** Description changed: Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been - patched yet against the Racoon Attack (CVE-2020-1968): + patched yet against the Raccoon Attack (CVE-2020-1968): - https://www.openssl.org/news/secadv/20200909.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968 - https://raccoon-attack.com/ Ubuntu's CVE tracker still lists this as NEEDED for Xenial: - https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html - https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html - - Other supported Ubuntu releases use versions of OpenSSL that are not affected. - + Other supported Ubuntu releases use versions of OpenSSL that are not + affected. Indeed: - $ apt-cache policy openssl - openssl: - Installed: 1.0.2g-1ubuntu4.16 + $ apt-cache policy openssl + openssl: + Installed: 1.0.2g-1ubuntu4.16 - $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched" - Not patched - + $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched" + Not patched What is the status?
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895294 Title: Fix Raccoon vulnerability (CVE-2020-1968) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
