Ubuntu 16.04.6 LTS is now available to download.
No, I haven’t made a typo (for once): this is an unscheduled point release in the Ubuntu 16.04 LTS series.
New ISOs have been spun up to fix a major vulnerability in the APT package manager (a handful of other security updates are also included for good measure).
Ubuntu’s Łukasz Zemczak explains more in the formal release announcement, writing:
“Unlike previous point releases, 16.04.6 is a security-targeted release
for the purpose of providing updated installation media which protects
new installations from the recently discovered APT vulnerability
The security flaw in question potentially gives a remote attacker performing a man-in-the-middle attack the ability to trick APT into installing altered packages.
Affected packages might not be what they say they are or behave in a way that’s expected.
These updated ISOs protect new installs from the get-go.
Other versions affected too
Ubuntu 16.04 LTS isn’t the only version of Ubuntu affected by this scary-sounding security software management issue.
Ubuntu 14.04 LTS, 18.04 and 18.10 are also vulnerable to the same attack.
But don’t panic: Ubuntu has distributed updated versions of APT via the regular software update mechanisms to ALL affected distros.
If you run Xenial Xerus or a later Ubuntu release and you install all security updates promptly, you shouldn’t be at risk.
Those who have not installed security updates may wish to do so as soon as possible.
Download Ubuntu 16.04.6 LTS
Other security fixes and high-impact bugs are also bundled up in to this Xenial respin, with the focus, as ever, on ‘maintaining stability and compatibility with Ubuntu 16.04 LTS’.
Ubuntu 16.04 LTS is supported until 2021 with key security, app and other others.