Linux Security 7.01 has now been released, addressing the issue we blogged about last week. We urge all users to upgrade, even if you are using the Server Edition keycode. To prevent users from accidentally installing the old version, we have changed all keycodes - please contact your reseller to get the new 7.01 keycodes.

As the problem only occurred in certain circumstances, we have only received very few reports from customers that their systems have been affected. It was after investigating the first customer report that we decided to recall the product to minimize the potential impact on other customers. We would still like to hear from you if you think you have been affected - you can find our email address in the footer of the page.

With this version, we have also included Ubuntu 8.04 LTS as an officially supported platform.

You can download Linux Security 7.01 here, and please read the release notes:

• 32-bit package: f-secure-linux-security-7.01.72011.tgz (MD5, SHA1)
• 64-bit (x86_64) package: f-secure-linux-security-64bit-7.01.72011.tgz (MD5, SHA1)

We have discovered that the Linux Security 7.00 that we released just three weeks and a few days ago, contains a very serious bug that can have severe consequences for customer systems. The short version is: if you have installed Linux Security 7.00 and you are using the Client Edition keycode, please uninstall immediately to prevent further damage to your system. Below I have included the official recall notification sent to our maintenance notification mailing list and partners.

How could this happen? There really is no excuse to let this kind of things pass our testing. We have often boldly and proudly talked about our extensive testing and validation processes - and yet we failed to catch this bug. There were a number of things that went wrong, each of which should have caught this mistake. We do code reviews, automatic tests, manual validation, etcetera, and still at each of those steps human error made this possible. While researching this issue, most of our mistakes became very apparent to us, and steps have already been taken to prevent this and similar things from happening in the future, but we will still need to carefully examine this situation to figure out every possible way to fix our tools, processes and mindsets.

Here is the recall notification:

RELEASE RECALL

A serious issue has been discovered in the newly released F-Secure Linux
Security 7.00. The flaw only affects installations using the Client
Edition keycode. When triggered, the bug will cause serious data loss
and possibly render the system unusable by removing the entire /var
directory hierarchy. In other cases, random sub-directories of /var can
be silently deleted from the system. Installations using the Server
Edition keycode or running in evaluation mode are not affected.

To recover, the user must restore the /var directory from a backup.

F-Secure is urging all users of F-Secure Linux Security 7.00 Client
Edition to not make new installations and immediately uninstall it from
all systems to prevent further damage.

To check if your system is affected, run:

  grep “Device or resource busy” /var/opt/f-secure/fssp/dbupdate.log

If the command returns one or more rows, there is a high probability
that parts of your /var directory structure has been deleted and must be
restored from a backup.

F-Secure will release F-Secure Linux Security 7.01 within a few days,
that will fix this issue. A new notification will be posted when this
new version is available.

Greetings from HP Linux Forum 2008! Some members of our team are participating one of the biggest Linux events here in Helsinki, Finland.

The crowd here is a nice mix of traditional Linux nerds, some people a bit more business-oriented and some from public sector. Linux seems to be doing well - judging from the amount of participants - as the subjective estimate is that there are more people than last year.

Hot topics are of course still virtualization, just like last year, interoperability in heterogeneous environments and also the trend towards communities. There’s a nice SMS poll system in use here, showing the poll results on a big screen in real time. One poll showed that way over 80% of the participants were using both Linux and Windows in their companies. The Finnish Linux User Group’s prize went to the Ubuntu Finland community. Congratulations, well done!

There was a very good and entertaining speech from Teppo Sulonen, the CIO of City of Tampere. He was praising not only open source software, but openness in bigger sense. Three big cities in Finland have started working together on a common ICT infrastructure. The system is being implemented using common standards and open source technologies instead of the old style of all the cities building their own incompatible systems using proprietary technologies.

Karl Paetzel from HP commented that even if Linux necessarily isn’t in every corner of every datacenter, it is mainstream for almost every customer they talk with. So I think that even if the great coming of desktop Linux may not be here yet, it looks like Linux is very much mainstream in almost every other area.

Signing out,
Ripa