refresh of the amd64 and arm64 installer media after the key revocation related to the BootHole vulnerability, re-enabling their usage on Secure Boot enabled systems.
It was discovered that multiple vulnerabilities existed in GNU GRUB, that could potentially lead to the ability to bypass UEFI Secure Boot restrictions. A local attacker with administrative privileges (or with physical access to the system) could use this issue to circumvent GRUB2 module signature checking, resulting in the ability to load arbitrary GRUB2 modules that have not been signed by a trusted authority and hence bypass UEFI Secure Boot.
Canonical’s statement on the release
This is all just precautionary of course. There is no evidence this exploit has been used out in the wild. In the typical Free Software philosophy, every potential bug has to be remedied no matter how remote its potential of being exploited is. We, after all, live in a world where governments and large well-financed organisations are in the habit of spying on targets such as “dissidents” journalists and human rights activists.
Canonical extends support for Ubuntu 16.04 and 14.04
Ubuntu 20.04, 16.04 and 14.04 are what is known as Long Term Support versions. Canonical keeps releasing security patches and ports back some updates to these versions for a long time. This is supposed to help with business customers who are more interested in stability and productivity rather than shiny new things.
We have seen how in the real world businesses have struggled to say move on from Windows XP to 7 and now we have a lot of businesses stuck on Windows 7 for some reason. LTS releases are meant to prevent problems like this. Now Canonical has retroactively extended the support period for Ubuntu 16.04 and 14.04 to 10 years. This means Ubuntu 14.04 released in 2014 will keep receiving patches and updates until April 2024 and Ubuntu 16.04 until 2026.
Of course, an operating system made in 2014 sounds boring but boring is good as long as boring is secure and hardened. Imagine a company like Wikipedia which has gazillions of servers running in the cloud. They would rather have a very stable operating system that works and is secure than be constantly updating their servers and breaking things. LTSs allow businesses to create a recipe that works and focus on productivity.
If you are an ordinary user still using either Ubuntu 16.04 or 14.04 you will have to sign up for Ubuntu Advantage if you want to receive updates. By default normal free support is limited to 5 years. You can get free extended support from Canonical on up to three devices.
Share
Home
What’s your take?