| 2008-06-19 13:26:07 |
Alexandre Dulaunoy |
bug |
|
|
added bug |
| 2008-06-19 14:23:09 |
Patrick Kilgore |
None: status |
New |
Confirmed |
|
| 2008-06-19 14:23:09 |
Patrick Kilgore |
None: importance |
Undecided |
High |
|
| 2008-06-21 20:45:25 |
Henning Eggers |
update-manager: status |
Confirmed |
Invalid |
|
| 2011-10-12 12:05:50 |
Alexandre Dulaunoy |
update-manager (Ubuntu): status |
Invalid |
Confirmed |
|
| 2011-10-12 12:17:01 |
Jeremy Visser |
update-manager (Ubuntu): status |
Confirmed |
Invalid |
|
| 2011-10-12 12:45:31 |
Jeremy Visser |
bug watch added |
|
https://rt.ubuntu.com/Ticket/Display.html?id=2485 |
|
| 2011-10-12 16:58:15 |
Kenyon Ralph |
bug |
|
|
added subscriber Kenyon Ralph |
| 2012-01-19 22:51:13 |
Ryan Rawdon |
bug |
|
|
added subscriber Ryan Rawdon |
| 2012-01-24 16:31:45 |
Ronny Roethof |
bug |
|
|
added subscriber Ronny Roethof |
| 2012-11-05 22:09:17 |
James Gifford |
bug task added |
|
ubuntu-website |
|
| 2012-11-06 02:11:30 |
Nick B. |
bug |
|
|
added subscriber Nick B. |
| 2012-11-06 14:20:49 |
Matthias Niess |
ubuntu-website: status |
New |
Confirmed |
|
| 2012-11-06 14:23:07 |
Matthias Niess |
bug |
|
|
added subscriber Matthias Niess |
| 2012-11-07 16:38:53 |
scottku |
bug |
|
|
added subscriber scottku |
| 2012-11-11 01:36:53 |
Mikael Magnusson |
bug |
|
|
added subscriber Mikael Magnusson |
| 2012-11-17 11:09:37 |
Mathias Bøhn Grytemark |
bug |
|
|
added subscriber Mathias Bøhn Grytemark |
| 2012-11-17 11:42:45 |
Sander Steffann |
bug |
|
|
added subscriber Sander Steffann |
| 2012-12-11 23:27:40 |
Takyoji |
bug |
|
|
added subscriber Caleb Langeslag |
| 2013-01-03 11:15:20 |
Johannes Rudolph |
bug |
|
|
added subscriber Johannes Rudolph |
| 2013-01-04 17:34:25 |
trejrco |
bug |
|
|
added subscriber trejrco |
| 2013-02-27 11:12:30 |
Maarten Kossen |
bug |
|
|
added subscriber Maarten Kossen |
| 2013-03-12 14:44:57 |
David Ames |
ubuntu-website: status |
Confirmed |
Fix Released |
|
| 2013-03-12 15:48:45 |
Henning Eggers |
removed subscriber Henning Eggers |
|
|
|
| 2013-05-16 17:12:34 |
Wesley George |
bug |
|
|
added subscriber Wesley George |
| 2015-01-23 09:07:09 |
Mark A. Ziesemer |
bug |
|
|
added subscriber Mark A. Ziesemer |
| 2015-01-23 10:27:27 |
Hans Spaans |
bug |
|
|
added subscriber Hans Spaans |
| 2015-01-23 11:08:07 |
Hans Spaans |
removed subscriber Hans Spaans |
|
|
|
| 2015-01-23 11:08:20 |
Hans Spaans |
bug |
|
|
added subscriber Hans Spaans |
| 2015-04-27 17:45:23 |
Mathias Menzer |
attachment added |
|
dig utput https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/241305/+attachment/4385868/+files/dig%20AAAA%20security.ubuntu.com |
|
| 2016-01-18 00:20:55 |
Haw Loeung |
bug |
|
|
added subscriber Haw Loeung |
| 2016-03-25 21:21:58 |
scottku |
removed subscriber scottku |
|
|
|
| 2016-04-14 13:07:33 |
BabyBat |
description |
Dear,
The apt source list for security update is by default configured to security.ubuntu.com.
When you have a system using only IPv6 (and having not access to IPv4 via NAT-PT),
security.ubuntu.com is only reachable in IPv4.
It would be wise to configure an AAAA record to security.ubuntu.com to at least
point to one of the many mirrors supporting IPv6 connectivity.
That would avoid system running natively in IPv6 to lack by default the security
update.
