[Group.of.nepali.translators] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)
This has now been fixed: https://ubuntu.com/security/notices/USN-4504-1 ** Changed in: openssl (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1895294 Title: Fix Raccoon vulnerability (CVE-2020-1968) Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Xenial: Fix Released Bug description: Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been patched yet against the Raccoon Attack (CVE-2020-1968): - https://www.openssl.org/news/secadv/20200909.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968 - https://raccoon-attack.com/ Ubuntu's CVE tracker still lists this as NEEDED for Xenial: - https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html - https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html Other supported Ubuntu releases use versions of OpenSSL that are not affected. Indeed: $ apt-cache policy openssl openssl: Installed: 1.0.2g-1ubuntu4.16 $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched" Not patched What is the status? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)
It is true that said vulnerability is not patched in xenial; but also it is low; and no public patches for it exist. Please upgrade to bionic or focal? which are unaffected / fixes released? ** Information type changed from Public to Public Security ** Also affects: openssl (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: openssl (Ubuntu Xenial) Status: New => Confirmed ** Changed in: openssl (Ubuntu) Status: New => Fix Released ** Changed in: openssl (Ubuntu Xenial) Importance: Undecided => Low -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1895294 Title: Fix Raccoon vulnerability (CVE-2020-1968) Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Xenial: Confirmed Bug description: Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been patched yet against the Raccoon Attack (CVE-2020-1968): - https://www.openssl.org/news/secadv/20200909.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968 - https://raccoon-attack.com/ Ubuntu's CVE tracker still lists this as NEEDED for Xenial: - https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html - https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html Other supported Ubuntu releases use versions of OpenSSL that are not affected. Indeed: $ apt-cache policy openssl openssl: Installed: 1.0.2g-1ubuntu4.16 $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched" Not patched What is the status? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp