I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail, so that hacking group could exploit as many targets during that time as possible

▲ bayindirh an hour ago | parent | next [-]

copy.fail patches can be applied with minimum downtime, and a VM reboots in 30 seconds, tops, regardless of size. I believe all the apex servers are configured as HA to keep the load distributed, so normal users won't feel anything when copy.fail is patched.

Our users didn't feel a thing when we rolled out the patches.

	▲	Lukas_Skywalker an hour ago \| parent [-]
		But the Ubuntu update servers are necessary to serve the update. Taking them down prevents the users from downloading the update. I don't know whether the update servers were affected though.

▲ throw0101c 41 minutes ago | parent | prev [-]

> I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail

On Ubuntu copy.fail could be mitigated against with some modprobe(8) config tweaks:

    # echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
    # rmmod algif_aead

There may be some processes that use this functionality ("lsof | grep AF_ALG"), but it is not that widespread AIUI, and so disabling it should not be an issue for the vast majority of systems.