Oh, indeed!
> 1.0.2w moves the affected ciphersuites into the "weak-ssl-ciphers" list. [...]
> This is unlikely to cause interoperability problems in most cases since use
> of these ciphersuites is rare.
Fair enough. Thank you for clarifying.
(And apologies for this noise)
--
You received thi
Thank you very much for fixing swiftly!
Please forgive me for pointing this out though:
I note that rather than stopping the affected cipher suites from re-
using secrets across connections, you chose to declare the suites as
weak and disabled them altogether.
I appreciate that this is an elegan
> "Please upgrade to bionic or focal?"
Is this an official recommendation from Ubuntu, that users shall migrate
off Xenial now, because of a security issue in a core library?
And there I was, thinking we have until April 2021 ...
--
You received this bug notification because you are a member of
** Description changed:
Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been
- patched yet against the Racoon Attack (CVE-2020-1968):
+ patched yet against the Raccoon Attack (CVE-2020-1968):
- https://www.openssl.org/news/secadv/20200909.txt
- https://cve.mitre.org/cgi-bi
Public bug reported:
Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been
patched yet against the Racoon Attack (CVE-2020-1968):
- https://www.openssl.org/news/secadv/20200909.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
- https://raccoon-attack.com/
Ubuntu'
FYI this is unattended-upgrades 0.90ubuntu0.10 on Ubuntu 16.04.4 LTS
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1820614
Title:
Mail notification's headline
Public bug reported:
We run unattended-upgrades happily with 'Unattended-Upgrade::Mail'
active and 'Unattended-Upgrade::Remove-Unused-Dependencies'
Sometimes a UU run would not install nor hold anything, but only
autoremove packages that have become obsolete, typically old kernels. In
such cases,
Observe #1267059 about 'Unattended-Upgrade::Remove-Unused-Dependencies'
not working as expected for old versions of unattended-upgrades, also
resulting e.g. in obsolete kernel packages not getting removed.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packa
Sorry for only checking the latest LTS, didn't realize it had been fixed
in >= 17.04. Thx.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1737585
Title:
ufw should not overrid
Requesting to revert and leaving this to procps:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/189565
Title:
ufw en
I filed a request for ufw not to override
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/57091
Title:
proc/sys/ne
Public bug reported:
2008 ufw decided to *disable* TCP SYN cookies by default in
/etc/ufw/sysctl.conf, see
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/189565
After a more detailed discussion that had started in 2006, procps
*enabled* TCP SYN cookies by default in /etc/sysctl.d/10-network-
Nice to see that a LTS-killing bug is taken seriously (after 2 years).
What about Precise? It is affected and has still 1.5y to live.
(Though one might argue that any affected Precise machine must be either
dead or manually patched by now)
--
You received this bug notification because you are a
Each day this bug breaks more Ubuntu servers that do unattended-
upgrades, in particular cloud servers with <<100GB rootfs. I alone have
a few dozens affected machines.
And it's not totally trivial for Admin Average to diagnose the inode
shortage, realize it's flooded with linux-headers packages,
Note that situation #1089195 is another possible outcome of this bug.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1267059
Title:
"Unattended-Upgrade::Remove
15 matches
Mail list logo