As promised, here is the attachment.
--
Lance Albertson
Director
Oregon State University | Open Source Lab
osgeo.csv (16.3 KB)
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Lance Albertson
via RT
Sent: Thursday, June 3, 2021 7:21 PM
To: sac@lists.osgeo.org
Cc: rootmail-students@osuosl.org
Subject: [SAC] [abuse #31856] CISA Security issues with OSGEO hostsAs promised, here is the attachment.
--
Lance Albertson
Director
Oregon State University | Open Source Lab
[Regina Obe]
Thanks for the file. I'll set aside time this month to upgrade osgeo6.
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Lance Albertson
via RT
Sent: Thursday, June 3, 2021 7:21 PM
To: sac@lists.osgeo.org
Cc: rootmail-students@osuosl.org
Subject: [SAC] [abuse #31856] CISA Security issues with OSGEO hostsAs promised, here is the attachment.
--
Lance Albertson
Director
Oregon State University | Open Source Lab
[Regina Obe]
Thanks for the file. I'll set aside time this month to upgrade osgeo6.
On Tue Jun 08 09:26:20 2021, lr@pcorp.us wrote:
Thanks for the file. I'll set aside time this month to upgrade osgeo6.
I'll check back in a few weeks. Thanks for acknowledging!
--
Lance Albertson
Director
Oregon State University | Open Source Lab
> Thanks for the file. I'll set aside time this month to upgrade osgeo6.
I'll check back in a few weeks. Thanks for acknowledging!
--
Lance Albertson
Director
Oregon State University | Open Source Lab
_______________________________________________
[Regina Obe]
Lance,
OSGeo6 is now upgraded and shows:
Distributor ID: Debian
Description: Debian GNU/Linux 9.13 (stretch)
Release: 9.13
Codename: stretch
I plan to upgrade it in another 6 months or so to buster after I've moved
some stuff off of it.
Please let me know if the above change is sufficient for now and if your
audit finds anything wrong with it now.
Thanks,
Regina
> Thanks for the file. I'll set aside time this month to upgrade osgeo6.
I'll check back in a few weeks. Thanks for acknowledging!
--
Lance Albertson
Director
Oregon State University | Open Source Lab
_______________________________________________
[Regina Obe]
Lance,
OSGeo6 is now upgraded and shows:
Distributor ID: Debian
Description: Debian GNU/Linux 9.13 (stretch)
Release: 9.13
Codename: stretch
I plan to upgrade it in another 6 months or so to buster after I've moved
some stuff off of it.
Please let me know if the above change is sufficient for now and if your
audit finds anything wrong with it now.
Thanks,
Regina
On Fri Jun 18 19:18:41 2021, lr@pcorp.us wrote:
Lance,
OSGeo6 is now upgraded and shows:
Distributor ID: Debian
Description: Debian GNU/Linux 9.13 (stretch)
Release: 9.13
Codename: stretchI plan to upgrade it in another 6 months or so to buster after I've moved some
stuff off of it. Please let me know if the above change is sufficient for now
and if your audit finds anything wrong with it now.
That's great news! Thanks so much for doing that. I'm not sure if the report for
today will reflect the update but I'll keep an eye on it and let you know. But
this should do it. I'll also send you an updated list of the minor issues that
should be taken care of eventually as well once I see the updated report.
Thanks again-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
On Mon Jun 21 09:14:39 2021, ramereth wrote:
On Fri Jun 18 19:18:41 2021, lr@pcorp.us wrote:
> Lance,
>
> OSGeo6 is now upgraded and shows:
>
> Distributor ID: Debian
> Description: Debian GNU/Linux 9.13 (stretch)
> Release: 9.13
> Codename: stretch
>
> I plan to upgrade it in another 6 months or so to buster after I've moved
> some stuff off of it. Please let me know if the above change is sufficient
> for now and if your audit finds anything wrong with it now.That's great news! Thanks so much for doing that. I'm not sure if the report
for today will reflect the update but I'll keep an eye on it and let you know.
But this should do it. I'll also send you an updated list of the minor issues
that should be taken care of eventually as well once I see the updated report.
Looks like this was updated in the latest report and no longer shows it being
the outdated OS.
As promised, here's the latest report I have for your hosts. If you're able to
take care of the remaining issues, that would be great!
Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
osgeo-2021-06-27.csv (30 KB)
Thanks I'll review these this coming week and will try to address.
