[Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)
Nils Toedtmann
1895294 at bugs.launchpad.net
Tue Sep 15 17:17:08 UTC 2020
> "Please upgrade to bionic or focal?"
Is this an official recommendation from Ubuntu, that users shall migrate
off Xenial now, because of a security issue in a core library?
And there I was, thinking we have until April 2021 ...
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1895294
Title:
Fix Raccoon vulnerability (CVE-2020-1968)
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Xenial:
Confirmed
Bug description:
Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been
patched yet against the Raccoon Attack (CVE-2020-1968):
- https://www.openssl.org/news/secadv/20200909.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
- https://raccoon-attack.com/
Ubuntu's CVE tracker still lists this as NEEDED for Xenial:
- https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html
- https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html
Other supported Ubuntu releases use versions of OpenSSL that are not
affected.
Indeed:
$ apt-cache policy openssl
openssl:
Installed: 1.0.2g-1ubuntu4.16
$ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched"
Not patched
What is the status?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions
More information about the foundations-bugs
mailing list