Software updater snuck in a package that is unwanted
Oliver Grawert
ogra at ubuntu.com
Sat Oct 21 14:28:38 UTC 2017
hi,
Am Samstag, den 21.10.2017, 18:48 +0800 schrieb Bret Busby:
>
> One of the significant points that should, I believe, be remembered,
> regarding the WPA2 vulnerability, is that it is a muli-platform
> problem, so that every device that uses WPA2, is affected, so, for
> example, each modem or router within a network, each cellphone, each
> printer that uses WPA2 in WiFi access, each tablet PC, etc, etc, etc.
>
> And, some cellphones, such as Android cellphones, simply never get
> system updates, once their particular Android version becomes
> superseded.
while this is completely irrelevant for this mailing list (being an
ubuntu user support list), the vulnerability is a protocol issue that
only works if *both* sides are unpatched *and* if the man-in-the-middle
attacker happens to be physically between the two antennas *and* closer
to the client...
>
> It would have been helpful, if, when Ubuntu implemented the security
> patch for the KRAK (?) WPA2 vulnerability, it was announced on this
> mailing list, as such.
why ? the ubuntu default desktop has a builtin mechanism to notify
users about available security fixes ... this mechanism consists of a
combination of some pre-installed packages ... including the here
discussed unattended-upgrades package ...
(and beyond this you could indeed subscribe to the ubuntu-security-
announce mailing list if you wanted, as others mentioned already)
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20171021/dbd585e3/attachment.sig>
More information about the ubuntu-users
mailing list