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Lance
Albertson via RT
Sent: Thursday, July 8, 2021 8:33 PM
To: sac@lists.osgeo.org
Cc: rootmail-students@osuosl.org
Subject: [SAC] [abuse #31856] CISA Security issues with OSGEO hostsOn Mon Jun 21 09:14:39 2021, ramereth wrote:
> On Fri Jun 18 19:18:41 2021, lr@pcorp.us wrote:
> > Lance,
> >
> > OSGeo6 is now upgraded and shows:
> >
> > Distributor ID: Debian
> > Description: Debian GNU/Linux 9.13 (stretch)
> > Release: 9.13
> > Codename: stretch
> >
> > I plan to upgrade it in another 6 months or so to buster after I've
> > moved some stuff off of it. Please let me know if the above change
> > is sufficient for now and if your audit finds anything wrong with it now.
>
> That's great news! Thanks so much for doing that. I'm not sure if the
> report for today will reflect the update but I'll keep an eye on it and let you
know.
> But this should do it. I'll also send you an updated list of the minor
> issues that should be taken care of eventually as well once I see the
updated report.Looks like this was updated in the latest report and no longer shows it being
the outdated OS.As promised, here's the latest report I have for your hosts. If you're able to
take care of the remaining issues, that would be great!Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
Thanks I'll review these this coming week and will try to address.
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Lance
Albertson via RT
Sent: Thursday, July 8, 2021 8:33 PM
To: sac@lists.osgeo.org
Cc: rootmail-students@osuosl.org
Subject: [SAC] [abuse #31856] CISA Security issues with OSGEO hostsOn Mon Jun 21 09:14:39 2021, ramereth wrote:
> On Fri Jun 18 19:18:41 2021, lr@pcorp.us wrote:
> > Lance,
> >
> > OSGeo6 is now upgraded and shows:
> >
> > Distributor ID: Debian
> > Description: Debian GNU/Linux 9.13 (stretch)
> > Release: 9.13
> > Codename: stretch
> >
> > I plan to upgrade it in another 6 months or so to buster after I've
> > moved some stuff off of it. Please let me know if the above change
> > is sufficient for now and if your audit finds anything wrong with it now.
>
> That's great news! Thanks so much for doing that. I'm not sure if the
> report for today will reflect the update but I'll keep an eye on it and let you
know.
> But this should do it. I'll also send you an updated list of the minor
> issues that should be taken care of eventually as well once I see the
updated report.Looks like this was updated in the latest report and no longer shows it being
the outdated OS.As promised, here's the latest report I have for your hosts. If you're able to
take care of the remaining issues, that would be great!Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
As promised, here's the latest report I have for your hosts. If you're able to
take care of the remaining issues, that would be great!Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
[Regina Obe]
I'm hoping my changes took care of the rest of them. Can you send me an updated report when you get the chance.
Hopefully the list will be empty or at least much smaller 
As promised, here's the latest report I have for your hosts. If you're able to
take care of the remaining issues, that would be great!Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
[Regina Obe]
I'm hoping my changes took care of the rest of them. Can you send me an updated report when you get the chance.
Hopefully the list will be empty or at least much smaller
On Mon Jul 12 16:12:06 2021, lr@pcorp.us wrote:
> As promised, here's the latest report I have for your hosts. If you're able
> to take care of the remaining issues, that would be great![Regina Obe]
I'm hoping my changes took care of the rest of them. Can you send me an
updated report when you get the chance. Hopefully the list will be empty or
at least much smaller
Thank you! I'll let you know once I get the latest report.
Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
On Mon Jul 12 16:45:43 2021, ramereth wrote:
On Mon Jul 12 16:12:06 2021, lr@pcorp.us wrote:
> > As promised, here's the latest report I have for your hosts. If you're
> > able to take care of the remaining issues, that would be great!
>
> [Regina Obe]
> I'm hoping my changes took care of the rest of them. Can you send me an
> updated report when you get the chance. Hopefully the list will be empty or
> at least much smallerThank you! I'll let you know once I get the latest report.
Apologies for the delay as I had other priorities. Attached is the latest
report.
--
Lance Albertson
Director
Oregon State University | Open Source Lab
osgeo-2021-08-09.csv (10.9 KB)
> > [Regina Obe]
> > I'm hoping my changes took care of the rest of them. Can you send me an
> > updated report when you get the chance. Hopefully the list will be empty
> > or at least much smaller
>
> Thank you! I'll let you know once I get the latest report.Apologies for the delay as I had other priorities. Attached is the latest
report.
It's been about a month and I'm attaching the latest report. Can you please
prioritize the TLS issues listed here?
Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
osgeo-2021-09-19.csv (12.6 KB)
Okay will do. Damn I thought I took care of those already.
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Lance
Albertson via RT
Sent: Tuesday, September 21, 2021 2:35 PM
To: sac@lists.osgeo.org
Cc: rootmail-students@osuosl.org
Subject: [SAC] [abuse #31856] CISA Security issues with OSGEO hosts> > > [Regina Obe]
> > > I'm hoping my changes took care of the rest of them. Can you send
> > > me an updated report when you get the chance. Hopefully the list
> > > will be empty or at least much smaller
> >
> > Thank you! I'll let you know once I get the latest report.
>
> Apologies for the delay as I had other priorities. Attached is the
> latest report.It's been about a month and I'm attaching the latest report. Can you please
prioritize the TLS issues listed here?Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
Okay will do. Damn I thought I took care of those already.
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Lance
Albertson via RT
Sent: Tuesday, September 21, 2021 2:35 PM
To: sac@lists.osgeo.org
Cc: rootmail-students@osuosl.org
Subject: [SAC] [abuse #31856] CISA Security issues with OSGEO hosts> > > [Regina Obe]
> > > I'm hoping my changes took care of the rest of them. Can you send
> > > me an updated report when you get the chance. Hopefully the list
> > > will be empty or at least much smaller
> >
> > Thank you! I'll let you know once I get the latest report.
>
> Apologies for the delay as I had other priorities. Attached is the
> latest report.It's been about a month and I'm attaching the latest report. Can you please
prioritize the TLS issues listed here?Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
Should be all set now. Issue was /etc/letsencrypt config was overriding
the nginx.conf one.
I retested with nmap to confirm.
For osgeo6 I had to make more changes. I tested 585 and 25 ports with nmap
but had difficulty testing the 465.
Anyway let me know if you still see the issues on your side.
Thanks,
Regina
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of via RT
Sent: Tuesday, September 21, 2021 2:51 PM
To: sac@lists.osgeo.org
Cc: rootmail-students@osuosl.org
Subject: Re: [SAC] [abuse #31856] CISA Security issues with OSGEO hostsOkay will do. Damn I thought I took care of those already.
> -----Original Message-----
> From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Lance
> Albertson via RT
> Sent: Tuesday, September 21, 2021 2:35 PM
> To: sac@lists.osgeo.org
> Cc: rootmail-students@osuosl.org
> Subject: [SAC] [abuse #31856] CISA Security issues with OSGEO hosts
>
> > > > [Regina Obe]
> > > > I'm hoping my changes took care of the rest of them. Can you
> > > > send me an updated report when you get the chance. Hopefully
> > > > the list will be empty or at least much smaller
> > >
> > > Thank you! I'll let you know once I get the latest report.
> >
> > Apologies for the delay as I had other priorities. Attached is the
> > latest report.
>
> It's been about a month and I'm attaching the latest report. Can you
> please prioritize the TLS issues listed here?
>
> Thanks-
>
> --
> Lance Albertson
> Director
> Oregon State University | Open Source Lab_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac
Should be all set now. Issue was /etc/letsencrypt config was overriding
the nginx.conf one.
I retested with nmap to confirm.
For osgeo6 I had to make more changes. I tested 585 and 25 ports with nmap
but had difficulty testing the 465.
Anyway let me know if you still see the issues on your side.
Thanks,
Regina
-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of via RT
Sent: Tuesday, September 21, 2021 2:51 PM
To: sac@lists.osgeo.org
Cc: rootmail-students@osuosl.org
Subject: Re: [SAC] [abuse #31856] CISA Security issues with OSGEO hostsOkay will do. Damn I thought I took care of those already.
> -----Original Message-----
> From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Lance
> Albertson via RT
> Sent: Tuesday, September 21, 2021 2:35 PM
> To: sac@lists.osgeo.org
> Cc: rootmail-students@osuosl.org
> Subject: [SAC] [abuse #31856] CISA Security issues with OSGEO hosts
>
> > > > [Regina Obe]
> > > > I'm hoping my changes took care of the rest of them. Can you
> > > > send me an updated report when you get the chance. Hopefully
> > > > the list will be empty or at least much smaller
> > >
> > > Thank you! I'll let you know once I get the latest report.
> >
> > Apologies for the delay as I had other priorities. Attached is the
> > latest report.
>
> It's been about a month and I'm attaching the latest report. Can you
> please prioritize the TLS issues listed here?
>
> Thanks-
>
> --
> Lance Albertson
> Director
> Oregon State University | Open Source Lab_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac
On Tue Sep 21 13:01:19 2021, lr@pcorp.us wrote:
Should be all set now. Issue was /etc/letsencrypt config was overriding the
nginx.conf one. I retested with nmap to confirm.For osgeo6 I had to make more changes. I tested 585 and 25 ports with nmap
but had difficulty testing the 465.Anyway let me know if you still see the issues on your side.
Looks like the TLS issue has been resolved. Here's the report from last week
(I'm still waiting for the one for this week). Can you please verify that the
version of nginx you have installed on your Ubuntu machines is at least or newer
than the version described here [1]?
[1] https://ubuntu.com/security/CVE-2019-20372
--
Lance Albertson
Director
Oregon State University | Open Source Lab
osgeo-2021-10-03.csv (19.4 KB)