*** This bug is a duplicate of bug 1971650 ***
https://bugs.launchpad.net/bugs/1971650
This is not strictly a duplicate of
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1971650 since
this one is now about switching to needrestart, but I believe it
subsumes the current bug enough to mark it as duplicate of the newer
one.
** This bug has been marked a duplicate of bug 1971650
wrong check for "server" in libssl3.postinst
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1307190
Title:
postinst script does not restart services
Status in openssl package in Ubuntu:
Triaged
Bug description:
I have updated openssl to 1.0.1e-3ubuntu1.2 (Ubuntu 13.10 here). This
update did not automatically restart services that were using the
previously installed version (apache2 in my case), because the
postinst script at /var/lib/dpkg/info/openssl.postinst does not do
that. In effect, these services were still affected by the security
vulnerabilities fixed in the update (among them in the latest update
the fix for CVE-2014-0160 "Heartbleed"). The services had to be
restarted manually, which in the case of a web server that gets its
updates automatically via unattended-upgrades can mean a potentially
dangerous delay.
Expected behavior is instead that the openssl postinst script restarts
all services that use the previous version. This is how it was handled
in openssl 0.9.8b-3 for example (as documented in issue #69239 , see
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/69239 ).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1307190/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
