[rwth-security] Arbitrary code execution vulnerability in OpenSSH patched

1 Jul 2024


      Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier[0,1,2] FYI
"A critical vulnerability in sshd(8) was present in Portable
    OpenSSH versions 8.5p1 and 9.7p1 (inclusive) that may allow
    arbitrary code execution with root privileges."
--> In Debian stable/bookworm gepatcht in 1:9.2p1-2+deb12u3
    (man beachte die 3 am Ende!), Debian oldstable/bullseye nicht
    verwundbar.
VG
Thomas
[0]: https://security-tracker.debian.org/tracker/CVE-2024-6387
[1]: https://www.openwall.com/lists/oss-security/2024/07/01/1
[2]: https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
-- 
Fachschaft I/1 Mathematik/Physik/Informatik der RWTH Aachen
Thomas Schneider

Campus Mitte: Augustinerbach 2a, 52062 Aachen
Telefon: +49 241 80 94506

Informatikzentrum: Ahornstraße 55, Raum 2014, 52074 Aachen
Telefon: +49 241 80 26741

https://www.fsmpi.rwth-aachen.de

2024

2023

2022

2021

2020

2019

2018

[rwth-security] Arbitrary code execution vulnerability in OpenSSH patched