Release 2018_006 (2018-02-27)

Impact

  • [NixOS] Various services that link against OpenSSL will be restarted.
  • [NixOS] OpenSSH servers will be restarted.
  • [NixOS] OpenSSH has widely updated their cryptographic policies and disabled various (very) outdated protocols like SSHv1. For details check https://www.openssh.com/releasenotes.html for incompatible changes between version 6.9 and 7.5.
  • [NixOS] InfluxDB services will be restarted.
  • [Gentoo] Apache services will be restarted.

NixOS platform

  • Enable installation of strongSwan 5.6 IPSec server (assistance from support needed) (#29822).
  • Fix Sensu API authentication.
  • Security update OpenSSL: -> 1.0.1g, -> 1.0.2n (#29247).
  • Update OpenSSH: 6.9 -> 7.5 (#29247).
  • Update for cmake due to NixOS 17.09 compatibility issues.
  • Configure InfluxDBs’ systemd unit to automatically restart after crashes.
  • Improve outside connectivity check to reduce false positives.

Gentoo platform

  • Use copytruncate for logrotate on MySQL (#29764).
  • Security update for Apache 2.4 (GLSA 201701-36; GLSA 201710-32; #25501; #28953)