group.of.nepali.translators team mailing list archive

[Dimitri John Ledkov <1895294@xxxxxxxxxxxxxxxxxx>]

It is true that said vulnerability is not patched in xenial; but also it
is low; and no public patches for it exist.

Please upgrade to bionic or focal? which are unaffected / fixes
released?

** Information type changed from Public to Public Security

** Also affects: openssl (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: openssl (Ubuntu Xenial)
       Status: New => Confirmed

** Changed in: openssl (Ubuntu)
       Status: New => Fix Released

** Changed in: openssl (Ubuntu Xenial)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1895294

Title:
  Fix Raccoon vulnerability (CVE-2020-1968)

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Xenial:
  Confirmed

Bug description:
  Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been
  patched yet against the Raccoon Attack (CVE-2020-1968):

  - https://www.openssl.org/news/secadv/20200909.txt
  - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
  - https://raccoon-attack.com/

  Ubuntu's CVE tracker still lists this as NEEDED for Xenial:

  - https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html
  - https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html

  Other supported Ubuntu releases use versions of OpenSSL that are not
  affected.

  Indeed:

    $ apt-cache policy openssl
    openssl:
      Installed: 1.0.2g-1ubuntu4.16

    $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched"
    Not patched

  What is the status?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions