dbayer wrote:Are there any known issues with this patch and Ubuntu 18.04?
Hopefully someone running that can provide a clearer answer. My guess is no issues given the following observations:
1) I am running a 5.11 kernel
2) The openssl fix should have a few methods for trying entropy for both newer and older kernels if that is how they solved it. That is how I solved it and reported it via my bug report but I am now running their fix. The bug in this thread turned out to be for newer kernels which is 4.8 and above when they introduced openssl 1.1.1.1h in patch 20. It probably broke in 1.1.1.1d from what others on openssl mailing list have been saying about this known issue given it broke docker, ssh, etc and we are seeing this 1.1.1.1 version of the library for the first time in patch20. We don't run beta modules here so I have no history on how long it had been tested by customers.
Having said that, P20 also broke legacy backups and some functions like mail queue display from the console but I think that was isolated for RHEL6 variants. That has more to do with their ssh internal client not being able to connect to older sshd that can exist on legacy platforms like RHEL6. I think any 7+ and newish version of sshd should work without issue. Also... they just introduced a bug for SA 3.4.5 which wasn't initially broke but is now for rule updates as of Friday Apr 10, 2021.
I am running 8.1815p20 on RHEL6 and it seems to be working well here.
Mail Queue and Backup problem described here.
Ref:
viewtopic.php?f=15&t=69426
SA update 3.4.5 described here.
Ref:
viewtopic.php?f=15&t=69403
Should be a non issue given you are running a newer distribution. RHEL6 had a really good run for 10 years and those with RedHat support are still running it.
Jim