Thanks a lot,
Kind regards
PS : I checked this as being a security vulnerability but this is more a configuration issue
on the Ubuntu network infrastructure than a real security vulnerability:
A DNS AAAA request :
dig -t AAAA security.ubuntu.com
; <<>> DiG 9.4.1-P1 <<>> -t AAAA security.ubuntu.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26872
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;security.ubuntu.com. IN AAAA
;; AUTHORITY SECTION:
ubuntu.com. 3600 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2008061805 10800 3600 604800 3600
;; Query time: 134 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 19 15:17:39 2008
;; MSG SIZE rcvd: 98 |
Dear,
The apt source list for security update is by default configured to security.ubuntu.com.
When you have a system using only IPv6 (and having not access to IPv4 via NAT-PT),
security.ubuntu.com is only reachable in IPv4.
It would be wise to configure an AAAA record to security.ubuntu.com to at least
point to one of the many mirrors supporting IPv6 connectivity.
That would avoid system running natively in IPv6 to lack by default the security
update.
Thanks a lot,
Kind regards
PS : I checked this as being a security vulnerability but this is more a configuration issue
on the Ubuntu network infrastructure than a real security vulnerability:
A DNS AAAA request :
dig -t AAAA security.ubuntu.com
; <<>> DiG 9.4.1-P1 <<>> -t AAAA security.ubuntu.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26872
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;security.ubuntu.com. IN AAAA
;; AUTHORITY SECTION:
ubuntu.com. 3600 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2008061805 10800 3600 604800 3600
;; Query time: 134 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 19 15:17:39 2008
;; MSG SIZE rcvd: 98 |
|
| 2016-04-14 13:07:51 |
BabyBat |
bug |
|
|
added subscriber BabyBat |
| 2016-04-15 04:46:48 |
Kenyon Ralph |
removed subscriber Kenyon Ralph |
|
|
|
| 2017-06-02 22:15:13 |
Paul Gear |
description |
Dear,
The apt source list for security update is by default configured to security.ubuntu.com.
When you have a system using only IPv6 (and having not access to IPv4 via NAT-PT),
security.ubuntu.com is only reachable in IPv4.
It would be wise to configure an AAAA record to security.ubuntu.com to at least
point to one of the many mirrors supporting IPv6 connectivity.
That would avoid system running natively in IPv6 to lack by default the security
update.
Thanks a lot,
Kind regards
PS : I checked this as being a security vulnerability but this is more a configuration issue
on the Ubuntu network infrastructure than a real security vulnerability:
A DNS AAAA request :
dig -t AAAA security.ubuntu.com
; <<>> DiG 9.4.1-P1 <<>> -t AAAA security.ubuntu.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26872
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;security.ubuntu.com. IN AAAA
;; AUTHORITY SECTION:
ubuntu.com. 3600 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2008061805 10800 3600 604800 3600
;; Query time: 134 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 19 15:17:39 2008
;; MSG SIZE rcvd: 98 |
---------------------------------------
READ THIS BEFORE COMMENTING ON THIS BUG
---------------------------------------
security.ubuntu.com and archive.ubuntu.com have been IPv6 enabled since March 2013 (see comment #29 below). Their connectivity is monitored by both internal and 3rd party monitoring systems.
If you experience problems with IPv6 connectivity to the archive servers, please DO NOT comment on this bug. Instead, email rt@ubuntu.com explaining the problem, and include the output of the following commands:
- date -u --rfc-3339=seconds
- ip -6 addr
- mtr -6 --report --no-dns -c 3 security.ubuntu.com
- host security.ubuntu.com # requires bind9-host to be installed
- ip -6 route get $(host security.ubuntu.com|awk '/has IPv6 address/ {print $NF}') # also requires bind9-host to be installed
---------------------------------------
Dear,
The apt source list for security update is by default configured to security.ubuntu.com.
When you have a system using only IPv6 (and having not access to IPv4 via NAT-PT), security.ubuntu.com is only reachable in IPv4.
It would be wise to configure an AAAA record to security.ubuntu.com to at least point to one of the many mirrors supporting IPv6 connectivity.
That would avoid system running natively in IPv6 to lack by default the security update.
Thanks a lot,
Kind regards
PS : I checked this as being a security vulnerability but this is more a configuration issue on the Ubuntu network infrastructure than a real security vulnerability:
A DNS AAAA request :
dig -t AAAA security.ubuntu.com
; <<>> DiG 9.4.1-P1 <<>> -t AAAA security.ubuntu.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26872
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;security.ubuntu.com. IN AAAA
;; AUTHORITY SECTION:
ubuntu.com. 3600 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2008061805 10800 3600 604800 3600
;; Query time: 134 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 19 15:17:39 2008
;; MSG SIZE rcvd: 98 |
|
