Naked Security Naked Security

Yakkety Yak won’t come back: Linux users, it’s time to upgrade Ubuntu

Canonical's announcement of the end of support for Yakkety Yak is a good reminder that it's worth keeping an eye on your other devices to make sure they're up to date, too

If you’re running Ubuntu 16.10 Yakkety Yak, released on October 13 2016, Ubuntu developer Canonical warns that now is the time to upgrade to Ubuntu 17.04, known as Zesty Zapus. If you’re running a Linux distribution which is a version of Ubuntu with a different desktop environment, such as Kubuntu or Xubuntu, the same applies to you.

Support for Yakkety Yak ceased on July 20, which means that version of Ubuntu will no longer receive security patches. However, if you’re running Ubuntu 16.04 Xenial Xerus, you’ll still receive functionality and security patches until April 2021. That’s because it’s a long term support (LTS) release. Ubuntu 17.04 Zesty Zapus will be supported until January 2018.

I’m a big fan of Linux operating systems, and I use Kubuntu (Ubuntu with a KDE UI) for my everyday work. Nonetheless, security vulnerabilities and cyberattack aren’t specific to any particular computing platform – Linux can be a focus of attack too, and needs protecting with antivirus software. Any operating system can be insecure, especially if you aren’t receiving frequent and recent security patches.

CVE Details lists 28 known vulnerabilities that are specific to Yakkety Yak. They include a Django vulnerability which enables DNS rebinding attacks, a Django vulnerability that involves a hardcoded password, and an RSA and DSA decryption bug.

Ubuntu version numbers are based on the year and month of release. New versions of Ubuntu are always released in April and October. So Ubuntu 16.10 Yakkety Yak was released in October 2016, and Ubuntu 17.04 Zesty Zapus was released in April 2017. Ubuntu 17.10 Artful Aardvark will be released this October. Distributions based on Ubuntu, such as Kubuntu, Xubuntu, and Lubuntu are released on the same schedule, with the same version numbers and animal codenames.

If you’re running Ubuntu 16.10, Canonical has a handy guide on how to upgrade to 17.04 right now.

Whether you use Windows, OS X, a version of Linux, a version of Unix, iOS, Android, or any other operating system, updating your operating system and all of your applications with proper patch management is vital to keeping your computer secure.

End-of-life periods for operating systems and applications are always a cybersecurity challenge. Software that’s no longer supported with security patches, no matter what it is, can make any system a prime target for cyber attack, as we saw with the WannaCry ransomware outbreak, which attacked an unpatched vulnerability in  Windows. Microsoft moved to patch all the affected versions of Windows, including those that were no longer supported.

Ubuntu EOL (end of life) is predictable. Standard releases are always supported for nine months, and LTS releases are always supported for five years. In an Ubuntu environment, you can always check your support status by entering ubuntu-support-status at the command line.

Because of its enormous market share, when Microsoft ceased extended support of Windows XP on April 8 2014, it caused significant headaches for business, and XP is still not unheard-of in businesses, even though it’s no longer supported.

Sticking with an unsupported operating system is a risk we’d urge you not to take, so as well as checking your Linux versions, now is a good time to check your other devices, too.