Re: apache2 update for semi-critical "optionsbleed" bug

2017-09-20 Thread Marc Deslauriers
On 2017-09-19 10:30 AM, Glen Willmot wrote: > Good morning, > > Just curious on when we'll see an update on the apache2 release to version > 2.4.28 to patch against the "Optionsbleed" bug detailed by CVE-2017-9798. > > More info on the severity of this bug can be seen at: >

Re: Looking for Contact for OpenSSL on Trusty to be updated

2017-09-20 Thread Thomas Ward
Based solely on the CVE information, I'd surmise we aren't affected by CVE-2017-3733, because we don't have any OpenSSL 1.1.0 in the repositories - anywhere.  The original Apache announcement also indicated that 1.0.2 is not affected, and the Security Team made a note that only OpenSSL 1.1.x is

Re: Looking for Contact for OpenSSL on Trusty to be updated

2017-09-20 Thread Robie Basak
On Tue, Sep 19, 2017 at 03:31:22AM +, Eric Yuen wrote: > I am looking for a contact to reach out in regards > https://packages.ubuntu.com/trusty/openssl on Trusty and having an update to > the OpenSSL package updated with CVE-2017-3733 The CVE database reports that Trusty is not affected by

Re: apache2 update for semi-critical "optionsbleed" bug

2017-09-20 Thread Robie Basak
On Tue, Sep 19, 2017 at 10:30:20AM -0400, Glen Willmot wrote: > Just curious on when we'll see an update on the apache2 release to > version 2.4.28 to patch against the "Optionsbleed" bug detailed by > CVE-2017-9798. Already done, but by backporting the fix (as usual for Linux distributions)

Looking for Contact for OpenSSL on Trusty to be updated

2017-09-20 Thread Eric Yuen
Hi folks, I am looking for a contact to reach out in regards https://packages.ubuntu.com/trusty/openssl on Trusty and having an update to the OpenSSL package updated with CVE-2017-3733 Please kindly forward a contact, appreciated it. I reached this contact via Maintainer: * Ubuntu

apache2 update for semi-critical "optionsbleed" bug

2017-09-20 Thread Glen Willmot
Good morning, Just curious on when we'll see an update on the apache2 release to version 2.4.28 to patch against the "Optionsbleed" bug detailed by CVE-2017-9798. More info on the severity of this bug can be seen at:

Re: systemd and openvpn

2017-09-20 Thread Xen
Robie Basak schreef op 18-09-2017 0:40: On Mon, Sep 18, 2017 at 12:32:26AM +0200, Göran Hasse wrote: They must have "forgot it". In that case, in the first instance upstream should be contacted directly with this report. Then the problem can be fixed for everyone without risking confusion to

Re: systemd and openvpn

2017-09-20 Thread Xen
Göran Hasse schreef op 18-09-2017 0:32: They must have "forgot it". An openvpn client service have the same importance as the login program. So it should be restarted (with some backoff strategy maybe). A system service of this importance should *always* be restarted after a krash! We had