Lettuceeatlettuce

•

RegreSSHion Mitigation Debian Stable?

I'm running a few Debian stable systems that are up to date on patches.

But I just ran ssh -V and the OpenSSH version listed is "OpenSSH_9.2p1 Debian-2+deb12u3" which as I understand is still vulnerable.

Am I missing something or am I good?

Sign in to add comment

Lettuceeatlettuce

•

Never mind, found the Debian security bulletin, my version is patched already.

Leaving this here for any other newbies that might be wondering.

Sorry, all!

•

"oh but Debian only has old stuff" , yeah sure. :P

•

They patch stuff like this fast because it's a remote exploit. Local privilege escalation exploits are fixed much slower.

•

I know, I know, but trust me that a lot of people believe that they don’t issue security patches fast.

•

LTS means security fixes, but little else if any. good luck if you need a feature that came out a year ago it's not in the repo yet

•

That version has been patched.

•

PoC on 32 bit requires thousands of authentication attempts, so any sane firewall should protect you against it already. Afaik there isnt any for 64 bit

linux

!linux

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0