[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

Oh, indeed! > 1.0.2w moves the affected ciphersuites into the "weak-ssl-ciphers" list. [...] > This is unlikely to cause interoperability problems in most cases since use > of these ciphersuites is rare. Fair enough. Thank you for clarifying. (And apologies for this noise) -- You received

[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

Thank you very much for fixing swiftly! Please forgive me for pointing this out though: I note that rather than stopping the affected cipher suites from re- using secrets across connections, you chose to declare the suites as weak and disabled them altogether. I appreciate that this is an

[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

> "Please upgrade to bionic or focal?" Is this an official recommendation from Ubuntu, that users shall migrate off Xenial now, because of a security issue in a core library? And there I was, thinking we have until April 2021 ... -- You received this bug notification because you are a member

[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

** Description changed: Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been - patched yet against the Racoon Attack (CVE-2020-1968): + patched yet against the Raccoon Attack (CVE-2020-1968): - https://www.openssl.org/news/secadv/20200909.txt -

[Touch-packages] [Bug 1895294] [NEW] Fix Raccoon vulnerability (CVE-2020-1968)

Public bug reported: Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been patched yet against the Racoon Attack (CVE-2020-1968): - https://www.openssl.org/news/secadv/20200909.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968 - https://raccoon-attack.com/

[Touch-packages] [Bug 1820614] Re: Mail notification's headlines do not mention autoremovals

FYI this is unattended-upgrades 0.90ubuntu0.10 on Ubuntu 16.04.4 LTS -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1820614 Title: Mail notification's

[Touch-packages] [Bug 1820614] [NEW] Mail notification's headlines do not mention autoremovals

Public bug reported: We run unattended-upgrades happily with 'Unattended-Upgrade::Mail' active and 'Unattended-Upgrade::Remove-Unused-Dependencies' Sometimes a UU run would not install nor hold anything, but only autoremove packages that have become obsolete, typically old kernels. In such

[Touch-packages] [Bug 1624644] Re: By default settings unattended-upgrade does not automatically remove packages that become unused in conjunction with updating by other software

Observe #1267059 about 'Unattended-Upgrade::Remove-Unused-Dependencies' not working as expected for old versions of unattended-upgrades, also resulting e.g. in obsolete kernel packages not getting removed. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1737585] Re: ufw should not override procps' default of net.ipv4.tcp_syncookies=1

Sorry for only checking the latest LTS, didn't realize it had been fixed in >= 17.04. Thx. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1737585 Title: ufw should not

[Touch-packages] [Bug 189565] Re: ufw enables syncookies by default, which is not considered a great idea

Requesting to revert and leaving this to procps: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/189565 Title: ufw

[Touch-packages] [Bug 57091] Re: proc/sys/net/ipv4/tcp_syncookies=1 should be seriously considered to permit SYN flood defense...

I filed a request for ufw not to override https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to procps in Ubuntu. https://bugs.launchpad.net/bugs/57091 Title:

[Touch-packages] [Bug 1737585] [NEW] ufw should not override procps' default of net.ipv4.tcp_syncookies=1

Public bug reported: 2008 ufw decided to *disable* TCP SYN cookies by default in /etc/ufw/sysctl.conf, see https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/189565 After a more detailed discussion that had started in 2006, procps *enabled* TCP SYN cookies by default in

[Touch-packages] [Bug 1267059] Re: "Unattended-Upgrade::Remove-Unused-Dependencies" does not work

Nice to see that a LTS-killing bug is taken seriously (after 2 years). What about Precise? It is affected and has still 1.5y to live. (Though one might argue that any affected Precise machine must be either dead or manually patched by now) -- You received this bug notification because you are

[Touch-packages] [Bug 1267059] Re: Unattended-Upgrade::Remove-Unused-Dependencies does not work

Each day this bug breaks more Ubuntu servers that do unattended- upgrades, in particular cloud servers with 100GB rootfs. I alone have a few dozens affected machines. And it's not totally trivial for Admin Average to diagnose the inode shortage, realize it's flooded with linux-headers packages,

[Touch-packages] [Bug 1267059] Re: Unattended-Upgrade::Remove-Unused-Dependencies does not work

Note that situation #1089195 is another possible outcome of this bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1267059 Title: